Your message dated Wed, 07 Jul 2021 20:09:34 +0000 with message-id <E1m1DrS-0005Q5-D8@respighi.debian.org> and subject line unblock python-urllib3 has caused the Debian Bug report #989881, regarding [pre-approval] unblock: python-urllib3/1.26.5-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 989881: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989881 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: [pre-approval] unblock: python-urllib3/1.26.5-1
- From: Daniele Tricoli <eriol@debian.org>
- Date: Tue, 15 Jun 2021 03:09:49 +0200
- Message-id: <20210615010949.vtb5r47o2pqw7v3w@mornie>
Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock Hello! This is a preapproval to unblock package python-urllib3 1.26.5-1. [ Reason ] The upload would fix CVE-2021-33503[¹] for bullseye. [ Impact ] CVE-2021-33503 is a DoS, and is reproducible during parsing of an URL. [ Tests ] Unfortunately automated tests are not yet enabled, I tested manually with the following: >>> from urllib3.util.url import parse_url >>> URL = "https://"; + ("@" * 10000) + "[" >>> parse_url(URL) Using 1.26.4-1 there is a CPU spike that is not reproducible in 1.26.5-1 [ Risks ] The code for the fix is trivial, I packaged the new release because when I looked at diff between the 2 tags, there were: the fix for CVE-2021-33503, some fix for deprecation warnings emitted in Python 3.10 and docstrings changes (mostly spaces removed). In the debdiff attached there is a huge part that is due metadata stuff. [ Checklist ] [X] all changes are documented in the d/changelog [X] I reviewed all changes and I approve them [X] attach debdiff against the package in testing [ Other info ] If this upload it's not OK due the freeze, it's not a problem, I can branch[²] python-urllib3 1.26.4-1 and release a python-urllib3 1.26.4-2 with only the fix. My ETA is this week for this (I will also do the same for buster.) Please tell me if the unblock of python-urllib3/1.26.5-1 is feasible. Many thanks! Kind regards, [¹] https://security-tracker.debian.org/tracker/CVE-2021-33503 [²] Unfortunately I already pushed the new upstream release on salsa. -- Daniele Tricoli 'eriol' https://mornie.orgdiff -Nru python-urllib3-1.26.4/CHANGES.rst python-urllib3-1.26.5/CHANGES.rst --- python-urllib3-1.26.4/CHANGES.rst 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/CHANGES.rst 2021-05-26 19:01:29.000000000 +0200 @@ -1,6 +1,15 @@ Changes ======= +1.26.5 (2021-05-26) +------------------- + +* Fixed deprecation warnings emitted in Python 3.10. +* Updated vendored ``six`` library to 1.16.0. +* Improved performance of URL parser when splitting + the authority component. + + 1.26.4 (2021-03-15) ------------------- diff -Nru python-urllib3-1.26.4/debian/changelog python-urllib3-1.26.5/debian/changelog --- python-urllib3-1.26.4/debian/changelog 2021-05-12 02:30:00.000000000 +0200 +++ python-urllib3-1.26.5/debian/changelog 2021-06-15 00:41:10.000000000 +0200 @@ -1,3 +1,12 @@ +python-urllib3 (1.26.5-1) unstable; urgency=medium + + * New upstream version 1.26.5 + - CVE-2021-33503: Catastrophic backtracking in URL authority parser when + passed URL containing many @ characters. (Closes: #989848) + * Refresh patches. + + -- Daniele Tricoli <eriol@debian.org> Tue, 15 Jun 2021 00:41:10 +0200 + python-urllib3 (1.26.4-1) unstable; urgency=medium * Team upload. diff -Nru python-urllib3-1.26.4/debian/patches/01_do-not-use-embedded-python-six.patch python-urllib3-1.26.5/debian/patches/01_do-not-use-embedded-python-six.patch --- python-urllib3-1.26.4/debian/patches/01_do-not-use-embedded-python-six.patch 2021-05-12 02:30:00.000000000 +0200 +++ python-urllib3-1.26.5/debian/patches/01_do-not-use-embedded-python-six.patch 2021-06-15 00:41:10.000000000 +0200 @@ -44,7 +44,7 @@ 35 files changed, 49 insertions(+), 49 deletions(-) diff --git a/dummyserver/handlers.py b/dummyserver/handlers.py -index c047094..c0e9330 100644 +index c90c2fc..f8bdf25 100644 --- a/dummyserver/handlers.py +++ b/dummyserver/handlers.py @@ -14,9 +14,9 @@ from io import BytesIO @@ -76,7 +76,7 @@ __all__ = ["RecentlyUsedContainer", "HTTPHeaderDict"] diff --git a/src/urllib3/connection.py b/src/urllib3/connection.py -index 45580b7..1cddda4 100644 +index efa19af..638a8aa 100644 --- a/src/urllib3/connection.py +++ b/src/urllib3/connection.py @@ -9,9 +9,9 @@ import warnings @@ -93,7 +93,7 @@ try: # Compiled with SSL? diff --git a/src/urllib3/connectionpool.py b/src/urllib3/connectionpool.py -index 4708c5b..8dbbc5c 100644 +index 4018321..a9c0908 100644 --- a/src/urllib3/connectionpool.py +++ b/src/urllib3/connectionpool.py @@ -33,8 +33,8 @@ from .exceptions import ( @@ -147,7 +147,7 @@ log = getLogger(__name__) diff --git a/src/urllib3/contrib/pyopenssl.py b/src/urllib3/contrib/pyopenssl.py -index 0cabab1..c1d52e3 100644 +index def83af..e081163 100644 --- a/src/urllib3/contrib/pyopenssl.py +++ b/src/urllib3/contrib/pyopenssl.py @@ -75,7 +75,7 @@ import ssl @@ -156,9 +156,9 @@ from .. import util -from ..packages import six +import six + from ..util.ssl_ import PROTOCOL_TLS_CLIENT __all__ = ["inject_into_urllib3", "extract_from_urllib3"] - diff --git a/src/urllib3/exceptions.py b/src/urllib3/exceptions.py index cba6f3f..053758e 100644 --- a/src/urllib3/exceptions.py @@ -241,7 +241,7 @@ log = logging.getLogger(__name__) diff --git a/src/urllib3/util/connection.py b/src/urllib3/util/connection.py -index cd57455..0332f37 100644 +index bdc240c..c0d69c8 100644 --- a/src/urllib3/util/connection.py +++ b/src/urllib3/util/connection.py @@ -5,7 +5,7 @@ import socket @@ -294,7 +294,7 @@ def is_fp_closed(obj): diff --git a/src/urllib3/util/retry.py b/src/urllib3/util/retry.py -index d25a41b..e11f585 100644 +index 180e82b..998ae23 100644 --- a/src/urllib3/util/retry.py +++ b/src/urllib3/util/retry.py @@ -17,7 +17,7 @@ from ..exceptions import ( @@ -307,7 +307,7 @@ log = logging.getLogger(__name__) diff --git a/src/urllib3/util/ssl_.py b/src/urllib3/util/ssl_.py -index 236aa8e..709f703 100644 +index 134ec10..12720f9 100644 --- a/src/urllib3/util/ssl_.py +++ b/src/urllib3/util/ssl_.py @@ -13,7 +13,7 @@ from ..exceptions import ( @@ -320,7 +320,7 @@ SSLContext = None diff --git a/src/urllib3/util/url.py b/src/urllib3/util/url.py -index 6ff238f..101819b 100644 +index 81a03da..6fd2b2d 100644 --- a/src/urllib3/util/url.py +++ b/src/urllib3/util/url.py @@ -4,7 +4,7 @@ import re @@ -333,7 +333,7 @@ url_attrs = ["scheme", "auth", "host", "port", "path", "query", "fragment"] diff --git a/test/__init__.py b/test/__init__.py -index c03cfac..6c7cacd 100644 +index 3675f48..89693d2 100644 --- a/test/__init__.py +++ b/test/__init__.py @@ -16,7 +16,7 @@ except ImportError: @@ -441,7 +441,7 @@ from urllib3.util.response import is_fp_closed from urllib3.util.retry import RequestHistory, Retry diff --git a/test/test_retry.py b/test/test_retry.py -index cc36089..23153ee 100644 +index 8ff4cbd..f2698f0 100644 --- a/test/test_retry.py +++ b/test/test_retry.py @@ -11,8 +11,8 @@ from urllib3.exceptions import ( @@ -456,7 +456,7 @@ from urllib3.util.retry import RequestHistory, Retry diff --git a/test/test_retry_deprecated.py b/test/test_retry_deprecated.py -index 0c8de37..670bb43 100644 +index c001e3d..9079654 100644 --- a/test/test_retry_deprecated.py +++ b/test/test_retry_deprecated.py @@ -12,8 +12,8 @@ from urllib3.exceptions import ( @@ -471,7 +471,7 @@ from urllib3.util.retry import RequestHistory, Retry diff --git a/test/test_util.py b/test/test_util.py -index 827df42..145c4d2 100644 +index 88409e2..1dce178 100644 --- a/test/test_util.py +++ b/test/test_util.py @@ -19,7 +19,7 @@ from urllib3.exceptions import ( @@ -484,7 +484,7 @@ from urllib3.util import is_fp_closed from urllib3.util.connection import _has_ipv6, allowed_gai_family, create_connection diff --git a/test/with_dummyserver/test_connectionpool.py b/test/with_dummyserver/test_connectionpool.py -index f6a6618..304199f 100644 +index 8ea2cce..c083616 100644 --- a/test/with_dummyserver/test_connectionpool.py +++ b/test/with_dummyserver/test_connectionpool.py @@ -28,8 +28,8 @@ from urllib3.exceptions import ( @@ -499,7 +499,7 @@ from urllib3.util.retry import RequestHistory, Retry from urllib3.util.timeout import Timeout diff --git a/test/with_dummyserver/test_https.py b/test/with_dummyserver/test_https.py -index 92e23c9..7e8f1c4 100644 +index ed50990..f7e7a36 100644 --- a/test/with_dummyserver/test_https.py +++ b/test/with_dummyserver/test_https.py @@ -42,7 +42,7 @@ from urllib3.exceptions import ( @@ -512,7 +512,7 @@ from .. import has_alpn diff --git a/test/with_dummyserver/test_socketlevel.py b/test/with_dummyserver/test_socketlevel.py -index 7c06875..1fe1531 100644 +index 6e57d67..7bb5827 100644 --- a/test/with_dummyserver/test_socketlevel.py +++ b/test/with_dummyserver/test_socketlevel.py @@ -17,7 +17,7 @@ from urllib3.exceptions import ( diff -Nru python-urllib3-1.26.4/debian/patches/02_require-cert-verification.patch python-urllib3-1.26.5/debian/patches/02_require-cert-verification.patch --- python-urllib3-1.26.4/debian/patches/02_require-cert-verification.patch 2021-05-12 02:30:00.000000000 +0200 +++ python-urllib3-1.26.5/debian/patches/02_require-cert-verification.patch 2021-06-15 00:41:10.000000000 +0200 @@ -13,7 +13,7 @@ 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/urllib3/connectionpool.py b/src/urllib3/connectionpool.py -index 8dbbc5c..79041de 100644 +index a9c0908..4d7a08f 100644 --- a/src/urllib3/connectionpool.py +++ b/src/urllib3/connectionpool.py @@ -874,6 +874,8 @@ class HTTPSConnectionPool(HTTPConnectionPool): diff -Nru python-urllib3-1.26.4/dev-requirements.txt python-urllib3-1.26.5/dev-requirements.txt --- python-urllib3-1.26.4/dev-requirements.txt 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/dev-requirements.txt 2021-05-26 19:01:29.000000000 +0200 @@ -5,7 +5,8 @@ PySocks==1.7.1 # https://github.com/Anorov/PySocks/issues/131 win-inet-pton==1.1.0 -pytest==4.6.9 +pytest==4.6.9; python_version<"3.10" +pytest==6.2.4; python_version>="3.10" pytest-timeout==1.3.4 pytest-freezegun==0.4.2 flaky==3.6.1 diff -Nru python-urllib3-1.26.4/dummyserver/handlers.py python-urllib3-1.26.5/dummyserver/handlers.py --- python-urllib3-1.26.4/dummyserver/handlers.py 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/dummyserver/handlers.py 2021-05-26 19:01:29.000000000 +0200 @@ -62,27 +62,27 @@ """ def get(self): - """ Handle GET requests """ + """Handle GET requests""" self._call_method() def post(self): - """ Handle POST requests """ + """Handle POST requests""" self._call_method() def put(self): - """ Handle PUT requests """ + """Handle PUT requests""" self._call_method() def options(self): - """ Handle OPTIONS requests """ + """Handle OPTIONS requests""" self._call_method() def head(self): - """ Handle HEAD requests """ + """Handle HEAD requests""" self._call_method() def _call_method(self): - """ Call the correct method in this class based on the incoming URI """ + """Call the correct method in this class based on the incoming URI""" req = self.request req.params = {} for k, v in req.arguments.items(): diff -Nru python-urllib3-1.26.4/dummyserver/server.py python-urllib3-1.26.5/dummyserver/server.py --- python-urllib3-1.26.4/dummyserver/server.py 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/dummyserver/server.py 2021-05-26 19:01:29.000000000 +0200 @@ -40,7 +40,7 @@ def _resolves_to_ipv6(host): - """ Returns True if the system resolves host to an IPv6 address by default. """ + """Returns True if the system resolves host to an IPv6 address by default.""" resolves_to_ipv6 = False try: for res in socket.getaddrinfo(host, None, socket.AF_UNSPEC): @@ -54,7 +54,7 @@ def _has_ipv6(host): - """ Returns True if the system can bind an IPv6 address. """ + """Returns True if the system can bind an IPv6 address.""" sock = None has_ipv6 = False diff -Nru python-urllib3-1.26.4/PKG-INFO python-urllib3-1.26.5/PKG-INFO --- python-urllib3-1.26.4/PKG-INFO 2021-03-15 16:03:55.002221800 +0100 +++ python-urllib3-1.26.5/PKG-INFO 2021-05-26 19:02:03.421620600 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 2.1 Name: urllib3 -Version: 1.26.4 +Version: 1.26.5 Summary: HTTP library with thread-safe connection pooling, file post, and more. Home-page: https://urllib3.readthedocs.io/ Author: Andrey Petrov @@ -9,1328 +9,6 @@ Project-URL: Documentation, https://urllib3.readthedocs.io/ Project-URL: Code, https://github.com/urllib3/urllib3 Project-URL: Issue tracker, https://github.com/urllib3/urllib3/issues -Description: - urllib3 is a powerful, *user-friendly* HTTP client for Python. Much of the - Python ecosystem already uses urllib3 and you should too. - urllib3 brings many critical features that are missing from the Python - standard libraries: - - - Thread safety. - - Connection pooling. - - Client-side SSL/TLS verification. - - File uploads with multipart encoding. - - Helpers for retrying requests and dealing with HTTP redirects. - - Support for gzip, deflate, and brotli encoding. - - Proxy support for HTTP and SOCKS. - - 100% test coverage. - - urllib3 is powerful and easy to use: - - .. code-block:: python - - >>> import urllib3 - >>> http = urllib3.PoolManager() - >>> r = http.request('GET', 'http://httpbin.org/robots.txt') - >>> r.status - 200 - >>> r.data - 'User-agent: *\nDisallow: /deny\n' - - - Installing - ---------- - - urllib3 can be installed with `pip <https://pip.pypa.io>`_:: - - $ python -m pip install urllib3 - - Alternatively, you can grab the latest source code from `GitHub <https://github.com/urllib3/urllib3>`_:: - - $ git clone git://github.com/urllib3/urllib3.git - $ python setup.py install - - - Documentation - ------------- - - urllib3 has usage and reference documentation at `urllib3.readthedocs.io <https://urllib3.readthedocs.io>`_. - - - Contributing - ------------ - - urllib3 happily accepts contributions. Please see our - `contributing documentation <https://urllib3.readthedocs.io/en/latest/contributing.html>`_ - for some tips on getting started. - - - Security Disclosures - -------------------- - - To report a security vulnerability, please use the - `Tidelift security contact <https://tidelift.com/security>`_. - Tidelift will coordinate the fix and disclosure with maintainers. - - - Maintainers - ----------- - - - `@sethmlarson <https://github.com/sethmlarson>`__ (Seth M. Larson) - - `@pquentin <https://github.com/pquentin>`__ (Quentin Pradet) - - `@theacodes <https://github.com/theacodes>`__ (Thea Flowers) - - `@haikuginger <https://github.com/haikuginger>`__ (Jess Shapiro) - - `@lukasa <https://github.com/lukasa>`__ (Cory Benfield) - - `@sigmavirus24 <https://github.com/sigmavirus24>`__ (Ian Stapleton Cordasco) - - `@shazow <https://github.com/shazow>`__ (Andrey Petrov) - - 👋 - - - Sponsorship - ----------- - - If your company benefits from this library, please consider `sponsoring its - development <https://urllib3.readthedocs.io/en/latest/sponsors.html>`_. - - - For Enterprise - -------------- - - .. |tideliftlogo| image:: https://nedbatchelder.com/pix/Tidelift_Logos_RGB_Tidelift_Shorthand_On-White_small.png - :width: 75 - :alt: Tidelift - - .. list-table:: - :widths: 10 100 - - * - |tideliftlogo| - - Professional support for urllib3 is available as part of the `Tidelift - Subscription`_. Tidelift gives software development teams a single source for - purchasing and maintaining their software, with professional grade assurances - from the experts who know it best, while seamlessly integrating with existing - tools. - - .. _Tidelift Subscription: https://tidelift.com/subscription/pkg/pypi-urllib3?utm_source=pypi-urllib3&utm_medium=referral&utm_campaign=readme - - - Changes - ======= - - 1.26.4 (2021-03-15) - ------------------- - - * Changed behavior of the default ``SSLContext`` when connecting to HTTPS proxy - during HTTPS requests. The default ``SSLContext`` now sets ``check_hostname=True``. - - - 1.26.3 (2021-01-26) - ------------------- - - * Fixed bytes and string comparison issue with headers (Pull #2141) - - * Changed ``ProxySchemeUnknown`` error message to be - more actionable if the user supplies a proxy URL without - a scheme. (Pull #2107) - - - 1.26.2 (2020-11-12) - ------------------- - - * Fixed an issue where ``wrap_socket`` and ``CERT_REQUIRED`` wouldn't - be imported properly on Python 2.7.8 and earlier (Pull #2052) - - - 1.26.1 (2020-11-11) - ------------------- - - * Fixed an issue where two ``User-Agent`` headers would be sent if a - ``User-Agent`` header key is passed as ``bytes`` (Pull #2047) - - - 1.26.0 (2020-11-10) - ------------------- - - * **NOTE: urllib3 v2.0 will drop support for Python 2**. - `Read more in the v2.0 Roadmap <https://urllib3.readthedocs.io/en/latest/v2-roadmap.html>`_. - - * Added support for HTTPS proxies contacting HTTPS servers (Pull #1923, Pull #1806) - - * Deprecated negotiating TLSv1 and TLSv1.1 by default. Users that - still wish to use TLS earlier than 1.2 without a deprecation warning - should opt-in explicitly by setting ``ssl_version=ssl.PROTOCOL_TLSv1_1`` (Pull #2002) - **Starting in urllib3 v2.0: Connections that receive a ``DeprecationWarning`` will fail** - - * Deprecated ``Retry`` options ``Retry.DEFAULT_METHOD_WHITELIST``, ``Retry.DEFAULT_REDIRECT_HEADERS_BLACKLIST`` - and ``Retry(method_whitelist=...)`` in favor of ``Retry.DEFAULT_ALLOWED_METHODS``, - ``Retry.DEFAULT_REMOVE_HEADERS_ON_REDIRECT``, and ``Retry(allowed_methods=...)`` - (Pull #2000) **Starting in urllib3 v2.0: Deprecated options will be removed** - - * Added default ``User-Agent`` header to every request (Pull #1750) - - * Added ``urllib3.util.SKIP_HEADER`` for skipping ``User-Agent``, ``Accept-Encoding``, - and ``Host`` headers from being automatically emitted with requests (Pull #2018) - - * Collapse ``transfer-encoding: chunked`` request data and framing into - the same ``socket.send()`` call (Pull #1906) - - * Send ``http/1.1`` ALPN identifier with every TLS handshake by default (Pull #1894) - - * Properly terminate SecureTransport connections when CA verification fails (Pull #1977) - - * Don't emit an ``SNIMissingWarning`` when passing ``server_hostname=None`` - to SecureTransport (Pull #1903) - - * Disabled requesting TLSv1.2 session tickets as they weren't being used by urllib3 (Pull #1970) - - * Suppress ``BrokenPipeError`` when writing request body after the server - has closed the socket (Pull #1524) - - * Wrap ``ssl.SSLError`` that can be raised from reading a socket (e.g. "bad MAC") - into an ``urllib3.exceptions.SSLError`` (Pull #1939) - - - 1.25.11 (2020-10-19) - -------------------- - - * Fix retry backoff time parsed from ``Retry-After`` header when given - in the HTTP date format. The HTTP date was parsed as the local timezone - rather than accounting for the timezone in the HTTP date (typically - UTC) (Pull #1932, Pull #1935, Pull #1938, Pull #1949) - - * Fix issue where an error would be raised when the ``SSLKEYLOGFILE`` - environment variable was set to the empty string. Now ``SSLContext.keylog_file`` - is not set in this situation (Pull #2016) - - - 1.25.10 (2020-07-22) - -------------------- - - * Added support for ``SSLKEYLOGFILE`` environment variable for - logging TLS session keys with use with programs like - Wireshark for decrypting captured web traffic (Pull #1867) - - * Fixed loading of SecureTransport libraries on macOS Big Sur - due to the new dynamic linker cache (Pull #1905) - - * Collapse chunked request bodies data and framing into one - call to ``send()`` to reduce the number of TCP packets by 2-4x (Pull #1906) - - * Don't insert ``None`` into ``ConnectionPool`` if the pool - was empty when requesting a connection (Pull #1866) - - * Avoid ``hasattr`` call in ``BrotliDecoder.decompress()`` (Pull #1858) - - - 1.25.9 (2020-04-16) - ------------------- - - * Added ``InvalidProxyConfigurationWarning`` which is raised when - erroneously specifying an HTTPS proxy URL. urllib3 doesn't currently - support connecting to HTTPS proxies but will soon be able to - and we would like users to migrate properly without much breakage. - - See `this GitHub issue <https://github.com/urllib3/urllib3/issues/1850>`_ - for more information on how to fix your proxy config. (Pull #1851) - - * Drain connection after ``PoolManager`` redirect (Pull #1817) - - * Ensure ``load_verify_locations`` raises ``SSLError`` for all backends (Pull #1812) - - * Rename ``VerifiedHTTPSConnection`` to ``HTTPSConnection`` (Pull #1805) - - * Allow the CA certificate data to be passed as a string (Pull #1804) - - * Raise ``ValueError`` if method contains control characters (Pull #1800) - - * Add ``__repr__`` to ``Timeout`` (Pull #1795) - - - 1.25.8 (2020-01-20) - ------------------- - - * Drop support for EOL Python 3.4 (Pull #1774) - - * Optimize _encode_invalid_chars (Pull #1787) - - - 1.25.7 (2019-11-11) - ------------------- - - * Preserve ``chunked`` parameter on retries (Pull #1715, Pull #1734) - - * Allow unset ``SERVER_SOFTWARE`` in App Engine (Pull #1704, Issue #1470) - - * Fix issue where URL fragment was sent within the request target. (Pull #1732) - - * Fix issue where an empty query section in a URL would fail to parse. (Pull #1732) - - * Remove TLS 1.3 support in SecureTransport due to Apple removing support (Pull #1703) - - - 1.25.6 (2019-09-24) - ------------------- - - * Fix issue where tilde (``~``) characters were incorrectly - percent-encoded in the path. (Pull #1692) - - - 1.25.5 (2019-09-19) - ------------------- - - * Add mitigation for BPO-37428 affecting Python <3.7.4 and OpenSSL 1.1.1+ which - caused certificate verification to be enabled when using ``cert_reqs=CERT_NONE``. - (Issue #1682) - - - 1.25.4 (2019-09-19) - ------------------- - - * Propagate Retry-After header settings to subsequent retries. (Pull #1607) - - * Fix edge case where Retry-After header was still respected even when - explicitly opted out of. (Pull #1607) - - * Remove dependency on ``rfc3986`` for URL parsing. - - * Fix issue where URLs containing invalid characters within ``Url.auth`` would - raise an exception instead of percent-encoding those characters. - - * Add support for ``HTTPResponse.auto_close = False`` which makes HTTP responses - work well with BufferedReaders and other ``io`` module features. (Pull #1652) - - * Percent-encode invalid characters in URL for ``HTTPConnectionPool.request()`` (Pull #1673) - - - 1.25.3 (2019-05-23) - ------------------- - - * Change ``HTTPSConnection`` to load system CA certificates - when ``ca_certs``, ``ca_cert_dir``, and ``ssl_context`` are - unspecified. (Pull #1608, Issue #1603) - - * Upgrade bundled rfc3986 to v1.3.2. (Pull #1609, Issue #1605) - - - 1.25.2 (2019-04-28) - ------------------- - - * Change ``is_ipaddress`` to not detect IPvFuture addresses. (Pull #1583) - - * Change ``parse_url`` to percent-encode invalid characters within the - path, query, and target components. (Pull #1586) - - - 1.25.1 (2019-04-24) - ------------------- - - * Add support for Google's ``Brotli`` package. (Pull #1572, Pull #1579) - - * Upgrade bundled rfc3986 to v1.3.1 (Pull #1578) - - - 1.25 (2019-04-22) - ----------------- - - * Require and validate certificates by default when using HTTPS (Pull #1507) - - * Upgraded ``urllib3.utils.parse_url()`` to be RFC 3986 compliant. (Pull #1487) - - * Added support for ``key_password`` for ``HTTPSConnectionPool`` to use - encrypted ``key_file`` without creating your own ``SSLContext`` object. (Pull #1489) - - * Add TLSv1.3 support to CPython, pyOpenSSL, and SecureTransport ``SSLContext`` - implementations. (Pull #1496) - - * Switched the default multipart header encoder from RFC 2231 to HTML 5 working draft. (Issue #303, Pull #1492) - - * Fixed issue where OpenSSL would block if an encrypted client private key was - given and no password was given. Instead an ``SSLError`` is raised. (Pull #1489) - - * Added support for Brotli content encoding. It is enabled automatically if - ``brotlipy`` package is installed which can be requested with - ``urllib3[brotli]`` extra. (Pull #1532) - - * Drop ciphers using DSS key exchange from default TLS cipher suites. - Improve default ciphers when using SecureTransport. (Pull #1496) - - * Implemented a more efficient ``HTTPResponse.__iter__()`` method. (Issue #1483) - - 1.24.3 (2019-05-01) - ------------------- - - * Apply fix for CVE-2019-9740. (Pull #1591) - - 1.24.2 (2019-04-17) - ------------------- - - * Don't load system certificates by default when any other ``ca_certs``, ``ca_certs_dir`` or - ``ssl_context`` parameters are specified. - - * Remove Authorization header regardless of case when redirecting to cross-site. (Issue #1510) - - * Add support for IPv6 addresses in subjectAltName section of certificates. (Issue #1269) - - - 1.24.1 (2018-11-02) - ------------------- - - * Remove quadratic behavior within ``GzipDecoder.decompress()`` (Issue #1467) - - * Restored functionality of ``ciphers`` parameter for ``create_urllib3_context()``. (Issue #1462) - - - 1.24 (2018-10-16) - ----------------- - - * Allow key_server_hostname to be specified when initializing a PoolManager to allow custom SNI to be overridden. (Pull #1449) - - * Test against Python 3.7 on AppVeyor. (Pull #1453) - - * Early-out ipv6 checks when running on App Engine. (Pull #1450) - - * Change ambiguous description of backoff_factor (Pull #1436) - - * Add ability to handle multiple Content-Encodings (Issue #1441 and Pull #1442) - - * Skip DNS names that can't be idna-decoded when using pyOpenSSL (Issue #1405). - - * Add a server_hostname parameter to HTTPSConnection which allows for - overriding the SNI hostname sent in the handshake. (Pull #1397) - - * Drop support for EOL Python 2.6 (Pull #1429 and Pull #1430) - - * Fixed bug where responses with header Content-Type: message/* erroneously - raised HeaderParsingError, resulting in a warning being logged. (Pull #1439) - - * Move urllib3 to src/urllib3 (Pull #1409) - - - 1.23 (2018-06-04) - ----------------- - - * Allow providing a list of headers to strip from requests when redirecting - to a different host. Defaults to the ``Authorization`` header. Different - headers can be set via ``Retry.remove_headers_on_redirect``. (Issue #1316) - - * Fix ``util.selectors._fileobj_to_fd`` to accept ``long`` (Issue #1247). - - * Dropped Python 3.3 support. (Pull #1242) - - * Put the connection back in the pool when calling stream() or read_chunked() on - a chunked HEAD response. (Issue #1234) - - * Fixed pyOpenSSL-specific ssl client authentication issue when clients - attempted to auth via certificate + chain (Issue #1060) - - * Add the port to the connectionpool connect print (Pull #1251) - - * Don't use the ``uuid`` module to create multipart data boundaries. (Pull #1380) - - * ``read_chunked()`` on a closed response returns no chunks. (Issue #1088) - - * Add Python 2.6 support to ``contrib.securetransport`` (Pull #1359) - - * Added support for auth info in url for SOCKS proxy (Pull #1363) - - - 1.22 (2017-07-20) - ----------------- - - * Fixed missing brackets in ``HTTP CONNECT`` when connecting to IPv6 address via - IPv6 proxy. (Issue #1222) - - * Made the connection pool retry on ``SSLError``. The original ``SSLError`` - is available on ``MaxRetryError.reason``. (Issue #1112) - - * Drain and release connection before recursing on retry/redirect. Fixes - deadlocks with a blocking connectionpool. (Issue #1167) - - * Fixed compatibility for cookiejar. (Issue #1229) - - * pyopenssl: Use vendored version of ``six``. (Issue #1231) - - - 1.21.1 (2017-05-02) - ------------------- - - * Fixed SecureTransport issue that would cause long delays in response body - delivery. (Pull #1154) - - * Fixed regression in 1.21 that threw exceptions when users passed the - ``socket_options`` flag to the ``PoolManager``. (Issue #1165) - - * Fixed regression in 1.21 that threw exceptions when users passed the - ``assert_hostname`` or ``assert_fingerprint`` flag to the ``PoolManager``. - (Pull #1157) - - - 1.21 (2017-04-25) - ----------------- - - * Improved performance of certain selector system calls on Python 3.5 and - later. (Pull #1095) - - * Resolved issue where the PyOpenSSL backend would not wrap SysCallError - exceptions appropriately when sending data. (Pull #1125) - - * Selectors now detects a monkey-patched select module after import for modules - that patch the select module like eventlet, greenlet. (Pull #1128) - - * Reduced memory consumption when streaming zlib-compressed responses - (as opposed to raw deflate streams). (Pull #1129) - - * Connection pools now use the entire request context when constructing the - pool key. (Pull #1016) - - * ``PoolManager.connection_from_*`` methods now accept a new keyword argument, - ``pool_kwargs``, which are merged with the existing ``connection_pool_kw``. - (Pull #1016) - - * Add retry counter for ``status_forcelist``. (Issue #1147) - - * Added ``contrib`` module for using SecureTransport on macOS: - ``urllib3.contrib.securetransport``. (Pull #1122) - - * urllib3 now only normalizes the case of ``http://`` and ``https://`` schemes: - for schemes it does not recognise, it assumes they are case-sensitive and - leaves them unchanged. - (Issue #1080) - - - 1.20 (2017-01-19) - ----------------- - - * Added support for waiting for I/O using selectors other than select, - improving urllib3's behaviour with large numbers of concurrent connections. - (Pull #1001) - - * Updated the date for the system clock check. (Issue #1005) - - * ConnectionPools now correctly consider hostnames to be case-insensitive. - (Issue #1032) - - * Outdated versions of PyOpenSSL now cause the PyOpenSSL contrib module - to fail when it is injected, rather than at first use. (Pull #1063) - - * Outdated versions of cryptography now cause the PyOpenSSL contrib module - to fail when it is injected, rather than at first use. (Issue #1044) - - * Automatically attempt to rewind a file-like body object when a request is - retried or redirected. (Pull #1039) - - * Fix some bugs that occur when modules incautiously patch the queue module. - (Pull #1061) - - * Prevent retries from occurring on read timeouts for which the request method - was not in the method whitelist. (Issue #1059) - - * Changed the PyOpenSSL contrib module to lazily load idna to avoid - unnecessarily bloating the memory of programs that don't need it. (Pull - #1076) - - * Add support for IPv6 literals with zone identifiers. (Pull #1013) - - * Added support for socks5h:// and socks4a:// schemes when working with SOCKS - proxies, and controlled remote DNS appropriately. (Issue #1035) - - - 1.19.1 (2016-11-16) - ------------------- - - * Fixed AppEngine import that didn't function on Python 3.5. (Pull #1025) - - - 1.19 (2016-11-03) - ----------------- - - * urllib3 now respects Retry-After headers on 413, 429, and 503 responses when - using the default retry logic. (Pull #955) - - * Remove markers from setup.py to assist ancient setuptools versions. (Issue - #986) - - * Disallow superscripts and other integerish things in URL ports. (Issue #989) - - * Allow urllib3's HTTPResponse.stream() method to continue to work with - non-httplib underlying FPs. (Pull #990) - - * Empty filenames in multipart headers are now emitted as such, rather than - being suppressed. (Issue #1015) - - * Prefer user-supplied Host headers on chunked uploads. (Issue #1009) - - - 1.18.1 (2016-10-27) - ------------------- - - * CVE-2016-9015. Users who are using urllib3 version 1.17 or 1.18 along with - PyOpenSSL injection and OpenSSL 1.1.0 *must* upgrade to this version. This - release fixes a vulnerability whereby urllib3 in the above configuration - would silently fail to validate TLS certificates due to erroneously setting - invalid flags in OpenSSL's ``SSL_CTX_set_verify`` function. These erroneous - flags do not cause a problem in OpenSSL versions before 1.1.0, which - interprets the presence of any flag as requesting certificate validation. - - There is no PR for this patch, as it was prepared for simultaneous disclosure - and release. The master branch received the same fix in Pull #1010. - - - 1.18 (2016-09-26) - ----------------- - - * Fixed incorrect message for IncompleteRead exception. (Pull #973) - - * Accept ``iPAddress`` subject alternative name fields in TLS certificates. - (Issue #258) - - * Fixed consistency of ``HTTPResponse.closed`` between Python 2 and 3. - (Issue #977) - - * Fixed handling of wildcard certificates when using PyOpenSSL. (Issue #979) - - - 1.17 (2016-09-06) - ----------------- - - * Accept ``SSLContext`` objects for use in SSL/TLS negotiation. (Issue #835) - - * ConnectionPool debug log now includes scheme, host, and port. (Issue #897) - - * Substantially refactored documentation. (Issue #887) - - * Used URLFetch default timeout on AppEngine, rather than hardcoding our own. - (Issue #858) - - * Normalize the scheme and host in the URL parser (Issue #833) - - * ``HTTPResponse`` contains the last ``Retry`` object, which now also - contains retries history. (Issue #848) - - * Timeout can no longer be set as boolean, and must be greater than zero. - (Pull #924) - - * Removed pyasn1 and ndg-httpsclient from dependencies used for PyOpenSSL. We - now use cryptography and idna, both of which are already dependencies of - PyOpenSSL. (Pull #930) - - * Fixed infinite loop in ``stream`` when amt=None. (Issue #928) - - * Try to use the operating system's certificates when we are using an - ``SSLContext``. (Pull #941) - - * Updated cipher suite list to allow ChaCha20+Poly1305. AES-GCM is preferred to - ChaCha20, but ChaCha20 is then preferred to everything else. (Pull #947) - - * Updated cipher suite list to remove 3DES-based cipher suites. (Pull #958) - - * Removed the cipher suite fallback to allow HIGH ciphers. (Pull #958) - - * Implemented ``length_remaining`` to determine remaining content - to be read. (Pull #949) - - * Implemented ``enforce_content_length`` to enable exceptions when - incomplete data chunks are received. (Pull #949) - - * Dropped connection start, dropped connection reset, redirect, forced retry, - and new HTTPS connection log levels to DEBUG, from INFO. (Pull #967) - - - 1.16 (2016-06-11) - ----------------- - - * Disable IPv6 DNS when IPv6 connections are not possible. (Issue #840) - - * Provide ``key_fn_by_scheme`` pool keying mechanism that can be - overridden. (Issue #830) - - * Normalize scheme and host to lowercase for pool keys, and include - ``source_address``. (Issue #830) - - * Cleaner exception chain in Python 3 for ``_make_request``. - (Issue #861) - - * Fixed installing ``urllib3[socks]`` extra. (Issue #864) - - * Fixed signature of ``ConnectionPool.close`` so it can actually safely be - called by subclasses. (Issue #873) - - * Retain ``release_conn`` state across retries. (Issues #651, #866) - - * Add customizable ``HTTPConnectionPool.ResponseCls``, which defaults to - ``HTTPResponse`` but can be replaced with a subclass. (Issue #879) - - - 1.15.1 (2016-04-11) - ------------------- - - * Fix packaging to include backports module. (Issue #841) - - - 1.15 (2016-04-06) - ----------------- - - * Added Retry(raise_on_status=False). (Issue #720) - - * Always use setuptools, no more distutils fallback. (Issue #785) - - * Dropped support for Python 3.2. (Issue #786) - - * Chunked transfer encoding when requesting with ``chunked=True``. - (Issue #790) - - * Fixed regression with IPv6 port parsing. (Issue #801) - - * Append SNIMissingWarning messages to allow users to specify it in - the PYTHONWARNINGS environment variable. (Issue #816) - - * Handle unicode headers in Py2. (Issue #818) - - * Log certificate when there is a hostname mismatch. (Issue #820) - - * Preserve order of request/response headers. (Issue #821) - - - 1.14 (2015-12-29) - ----------------- - - * contrib: SOCKS proxy support! (Issue #762) - - * Fixed AppEngine handling of transfer-encoding header and bug - in Timeout defaults checking. (Issue #763) - - - 1.13.1 (2015-12-18) - ------------------- - - * Fixed regression in IPv6 + SSL for match_hostname. (Issue #761) - - - 1.13 (2015-12-14) - ----------------- - - * Fixed ``pip install urllib3[secure]`` on modern pip. (Issue #706) - - * pyopenssl: Fixed SSL3_WRITE_PENDING error. (Issue #717) - - * pyopenssl: Support for TLSv1.1 and TLSv1.2. (Issue #696) - - * Close connections more defensively on exception. (Issue #734) - - * Adjusted ``read_chunked`` to handle gzipped, chunk-encoded bodies without - repeatedly flushing the decoder, to function better on Jython. (Issue #743) - - * Accept ``ca_cert_dir`` for SSL-related PoolManager configuration. (Issue #758) - - - 1.12 (2015-09-03) - ----------------- - - * Rely on ``six`` for importing ``httplib`` to work around - conflicts with other Python 3 shims. (Issue #688) - - * Add support for directories of certificate authorities, as supported by - OpenSSL. (Issue #701) - - * New exception: ``NewConnectionError``, raised when we fail to establish - a new connection, usually ``ECONNREFUSED`` socket error. - - - 1.11 (2015-07-21) - ----------------- - - * When ``ca_certs`` is given, ``cert_reqs`` defaults to - ``'CERT_REQUIRED'``. (Issue #650) - - * ``pip install urllib3[secure]`` will install Certifi and - PyOpenSSL as dependencies. (Issue #678) - - * Made ``HTTPHeaderDict`` usable as a ``headers`` input value - (Issues #632, #679) - - * Added `urllib3.contrib.appengine <https://urllib3.readthedocs.io/en/latest/contrib.html#google-app-engine>`_ - which has an ``AppEngineManager`` for using ``URLFetch`` in a - Google AppEngine environment. (Issue #664) - - * Dev: Added test suite for AppEngine. (Issue #631) - - * Fix performance regression when using PyOpenSSL. (Issue #626) - - * Passing incorrect scheme (e.g. ``foo://``) will raise - ``ValueError`` instead of ``AssertionError`` (backwards - compatible for now, but please migrate). (Issue #640) - - * Fix pools not getting replenished when an error occurs during a - request using ``release_conn=False``. (Issue #644) - - * Fix pool-default headers not applying for url-encoded requests - like GET. (Issue #657) - - * log.warning in Python 3 when headers are skipped due to parsing - errors. (Issue #642) - - * Close and discard connections if an error occurs during read. - (Issue #660) - - * Fix host parsing for IPv6 proxies. (Issue #668) - - * Separate warning type SubjectAltNameWarning, now issued once - per host. (Issue #671) - - * Fix ``httplib.IncompleteRead`` not getting converted to - ``ProtocolError`` when using ``HTTPResponse.stream()`` - (Issue #674) - - 1.10.4 (2015-05-03) - ------------------- - - * Migrate tests to Tornado 4. (Issue #594) - - * Append default warning configuration rather than overwrite. - (Issue #603) - - * Fix streaming decoding regression. (Issue #595) - - * Fix chunked requests losing state across keep-alive connections. - (Issue #599) - - * Fix hanging when chunked HEAD response has no body. (Issue #605) - - - 1.10.3 (2015-04-21) - ------------------- - - * Emit ``InsecurePlatformWarning`` when SSLContext object is missing. - (Issue #558) - - * Fix regression of duplicate header keys being discarded. - (Issue #563) - - * ``Response.stream()`` returns a generator for chunked responses. - (Issue #560) - - * Set upper-bound timeout when waiting for a socket in PyOpenSSL. - (Issue #585) - - * Work on platforms without `ssl` module for plain HTTP requests. - (Issue #587) - - * Stop relying on the stdlib's default cipher list. (Issue #588) - - - 1.10.2 (2015-02-25) - ------------------- - - * Fix file descriptor leakage on retries. (Issue #548) - - * Removed RC4 from default cipher list. (Issue #551) - - * Header performance improvements. (Issue #544) - - * Fix PoolManager not obeying redirect retry settings. (Issue #553) - - - 1.10.1 (2015-02-10) - ------------------- - - * Pools can be used as context managers. (Issue #545) - - * Don't re-use connections which experienced an SSLError. (Issue #529) - - * Don't fail when gzip decoding an empty stream. (Issue #535) - - * Add sha256 support for fingerprint verification. (Issue #540) - - * Fixed handling of header values containing commas. (Issue #533) - - - 1.10 (2014-12-14) - ----------------- - - * Disabled SSLv3. (Issue #473) - - * Add ``Url.url`` property to return the composed url string. (Issue #394) - - * Fixed PyOpenSSL + gevent ``WantWriteError``. (Issue #412) - - * ``MaxRetryError.reason`` will always be an exception, not string. - (Issue #481) - - * Fixed SSL-related timeouts not being detected as timeouts. (Issue #492) - - * Py3: Use ``ssl.create_default_context()`` when available. (Issue #473) - - * Emit ``InsecureRequestWarning`` for *every* insecure HTTPS request. - (Issue #496) - - * Emit ``SecurityWarning`` when certificate has no ``subjectAltName``. - (Issue #499) - - * Close and discard sockets which experienced SSL-related errors. - (Issue #501) - - * Handle ``body`` param in ``.request(...)``. (Issue #513) - - * Respect timeout with HTTPS proxy. (Issue #505) - - * PyOpenSSL: Handle ZeroReturnError exception. (Issue #520) - - - 1.9.1 (2014-09-13) - ------------------ - - * Apply socket arguments before binding. (Issue #427) - - * More careful checks if fp-like object is closed. (Issue #435) - - * Fixed packaging issues of some development-related files not - getting included. (Issue #440) - - * Allow performing *only* fingerprint verification. (Issue #444) - - * Emit ``SecurityWarning`` if system clock is waaay off. (Issue #445) - - * Fixed PyOpenSSL compatibility with PyPy. (Issue #450) - - * Fixed ``BrokenPipeError`` and ``ConnectionError`` handling in Py3. - (Issue #443) - - - - 1.9 (2014-07-04) - ---------------- - - * Shuffled around development-related files. If you're maintaining a distro - package of urllib3, you may need to tweak things. (Issue #415) - - * Unverified HTTPS requests will trigger a warning on the first request. See - our new `security documentation - <https://urllib3.readthedocs.io/en/latest/security.html>`_ for details. - (Issue #426) - - * New retry logic and ``urllib3.util.retry.Retry`` configuration object. - (Issue #326) - - * All raised exceptions should now wrapped in a - ``urllib3.exceptions.HTTPException``-extending exception. (Issue #326) - - * All errors during a retry-enabled request should be wrapped in - ``urllib3.exceptions.MaxRetryError``, including timeout-related exceptions - which were previously exempt. Underlying error is accessible from the - ``.reason`` property. (Issue #326) - - * ``urllib3.exceptions.ConnectionError`` renamed to - ``urllib3.exceptions.ProtocolError``. (Issue #326) - - * Errors during response read (such as IncompleteRead) are now wrapped in - ``urllib3.exceptions.ProtocolError``. (Issue #418) - - * Requesting an empty host will raise ``urllib3.exceptions.LocationValueError``. - (Issue #417) - - * Catch read timeouts over SSL connections as - ``urllib3.exceptions.ReadTimeoutError``. (Issue #419) - - * Apply socket arguments before connecting. (Issue #427) - - - 1.8.3 (2014-06-23) - ------------------ - - * Fix TLS verification when using a proxy in Python 3.4.1. (Issue #385) - - * Add ``disable_cache`` option to ``urllib3.util.make_headers``. (Issue #393) - - * Wrap ``socket.timeout`` exception with - ``urllib3.exceptions.ReadTimeoutError``. (Issue #399) - - * Fixed proxy-related bug where connections were being reused incorrectly. - (Issues #366, #369) - - * Added ``socket_options`` keyword parameter which allows to define - ``setsockopt`` configuration of new sockets. (Issue #397) - - * Removed ``HTTPConnection.tcp_nodelay`` in favor of - ``HTTPConnection.default_socket_options``. (Issue #397) - - * Fixed ``TypeError`` bug in Python 2.6.4. (Issue #411) - - - 1.8.2 (2014-04-17) - ------------------ - - * Fix ``urllib3.util`` not being included in the package. - - - 1.8.1 (2014-04-17) - ------------------ - - * Fix AppEngine bug of HTTPS requests going out as HTTP. (Issue #356) - - * Don't install ``dummyserver`` into ``site-packages`` as it's only needed - for the test suite. (Issue #362) - - * Added support for specifying ``source_address``. (Issue #352) - - - 1.8 (2014-03-04) - ---------------- - - * Improved url parsing in ``urllib3.util.parse_url`` (properly parse '@' in - username, and blank ports like 'hostname:'). - - * New ``urllib3.connection`` module which contains all the HTTPConnection - objects. - - * Several ``urllib3.util.Timeout``-related fixes. Also changed constructor - signature to a more sensible order. [Backwards incompatible] - (Issues #252, #262, #263) - - * Use ``backports.ssl_match_hostname`` if it's installed. (Issue #274) - - * Added ``.tell()`` method to ``urllib3.response.HTTPResponse`` which - returns the number of bytes read so far. (Issue #277) - - * Support for platforms without threading. (Issue #289) - - * Expand default-port comparison in ``HTTPConnectionPool.is_same_host`` - to allow a pool with no specified port to be considered equal to to an - HTTP/HTTPS url with port 80/443 explicitly provided. (Issue #305) - - * Improved default SSL/TLS settings to avoid vulnerabilities. - (Issue #309) - - * Fixed ``urllib3.poolmanager.ProxyManager`` not retrying on connect errors. - (Issue #310) - - * Disable Nagle's Algorithm on the socket for non-proxies. A subset of requests - will send the entire HTTP request ~200 milliseconds faster; however, some of - the resulting TCP packets will be smaller. (Issue #254) - - * Increased maximum number of SubjectAltNames in ``urllib3.contrib.pyopenssl`` - from the default 64 to 1024 in a single certificate. (Issue #318) - - * Headers are now passed and stored as a custom - ``urllib3.collections_.HTTPHeaderDict`` object rather than a plain ``dict``. - (Issue #329, #333) - - * Headers no longer lose their case on Python 3. (Issue #236) - - * ``urllib3.contrib.pyopenssl`` now uses the operating system's default CA - certificates on inject. (Issue #332) - - * Requests with ``retries=False`` will immediately raise any exceptions without - wrapping them in ``MaxRetryError``. (Issue #348) - - * Fixed open socket leak with SSL-related failures. (Issue #344, #348) - - - 1.7.1 (2013-09-25) - ------------------ - - * Added granular timeout support with new ``urllib3.util.Timeout`` class. - (Issue #231) - - * Fixed Python 3.4 support. (Issue #238) - - - 1.7 (2013-08-14) - ---------------- - - * More exceptions are now pickle-able, with tests. (Issue #174) - - * Fixed redirecting with relative URLs in Location header. (Issue #178) - - * Support for relative urls in ``Location: ...`` header. (Issue #179) - - * ``urllib3.response.HTTPResponse`` now inherits from ``io.IOBase`` for bonus - file-like functionality. (Issue #187) - - * Passing ``assert_hostname=False`` when creating a HTTPSConnectionPool will - skip hostname verification for SSL connections. (Issue #194) - - * New method ``urllib3.response.HTTPResponse.stream(...)`` which acts as a - generator wrapped around ``.read(...)``. (Issue #198) - - * IPv6 url parsing enforces brackets around the hostname. (Issue #199) - - * Fixed thread race condition in - ``urllib3.poolmanager.PoolManager.connection_from_host(...)`` (Issue #204) - - * ``ProxyManager`` requests now include non-default port in ``Host: ...`` - header. (Issue #217) - - * Added HTTPS proxy support in ``ProxyManager``. (Issue #170 #139) - - * New ``RequestField`` object can be passed to the ``fields=...`` param which - can specify headers. (Issue #220) - - * Raise ``urllib3.exceptions.ProxyError`` when connecting to proxy fails. - (Issue #221) - - * Use international headers when posting file names. (Issue #119) - - * Improved IPv6 support. (Issue #203) - - - 1.6 (2013-04-25) - ---------------- - - * Contrib: Optional SNI support for Py2 using PyOpenSSL. (Issue #156) - - * ``ProxyManager`` automatically adds ``Host: ...`` header if not given. - - * Improved SSL-related code. ``cert_req`` now optionally takes a string like - "REQUIRED" or "NONE". Same with ``ssl_version`` takes strings like "SSLv23" - The string values reflect the suffix of the respective constant variable. - (Issue #130) - - * Vendored ``socksipy`` now based on Anorov's fork which handles unexpectedly - closed proxy connections and larger read buffers. (Issue #135) - - * Ensure the connection is closed if no data is received, fixes connection leak - on some platforms. (Issue #133) - - * Added SNI support for SSL/TLS connections on Py32+. (Issue #89) - - * Tests fixed to be compatible with Py26 again. (Issue #125) - - * Added ability to choose SSL version by passing an ``ssl.PROTOCOL_*`` constant - to the ``ssl_version`` parameter of ``HTTPSConnectionPool``. (Issue #109) - - * Allow an explicit content type to be specified when encoding file fields. - (Issue #126) - - * Exceptions are now pickleable, with tests. (Issue #101) - - * Fixed default headers not getting passed in some cases. (Issue #99) - - * Treat "content-encoding" header value as case-insensitive, per RFC 2616 - Section 3.5. (Issue #110) - - * "Connection Refused" SocketErrors will get retried rather than raised. - (Issue #92) - - * Updated vendored ``six``, no longer overrides the global ``six`` module - namespace. (Issue #113) - - * ``urllib3.exceptions.MaxRetryError`` contains a ``reason`` property holding - the exception that prompted the final retry. If ``reason is None`` then it - was due to a redirect. (Issue #92, #114) - - * Fixed ``PoolManager.urlopen()`` from not redirecting more than once. - (Issue #149) - - * Don't assume ``Content-Type: text/plain`` for multi-part encoding parameters - that are not files. (Issue #111) - - * Pass `strict` param down to ``httplib.HTTPConnection``. (Issue #122) - - * Added mechanism to verify SSL certificates by fingerprint (md5, sha1) or - against an arbitrary hostname (when connecting by IP or for misconfigured - servers). (Issue #140) - - * Streaming decompression support. (Issue #159) - - - 1.5 (2012-08-02) - ---------------- - - * Added ``urllib3.add_stderr_logger()`` for quickly enabling STDERR debug - logging in urllib3. - - * Native full URL parsing (including auth, path, query, fragment) available in - ``urllib3.util.parse_url(url)``. - - * Built-in redirect will switch method to 'GET' if status code is 303. - (Issue #11) - - * ``urllib3.PoolManager`` strips the scheme and host before sending the request - uri. (Issue #8) - - * New ``urllib3.exceptions.DecodeError`` exception for when automatic decoding, - based on the Content-Type header, fails. - - * Fixed bug with pool depletion and leaking connections (Issue #76). Added - explicit connection closing on pool eviction. Added - ``urllib3.PoolManager.clear()``. - - * 99% -> 100% unit test coverage. - - - 1.4 (2012-06-16) - ---------------- - - * Minor AppEngine-related fixes. - - * Switched from ``mimetools.choose_boundary`` to ``uuid.uuid4()``. - - * Improved url parsing. (Issue #73) - - * IPv6 url support. (Issue #72) - - - 1.3 (2012-03-25) - ---------------- - - * Removed pre-1.0 deprecated API. - - * Refactored helpers into a ``urllib3.util`` submodule. - - * Fixed multipart encoding to support list-of-tuples for keys with multiple - values. (Issue #48) - - * Fixed multiple Set-Cookie headers in response not getting merged properly in - Python 3. (Issue #53) - - * AppEngine support with Py27. (Issue #61) - - * Minor ``encode_multipart_formdata`` fixes related to Python 3 strings vs - bytes. - - - 1.2.2 (2012-02-06) - ------------------ - - * Fixed packaging bug of not shipping ``test-requirements.txt``. (Issue #47) - - - 1.2.1 (2012-02-05) - ------------------ - - * Fixed another bug related to when ``ssl`` module is not available. (Issue #41) - - * Location parsing errors now raise ``urllib3.exceptions.LocationParseError`` - which inherits from ``ValueError``. - - - 1.2 (2012-01-29) - ---------------- - - * Added Python 3 support (tested on 3.2.2) - - * Dropped Python 2.5 support (tested on 2.6.7, 2.7.2) - - * Use ``select.poll`` instead of ``select.select`` for platforms that support - it. - - * Use ``Queue.LifoQueue`` instead of ``Queue.Queue`` for more aggressive - connection reusing. Configurable by overriding ``ConnectionPool.QueueCls``. - - * Fixed ``ImportError`` during install when ``ssl`` module is not available. - (Issue #41) - - * Fixed ``PoolManager`` redirects between schemes (such as HTTP -> HTTPS) not - completing properly. (Issue #28, uncovered by Issue #10 in v1.1) - - * Ported ``dummyserver`` to use ``tornado`` instead of ``webob`` + - ``eventlet``. Removed extraneous unsupported dummyserver testing backends. - Added socket-level tests. - - * More tests. Achievement Unlocked: 99% Coverage. - - - 1.1 (2012-01-07) - ---------------- - - * Refactored ``dummyserver`` to its own root namespace module (used for - testing). - - * Added hostname verification for ``VerifiedHTTPSConnection`` by vendoring in - Py32's ``ssl_match_hostname``. (Issue #25) - - * Fixed cross-host HTTP redirects when using ``PoolManager``. (Issue #10) - - * Fixed ``decode_content`` being ignored when set through ``urlopen``. (Issue - #27) - - * Fixed timeout-related bugs. (Issues #17, #23) - - - 1.0.2 (2011-11-04) - ------------------ - - * Fixed typo in ``VerifiedHTTPSConnection`` which would only present as a bug if - you're using the object manually. (Thanks pyos) - - * Made RecentlyUsedContainer (and consequently PoolManager) more thread-safe by - wrapping the access log in a mutex. (Thanks @christer) - - * Made RecentlyUsedContainer more dict-like (corrected ``__delitem__`` and - ``__getitem__`` behaviour), with tests. Shouldn't affect core urllib3 code. - - - 1.0.1 (2011-10-10) - ------------------ - - * Fixed a bug where the same connection would get returned into the pool twice, - causing extraneous "HttpConnectionPool is full" log warnings. - - - 1.0 (2011-10-08) - ---------------- - - * Added ``PoolManager`` with LRU expiration of connections (tested and - documented). - * Added ``ProxyManager`` (needs tests, docs, and confirmation that it works - with HTTPS proxies). - * Added optional partial-read support for responses when - ``preload_content=False``. You can now make requests and just read the headers - without loading the content. - * Made response decoding optional (default on, same as before). - * Added optional explicit boundary string for ``encode_multipart_formdata``. - * Convenience request methods are now inherited from ``RequestMethods``. Old - helpers like ``get_url`` and ``post_url`` should be abandoned in favour of - the new ``request(method, url, ...)``. - * Refactored code to be even more decoupled, reusable, and extendable. - * License header added to ``.py`` files. - * Embiggened the documentation: Lots of Sphinx-friendly docstrings in the code - and docs in ``docs/`` and on https://urllib3.readthedocs.io/. - * Embettered all the things! - * Started writing this file. - - - 0.4.1 (2011-07-17) - ------------------ - - * Minor bug fixes, code cleanup. - - - 0.4 (2011-03-01) - ---------------- - - * Better unicode support. - * Added ``VerifiedHTTPSConnection``. - * Added ``NTLMConnectionPool`` in contrib. - * Minor improvements. - - - 0.3.1 (2010-07-13) - ------------------ - - * Added ``assert_host_name`` optional parameter. Now compatible with proxies. - - - 0.3 (2009-12-10) - ---------------- - - * Added HTTPS support. - * Minor bug fixes. - * Refactored, broken backwards compatibility with 0.2. - * API to be treated as stable from this version forward. - - - 0.2 (2008-11-17) - ---------------- - - * Added unit tests. - * Bug fixes. - - - 0.1 (2008-11-16) - ---------------- - - * First release. - Keywords: urllib httplib threadsafe filepost http https ssl pooling Platform: UNKNOWN Classifier: Environment :: Web Environment @@ -1355,3 +33,1337 @@ Provides-Extra: brotli Provides-Extra: secure Provides-Extra: socks +License-File: LICENSE.txt + + +urllib3 is a powerful, *user-friendly* HTTP client for Python. Much of the +Python ecosystem already uses urllib3 and you should too. +urllib3 brings many critical features that are missing from the Python +standard libraries: + +- Thread safety. +- Connection pooling. +- Client-side SSL/TLS verification. +- File uploads with multipart encoding. +- Helpers for retrying requests and dealing with HTTP redirects. +- Support for gzip, deflate, and brotli encoding. +- Proxy support for HTTP and SOCKS. +- 100% test coverage. + +urllib3 is powerful and easy to use: + +.. code-block:: python + + >>> import urllib3 + >>> http = urllib3.PoolManager() + >>> r = http.request('GET', 'http://httpbin.org/robots.txt') + >>> r.status + 200 + >>> r.data + 'User-agent: *\nDisallow: /deny\n' + + +Installing +---------- + +urllib3 can be installed with `pip <https://pip.pypa.io>`_:: + + $ python -m pip install urllib3 + +Alternatively, you can grab the latest source code from `GitHub <https://github.com/urllib3/urllib3>`_:: + + $ git clone git://github.com/urllib3/urllib3.git + $ python setup.py install + + +Documentation +------------- + +urllib3 has usage and reference documentation at `urllib3.readthedocs.io <https://urllib3.readthedocs.io>`_. + + +Contributing +------------ + +urllib3 happily accepts contributions. Please see our +`contributing documentation <https://urllib3.readthedocs.io/en/latest/contributing.html>`_ +for some tips on getting started. + + +Security Disclosures +-------------------- + +To report a security vulnerability, please use the +`Tidelift security contact <https://tidelift.com/security>`_. +Tidelift will coordinate the fix and disclosure with maintainers. + + +Maintainers +----------- + +- `@sethmlarson <https://github.com/sethmlarson>`__ (Seth M. Larson) +- `@pquentin <https://github.com/pquentin>`__ (Quentin Pradet) +- `@theacodes <https://github.com/theacodes>`__ (Thea Flowers) +- `@haikuginger <https://github.com/haikuginger>`__ (Jess Shapiro) +- `@lukasa <https://github.com/lukasa>`__ (Cory Benfield) +- `@sigmavirus24 <https://github.com/sigmavirus24>`__ (Ian Stapleton Cordasco) +- `@shazow <https://github.com/shazow>`__ (Andrey Petrov) + +👋 + + +Sponsorship +----------- + +If your company benefits from this library, please consider `sponsoring its +development <https://urllib3.readthedocs.io/en/latest/sponsors.html>`_. + + +For Enterprise +-------------- + +.. |tideliftlogo| image:: https://nedbatchelder.com/pix/Tidelift_Logos_RGB_Tidelift_Shorthand_On-White_small.png + :width: 75 + :alt: Tidelift + +.. list-table:: + :widths: 10 100 + + * - |tideliftlogo| + - Professional support for urllib3 is available as part of the `Tidelift + Subscription`_. Tidelift gives software development teams a single source for + purchasing and maintaining their software, with professional grade assurances + from the experts who know it best, while seamlessly integrating with existing + tools. + +.. _Tidelift Subscription: https://tidelift.com/subscription/pkg/pypi-urllib3?utm_source=pypi-urllib3&utm_medium=referral&utm_campaign=readme + + +Changes +======= + +1.26.5 (2021-05-26) +------------------- + +* Fixed deprecation warnings emitted in Python 3.10. +* Updated vendored ``six`` library to 1.16.0. +* Improved performance of URL parser when splitting + the authority component. + + +1.26.4 (2021-03-15) +------------------- + +* Changed behavior of the default ``SSLContext`` when connecting to HTTPS proxy + during HTTPS requests. The default ``SSLContext`` now sets ``check_hostname=True``. + + +1.26.3 (2021-01-26) +------------------- + +* Fixed bytes and string comparison issue with headers (Pull #2141) + +* Changed ``ProxySchemeUnknown`` error message to be + more actionable if the user supplies a proxy URL without + a scheme. (Pull #2107) + + +1.26.2 (2020-11-12) +------------------- + +* Fixed an issue where ``wrap_socket`` and ``CERT_REQUIRED`` wouldn't + be imported properly on Python 2.7.8 and earlier (Pull #2052) + + +1.26.1 (2020-11-11) +------------------- + +* Fixed an issue where two ``User-Agent`` headers would be sent if a + ``User-Agent`` header key is passed as ``bytes`` (Pull #2047) + + +1.26.0 (2020-11-10) +------------------- + +* **NOTE: urllib3 v2.0 will drop support for Python 2**. + `Read more in the v2.0 Roadmap <https://urllib3.readthedocs.io/en/latest/v2-roadmap.html>`_. + +* Added support for HTTPS proxies contacting HTTPS servers (Pull #1923, Pull #1806) + +* Deprecated negotiating TLSv1 and TLSv1.1 by default. Users that + still wish to use TLS earlier than 1.2 without a deprecation warning + should opt-in explicitly by setting ``ssl_version=ssl.PROTOCOL_TLSv1_1`` (Pull #2002) + **Starting in urllib3 v2.0: Connections that receive a ``DeprecationWarning`` will fail** + +* Deprecated ``Retry`` options ``Retry.DEFAULT_METHOD_WHITELIST``, ``Retry.DEFAULT_REDIRECT_HEADERS_BLACKLIST`` + and ``Retry(method_whitelist=...)`` in favor of ``Retry.DEFAULT_ALLOWED_METHODS``, + ``Retry.DEFAULT_REMOVE_HEADERS_ON_REDIRECT``, and ``Retry(allowed_methods=...)`` + (Pull #2000) **Starting in urllib3 v2.0: Deprecated options will be removed** + +* Added default ``User-Agent`` header to every request (Pull #1750) + +* Added ``urllib3.util.SKIP_HEADER`` for skipping ``User-Agent``, ``Accept-Encoding``, + and ``Host`` headers from being automatically emitted with requests (Pull #2018) + +* Collapse ``transfer-encoding: chunked`` request data and framing into + the same ``socket.send()`` call (Pull #1906) + +* Send ``http/1.1`` ALPN identifier with every TLS handshake by default (Pull #1894) + +* Properly terminate SecureTransport connections when CA verification fails (Pull #1977) + +* Don't emit an ``SNIMissingWarning`` when passing ``server_hostname=None`` + to SecureTransport (Pull #1903) + +* Disabled requesting TLSv1.2 session tickets as they weren't being used by urllib3 (Pull #1970) + +* Suppress ``BrokenPipeError`` when writing request body after the server + has closed the socket (Pull #1524) + +* Wrap ``ssl.SSLError`` that can be raised from reading a socket (e.g. "bad MAC") + into an ``urllib3.exceptions.SSLError`` (Pull #1939) + + +1.25.11 (2020-10-19) +-------------------- + +* Fix retry backoff time parsed from ``Retry-After`` header when given + in the HTTP date format. The HTTP date was parsed as the local timezone + rather than accounting for the timezone in the HTTP date (typically + UTC) (Pull #1932, Pull #1935, Pull #1938, Pull #1949) + +* Fix issue where an error would be raised when the ``SSLKEYLOGFILE`` + environment variable was set to the empty string. Now ``SSLContext.keylog_file`` + is not set in this situation (Pull #2016) + + +1.25.10 (2020-07-22) +-------------------- + +* Added support for ``SSLKEYLOGFILE`` environment variable for + logging TLS session keys with use with programs like + Wireshark for decrypting captured web traffic (Pull #1867) + +* Fixed loading of SecureTransport libraries on macOS Big Sur + due to the new dynamic linker cache (Pull #1905) + +* Collapse chunked request bodies data and framing into one + call to ``send()`` to reduce the number of TCP packets by 2-4x (Pull #1906) + +* Don't insert ``None`` into ``ConnectionPool`` if the pool + was empty when requesting a connection (Pull #1866) + +* Avoid ``hasattr`` call in ``BrotliDecoder.decompress()`` (Pull #1858) + + +1.25.9 (2020-04-16) +------------------- + +* Added ``InvalidProxyConfigurationWarning`` which is raised when + erroneously specifying an HTTPS proxy URL. urllib3 doesn't currently + support connecting to HTTPS proxies but will soon be able to + and we would like users to migrate properly without much breakage. + + See `this GitHub issue <https://github.com/urllib3/urllib3/issues/1850>`_ + for more information on how to fix your proxy config. (Pull #1851) + +* Drain connection after ``PoolManager`` redirect (Pull #1817) + +* Ensure ``load_verify_locations`` raises ``SSLError`` for all backends (Pull #1812) + +* Rename ``VerifiedHTTPSConnection`` to ``HTTPSConnection`` (Pull #1805) + +* Allow the CA certificate data to be passed as a string (Pull #1804) + +* Raise ``ValueError`` if method contains control characters (Pull #1800) + +* Add ``__repr__`` to ``Timeout`` (Pull #1795) + + +1.25.8 (2020-01-20) +------------------- + +* Drop support for EOL Python 3.4 (Pull #1774) + +* Optimize _encode_invalid_chars (Pull #1787) + + +1.25.7 (2019-11-11) +------------------- + +* Preserve ``chunked`` parameter on retries (Pull #1715, Pull #1734) + +* Allow unset ``SERVER_SOFTWARE`` in App Engine (Pull #1704, Issue #1470) + +* Fix issue where URL fragment was sent within the request target. (Pull #1732) + +* Fix issue where an empty query section in a URL would fail to parse. (Pull #1732) + +* Remove TLS 1.3 support in SecureTransport due to Apple removing support (Pull #1703) + + +1.25.6 (2019-09-24) +------------------- + +* Fix issue where tilde (``~``) characters were incorrectly + percent-encoded in the path. (Pull #1692) + + +1.25.5 (2019-09-19) +------------------- + +* Add mitigation for BPO-37428 affecting Python <3.7.4 and OpenSSL 1.1.1+ which + caused certificate verification to be enabled when using ``cert_reqs=CERT_NONE``. + (Issue #1682) + + +1.25.4 (2019-09-19) +------------------- + +* Propagate Retry-After header settings to subsequent retries. (Pull #1607) + +* Fix edge case where Retry-After header was still respected even when + explicitly opted out of. (Pull #1607) + +* Remove dependency on ``rfc3986`` for URL parsing. + +* Fix issue where URLs containing invalid characters within ``Url.auth`` would + raise an exception instead of percent-encoding those characters. + +* Add support for ``HTTPResponse.auto_close = False`` which makes HTTP responses + work well with BufferedReaders and other ``io`` module features. (Pull #1652) + +* Percent-encode invalid characters in URL for ``HTTPConnectionPool.request()`` (Pull #1673) + + +1.25.3 (2019-05-23) +------------------- + +* Change ``HTTPSConnection`` to load system CA certificates + when ``ca_certs``, ``ca_cert_dir``, and ``ssl_context`` are + unspecified. (Pull #1608, Issue #1603) + +* Upgrade bundled rfc3986 to v1.3.2. (Pull #1609, Issue #1605) + + +1.25.2 (2019-04-28) +------------------- + +* Change ``is_ipaddress`` to not detect IPvFuture addresses. (Pull #1583) + +* Change ``parse_url`` to percent-encode invalid characters within the + path, query, and target components. (Pull #1586) + + +1.25.1 (2019-04-24) +------------------- + +* Add support for Google's ``Brotli`` package. (Pull #1572, Pull #1579) + +* Upgrade bundled rfc3986 to v1.3.1 (Pull #1578) + + +1.25 (2019-04-22) +----------------- + +* Require and validate certificates by default when using HTTPS (Pull #1507) + +* Upgraded ``urllib3.utils.parse_url()`` to be RFC 3986 compliant. (Pull #1487) + +* Added support for ``key_password`` for ``HTTPSConnectionPool`` to use + encrypted ``key_file`` without creating your own ``SSLContext`` object. (Pull #1489) + +* Add TLSv1.3 support to CPython, pyOpenSSL, and SecureTransport ``SSLContext`` + implementations. (Pull #1496) + +* Switched the default multipart header encoder from RFC 2231 to HTML 5 working draft. (Issue #303, Pull #1492) + +* Fixed issue where OpenSSL would block if an encrypted client private key was + given and no password was given. Instead an ``SSLError`` is raised. (Pull #1489) + +* Added support for Brotli content encoding. It is enabled automatically if + ``brotlipy`` package is installed which can be requested with + ``urllib3[brotli]`` extra. (Pull #1532) + +* Drop ciphers using DSS key exchange from default TLS cipher suites. + Improve default ciphers when using SecureTransport. (Pull #1496) + +* Implemented a more efficient ``HTTPResponse.__iter__()`` method. (Issue #1483) + +1.24.3 (2019-05-01) +------------------- + +* Apply fix for CVE-2019-9740. (Pull #1591) + +1.24.2 (2019-04-17) +------------------- + +* Don't load system certificates by default when any other ``ca_certs``, ``ca_certs_dir`` or + ``ssl_context`` parameters are specified. + +* Remove Authorization header regardless of case when redirecting to cross-site. (Issue #1510) + +* Add support for IPv6 addresses in subjectAltName section of certificates. (Issue #1269) + + +1.24.1 (2018-11-02) +------------------- + +* Remove quadratic behavior within ``GzipDecoder.decompress()`` (Issue #1467) + +* Restored functionality of ``ciphers`` parameter for ``create_urllib3_context()``. (Issue #1462) + + +1.24 (2018-10-16) +----------------- + +* Allow key_server_hostname to be specified when initializing a PoolManager to allow custom SNI to be overridden. (Pull #1449) + +* Test against Python 3.7 on AppVeyor. (Pull #1453) + +* Early-out ipv6 checks when running on App Engine. (Pull #1450) + +* Change ambiguous description of backoff_factor (Pull #1436) + +* Add ability to handle multiple Content-Encodings (Issue #1441 and Pull #1442) + +* Skip DNS names that can't be idna-decoded when using pyOpenSSL (Issue #1405). + +* Add a server_hostname parameter to HTTPSConnection which allows for + overriding the SNI hostname sent in the handshake. (Pull #1397) + +* Drop support for EOL Python 2.6 (Pull #1429 and Pull #1430) + +* Fixed bug where responses with header Content-Type: message/* erroneously + raised HeaderParsingError, resulting in a warning being logged. (Pull #1439) + +* Move urllib3 to src/urllib3 (Pull #1409) + + +1.23 (2018-06-04) +----------------- + +* Allow providing a list of headers to strip from requests when redirecting + to a different host. Defaults to the ``Authorization`` header. Different + headers can be set via ``Retry.remove_headers_on_redirect``. (Issue #1316) + +* Fix ``util.selectors._fileobj_to_fd`` to accept ``long`` (Issue #1247). + +* Dropped Python 3.3 support. (Pull #1242) + +* Put the connection back in the pool when calling stream() or read_chunked() on + a chunked HEAD response. (Issue #1234) + +* Fixed pyOpenSSL-specific ssl client authentication issue when clients + attempted to auth via certificate + chain (Issue #1060) + +* Add the port to the connectionpool connect print (Pull #1251) + +* Don't use the ``uuid`` module to create multipart data boundaries. (Pull #1380) + +* ``read_chunked()`` on a closed response returns no chunks. (Issue #1088) + +* Add Python 2.6 support to ``contrib.securetransport`` (Pull #1359) + +* Added support for auth info in url for SOCKS proxy (Pull #1363) + + +1.22 (2017-07-20) +----------------- + +* Fixed missing brackets in ``HTTP CONNECT`` when connecting to IPv6 address via + IPv6 proxy. (Issue #1222) + +* Made the connection pool retry on ``SSLError``. The original ``SSLError`` + is available on ``MaxRetryError.reason``. (Issue #1112) + +* Drain and release connection before recursing on retry/redirect. Fixes + deadlocks with a blocking connectionpool. (Issue #1167) + +* Fixed compatibility for cookiejar. (Issue #1229) + +* pyopenssl: Use vendored version of ``six``. (Issue #1231) + + +1.21.1 (2017-05-02) +------------------- + +* Fixed SecureTransport issue that would cause long delays in response body + delivery. (Pull #1154) + +* Fixed regression in 1.21 that threw exceptions when users passed the + ``socket_options`` flag to the ``PoolManager``. (Issue #1165) + +* Fixed regression in 1.21 that threw exceptions when users passed the + ``assert_hostname`` or ``assert_fingerprint`` flag to the ``PoolManager``. + (Pull #1157) + + +1.21 (2017-04-25) +----------------- + +* Improved performance of certain selector system calls on Python 3.5 and + later. (Pull #1095) + +* Resolved issue where the PyOpenSSL backend would not wrap SysCallError + exceptions appropriately when sending data. (Pull #1125) + +* Selectors now detects a monkey-patched select module after import for modules + that patch the select module like eventlet, greenlet. (Pull #1128) + +* Reduced memory consumption when streaming zlib-compressed responses + (as opposed to raw deflate streams). (Pull #1129) + +* Connection pools now use the entire request context when constructing the + pool key. (Pull #1016) + +* ``PoolManager.connection_from_*`` methods now accept a new keyword argument, + ``pool_kwargs``, which are merged with the existing ``connection_pool_kw``. + (Pull #1016) + +* Add retry counter for ``status_forcelist``. (Issue #1147) + +* Added ``contrib`` module for using SecureTransport on macOS: + ``urllib3.contrib.securetransport``. (Pull #1122) + +* urllib3 now only normalizes the case of ``http://`` and ``https://`` schemes: + for schemes it does not recognise, it assumes they are case-sensitive and + leaves them unchanged. + (Issue #1080) + + +1.20 (2017-01-19) +----------------- + +* Added support for waiting for I/O using selectors other than select, + improving urllib3's behaviour with large numbers of concurrent connections. + (Pull #1001) + +* Updated the date for the system clock check. (Issue #1005) + +* ConnectionPools now correctly consider hostnames to be case-insensitive. + (Issue #1032) + +* Outdated versions of PyOpenSSL now cause the PyOpenSSL contrib module + to fail when it is injected, rather than at first use. (Pull #1063) + +* Outdated versions of cryptography now cause the PyOpenSSL contrib module + to fail when it is injected, rather than at first use. (Issue #1044) + +* Automatically attempt to rewind a file-like body object when a request is + retried or redirected. (Pull #1039) + +* Fix some bugs that occur when modules incautiously patch the queue module. + (Pull #1061) + +* Prevent retries from occurring on read timeouts for which the request method + was not in the method whitelist. (Issue #1059) + +* Changed the PyOpenSSL contrib module to lazily load idna to avoid + unnecessarily bloating the memory of programs that don't need it. (Pull + #1076) + +* Add support for IPv6 literals with zone identifiers. (Pull #1013) + +* Added support for socks5h:// and socks4a:// schemes when working with SOCKS + proxies, and controlled remote DNS appropriately. (Issue #1035) + + +1.19.1 (2016-11-16) +------------------- + +* Fixed AppEngine import that didn't function on Python 3.5. (Pull #1025) + + +1.19 (2016-11-03) +----------------- + +* urllib3 now respects Retry-After headers on 413, 429, and 503 responses when + using the default retry logic. (Pull #955) + +* Remove markers from setup.py to assist ancient setuptools versions. (Issue + #986) + +* Disallow superscripts and other integerish things in URL ports. (Issue #989) + +* Allow urllib3's HTTPResponse.stream() method to continue to work with + non-httplib underlying FPs. (Pull #990) + +* Empty filenames in multipart headers are now emitted as such, rather than + being suppressed. (Issue #1015) + +* Prefer user-supplied Host headers on chunked uploads. (Issue #1009) + + +1.18.1 (2016-10-27) +------------------- + +* CVE-2016-9015. Users who are using urllib3 version 1.17 or 1.18 along with + PyOpenSSL injection and OpenSSL 1.1.0 *must* upgrade to this version. This + release fixes a vulnerability whereby urllib3 in the above configuration + would silently fail to validate TLS certificates due to erroneously setting + invalid flags in OpenSSL's ``SSL_CTX_set_verify`` function. These erroneous + flags do not cause a problem in OpenSSL versions before 1.1.0, which + interprets the presence of any flag as requesting certificate validation. + + There is no PR for this patch, as it was prepared for simultaneous disclosure + and release. The master branch received the same fix in Pull #1010. + + +1.18 (2016-09-26) +----------------- + +* Fixed incorrect message for IncompleteRead exception. (Pull #973) + +* Accept ``iPAddress`` subject alternative name fields in TLS certificates. + (Issue #258) + +* Fixed consistency of ``HTTPResponse.closed`` between Python 2 and 3. + (Issue #977) + +* Fixed handling of wildcard certificates when using PyOpenSSL. (Issue #979) + + +1.17 (2016-09-06) +----------------- + +* Accept ``SSLContext`` objects for use in SSL/TLS negotiation. (Issue #835) + +* ConnectionPool debug log now includes scheme, host, and port. (Issue #897) + +* Substantially refactored documentation. (Issue #887) + +* Used URLFetch default timeout on AppEngine, rather than hardcoding our own. + (Issue #858) + +* Normalize the scheme and host in the URL parser (Issue #833) + +* ``HTTPResponse`` contains the last ``Retry`` object, which now also + contains retries history. (Issue #848) + +* Timeout can no longer be set as boolean, and must be greater than zero. + (Pull #924) + +* Removed pyasn1 and ndg-httpsclient from dependencies used for PyOpenSSL. We + now use cryptography and idna, both of which are already dependencies of + PyOpenSSL. (Pull #930) + +* Fixed infinite loop in ``stream`` when amt=None. (Issue #928) + +* Try to use the operating system's certificates when we are using an + ``SSLContext``. (Pull #941) + +* Updated cipher suite list to allow ChaCha20+Poly1305. AES-GCM is preferred to + ChaCha20, but ChaCha20 is then preferred to everything else. (Pull #947) + +* Updated cipher suite list to remove 3DES-based cipher suites. (Pull #958) + +* Removed the cipher suite fallback to allow HIGH ciphers. (Pull #958) + +* Implemented ``length_remaining`` to determine remaining content + to be read. (Pull #949) + +* Implemented ``enforce_content_length`` to enable exceptions when + incomplete data chunks are received. (Pull #949) + +* Dropped connection start, dropped connection reset, redirect, forced retry, + and new HTTPS connection log levels to DEBUG, from INFO. (Pull #967) + + +1.16 (2016-06-11) +----------------- + +* Disable IPv6 DNS when IPv6 connections are not possible. (Issue #840) + +* Provide ``key_fn_by_scheme`` pool keying mechanism that can be + overridden. (Issue #830) + +* Normalize scheme and host to lowercase for pool keys, and include + ``source_address``. (Issue #830) + +* Cleaner exception chain in Python 3 for ``_make_request``. + (Issue #861) + +* Fixed installing ``urllib3[socks]`` extra. (Issue #864) + +* Fixed signature of ``ConnectionPool.close`` so it can actually safely be + called by subclasses. (Issue #873) + +* Retain ``release_conn`` state across retries. (Issues #651, #866) + +* Add customizable ``HTTPConnectionPool.ResponseCls``, which defaults to + ``HTTPResponse`` but can be replaced with a subclass. (Issue #879) + + +1.15.1 (2016-04-11) +------------------- + +* Fix packaging to include backports module. (Issue #841) + + +1.15 (2016-04-06) +----------------- + +* Added Retry(raise_on_status=False). (Issue #720) + +* Always use setuptools, no more distutils fallback. (Issue #785) + +* Dropped support for Python 3.2. (Issue #786) + +* Chunked transfer encoding when requesting with ``chunked=True``. + (Issue #790) + +* Fixed regression with IPv6 port parsing. (Issue #801) + +* Append SNIMissingWarning messages to allow users to specify it in + the PYTHONWARNINGS environment variable. (Issue #816) + +* Handle unicode headers in Py2. (Issue #818) + +* Log certificate when there is a hostname mismatch. (Issue #820) + +* Preserve order of request/response headers. (Issue #821) + + +1.14 (2015-12-29) +----------------- + +* contrib: SOCKS proxy support! (Issue #762) + +* Fixed AppEngine handling of transfer-encoding header and bug + in Timeout defaults checking. (Issue #763) + + +1.13.1 (2015-12-18) +------------------- + +* Fixed regression in IPv6 + SSL for match_hostname. (Issue #761) + + +1.13 (2015-12-14) +----------------- + +* Fixed ``pip install urllib3[secure]`` on modern pip. (Issue #706) + +* pyopenssl: Fixed SSL3_WRITE_PENDING error. (Issue #717) + +* pyopenssl: Support for TLSv1.1 and TLSv1.2. (Issue #696) + +* Close connections more defensively on exception. (Issue #734) + +* Adjusted ``read_chunked`` to handle gzipped, chunk-encoded bodies without + repeatedly flushing the decoder, to function better on Jython. (Issue #743) + +* Accept ``ca_cert_dir`` for SSL-related PoolManager configuration. (Issue #758) + + +1.12 (2015-09-03) +----------------- + +* Rely on ``six`` for importing ``httplib`` to work around + conflicts with other Python 3 shims. (Issue #688) + +* Add support for directories of certificate authorities, as supported by + OpenSSL. (Issue #701) + +* New exception: ``NewConnectionError``, raised when we fail to establish + a new connection, usually ``ECONNREFUSED`` socket error. + + +1.11 (2015-07-21) +----------------- + +* When ``ca_certs`` is given, ``cert_reqs`` defaults to + ``'CERT_REQUIRED'``. (Issue #650) + +* ``pip install urllib3[secure]`` will install Certifi and + PyOpenSSL as dependencies. (Issue #678) + +* Made ``HTTPHeaderDict`` usable as a ``headers`` input value + (Issues #632, #679) + +* Added `urllib3.contrib.appengine <https://urllib3.readthedocs.io/en/latest/contrib.html#google-app-engine>`_ + which has an ``AppEngineManager`` for using ``URLFetch`` in a + Google AppEngine environment. (Issue #664) + +* Dev: Added test suite for AppEngine. (Issue #631) + +* Fix performance regression when using PyOpenSSL. (Issue #626) + +* Passing incorrect scheme (e.g. ``foo://``) will raise + ``ValueError`` instead of ``AssertionError`` (backwards + compatible for now, but please migrate). (Issue #640) + +* Fix pools not getting replenished when an error occurs during a + request using ``release_conn=False``. (Issue #644) + +* Fix pool-default headers not applying for url-encoded requests + like GET. (Issue #657) + +* log.warning in Python 3 when headers are skipped due to parsing + errors. (Issue #642) + +* Close and discard connections if an error occurs during read. + (Issue #660) + +* Fix host parsing for IPv6 proxies. (Issue #668) + +* Separate warning type SubjectAltNameWarning, now issued once + per host. (Issue #671) + +* Fix ``httplib.IncompleteRead`` not getting converted to + ``ProtocolError`` when using ``HTTPResponse.stream()`` + (Issue #674) + +1.10.4 (2015-05-03) +------------------- + +* Migrate tests to Tornado 4. (Issue #594) + +* Append default warning configuration rather than overwrite. + (Issue #603) + +* Fix streaming decoding regression. (Issue #595) + +* Fix chunked requests losing state across keep-alive connections. + (Issue #599) + +* Fix hanging when chunked HEAD response has no body. (Issue #605) + + +1.10.3 (2015-04-21) +------------------- + +* Emit ``InsecurePlatformWarning`` when SSLContext object is missing. + (Issue #558) + +* Fix regression of duplicate header keys being discarded. + (Issue #563) + +* ``Response.stream()`` returns a generator for chunked responses. + (Issue #560) + +* Set upper-bound timeout when waiting for a socket in PyOpenSSL. + (Issue #585) + +* Work on platforms without `ssl` module for plain HTTP requests. + (Issue #587) + +* Stop relying on the stdlib's default cipher list. (Issue #588) + + +1.10.2 (2015-02-25) +------------------- + +* Fix file descriptor leakage on retries. (Issue #548) + +* Removed RC4 from default cipher list. (Issue #551) + +* Header performance improvements. (Issue #544) + +* Fix PoolManager not obeying redirect retry settings. (Issue #553) + + +1.10.1 (2015-02-10) +------------------- + +* Pools can be used as context managers. (Issue #545) + +* Don't re-use connections which experienced an SSLError. (Issue #529) + +* Don't fail when gzip decoding an empty stream. (Issue #535) + +* Add sha256 support for fingerprint verification. (Issue #540) + +* Fixed handling of header values containing commas. (Issue #533) + + +1.10 (2014-12-14) +----------------- + +* Disabled SSLv3. (Issue #473) + +* Add ``Url.url`` property to return the composed url string. (Issue #394) + +* Fixed PyOpenSSL + gevent ``WantWriteError``. (Issue #412) + +* ``MaxRetryError.reason`` will always be an exception, not string. + (Issue #481) + +* Fixed SSL-related timeouts not being detected as timeouts. (Issue #492) + +* Py3: Use ``ssl.create_default_context()`` when available. (Issue #473) + +* Emit ``InsecureRequestWarning`` for *every* insecure HTTPS request. + (Issue #496) + +* Emit ``SecurityWarning`` when certificate has no ``subjectAltName``. + (Issue #499) + +* Close and discard sockets which experienced SSL-related errors. + (Issue #501) + +* Handle ``body`` param in ``.request(...)``. (Issue #513) + +* Respect timeout with HTTPS proxy. (Issue #505) + +* PyOpenSSL: Handle ZeroReturnError exception. (Issue #520) + + +1.9.1 (2014-09-13) +------------------ + +* Apply socket arguments before binding. (Issue #427) + +* More careful checks if fp-like object is closed. (Issue #435) + +* Fixed packaging issues of some development-related files not + getting included. (Issue #440) + +* Allow performing *only* fingerprint verification. (Issue #444) + +* Emit ``SecurityWarning`` if system clock is waaay off. (Issue #445) + +* Fixed PyOpenSSL compatibility with PyPy. (Issue #450) + +* Fixed ``BrokenPipeError`` and ``ConnectionError`` handling in Py3. + (Issue #443) + + + +1.9 (2014-07-04) +---------------- + +* Shuffled around development-related files. If you're maintaining a distro + package of urllib3, you may need to tweak things. (Issue #415) + +* Unverified HTTPS requests will trigger a warning on the first request. See + our new `security documentation + <https://urllib3.readthedocs.io/en/latest/security.html>`_ for details. + (Issue #426) + +* New retry logic and ``urllib3.util.retry.Retry`` configuration object. + (Issue #326) + +* All raised exceptions should now wrapped in a + ``urllib3.exceptions.HTTPException``-extending exception. (Issue #326) + +* All errors during a retry-enabled request should be wrapped in + ``urllib3.exceptions.MaxRetryError``, including timeout-related exceptions + which were previously exempt. Underlying error is accessible from the + ``.reason`` property. (Issue #326) + +* ``urllib3.exceptions.ConnectionError`` renamed to + ``urllib3.exceptions.ProtocolError``. (Issue #326) + +* Errors during response read (such as IncompleteRead) are now wrapped in + ``urllib3.exceptions.ProtocolError``. (Issue #418) + +* Requesting an empty host will raise ``urllib3.exceptions.LocationValueError``. + (Issue #417) + +* Catch read timeouts over SSL connections as + ``urllib3.exceptions.ReadTimeoutError``. (Issue #419) + +* Apply socket arguments before connecting. (Issue #427) + + +1.8.3 (2014-06-23) +------------------ + +* Fix TLS verification when using a proxy in Python 3.4.1. (Issue #385) + +* Add ``disable_cache`` option to ``urllib3.util.make_headers``. (Issue #393) + +* Wrap ``socket.timeout`` exception with + ``urllib3.exceptions.ReadTimeoutError``. (Issue #399) + +* Fixed proxy-related bug where connections were being reused incorrectly. + (Issues #366, #369) + +* Added ``socket_options`` keyword parameter which allows to define + ``setsockopt`` configuration of new sockets. (Issue #397) + +* Removed ``HTTPConnection.tcp_nodelay`` in favor of + ``HTTPConnection.default_socket_options``. (Issue #397) + +* Fixed ``TypeError`` bug in Python 2.6.4. (Issue #411) + + +1.8.2 (2014-04-17) +------------------ + +* Fix ``urllib3.util`` not being included in the package. + + +1.8.1 (2014-04-17) +------------------ + +* Fix AppEngine bug of HTTPS requests going out as HTTP. (Issue #356) + +* Don't install ``dummyserver`` into ``site-packages`` as it's only needed + for the test suite. (Issue #362) + +* Added support for specifying ``source_address``. (Issue #352) + + +1.8 (2014-03-04) +---------------- + +* Improved url parsing in ``urllib3.util.parse_url`` (properly parse '@' in + username, and blank ports like 'hostname:'). + +* New ``urllib3.connection`` module which contains all the HTTPConnection + objects. + +* Several ``urllib3.util.Timeout``-related fixes. Also changed constructor + signature to a more sensible order. [Backwards incompatible] + (Issues #252, #262, #263) + +* Use ``backports.ssl_match_hostname`` if it's installed. (Issue #274) + +* Added ``.tell()`` method to ``urllib3.response.HTTPResponse`` which + returns the number of bytes read so far. (Issue #277) + +* Support for platforms without threading. (Issue #289) + +* Expand default-port comparison in ``HTTPConnectionPool.is_same_host`` + to allow a pool with no specified port to be considered equal to to an + HTTP/HTTPS url with port 80/443 explicitly provided. (Issue #305) + +* Improved default SSL/TLS settings to avoid vulnerabilities. + (Issue #309) + +* Fixed ``urllib3.poolmanager.ProxyManager`` not retrying on connect errors. + (Issue #310) + +* Disable Nagle's Algorithm on the socket for non-proxies. A subset of requests + will send the entire HTTP request ~200 milliseconds faster; however, some of + the resulting TCP packets will be smaller. (Issue #254) + +* Increased maximum number of SubjectAltNames in ``urllib3.contrib.pyopenssl`` + from the default 64 to 1024 in a single certificate. (Issue #318) + +* Headers are now passed and stored as a custom + ``urllib3.collections_.HTTPHeaderDict`` object rather than a plain ``dict``. + (Issue #329, #333) + +* Headers no longer lose their case on Python 3. (Issue #236) + +* ``urllib3.contrib.pyopenssl`` now uses the operating system's default CA + certificates on inject. (Issue #332) + +* Requests with ``retries=False`` will immediately raise any exceptions without + wrapping them in ``MaxRetryError``. (Issue #348) + +* Fixed open socket leak with SSL-related failures. (Issue #344, #348) + + +1.7.1 (2013-09-25) +------------------ + +* Added granular timeout support with new ``urllib3.util.Timeout`` class. + (Issue #231) + +* Fixed Python 3.4 support. (Issue #238) + + +1.7 (2013-08-14) +---------------- + +* More exceptions are now pickle-able, with tests. (Issue #174) + +* Fixed redirecting with relative URLs in Location header. (Issue #178) + +* Support for relative urls in ``Location: ...`` header. (Issue #179) + +* ``urllib3.response.HTTPResponse`` now inherits from ``io.IOBase`` for bonus + file-like functionality. (Issue #187) + +* Passing ``assert_hostname=False`` when creating a HTTPSConnectionPool will + skip hostname verification for SSL connections. (Issue #194) + +* New method ``urllib3.response.HTTPResponse.stream(...)`` which acts as a + generator wrapped around ``.read(...)``. (Issue #198) + +* IPv6 url parsing enforces brackets around the hostname. (Issue #199) + +* Fixed thread race condition in + ``urllib3.poolmanager.PoolManager.connection_from_host(...)`` (Issue #204) + +* ``ProxyManager`` requests now include non-default port in ``Host: ...`` + header. (Issue #217) + +* Added HTTPS proxy support in ``ProxyManager``. (Issue #170 #139) + +* New ``RequestField`` object can be passed to the ``fields=...`` param which + can specify headers. (Issue #220) + +* Raise ``urllib3.exceptions.ProxyError`` when connecting to proxy fails. + (Issue #221) + +* Use international headers when posting file names. (Issue #119) + +* Improved IPv6 support. (Issue #203) + + +1.6 (2013-04-25) +---------------- + +* Contrib: Optional SNI support for Py2 using PyOpenSSL. (Issue #156) + +* ``ProxyManager`` automatically adds ``Host: ...`` header if not given. + +* Improved SSL-related code. ``cert_req`` now optionally takes a string like + "REQUIRED" or "NONE". Same with ``ssl_version`` takes strings like "SSLv23" + The string values reflect the suffix of the respective constant variable. + (Issue #130) + +* Vendored ``socksipy`` now based on Anorov's fork which handles unexpectedly + closed proxy connections and larger read buffers. (Issue #135) + +* Ensure the connection is closed if no data is received, fixes connection leak + on some platforms. (Issue #133) + +* Added SNI support for SSL/TLS connections on Py32+. (Issue #89) + +* Tests fixed to be compatible with Py26 again. (Issue #125) + +* Added ability to choose SSL version by passing an ``ssl.PROTOCOL_*`` constant + to the ``ssl_version`` parameter of ``HTTPSConnectionPool``. (Issue #109) + +* Allow an explicit content type to be specified when encoding file fields. + (Issue #126) + +* Exceptions are now pickleable, with tests. (Issue #101) + +* Fixed default headers not getting passed in some cases. (Issue #99) + +* Treat "content-encoding" header value as case-insensitive, per RFC 2616 + Section 3.5. (Issue #110) + +* "Connection Refused" SocketErrors will get retried rather than raised. + (Issue #92) + +* Updated vendored ``six``, no longer overrides the global ``six`` module + namespace. (Issue #113) + +* ``urllib3.exceptions.MaxRetryError`` contains a ``reason`` property holding + the exception that prompted the final retry. If ``reason is None`` then it + was due to a redirect. (Issue #92, #114) + +* Fixed ``PoolManager.urlopen()`` from not redirecting more than once. + (Issue #149) + +* Don't assume ``Content-Type: text/plain`` for multi-part encoding parameters + that are not files. (Issue #111) + +* Pass `strict` param down to ``httplib.HTTPConnection``. (Issue #122) + +* Added mechanism to verify SSL certificates by fingerprint (md5, sha1) or + against an arbitrary hostname (when connecting by IP or for misconfigured + servers). (Issue #140) + +* Streaming decompression support. (Issue #159) + + +1.5 (2012-08-02) +---------------- + +* Added ``urllib3.add_stderr_logger()`` for quickly enabling STDERR debug + logging in urllib3. + +* Native full URL parsing (including auth, path, query, fragment) available in + ``urllib3.util.parse_url(url)``. + +* Built-in redirect will switch method to 'GET' if status code is 303. + (Issue #11) + +* ``urllib3.PoolManager`` strips the scheme and host before sending the request + uri. (Issue #8) + +* New ``urllib3.exceptions.DecodeError`` exception for when automatic decoding, + based on the Content-Type header, fails. + +* Fixed bug with pool depletion and leaking connections (Issue #76). Added + explicit connection closing on pool eviction. Added + ``urllib3.PoolManager.clear()``. + +* 99% -> 100% unit test coverage. + + +1.4 (2012-06-16) +---------------- + +* Minor AppEngine-related fixes. + +* Switched from ``mimetools.choose_boundary`` to ``uuid.uuid4()``. + +* Improved url parsing. (Issue #73) + +* IPv6 url support. (Issue #72) + + +1.3 (2012-03-25) +---------------- + +* Removed pre-1.0 deprecated API. + +* Refactored helpers into a ``urllib3.util`` submodule. + +* Fixed multipart encoding to support list-of-tuples for keys with multiple + values. (Issue #48) + +* Fixed multiple Set-Cookie headers in response not getting merged properly in + Python 3. (Issue #53) + +* AppEngine support with Py27. (Issue #61) + +* Minor ``encode_multipart_formdata`` fixes related to Python 3 strings vs + bytes. + + +1.2.2 (2012-02-06) +------------------ + +* Fixed packaging bug of not shipping ``test-requirements.txt``. (Issue #47) + + +1.2.1 (2012-02-05) +------------------ + +* Fixed another bug related to when ``ssl`` module is not available. (Issue #41) + +* Location parsing errors now raise ``urllib3.exceptions.LocationParseError`` + which inherits from ``ValueError``. + + +1.2 (2012-01-29) +---------------- + +* Added Python 3 support (tested on 3.2.2) + +* Dropped Python 2.5 support (tested on 2.6.7, 2.7.2) + +* Use ``select.poll`` instead of ``select.select`` for platforms that support + it. + +* Use ``Queue.LifoQueue`` instead of ``Queue.Queue`` for more aggressive + connection reusing. Configurable by overriding ``ConnectionPool.QueueCls``. + +* Fixed ``ImportError`` during install when ``ssl`` module is not available. + (Issue #41) + +* Fixed ``PoolManager`` redirects between schemes (such as HTTP -> HTTPS) not + completing properly. (Issue #28, uncovered by Issue #10 in v1.1) + +* Ported ``dummyserver`` to use ``tornado`` instead of ``webob`` + + ``eventlet``. Removed extraneous unsupported dummyserver testing backends. + Added socket-level tests. + +* More tests. Achievement Unlocked: 99% Coverage. + + +1.1 (2012-01-07) +---------------- + +* Refactored ``dummyserver`` to its own root namespace module (used for + testing). + +* Added hostname verification for ``VerifiedHTTPSConnection`` by vendoring in + Py32's ``ssl_match_hostname``. (Issue #25) + +* Fixed cross-host HTTP redirects when using ``PoolManager``. (Issue #10) + +* Fixed ``decode_content`` being ignored when set through ``urlopen``. (Issue + #27) + +* Fixed timeout-related bugs. (Issues #17, #23) + + +1.0.2 (2011-11-04) +------------------ + +* Fixed typo in ``VerifiedHTTPSConnection`` which would only present as a bug if + you're using the object manually. (Thanks pyos) + +* Made RecentlyUsedContainer (and consequently PoolManager) more thread-safe by + wrapping the access log in a mutex. (Thanks @christer) + +* Made RecentlyUsedContainer more dict-like (corrected ``__delitem__`` and + ``__getitem__`` behaviour), with tests. Shouldn't affect core urllib3 code. + + +1.0.1 (2011-10-10) +------------------ + +* Fixed a bug where the same connection would get returned into the pool twice, + causing extraneous "HttpConnectionPool is full" log warnings. + + +1.0 (2011-10-08) +---------------- + +* Added ``PoolManager`` with LRU expiration of connections (tested and + documented). +* Added ``ProxyManager`` (needs tests, docs, and confirmation that it works + with HTTPS proxies). +* Added optional partial-read support for responses when + ``preload_content=False``. You can now make requests and just read the headers + without loading the content. +* Made response decoding optional (default on, same as before). +* Added optional explicit boundary string for ``encode_multipart_formdata``. +* Convenience request methods are now inherited from ``RequestMethods``. Old + helpers like ``get_url`` and ``post_url`` should be abandoned in favour of + the new ``request(method, url, ...)``. +* Refactored code to be even more decoupled, reusable, and extendable. +* License header added to ``.py`` files. +* Embiggened the documentation: Lots of Sphinx-friendly docstrings in the code + and docs in ``docs/`` and on https://urllib3.readthedocs.io/. +* Embettered all the things! +* Started writing this file. + + +0.4.1 (2011-07-17) +------------------ + +* Minor bug fixes, code cleanup. + + +0.4 (2011-03-01) +---------------- + +* Better unicode support. +* Added ``VerifiedHTTPSConnection``. +* Added ``NTLMConnectionPool`` in contrib. +* Minor improvements. + + +0.3.1 (2010-07-13) +------------------ + +* Added ``assert_host_name`` optional parameter. Now compatible with proxies. + + +0.3 (2009-12-10) +---------------- + +* Added HTTPS support. +* Minor bug fixes. +* Refactored, broken backwards compatibility with 0.2. +* API to be treated as stable from this version forward. + + +0.2 (2008-11-17) +---------------- + +* Added unit tests. +* Bug fixes. + + +0.1 (2008-11-16) +---------------- + +* First release. + + diff -Nru python-urllib3-1.26.4/src/urllib3/connectionpool.py python-urllib3-1.26.5/src/urllib3/connectionpool.py --- python-urllib3-1.26.4/src/urllib3/connectionpool.py 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/src/urllib3/connectionpool.py 2021-05-26 19:01:29.000000000 +0200 @@ -318,7 +318,7 @@ pass def _get_timeout(self, timeout): - """ Helper that always returns a :class:`urllib3.util.Timeout` """ + """Helper that always returns a :class:`urllib3.util.Timeout`""" if timeout is _Default: return self.timeout.clone() diff -Nru python-urllib3-1.26.4/src/urllib3/connection.py python-urllib3-1.26.5/src/urllib3/connection.py --- python-urllib3-1.26.4/src/urllib3/connection.py 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/src/urllib3/connection.py 2021-05-26 19:01:29.000000000 +0200 @@ -201,7 +201,7 @@ self._prepare_conn(conn) def putrequest(self, method, url, *args, **kwargs): - """""" + """ """ # Empty docstring because the indentation of CPython's implementation # is broken but we don't want this method in our documentation. match = _CONTAINS_CONTROL_CHAR_RE.search(method) @@ -214,7 +214,7 @@ return _HTTPConnection.putrequest(self, method, url, *args, **kwargs) def putheader(self, header, *values): - """""" + """ """ if not any(isinstance(v, str) and v == SKIP_HEADER for v in values): _HTTPConnection.putheader(self, header, *values) elif six.ensure_str(header.lower()) not in SKIPPABLE_HEADERS: diff -Nru python-urllib3-1.26.4/src/urllib3/contrib/pyopenssl.py python-urllib3-1.26.5/src/urllib3/contrib/pyopenssl.py --- python-urllib3-1.26.4/src/urllib3/contrib/pyopenssl.py 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/src/urllib3/contrib/pyopenssl.py 2021-05-26 19:01:29.000000000 +0200 @@ -76,6 +76,7 @@ from .. import util from ..packages import six +from ..util.ssl_ import PROTOCOL_TLS_CLIENT __all__ = ["inject_into_urllib3", "extract_from_urllib3"] @@ -85,6 +86,7 @@ # Map from urllib3 to PyOpenSSL compatible parameter-values. _openssl_versions = { util.PROTOCOL_TLS: OpenSSL.SSL.SSLv23_METHOD, + PROTOCOL_TLS_CLIENT: OpenSSL.SSL.SSLv23_METHOD, ssl.PROTOCOL_TLSv1: OpenSSL.SSL.TLSv1_METHOD, } diff -Nru python-urllib3-1.26.4/src/urllib3/contrib/securetransport.py python-urllib3-1.26.5/src/urllib3/contrib/securetransport.py --- python-urllib3-1.26.4/src/urllib3/contrib/securetransport.py 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/src/urllib3/contrib/securetransport.py 2021-05-26 19:01:29.000000000 +0200 @@ -67,6 +67,7 @@ import six from .. import util +from ..util.ssl_ import PROTOCOL_TLS_CLIENT from ._securetransport.bindings import CoreFoundation, Security, SecurityConst from ._securetransport.low_level import ( _assert_no_error, @@ -154,7 +155,8 @@ # TLSv1 and a high of TLSv1.2. For everything else, we pin to that version. # TLSv1 to 1.2 are supported on macOS 10.8+ _protocol_to_min_max = { - util.PROTOCOL_TLS: (SecurityConst.kTLSProtocol1, SecurityConst.kTLSProtocol12) + util.PROTOCOL_TLS: (SecurityConst.kTLSProtocol1, SecurityConst.kTLSProtocol12), + PROTOCOL_TLS_CLIENT: (SecurityConst.kTLSProtocol1, SecurityConst.kTLSProtocol12), } if hasattr(ssl, "PROTOCOL_SSLv2"): diff -Nru python-urllib3-1.26.4/src/urllib3/packages/six.py python-urllib3-1.26.5/src/urllib3/packages/six.py --- python-urllib3-1.26.4/src/urllib3/packages/six.py 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/src/urllib3/packages/six.py 2021-05-26 19:01:29.000000000 +0200 @@ -1,4 +1,4 @@ -# Copyright (c) 2010-2019 Benjamin Peterson +# Copyright (c) 2010-2020 Benjamin Peterson # # Permission is hereby granted, free of charge, to any person obtaining a copy # of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ import types __author__ = "Benjamin Peterson <benjamin@python.org>" -__version__ = "1.12.0" +__version__ = "1.16.0" # Useful for very coarse version differentiation. @@ -71,6 +71,11 @@ MAXSIZE = int((1 << 63) - 1) del X +if PY34: + from importlib.util import spec_from_loader +else: + spec_from_loader = None + def _add_doc(func, doc): """Add documentation to a function.""" @@ -182,6 +187,11 @@ return self return None + def find_spec(self, fullname, path, target=None): + if fullname in self.known_modules: + return spec_from_loader(fullname, self) + return None + def __get_module(self, fullname): try: return self.known_modules[fullname] @@ -220,6 +230,12 @@ get_source = get_code # same as get_code + def create_module(self, spec): + return self.load_module(spec.name) + + def exec_module(self, module): + pass + _importer = _SixMetaPathImporter(__name__) @@ -260,9 +276,19 @@ ), MovedModule("builtins", "__builtin__"), MovedModule("configparser", "ConfigParser"), + MovedModule( + "collections_abc", + "collections", + "collections.abc" if sys.version_info >= (3, 3) else "collections", + ), MovedModule("copyreg", "copy_reg"), MovedModule("dbm_gnu", "gdbm", "dbm.gnu"), - MovedModule("_dummy_thread", "dummy_thread", "_dummy_thread"), + MovedModule("dbm_ndbm", "dbm", "dbm.ndbm"), + MovedModule( + "_dummy_thread", + "dummy_thread", + "_dummy_thread" if sys.version_info < (3, 9) else "_thread", + ), MovedModule("http_cookiejar", "cookielib", "http.cookiejar"), MovedModule("http_cookies", "Cookie", "http.cookies"), MovedModule("html_entities", "htmlentitydefs", "html.entities"), @@ -307,7 +333,9 @@ ] # Add windows specific modules. if sys.platform == "win32": - _moved_attributes += [MovedModule("winreg", "_winreg")] + _moved_attributes += [ + MovedModule("winreg", "_winreg"), + ] for attr in _moved_attributes: setattr(_MovedItems, attr.name, attr) @@ -476,7 +504,7 @@ _urllib_robotparser_moved_attributes = [ - MovedAttribute("RobotFileParser", "robotparser", "urllib.robotparser") + MovedAttribute("RobotFileParser", "robotparser", "urllib.robotparser"), ] for attr in _urllib_robotparser_moved_attributes: setattr(Module_six_moves_urllib_robotparser, attr.name, attr) @@ -678,9 +706,11 @@ if sys.version_info[1] <= 1: _assertRaisesRegex = "assertRaisesRegexp" _assertRegex = "assertRegexpMatches" + _assertNotRegex = "assertNotRegexpMatches" else: _assertRaisesRegex = "assertRaisesRegex" _assertRegex = "assertRegex" + _assertNotRegex = "assertNotRegex" else: def b(s): @@ -707,6 +737,7 @@ _assertCountEqual = "assertItemsEqual" _assertRaisesRegex = "assertRaisesRegexp" _assertRegex = "assertRegexpMatches" + _assertNotRegex = "assertNotRegexpMatches" _add_doc(b, """Byte literal""") _add_doc(u, """Text literal""") @@ -723,6 +754,10 @@ return getattr(self, _assertRegex)(*args, **kwargs) +def assertNotRegex(self, *args, **kwargs): + return getattr(self, _assertNotRegex)(*args, **kwargs) + + if PY3: exec_ = getattr(moves.builtins, "exec") @@ -762,18 +797,7 @@ ) -if sys.version_info[:2] == (3, 2): - exec_( - """def raise_from(value, from_value): - try: - if from_value is None: - raise value - raise value from from_value - finally: - value = None -""" - ) -elif sys.version_info[:2] > (3, 2): +if sys.version_info[:2] > (3,): exec_( """def raise_from(value, from_value): try: @@ -863,19 +887,41 @@ _add_doc(reraise, """Reraise an exception.""") if sys.version_info[0:2] < (3, 4): + # This does exactly the same what the :func:`py3:functools.update_wrapper` + # function does on Python versions after 3.2. It sets the ``__wrapped__`` + # attribute on ``wrapper`` object and it doesn't raise an error if any of + # the attributes mentioned in ``assigned`` and ``updated`` are missing on + # ``wrapped`` object. + def _update_wrapper( + wrapper, + wrapped, + assigned=functools.WRAPPER_ASSIGNMENTS, + updated=functools.WRAPPER_UPDATES, + ): + for attr in assigned: + try: + value = getattr(wrapped, attr) + except AttributeError: + continue + else: + setattr(wrapper, attr, value) + for attr in updated: + getattr(wrapper, attr).update(getattr(wrapped, attr, {})) + wrapper.__wrapped__ = wrapped + return wrapper + + _update_wrapper.__doc__ = functools.update_wrapper.__doc__ def wraps( wrapped, assigned=functools.WRAPPER_ASSIGNMENTS, updated=functools.WRAPPER_UPDATES, ): - def wrapper(f): - f = functools.wraps(wrapped, assigned, updated)(f) - f.__wrapped__ = wrapped - return f - - return wrapper + return functools.partial( + _update_wrapper, wrapped=wrapped, assigned=assigned, updated=updated + ) + wraps.__doc__ = functools.wraps.__doc__ else: wraps = functools.wraps @@ -888,7 +934,15 @@ # the actual metaclass. class metaclass(type): def __new__(cls, name, this_bases, d): - return meta(name, bases, d) + if sys.version_info[:2] >= (3, 7): + # This version introduced PEP 560 that requires a bit + # of extra care (we mimic what is done by __build_class__). + resolved_bases = types.resolve_bases(bases) + if resolved_bases is not bases: + d["__orig_bases__"] = bases + else: + resolved_bases = bases + return meta(name, resolved_bases, d) @classmethod def __prepare__(cls, name, this_bases): @@ -928,12 +982,11 @@ - `str` -> encoded to `bytes` - `bytes` -> `bytes` """ + if isinstance(s, binary_type): + return s if isinstance(s, text_type): return s.encode(encoding, errors) - elif isinstance(s, binary_type): - return s - else: - raise TypeError("not expecting type '%s'" % type(s)) + raise TypeError("not expecting type '%s'" % type(s)) def ensure_str(s, encoding="utf-8", errors="strict"): @@ -947,12 +1000,15 @@ - `str` -> `str` - `bytes` -> decoded to `str` """ - if not isinstance(s, (text_type, binary_type)): - raise TypeError("not expecting type '%s'" % type(s)) + # Optimization: Fast return for the common case. + if type(s) is str: + return s if PY2 and isinstance(s, text_type): - s = s.encode(encoding, errors) + return s.encode(encoding, errors) elif PY3 and isinstance(s, binary_type): - s = s.decode(encoding, errors) + return s.decode(encoding, errors) + elif not isinstance(s, (text_type, binary_type)): + raise TypeError("not expecting type '%s'" % type(s)) return s @@ -977,7 +1033,7 @@ def python_2_unicode_compatible(klass): """ - A decorator that defines __unicode__ and __str__ methods under Python 2. + A class decorator that defines __unicode__ and __str__ methods under Python 2. Under Python 3 it does nothing. To support Python 2 and 3 with a single code base, define a __str__ method diff -Nru python-urllib3-1.26.4/src/urllib3/packages/ssl_match_hostname/__init__.py python-urllib3-1.26.5/src/urllib3/packages/ssl_match_hostname/__init__.py --- python-urllib3-1.26.4/src/urllib3/packages/ssl_match_hostname/__init__.py 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/src/urllib3/packages/ssl_match_hostname/__init__.py 2021-05-26 19:01:29.000000000 +0200 @@ -1,9 +1,11 @@ import sys try: - # Our match_hostname function is the same as 3.5's, so we only want to + # Our match_hostname function is the same as 3.10's, so we only want to # import the match_hostname function if it's at least that good. - if sys.version_info < (3, 5): + # We also fallback on Python 3.10+ because our code doesn't emit + # deprecation warnings and is the same as Python 3.10 otherwise. + if sys.version_info < (3, 5) or sys.version_info >= (3, 10): raise ImportError("Fallback to vendored code") from ssl import CertificateError, match_hostname diff -Nru python-urllib3-1.26.4/src/urllib3/util/connection.py python-urllib3-1.26.5/src/urllib3/util/connection.py --- python-urllib3-1.26.4/src/urllib3/util/connection.py 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/src/urllib3/util/connection.py 2021-05-26 19:01:29.000000000 +0200 @@ -118,7 +118,7 @@ def _has_ipv6(host): - """ Returns True if the system can bind an IPv6 address. """ + """Returns True if the system can bind an IPv6 address.""" sock = None has_ipv6 = False diff -Nru python-urllib3-1.26.4/src/urllib3/util/retry.py python-urllib3-1.26.5/src/urllib3/util/retry.py --- python-urllib3-1.26.4/src/urllib3/util/retry.py 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/src/urllib3/util/retry.py 2021-05-26 19:01:29.000000000 +0200 @@ -321,7 +321,7 @@ @classmethod def from_int(cls, retries, redirect=True, default=None): - """ Backwards-compatibility for the old retries format.""" + """Backwards-compatibility for the old retries format.""" if retries is None: retries = default if default is not None else cls.DEFAULT @@ -374,7 +374,7 @@ return seconds def get_retry_after(self, response): - """ Get the value of Retry-After in seconds. """ + """Get the value of Retry-After in seconds.""" retry_after = response.getheader("Retry-After") @@ -468,7 +468,7 @@ ) def is_exhausted(self): - """ Are we out of retries? """ + """Are we out of retries?""" retry_counts = ( self.total, self.connect, diff -Nru python-urllib3-1.26.4/src/urllib3/util/ssl_.py python-urllib3-1.26.5/src/urllib3/util/ssl_.py --- python-urllib3-1.26.4/src/urllib3/util/ssl_.py 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/src/urllib3/util/ssl_.py 2021-05-26 19:01:29.000000000 +0200 @@ -71,6 +71,11 @@ except ImportError: PROTOCOL_SSLv23 = PROTOCOL_TLS = 2 +try: + from ssl import PROTOCOL_TLS_CLIENT +except ImportError: + PROTOCOL_TLS_CLIENT = PROTOCOL_TLS + try: from ssl import OP_NO_COMPRESSION, OP_NO_SSLv2, OP_NO_SSLv3 @@ -278,7 +283,11 @@ Constructed SSLContext object with specified options :rtype: SSLContext """ - context = SSLContext(ssl_version or PROTOCOL_TLS) + # PROTOCOL_TLS is deprecated in Python 3.10 + if not ssl_version or ssl_version == PROTOCOL_TLS: + ssl_version = PROTOCOL_TLS_CLIENT + + context = SSLContext(ssl_version) context.set_ciphers(ciphers or DEFAULT_CIPHERS) @@ -313,13 +322,25 @@ ) is not None: context.post_handshake_auth = True - context.verify_mode = cert_reqs - if ( - getattr(context, "check_hostname", None) is not None - ): # Platform-specific: Python 3.2 - # We do our own verification, including fingerprints and alternative - # hostnames. So disable it here - context.check_hostname = False + def disable_check_hostname(): + if ( + getattr(context, "check_hostname", None) is not None + ): # Platform-specific: Python 3.2 + # We do our own verification, including fingerprints and alternative + # hostnames. So disable it here + context.check_hostname = False + + # The order of the below lines setting verify_mode and check_hostname + # matter due to safe-guards SSLContext has to prevent an SSLContext with + # check_hostname=True, verify_mode=NONE/OPTIONAL. This is made even more + # complex because we don't know whether PROTOCOL_TLS_CLIENT will be used + # or not so we don't know the initial state of the freshly created SSLContext. + if cert_reqs == ssl.CERT_REQUIRED: + context.verify_mode = cert_reqs + disable_check_hostname() + else: + disable_check_hostname() + context.verify_mode = cert_reqs # Enable logging of TLS session keys via defacto standard environment variable # 'SSLKEYLOGFILE', if the feature is available (Python 3.8+). Skip empty values. diff -Nru python-urllib3-1.26.4/src/urllib3/util/ssltransport.py python-urllib3-1.26.5/src/urllib3/util/ssltransport.py --- python-urllib3-1.26.4/src/urllib3/util/ssltransport.py 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/src/urllib3/util/ssltransport.py 2021-05-26 19:01:29.000000000 +0200 @@ -193,7 +193,7 @@ raise def _ssl_io_loop(self, func, *args): - """ Performs an I/O loop between incoming/outgoing and the socket.""" + """Performs an I/O loop between incoming/outgoing and the socket.""" should_loop = True ret = None diff -Nru python-urllib3-1.26.4/src/urllib3/util/url.py python-urllib3-1.26.5/src/urllib3/util/url.py --- python-urllib3-1.26.4/src/urllib3/util/url.py 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/src/urllib3/util/url.py 2021-05-26 19:01:29.000000000 +0200 @@ -63,12 +63,12 @@ BRACELESS_IPV6_ADDRZ_RE = re.compile("^" + IPV6_ADDRZ_PAT[2:-2] + "$") ZONE_ID_RE = re.compile("(" + ZONE_ID_PAT + r")\]$") -SUBAUTHORITY_PAT = (u"^(?:(.*)@)?(%s|%s|%s)(?::([0-9]{0,5}))?$") % ( +_HOST_PORT_PAT = ("^(%s|%s|%s)(?::([0-9]{0,5}))?$") % ( REG_NAME_PAT, IPV4_PAT, IPV6_ADDRZ_PAT, ) -SUBAUTHORITY_RE = re.compile(SUBAUTHORITY_PAT, re.UNICODE | re.DOTALL) +_HOST_PORT_RE = re.compile(_HOST_PORT_PAT, re.UNICODE | re.DOTALL) UNRESERVED_CHARS = set( "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789._-~" @@ -365,7 +365,9 @@ scheme = scheme.lower() if authority: - auth, host, port = SUBAUTHORITY_RE.match(authority).groups() + auth, _, host_port = authority.rpartition("@") + auth = auth or None + host, port = _HOST_PORT_RE.match(host_port).groups() if auth and normalize_uri: auth = _encode_invalid_chars(auth, USERINFO_CHARS) if port == "": diff -Nru python-urllib3-1.26.4/src/urllib3/_version.py python-urllib3-1.26.5/src/urllib3/_version.py --- python-urllib3-1.26.4/src/urllib3/_version.py 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/src/urllib3/_version.py 2021-05-26 19:01:29.000000000 +0200 @@ -1,2 +1,2 @@ # This file is protected via CODEOWNERS -__version__ = "1.26.4" +__version__ = "1.26.5" diff -Nru python-urllib3-1.26.4/src/urllib3.egg-info/PKG-INFO python-urllib3-1.26.5/src/urllib3.egg-info/PKG-INFO --- python-urllib3-1.26.4/src/urllib3.egg-info/PKG-INFO 2021-03-15 16:03:54.000000000 +0100 +++ python-urllib3-1.26.5/src/urllib3.egg-info/PKG-INFO 2021-05-26 19:02:03.000000000 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 2.1 Name: urllib3 -Version: 1.26.4 +Version: 1.26.5 Summary: HTTP library with thread-safe connection pooling, file post, and more. Home-page: https://urllib3.readthedocs.io/ Author: Andrey Petrov @@ -9,1328 +9,6 @@ Project-URL: Documentation, https://urllib3.readthedocs.io/ Project-URL: Code, https://github.com/urllib3/urllib3 Project-URL: Issue tracker, https://github.com/urllib3/urllib3/issues -Description: - urllib3 is a powerful, *user-friendly* HTTP client for Python. Much of the - Python ecosystem already uses urllib3 and you should too. - urllib3 brings many critical features that are missing from the Python - standard libraries: - - - Thread safety. - - Connection pooling. - - Client-side SSL/TLS verification. - - File uploads with multipart encoding. - - Helpers for retrying requests and dealing with HTTP redirects. - - Support for gzip, deflate, and brotli encoding. - - Proxy support for HTTP and SOCKS. - - 100% test coverage. - - urllib3 is powerful and easy to use: - - .. code-block:: python - - >>> import urllib3 - >>> http = urllib3.PoolManager() - >>> r = http.request('GET', 'http://httpbin.org/robots.txt') - >>> r.status - 200 - >>> r.data - 'User-agent: *\nDisallow: /deny\n' - - - Installing - ---------- - - urllib3 can be installed with `pip <https://pip.pypa.io>`_:: - - $ python -m pip install urllib3 - - Alternatively, you can grab the latest source code from `GitHub <https://github.com/urllib3/urllib3>`_:: - - $ git clone git://github.com/urllib3/urllib3.git - $ python setup.py install - - - Documentation - ------------- - - urllib3 has usage and reference documentation at `urllib3.readthedocs.io <https://urllib3.readthedocs.io>`_. - - - Contributing - ------------ - - urllib3 happily accepts contributions. Please see our - `contributing documentation <https://urllib3.readthedocs.io/en/latest/contributing.html>`_ - for some tips on getting started. - - - Security Disclosures - -------------------- - - To report a security vulnerability, please use the - `Tidelift security contact <https://tidelift.com/security>`_. - Tidelift will coordinate the fix and disclosure with maintainers. - - - Maintainers - ----------- - - - `@sethmlarson <https://github.com/sethmlarson>`__ (Seth M. Larson) - - `@pquentin <https://github.com/pquentin>`__ (Quentin Pradet) - - `@theacodes <https://github.com/theacodes>`__ (Thea Flowers) - - `@haikuginger <https://github.com/haikuginger>`__ (Jess Shapiro) - - `@lukasa <https://github.com/lukasa>`__ (Cory Benfield) - - `@sigmavirus24 <https://github.com/sigmavirus24>`__ (Ian Stapleton Cordasco) - - `@shazow <https://github.com/shazow>`__ (Andrey Petrov) - - 👋 - - - Sponsorship - ----------- - - If your company benefits from this library, please consider `sponsoring its - development <https://urllib3.readthedocs.io/en/latest/sponsors.html>`_. - - - For Enterprise - -------------- - - .. |tideliftlogo| image:: https://nedbatchelder.com/pix/Tidelift_Logos_RGB_Tidelift_Shorthand_On-White_small.png - :width: 75 - :alt: Tidelift - - .. list-table:: - :widths: 10 100 - - * - |tideliftlogo| - - Professional support for urllib3 is available as part of the `Tidelift - Subscription`_. Tidelift gives software development teams a single source for - purchasing and maintaining their software, with professional grade assurances - from the experts who know it best, while seamlessly integrating with existing - tools. - - .. _Tidelift Subscription: https://tidelift.com/subscription/pkg/pypi-urllib3?utm_source=pypi-urllib3&utm_medium=referral&utm_campaign=readme - - - Changes - ======= - - 1.26.4 (2021-03-15) - ------------------- - - * Changed behavior of the default ``SSLContext`` when connecting to HTTPS proxy - during HTTPS requests. The default ``SSLContext`` now sets ``check_hostname=True``. - - - 1.26.3 (2021-01-26) - ------------------- - - * Fixed bytes and string comparison issue with headers (Pull #2141) - - * Changed ``ProxySchemeUnknown`` error message to be - more actionable if the user supplies a proxy URL without - a scheme. (Pull #2107) - - - 1.26.2 (2020-11-12) - ------------------- - - * Fixed an issue where ``wrap_socket`` and ``CERT_REQUIRED`` wouldn't - be imported properly on Python 2.7.8 and earlier (Pull #2052) - - - 1.26.1 (2020-11-11) - ------------------- - - * Fixed an issue where two ``User-Agent`` headers would be sent if a - ``User-Agent`` header key is passed as ``bytes`` (Pull #2047) - - - 1.26.0 (2020-11-10) - ------------------- - - * **NOTE: urllib3 v2.0 will drop support for Python 2**. - `Read more in the v2.0 Roadmap <https://urllib3.readthedocs.io/en/latest/v2-roadmap.html>`_. - - * Added support for HTTPS proxies contacting HTTPS servers (Pull #1923, Pull #1806) - - * Deprecated negotiating TLSv1 and TLSv1.1 by default. Users that - still wish to use TLS earlier than 1.2 without a deprecation warning - should opt-in explicitly by setting ``ssl_version=ssl.PROTOCOL_TLSv1_1`` (Pull #2002) - **Starting in urllib3 v2.0: Connections that receive a ``DeprecationWarning`` will fail** - - * Deprecated ``Retry`` options ``Retry.DEFAULT_METHOD_WHITELIST``, ``Retry.DEFAULT_REDIRECT_HEADERS_BLACKLIST`` - and ``Retry(method_whitelist=...)`` in favor of ``Retry.DEFAULT_ALLOWED_METHODS``, - ``Retry.DEFAULT_REMOVE_HEADERS_ON_REDIRECT``, and ``Retry(allowed_methods=...)`` - (Pull #2000) **Starting in urllib3 v2.0: Deprecated options will be removed** - - * Added default ``User-Agent`` header to every request (Pull #1750) - - * Added ``urllib3.util.SKIP_HEADER`` for skipping ``User-Agent``, ``Accept-Encoding``, - and ``Host`` headers from being automatically emitted with requests (Pull #2018) - - * Collapse ``transfer-encoding: chunked`` request data and framing into - the same ``socket.send()`` call (Pull #1906) - - * Send ``http/1.1`` ALPN identifier with every TLS handshake by default (Pull #1894) - - * Properly terminate SecureTransport connections when CA verification fails (Pull #1977) - - * Don't emit an ``SNIMissingWarning`` when passing ``server_hostname=None`` - to SecureTransport (Pull #1903) - - * Disabled requesting TLSv1.2 session tickets as they weren't being used by urllib3 (Pull #1970) - - * Suppress ``BrokenPipeError`` when writing request body after the server - has closed the socket (Pull #1524) - - * Wrap ``ssl.SSLError`` that can be raised from reading a socket (e.g. "bad MAC") - into an ``urllib3.exceptions.SSLError`` (Pull #1939) - - - 1.25.11 (2020-10-19) - -------------------- - - * Fix retry backoff time parsed from ``Retry-After`` header when given - in the HTTP date format. The HTTP date was parsed as the local timezone - rather than accounting for the timezone in the HTTP date (typically - UTC) (Pull #1932, Pull #1935, Pull #1938, Pull #1949) - - * Fix issue where an error would be raised when the ``SSLKEYLOGFILE`` - environment variable was set to the empty string. Now ``SSLContext.keylog_file`` - is not set in this situation (Pull #2016) - - - 1.25.10 (2020-07-22) - -------------------- - - * Added support for ``SSLKEYLOGFILE`` environment variable for - logging TLS session keys with use with programs like - Wireshark for decrypting captured web traffic (Pull #1867) - - * Fixed loading of SecureTransport libraries on macOS Big Sur - due to the new dynamic linker cache (Pull #1905) - - * Collapse chunked request bodies data and framing into one - call to ``send()`` to reduce the number of TCP packets by 2-4x (Pull #1906) - - * Don't insert ``None`` into ``ConnectionPool`` if the pool - was empty when requesting a connection (Pull #1866) - - * Avoid ``hasattr`` call in ``BrotliDecoder.decompress()`` (Pull #1858) - - - 1.25.9 (2020-04-16) - ------------------- - - * Added ``InvalidProxyConfigurationWarning`` which is raised when - erroneously specifying an HTTPS proxy URL. urllib3 doesn't currently - support connecting to HTTPS proxies but will soon be able to - and we would like users to migrate properly without much breakage. - - See `this GitHub issue <https://github.com/urllib3/urllib3/issues/1850>`_ - for more information on how to fix your proxy config. (Pull #1851) - - * Drain connection after ``PoolManager`` redirect (Pull #1817) - - * Ensure ``load_verify_locations`` raises ``SSLError`` for all backends (Pull #1812) - - * Rename ``VerifiedHTTPSConnection`` to ``HTTPSConnection`` (Pull #1805) - - * Allow the CA certificate data to be passed as a string (Pull #1804) - - * Raise ``ValueError`` if method contains control characters (Pull #1800) - - * Add ``__repr__`` to ``Timeout`` (Pull #1795) - - - 1.25.8 (2020-01-20) - ------------------- - - * Drop support for EOL Python 3.4 (Pull #1774) - - * Optimize _encode_invalid_chars (Pull #1787) - - - 1.25.7 (2019-11-11) - ------------------- - - * Preserve ``chunked`` parameter on retries (Pull #1715, Pull #1734) - - * Allow unset ``SERVER_SOFTWARE`` in App Engine (Pull #1704, Issue #1470) - - * Fix issue where URL fragment was sent within the request target. (Pull #1732) - - * Fix issue where an empty query section in a URL would fail to parse. (Pull #1732) - - * Remove TLS 1.3 support in SecureTransport due to Apple removing support (Pull #1703) - - - 1.25.6 (2019-09-24) - ------------------- - - * Fix issue where tilde (``~``) characters were incorrectly - percent-encoded in the path. (Pull #1692) - - - 1.25.5 (2019-09-19) - ------------------- - - * Add mitigation for BPO-37428 affecting Python <3.7.4 and OpenSSL 1.1.1+ which - caused certificate verification to be enabled when using ``cert_reqs=CERT_NONE``. - (Issue #1682) - - - 1.25.4 (2019-09-19) - ------------------- - - * Propagate Retry-After header settings to subsequent retries. (Pull #1607) - - * Fix edge case where Retry-After header was still respected even when - explicitly opted out of. (Pull #1607) - - * Remove dependency on ``rfc3986`` for URL parsing. - - * Fix issue where URLs containing invalid characters within ``Url.auth`` would - raise an exception instead of percent-encoding those characters. - - * Add support for ``HTTPResponse.auto_close = False`` which makes HTTP responses - work well with BufferedReaders and other ``io`` module features. (Pull #1652) - - * Percent-encode invalid characters in URL for ``HTTPConnectionPool.request()`` (Pull #1673) - - - 1.25.3 (2019-05-23) - ------------------- - - * Change ``HTTPSConnection`` to load system CA certificates - when ``ca_certs``, ``ca_cert_dir``, and ``ssl_context`` are - unspecified. (Pull #1608, Issue #1603) - - * Upgrade bundled rfc3986 to v1.3.2. (Pull #1609, Issue #1605) - - - 1.25.2 (2019-04-28) - ------------------- - - * Change ``is_ipaddress`` to not detect IPvFuture addresses. (Pull #1583) - - * Change ``parse_url`` to percent-encode invalid characters within the - path, query, and target components. (Pull #1586) - - - 1.25.1 (2019-04-24) - ------------------- - - * Add support for Google's ``Brotli`` package. (Pull #1572, Pull #1579) - - * Upgrade bundled rfc3986 to v1.3.1 (Pull #1578) - - - 1.25 (2019-04-22) - ----------------- - - * Require and validate certificates by default when using HTTPS (Pull #1507) - - * Upgraded ``urllib3.utils.parse_url()`` to be RFC 3986 compliant. (Pull #1487) - - * Added support for ``key_password`` for ``HTTPSConnectionPool`` to use - encrypted ``key_file`` without creating your own ``SSLContext`` object. (Pull #1489) - - * Add TLSv1.3 support to CPython, pyOpenSSL, and SecureTransport ``SSLContext`` - implementations. (Pull #1496) - - * Switched the default multipart header encoder from RFC 2231 to HTML 5 working draft. (Issue #303, Pull #1492) - - * Fixed issue where OpenSSL would block if an encrypted client private key was - given and no password was given. Instead an ``SSLError`` is raised. (Pull #1489) - - * Added support for Brotli content encoding. It is enabled automatically if - ``brotlipy`` package is installed which can be requested with - ``urllib3[brotli]`` extra. (Pull #1532) - - * Drop ciphers using DSS key exchange from default TLS cipher suites. - Improve default ciphers when using SecureTransport. (Pull #1496) - - * Implemented a more efficient ``HTTPResponse.__iter__()`` method. (Issue #1483) - - 1.24.3 (2019-05-01) - ------------------- - - * Apply fix for CVE-2019-9740. (Pull #1591) - - 1.24.2 (2019-04-17) - ------------------- - - * Don't load system certificates by default when any other ``ca_certs``, ``ca_certs_dir`` or - ``ssl_context`` parameters are specified. - - * Remove Authorization header regardless of case when redirecting to cross-site. (Issue #1510) - - * Add support for IPv6 addresses in subjectAltName section of certificates. (Issue #1269) - - - 1.24.1 (2018-11-02) - ------------------- - - * Remove quadratic behavior within ``GzipDecoder.decompress()`` (Issue #1467) - - * Restored functionality of ``ciphers`` parameter for ``create_urllib3_context()``. (Issue #1462) - - - 1.24 (2018-10-16) - ----------------- - - * Allow key_server_hostname to be specified when initializing a PoolManager to allow custom SNI to be overridden. (Pull #1449) - - * Test against Python 3.7 on AppVeyor. (Pull #1453) - - * Early-out ipv6 checks when running on App Engine. (Pull #1450) - - * Change ambiguous description of backoff_factor (Pull #1436) - - * Add ability to handle multiple Content-Encodings (Issue #1441 and Pull #1442) - - * Skip DNS names that can't be idna-decoded when using pyOpenSSL (Issue #1405). - - * Add a server_hostname parameter to HTTPSConnection which allows for - overriding the SNI hostname sent in the handshake. (Pull #1397) - - * Drop support for EOL Python 2.6 (Pull #1429 and Pull #1430) - - * Fixed bug where responses with header Content-Type: message/* erroneously - raised HeaderParsingError, resulting in a warning being logged. (Pull #1439) - - * Move urllib3 to src/urllib3 (Pull #1409) - - - 1.23 (2018-06-04) - ----------------- - - * Allow providing a list of headers to strip from requests when redirecting - to a different host. Defaults to the ``Authorization`` header. Different - headers can be set via ``Retry.remove_headers_on_redirect``. (Issue #1316) - - * Fix ``util.selectors._fileobj_to_fd`` to accept ``long`` (Issue #1247). - - * Dropped Python 3.3 support. (Pull #1242) - - * Put the connection back in the pool when calling stream() or read_chunked() on - a chunked HEAD response. (Issue #1234) - - * Fixed pyOpenSSL-specific ssl client authentication issue when clients - attempted to auth via certificate + chain (Issue #1060) - - * Add the port to the connectionpool connect print (Pull #1251) - - * Don't use the ``uuid`` module to create multipart data boundaries. (Pull #1380) - - * ``read_chunked()`` on a closed response returns no chunks. (Issue #1088) - - * Add Python 2.6 support to ``contrib.securetransport`` (Pull #1359) - - * Added support for auth info in url for SOCKS proxy (Pull #1363) - - - 1.22 (2017-07-20) - ----------------- - - * Fixed missing brackets in ``HTTP CONNECT`` when connecting to IPv6 address via - IPv6 proxy. (Issue #1222) - - * Made the connection pool retry on ``SSLError``. The original ``SSLError`` - is available on ``MaxRetryError.reason``. (Issue #1112) - - * Drain and release connection before recursing on retry/redirect. Fixes - deadlocks with a blocking connectionpool. (Issue #1167) - - * Fixed compatibility for cookiejar. (Issue #1229) - - * pyopenssl: Use vendored version of ``six``. (Issue #1231) - - - 1.21.1 (2017-05-02) - ------------------- - - * Fixed SecureTransport issue that would cause long delays in response body - delivery. (Pull #1154) - - * Fixed regression in 1.21 that threw exceptions when users passed the - ``socket_options`` flag to the ``PoolManager``. (Issue #1165) - - * Fixed regression in 1.21 that threw exceptions when users passed the - ``assert_hostname`` or ``assert_fingerprint`` flag to the ``PoolManager``. - (Pull #1157) - - - 1.21 (2017-04-25) - ----------------- - - * Improved performance of certain selector system calls on Python 3.5 and - later. (Pull #1095) - - * Resolved issue where the PyOpenSSL backend would not wrap SysCallError - exceptions appropriately when sending data. (Pull #1125) - - * Selectors now detects a monkey-patched select module after import for modules - that patch the select module like eventlet, greenlet. (Pull #1128) - - * Reduced memory consumption when streaming zlib-compressed responses - (as opposed to raw deflate streams). (Pull #1129) - - * Connection pools now use the entire request context when constructing the - pool key. (Pull #1016) - - * ``PoolManager.connection_from_*`` methods now accept a new keyword argument, - ``pool_kwargs``, which are merged with the existing ``connection_pool_kw``. - (Pull #1016) - - * Add retry counter for ``status_forcelist``. (Issue #1147) - - * Added ``contrib`` module for using SecureTransport on macOS: - ``urllib3.contrib.securetransport``. (Pull #1122) - - * urllib3 now only normalizes the case of ``http://`` and ``https://`` schemes: - for schemes it does not recognise, it assumes they are case-sensitive and - leaves them unchanged. - (Issue #1080) - - - 1.20 (2017-01-19) - ----------------- - - * Added support for waiting for I/O using selectors other than select, - improving urllib3's behaviour with large numbers of concurrent connections. - (Pull #1001) - - * Updated the date for the system clock check. (Issue #1005) - - * ConnectionPools now correctly consider hostnames to be case-insensitive. - (Issue #1032) - - * Outdated versions of PyOpenSSL now cause the PyOpenSSL contrib module - to fail when it is injected, rather than at first use. (Pull #1063) - - * Outdated versions of cryptography now cause the PyOpenSSL contrib module - to fail when it is injected, rather than at first use. (Issue #1044) - - * Automatically attempt to rewind a file-like body object when a request is - retried or redirected. (Pull #1039) - - * Fix some bugs that occur when modules incautiously patch the queue module. - (Pull #1061) - - * Prevent retries from occurring on read timeouts for which the request method - was not in the method whitelist. (Issue #1059) - - * Changed the PyOpenSSL contrib module to lazily load idna to avoid - unnecessarily bloating the memory of programs that don't need it. (Pull - #1076) - - * Add support for IPv6 literals with zone identifiers. (Pull #1013) - - * Added support for socks5h:// and socks4a:// schemes when working with SOCKS - proxies, and controlled remote DNS appropriately. (Issue #1035) - - - 1.19.1 (2016-11-16) - ------------------- - - * Fixed AppEngine import that didn't function on Python 3.5. (Pull #1025) - - - 1.19 (2016-11-03) - ----------------- - - * urllib3 now respects Retry-After headers on 413, 429, and 503 responses when - using the default retry logic. (Pull #955) - - * Remove markers from setup.py to assist ancient setuptools versions. (Issue - #986) - - * Disallow superscripts and other integerish things in URL ports. (Issue #989) - - * Allow urllib3's HTTPResponse.stream() method to continue to work with - non-httplib underlying FPs. (Pull #990) - - * Empty filenames in multipart headers are now emitted as such, rather than - being suppressed. (Issue #1015) - - * Prefer user-supplied Host headers on chunked uploads. (Issue #1009) - - - 1.18.1 (2016-10-27) - ------------------- - - * CVE-2016-9015. Users who are using urllib3 version 1.17 or 1.18 along with - PyOpenSSL injection and OpenSSL 1.1.0 *must* upgrade to this version. This - release fixes a vulnerability whereby urllib3 in the above configuration - would silently fail to validate TLS certificates due to erroneously setting - invalid flags in OpenSSL's ``SSL_CTX_set_verify`` function. These erroneous - flags do not cause a problem in OpenSSL versions before 1.1.0, which - interprets the presence of any flag as requesting certificate validation. - - There is no PR for this patch, as it was prepared for simultaneous disclosure - and release. The master branch received the same fix in Pull #1010. - - - 1.18 (2016-09-26) - ----------------- - - * Fixed incorrect message for IncompleteRead exception. (Pull #973) - - * Accept ``iPAddress`` subject alternative name fields in TLS certificates. - (Issue #258) - - * Fixed consistency of ``HTTPResponse.closed`` between Python 2 and 3. - (Issue #977) - - * Fixed handling of wildcard certificates when using PyOpenSSL. (Issue #979) - - - 1.17 (2016-09-06) - ----------------- - - * Accept ``SSLContext`` objects for use in SSL/TLS negotiation. (Issue #835) - - * ConnectionPool debug log now includes scheme, host, and port. (Issue #897) - - * Substantially refactored documentation. (Issue #887) - - * Used URLFetch default timeout on AppEngine, rather than hardcoding our own. - (Issue #858) - - * Normalize the scheme and host in the URL parser (Issue #833) - - * ``HTTPResponse`` contains the last ``Retry`` object, which now also - contains retries history. (Issue #848) - - * Timeout can no longer be set as boolean, and must be greater than zero. - (Pull #924) - - * Removed pyasn1 and ndg-httpsclient from dependencies used for PyOpenSSL. We - now use cryptography and idna, both of which are already dependencies of - PyOpenSSL. (Pull #930) - - * Fixed infinite loop in ``stream`` when amt=None. (Issue #928) - - * Try to use the operating system's certificates when we are using an - ``SSLContext``. (Pull #941) - - * Updated cipher suite list to allow ChaCha20+Poly1305. AES-GCM is preferred to - ChaCha20, but ChaCha20 is then preferred to everything else. (Pull #947) - - * Updated cipher suite list to remove 3DES-based cipher suites. (Pull #958) - - * Removed the cipher suite fallback to allow HIGH ciphers. (Pull #958) - - * Implemented ``length_remaining`` to determine remaining content - to be read. (Pull #949) - - * Implemented ``enforce_content_length`` to enable exceptions when - incomplete data chunks are received. (Pull #949) - - * Dropped connection start, dropped connection reset, redirect, forced retry, - and new HTTPS connection log levels to DEBUG, from INFO. (Pull #967) - - - 1.16 (2016-06-11) - ----------------- - - * Disable IPv6 DNS when IPv6 connections are not possible. (Issue #840) - - * Provide ``key_fn_by_scheme`` pool keying mechanism that can be - overridden. (Issue #830) - - * Normalize scheme and host to lowercase for pool keys, and include - ``source_address``. (Issue #830) - - * Cleaner exception chain in Python 3 for ``_make_request``. - (Issue #861) - - * Fixed installing ``urllib3[socks]`` extra. (Issue #864) - - * Fixed signature of ``ConnectionPool.close`` so it can actually safely be - called by subclasses. (Issue #873) - - * Retain ``release_conn`` state across retries. (Issues #651, #866) - - * Add customizable ``HTTPConnectionPool.ResponseCls``, which defaults to - ``HTTPResponse`` but can be replaced with a subclass. (Issue #879) - - - 1.15.1 (2016-04-11) - ------------------- - - * Fix packaging to include backports module. (Issue #841) - - - 1.15 (2016-04-06) - ----------------- - - * Added Retry(raise_on_status=False). (Issue #720) - - * Always use setuptools, no more distutils fallback. (Issue #785) - - * Dropped support for Python 3.2. (Issue #786) - - * Chunked transfer encoding when requesting with ``chunked=True``. - (Issue #790) - - * Fixed regression with IPv6 port parsing. (Issue #801) - - * Append SNIMissingWarning messages to allow users to specify it in - the PYTHONWARNINGS environment variable. (Issue #816) - - * Handle unicode headers in Py2. (Issue #818) - - * Log certificate when there is a hostname mismatch. (Issue #820) - - * Preserve order of request/response headers. (Issue #821) - - - 1.14 (2015-12-29) - ----------------- - - * contrib: SOCKS proxy support! (Issue #762) - - * Fixed AppEngine handling of transfer-encoding header and bug - in Timeout defaults checking. (Issue #763) - - - 1.13.1 (2015-12-18) - ------------------- - - * Fixed regression in IPv6 + SSL for match_hostname. (Issue #761) - - - 1.13 (2015-12-14) - ----------------- - - * Fixed ``pip install urllib3[secure]`` on modern pip. (Issue #706) - - * pyopenssl: Fixed SSL3_WRITE_PENDING error. (Issue #717) - - * pyopenssl: Support for TLSv1.1 and TLSv1.2. (Issue #696) - - * Close connections more defensively on exception. (Issue #734) - - * Adjusted ``read_chunked`` to handle gzipped, chunk-encoded bodies without - repeatedly flushing the decoder, to function better on Jython. (Issue #743) - - * Accept ``ca_cert_dir`` for SSL-related PoolManager configuration. (Issue #758) - - - 1.12 (2015-09-03) - ----------------- - - * Rely on ``six`` for importing ``httplib`` to work around - conflicts with other Python 3 shims. (Issue #688) - - * Add support for directories of certificate authorities, as supported by - OpenSSL. (Issue #701) - - * New exception: ``NewConnectionError``, raised when we fail to establish - a new connection, usually ``ECONNREFUSED`` socket error. - - - 1.11 (2015-07-21) - ----------------- - - * When ``ca_certs`` is given, ``cert_reqs`` defaults to - ``'CERT_REQUIRED'``. (Issue #650) - - * ``pip install urllib3[secure]`` will install Certifi and - PyOpenSSL as dependencies. (Issue #678) - - * Made ``HTTPHeaderDict`` usable as a ``headers`` input value - (Issues #632, #679) - - * Added `urllib3.contrib.appengine <https://urllib3.readthedocs.io/en/latest/contrib.html#google-app-engine>`_ - which has an ``AppEngineManager`` for using ``URLFetch`` in a - Google AppEngine environment. (Issue #664) - - * Dev: Added test suite for AppEngine. (Issue #631) - - * Fix performance regression when using PyOpenSSL. (Issue #626) - - * Passing incorrect scheme (e.g. ``foo://``) will raise - ``ValueError`` instead of ``AssertionError`` (backwards - compatible for now, but please migrate). (Issue #640) - - * Fix pools not getting replenished when an error occurs during a - request using ``release_conn=False``. (Issue #644) - - * Fix pool-default headers not applying for url-encoded requests - like GET. (Issue #657) - - * log.warning in Python 3 when headers are skipped due to parsing - errors. (Issue #642) - - * Close and discard connections if an error occurs during read. - (Issue #660) - - * Fix host parsing for IPv6 proxies. (Issue #668) - - * Separate warning type SubjectAltNameWarning, now issued once - per host. (Issue #671) - - * Fix ``httplib.IncompleteRead`` not getting converted to - ``ProtocolError`` when using ``HTTPResponse.stream()`` - (Issue #674) - - 1.10.4 (2015-05-03) - ------------------- - - * Migrate tests to Tornado 4. (Issue #594) - - * Append default warning configuration rather than overwrite. - (Issue #603) - - * Fix streaming decoding regression. (Issue #595) - - * Fix chunked requests losing state across keep-alive connections. - (Issue #599) - - * Fix hanging when chunked HEAD response has no body. (Issue #605) - - - 1.10.3 (2015-04-21) - ------------------- - - * Emit ``InsecurePlatformWarning`` when SSLContext object is missing. - (Issue #558) - - * Fix regression of duplicate header keys being discarded. - (Issue #563) - - * ``Response.stream()`` returns a generator for chunked responses. - (Issue #560) - - * Set upper-bound timeout when waiting for a socket in PyOpenSSL. - (Issue #585) - - * Work on platforms without `ssl` module for plain HTTP requests. - (Issue #587) - - * Stop relying on the stdlib's default cipher list. (Issue #588) - - - 1.10.2 (2015-02-25) - ------------------- - - * Fix file descriptor leakage on retries. (Issue #548) - - * Removed RC4 from default cipher list. (Issue #551) - - * Header performance improvements. (Issue #544) - - * Fix PoolManager not obeying redirect retry settings. (Issue #553) - - - 1.10.1 (2015-02-10) - ------------------- - - * Pools can be used as context managers. (Issue #545) - - * Don't re-use connections which experienced an SSLError. (Issue #529) - - * Don't fail when gzip decoding an empty stream. (Issue #535) - - * Add sha256 support for fingerprint verification. (Issue #540) - - * Fixed handling of header values containing commas. (Issue #533) - - - 1.10 (2014-12-14) - ----------------- - - * Disabled SSLv3. (Issue #473) - - * Add ``Url.url`` property to return the composed url string. (Issue #394) - - * Fixed PyOpenSSL + gevent ``WantWriteError``. (Issue #412) - - * ``MaxRetryError.reason`` will always be an exception, not string. - (Issue #481) - - * Fixed SSL-related timeouts not being detected as timeouts. (Issue #492) - - * Py3: Use ``ssl.create_default_context()`` when available. (Issue #473) - - * Emit ``InsecureRequestWarning`` for *every* insecure HTTPS request. - (Issue #496) - - * Emit ``SecurityWarning`` when certificate has no ``subjectAltName``. - (Issue #499) - - * Close and discard sockets which experienced SSL-related errors. - (Issue #501) - - * Handle ``body`` param in ``.request(...)``. (Issue #513) - - * Respect timeout with HTTPS proxy. (Issue #505) - - * PyOpenSSL: Handle ZeroReturnError exception. (Issue #520) - - - 1.9.1 (2014-09-13) - ------------------ - - * Apply socket arguments before binding. (Issue #427) - - * More careful checks if fp-like object is closed. (Issue #435) - - * Fixed packaging issues of some development-related files not - getting included. (Issue #440) - - * Allow performing *only* fingerprint verification. (Issue #444) - - * Emit ``SecurityWarning`` if system clock is waaay off. (Issue #445) - - * Fixed PyOpenSSL compatibility with PyPy. (Issue #450) - - * Fixed ``BrokenPipeError`` and ``ConnectionError`` handling in Py3. - (Issue #443) - - - - 1.9 (2014-07-04) - ---------------- - - * Shuffled around development-related files. If you're maintaining a distro - package of urllib3, you may need to tweak things. (Issue #415) - - * Unverified HTTPS requests will trigger a warning on the first request. See - our new `security documentation - <https://urllib3.readthedocs.io/en/latest/security.html>`_ for details. - (Issue #426) - - * New retry logic and ``urllib3.util.retry.Retry`` configuration object. - (Issue #326) - - * All raised exceptions should now wrapped in a - ``urllib3.exceptions.HTTPException``-extending exception. (Issue #326) - - * All errors during a retry-enabled request should be wrapped in - ``urllib3.exceptions.MaxRetryError``, including timeout-related exceptions - which were previously exempt. Underlying error is accessible from the - ``.reason`` property. (Issue #326) - - * ``urllib3.exceptions.ConnectionError`` renamed to - ``urllib3.exceptions.ProtocolError``. (Issue #326) - - * Errors during response read (such as IncompleteRead) are now wrapped in - ``urllib3.exceptions.ProtocolError``. (Issue #418) - - * Requesting an empty host will raise ``urllib3.exceptions.LocationValueError``. - (Issue #417) - - * Catch read timeouts over SSL connections as - ``urllib3.exceptions.ReadTimeoutError``. (Issue #419) - - * Apply socket arguments before connecting. (Issue #427) - - - 1.8.3 (2014-06-23) - ------------------ - - * Fix TLS verification when using a proxy in Python 3.4.1. (Issue #385) - - * Add ``disable_cache`` option to ``urllib3.util.make_headers``. (Issue #393) - - * Wrap ``socket.timeout`` exception with - ``urllib3.exceptions.ReadTimeoutError``. (Issue #399) - - * Fixed proxy-related bug where connections were being reused incorrectly. - (Issues #366, #369) - - * Added ``socket_options`` keyword parameter which allows to define - ``setsockopt`` configuration of new sockets. (Issue #397) - - * Removed ``HTTPConnection.tcp_nodelay`` in favor of - ``HTTPConnection.default_socket_options``. (Issue #397) - - * Fixed ``TypeError`` bug in Python 2.6.4. (Issue #411) - - - 1.8.2 (2014-04-17) - ------------------ - - * Fix ``urllib3.util`` not being included in the package. - - - 1.8.1 (2014-04-17) - ------------------ - - * Fix AppEngine bug of HTTPS requests going out as HTTP. (Issue #356) - - * Don't install ``dummyserver`` into ``site-packages`` as it's only needed - for the test suite. (Issue #362) - - * Added support for specifying ``source_address``. (Issue #352) - - - 1.8 (2014-03-04) - ---------------- - - * Improved url parsing in ``urllib3.util.parse_url`` (properly parse '@' in - username, and blank ports like 'hostname:'). - - * New ``urllib3.connection`` module which contains all the HTTPConnection - objects. - - * Several ``urllib3.util.Timeout``-related fixes. Also changed constructor - signature to a more sensible order. [Backwards incompatible] - (Issues #252, #262, #263) - - * Use ``backports.ssl_match_hostname`` if it's installed. (Issue #274) - - * Added ``.tell()`` method to ``urllib3.response.HTTPResponse`` which - returns the number of bytes read so far. (Issue #277) - - * Support for platforms without threading. (Issue #289) - - * Expand default-port comparison in ``HTTPConnectionPool.is_same_host`` - to allow a pool with no specified port to be considered equal to to an - HTTP/HTTPS url with port 80/443 explicitly provided. (Issue #305) - - * Improved default SSL/TLS settings to avoid vulnerabilities. - (Issue #309) - - * Fixed ``urllib3.poolmanager.ProxyManager`` not retrying on connect errors. - (Issue #310) - - * Disable Nagle's Algorithm on the socket for non-proxies. A subset of requests - will send the entire HTTP request ~200 milliseconds faster; however, some of - the resulting TCP packets will be smaller. (Issue #254) - - * Increased maximum number of SubjectAltNames in ``urllib3.contrib.pyopenssl`` - from the default 64 to 1024 in a single certificate. (Issue #318) - - * Headers are now passed and stored as a custom - ``urllib3.collections_.HTTPHeaderDict`` object rather than a plain ``dict``. - (Issue #329, #333) - - * Headers no longer lose their case on Python 3. (Issue #236) - - * ``urllib3.contrib.pyopenssl`` now uses the operating system's default CA - certificates on inject. (Issue #332) - - * Requests with ``retries=False`` will immediately raise any exceptions without - wrapping them in ``MaxRetryError``. (Issue #348) - - * Fixed open socket leak with SSL-related failures. (Issue #344, #348) - - - 1.7.1 (2013-09-25) - ------------------ - - * Added granular timeout support with new ``urllib3.util.Timeout`` class. - (Issue #231) - - * Fixed Python 3.4 support. (Issue #238) - - - 1.7 (2013-08-14) - ---------------- - - * More exceptions are now pickle-able, with tests. (Issue #174) - - * Fixed redirecting with relative URLs in Location header. (Issue #178) - - * Support for relative urls in ``Location: ...`` header. (Issue #179) - - * ``urllib3.response.HTTPResponse`` now inherits from ``io.IOBase`` for bonus - file-like functionality. (Issue #187) - - * Passing ``assert_hostname=False`` when creating a HTTPSConnectionPool will - skip hostname verification for SSL connections. (Issue #194) - - * New method ``urllib3.response.HTTPResponse.stream(...)`` which acts as a - generator wrapped around ``.read(...)``. (Issue #198) - - * IPv6 url parsing enforces brackets around the hostname. (Issue #199) - - * Fixed thread race condition in - ``urllib3.poolmanager.PoolManager.connection_from_host(...)`` (Issue #204) - - * ``ProxyManager`` requests now include non-default port in ``Host: ...`` - header. (Issue #217) - - * Added HTTPS proxy support in ``ProxyManager``. (Issue #170 #139) - - * New ``RequestField`` object can be passed to the ``fields=...`` param which - can specify headers. (Issue #220) - - * Raise ``urllib3.exceptions.ProxyError`` when connecting to proxy fails. - (Issue #221) - - * Use international headers when posting file names. (Issue #119) - - * Improved IPv6 support. (Issue #203) - - - 1.6 (2013-04-25) - ---------------- - - * Contrib: Optional SNI support for Py2 using PyOpenSSL. (Issue #156) - - * ``ProxyManager`` automatically adds ``Host: ...`` header if not given. - - * Improved SSL-related code. ``cert_req`` now optionally takes a string like - "REQUIRED" or "NONE". Same with ``ssl_version`` takes strings like "SSLv23" - The string values reflect the suffix of the respective constant variable. - (Issue #130) - - * Vendored ``socksipy`` now based on Anorov's fork which handles unexpectedly - closed proxy connections and larger read buffers. (Issue #135) - - * Ensure the connection is closed if no data is received, fixes connection leak - on some platforms. (Issue #133) - - * Added SNI support for SSL/TLS connections on Py32+. (Issue #89) - - * Tests fixed to be compatible with Py26 again. (Issue #125) - - * Added ability to choose SSL version by passing an ``ssl.PROTOCOL_*`` constant - to the ``ssl_version`` parameter of ``HTTPSConnectionPool``. (Issue #109) - - * Allow an explicit content type to be specified when encoding file fields. - (Issue #126) - - * Exceptions are now pickleable, with tests. (Issue #101) - - * Fixed default headers not getting passed in some cases. (Issue #99) - - * Treat "content-encoding" header value as case-insensitive, per RFC 2616 - Section 3.5. (Issue #110) - - * "Connection Refused" SocketErrors will get retried rather than raised. - (Issue #92) - - * Updated vendored ``six``, no longer overrides the global ``six`` module - namespace. (Issue #113) - - * ``urllib3.exceptions.MaxRetryError`` contains a ``reason`` property holding - the exception that prompted the final retry. If ``reason is None`` then it - was due to a redirect. (Issue #92, #114) - - * Fixed ``PoolManager.urlopen()`` from not redirecting more than once. - (Issue #149) - - * Don't assume ``Content-Type: text/plain`` for multi-part encoding parameters - that are not files. (Issue #111) - - * Pass `strict` param down to ``httplib.HTTPConnection``. (Issue #122) - - * Added mechanism to verify SSL certificates by fingerprint (md5, sha1) or - against an arbitrary hostname (when connecting by IP or for misconfigured - servers). (Issue #140) - - * Streaming decompression support. (Issue #159) - - - 1.5 (2012-08-02) - ---------------- - - * Added ``urllib3.add_stderr_logger()`` for quickly enabling STDERR debug - logging in urllib3. - - * Native full URL parsing (including auth, path, query, fragment) available in - ``urllib3.util.parse_url(url)``. - - * Built-in redirect will switch method to 'GET' if status code is 303. - (Issue #11) - - * ``urllib3.PoolManager`` strips the scheme and host before sending the request - uri. (Issue #8) - - * New ``urllib3.exceptions.DecodeError`` exception for when automatic decoding, - based on the Content-Type header, fails. - - * Fixed bug with pool depletion and leaking connections (Issue #76). Added - explicit connection closing on pool eviction. Added - ``urllib3.PoolManager.clear()``. - - * 99% -> 100% unit test coverage. - - - 1.4 (2012-06-16) - ---------------- - - * Minor AppEngine-related fixes. - - * Switched from ``mimetools.choose_boundary`` to ``uuid.uuid4()``. - - * Improved url parsing. (Issue #73) - - * IPv6 url support. (Issue #72) - - - 1.3 (2012-03-25) - ---------------- - - * Removed pre-1.0 deprecated API. - - * Refactored helpers into a ``urllib3.util`` submodule. - - * Fixed multipart encoding to support list-of-tuples for keys with multiple - values. (Issue #48) - - * Fixed multiple Set-Cookie headers in response not getting merged properly in - Python 3. (Issue #53) - - * AppEngine support with Py27. (Issue #61) - - * Minor ``encode_multipart_formdata`` fixes related to Python 3 strings vs - bytes. - - - 1.2.2 (2012-02-06) - ------------------ - - * Fixed packaging bug of not shipping ``test-requirements.txt``. (Issue #47) - - - 1.2.1 (2012-02-05) - ------------------ - - * Fixed another bug related to when ``ssl`` module is not available. (Issue #41) - - * Location parsing errors now raise ``urllib3.exceptions.LocationParseError`` - which inherits from ``ValueError``. - - - 1.2 (2012-01-29) - ---------------- - - * Added Python 3 support (tested on 3.2.2) - - * Dropped Python 2.5 support (tested on 2.6.7, 2.7.2) - - * Use ``select.poll`` instead of ``select.select`` for platforms that support - it. - - * Use ``Queue.LifoQueue`` instead of ``Queue.Queue`` for more aggressive - connection reusing. Configurable by overriding ``ConnectionPool.QueueCls``. - - * Fixed ``ImportError`` during install when ``ssl`` module is not available. - (Issue #41) - - * Fixed ``PoolManager`` redirects between schemes (such as HTTP -> HTTPS) not - completing properly. (Issue #28, uncovered by Issue #10 in v1.1) - - * Ported ``dummyserver`` to use ``tornado`` instead of ``webob`` + - ``eventlet``. Removed extraneous unsupported dummyserver testing backends. - Added socket-level tests. - - * More tests. Achievement Unlocked: 99% Coverage. - - - 1.1 (2012-01-07) - ---------------- - - * Refactored ``dummyserver`` to its own root namespace module (used for - testing). - - * Added hostname verification for ``VerifiedHTTPSConnection`` by vendoring in - Py32's ``ssl_match_hostname``. (Issue #25) - - * Fixed cross-host HTTP redirects when using ``PoolManager``. (Issue #10) - - * Fixed ``decode_content`` being ignored when set through ``urlopen``. (Issue - #27) - - * Fixed timeout-related bugs. (Issues #17, #23) - - - 1.0.2 (2011-11-04) - ------------------ - - * Fixed typo in ``VerifiedHTTPSConnection`` which would only present as a bug if - you're using the object manually. (Thanks pyos) - - * Made RecentlyUsedContainer (and consequently PoolManager) more thread-safe by - wrapping the access log in a mutex. (Thanks @christer) - - * Made RecentlyUsedContainer more dict-like (corrected ``__delitem__`` and - ``__getitem__`` behaviour), with tests. Shouldn't affect core urllib3 code. - - - 1.0.1 (2011-10-10) - ------------------ - - * Fixed a bug where the same connection would get returned into the pool twice, - causing extraneous "HttpConnectionPool is full" log warnings. - - - 1.0 (2011-10-08) - ---------------- - - * Added ``PoolManager`` with LRU expiration of connections (tested and - documented). - * Added ``ProxyManager`` (needs tests, docs, and confirmation that it works - with HTTPS proxies). - * Added optional partial-read support for responses when - ``preload_content=False``. You can now make requests and just read the headers - without loading the content. - * Made response decoding optional (default on, same as before). - * Added optional explicit boundary string for ``encode_multipart_formdata``. - * Convenience request methods are now inherited from ``RequestMethods``. Old - helpers like ``get_url`` and ``post_url`` should be abandoned in favour of - the new ``request(method, url, ...)``. - * Refactored code to be even more decoupled, reusable, and extendable. - * License header added to ``.py`` files. - * Embiggened the documentation: Lots of Sphinx-friendly docstrings in the code - and docs in ``docs/`` and on https://urllib3.readthedocs.io/. - * Embettered all the things! - * Started writing this file. - - - 0.4.1 (2011-07-17) - ------------------ - - * Minor bug fixes, code cleanup. - - - 0.4 (2011-03-01) - ---------------- - - * Better unicode support. - * Added ``VerifiedHTTPSConnection``. - * Added ``NTLMConnectionPool`` in contrib. - * Minor improvements. - - - 0.3.1 (2010-07-13) - ------------------ - - * Added ``assert_host_name`` optional parameter. Now compatible with proxies. - - - 0.3 (2009-12-10) - ---------------- - - * Added HTTPS support. - * Minor bug fixes. - * Refactored, broken backwards compatibility with 0.2. - * API to be treated as stable from this version forward. - - - 0.2 (2008-11-17) - ---------------- - - * Added unit tests. - * Bug fixes. - - - 0.1 (2008-11-16) - ---------------- - - * First release. - Keywords: urllib httplib threadsafe filepost http https ssl pooling Platform: UNKNOWN Classifier: Environment :: Web Environment @@ -1355,3 +33,1337 @@ Provides-Extra: brotli Provides-Extra: secure Provides-Extra: socks +License-File: LICENSE.txt + + +urllib3 is a powerful, *user-friendly* HTTP client for Python. Much of the +Python ecosystem already uses urllib3 and you should too. +urllib3 brings many critical features that are missing from the Python +standard libraries: + +- Thread safety. +- Connection pooling. +- Client-side SSL/TLS verification. +- File uploads with multipart encoding. +- Helpers for retrying requests and dealing with HTTP redirects. +- Support for gzip, deflate, and brotli encoding. +- Proxy support for HTTP and SOCKS. +- 100% test coverage. + +urllib3 is powerful and easy to use: + +.. code-block:: python + + >>> import urllib3 + >>> http = urllib3.PoolManager() + >>> r = http.request('GET', 'http://httpbin.org/robots.txt') + >>> r.status + 200 + >>> r.data + 'User-agent: *\nDisallow: /deny\n' + + +Installing +---------- + +urllib3 can be installed with `pip <https://pip.pypa.io>`_:: + + $ python -m pip install urllib3 + +Alternatively, you can grab the latest source code from `GitHub <https://github.com/urllib3/urllib3>`_:: + + $ git clone git://github.com/urllib3/urllib3.git + $ python setup.py install + + +Documentation +------------- + +urllib3 has usage and reference documentation at `urllib3.readthedocs.io <https://urllib3.readthedocs.io>`_. + + +Contributing +------------ + +urllib3 happily accepts contributions. Please see our +`contributing documentation <https://urllib3.readthedocs.io/en/latest/contributing.html>`_ +for some tips on getting started. + + +Security Disclosures +-------------------- + +To report a security vulnerability, please use the +`Tidelift security contact <https://tidelift.com/security>`_. +Tidelift will coordinate the fix and disclosure with maintainers. + + +Maintainers +----------- + +- `@sethmlarson <https://github.com/sethmlarson>`__ (Seth M. Larson) +- `@pquentin <https://github.com/pquentin>`__ (Quentin Pradet) +- `@theacodes <https://github.com/theacodes>`__ (Thea Flowers) +- `@haikuginger <https://github.com/haikuginger>`__ (Jess Shapiro) +- `@lukasa <https://github.com/lukasa>`__ (Cory Benfield) +- `@sigmavirus24 <https://github.com/sigmavirus24>`__ (Ian Stapleton Cordasco) +- `@shazow <https://github.com/shazow>`__ (Andrey Petrov) + +👋 + + +Sponsorship +----------- + +If your company benefits from this library, please consider `sponsoring its +development <https://urllib3.readthedocs.io/en/latest/sponsors.html>`_. + + +For Enterprise +-------------- + +.. |tideliftlogo| image:: https://nedbatchelder.com/pix/Tidelift_Logos_RGB_Tidelift_Shorthand_On-White_small.png + :width: 75 + :alt: Tidelift + +.. list-table:: + :widths: 10 100 + + * - |tideliftlogo| + - Professional support for urllib3 is available as part of the `Tidelift + Subscription`_. Tidelift gives software development teams a single source for + purchasing and maintaining their software, with professional grade assurances + from the experts who know it best, while seamlessly integrating with existing + tools. + +.. _Tidelift Subscription: https://tidelift.com/subscription/pkg/pypi-urllib3?utm_source=pypi-urllib3&utm_medium=referral&utm_campaign=readme + + +Changes +======= + +1.26.5 (2021-05-26) +------------------- + +* Fixed deprecation warnings emitted in Python 3.10. +* Updated vendored ``six`` library to 1.16.0. +* Improved performance of URL parser when splitting + the authority component. + + +1.26.4 (2021-03-15) +------------------- + +* Changed behavior of the default ``SSLContext`` when connecting to HTTPS proxy + during HTTPS requests. The default ``SSLContext`` now sets ``check_hostname=True``. + + +1.26.3 (2021-01-26) +------------------- + +* Fixed bytes and string comparison issue with headers (Pull #2141) + +* Changed ``ProxySchemeUnknown`` error message to be + more actionable if the user supplies a proxy URL without + a scheme. (Pull #2107) + + +1.26.2 (2020-11-12) +------------------- + +* Fixed an issue where ``wrap_socket`` and ``CERT_REQUIRED`` wouldn't + be imported properly on Python 2.7.8 and earlier (Pull #2052) + + +1.26.1 (2020-11-11) +------------------- + +* Fixed an issue where two ``User-Agent`` headers would be sent if a + ``User-Agent`` header key is passed as ``bytes`` (Pull #2047) + + +1.26.0 (2020-11-10) +------------------- + +* **NOTE: urllib3 v2.0 will drop support for Python 2**. + `Read more in the v2.0 Roadmap <https://urllib3.readthedocs.io/en/latest/v2-roadmap.html>`_. + +* Added support for HTTPS proxies contacting HTTPS servers (Pull #1923, Pull #1806) + +* Deprecated negotiating TLSv1 and TLSv1.1 by default. Users that + still wish to use TLS earlier than 1.2 without a deprecation warning + should opt-in explicitly by setting ``ssl_version=ssl.PROTOCOL_TLSv1_1`` (Pull #2002) + **Starting in urllib3 v2.0: Connections that receive a ``DeprecationWarning`` will fail** + +* Deprecated ``Retry`` options ``Retry.DEFAULT_METHOD_WHITELIST``, ``Retry.DEFAULT_REDIRECT_HEADERS_BLACKLIST`` + and ``Retry(method_whitelist=...)`` in favor of ``Retry.DEFAULT_ALLOWED_METHODS``, + ``Retry.DEFAULT_REMOVE_HEADERS_ON_REDIRECT``, and ``Retry(allowed_methods=...)`` + (Pull #2000) **Starting in urllib3 v2.0: Deprecated options will be removed** + +* Added default ``User-Agent`` header to every request (Pull #1750) + +* Added ``urllib3.util.SKIP_HEADER`` for skipping ``User-Agent``, ``Accept-Encoding``, + and ``Host`` headers from being automatically emitted with requests (Pull #2018) + +* Collapse ``transfer-encoding: chunked`` request data and framing into + the same ``socket.send()`` call (Pull #1906) + +* Send ``http/1.1`` ALPN identifier with every TLS handshake by default (Pull #1894) + +* Properly terminate SecureTransport connections when CA verification fails (Pull #1977) + +* Don't emit an ``SNIMissingWarning`` when passing ``server_hostname=None`` + to SecureTransport (Pull #1903) + +* Disabled requesting TLSv1.2 session tickets as they weren't being used by urllib3 (Pull #1970) + +* Suppress ``BrokenPipeError`` when writing request body after the server + has closed the socket (Pull #1524) + +* Wrap ``ssl.SSLError`` that can be raised from reading a socket (e.g. "bad MAC") + into an ``urllib3.exceptions.SSLError`` (Pull #1939) + + +1.25.11 (2020-10-19) +-------------------- + +* Fix retry backoff time parsed from ``Retry-After`` header when given + in the HTTP date format. The HTTP date was parsed as the local timezone + rather than accounting for the timezone in the HTTP date (typically + UTC) (Pull #1932, Pull #1935, Pull #1938, Pull #1949) + +* Fix issue where an error would be raised when the ``SSLKEYLOGFILE`` + environment variable was set to the empty string. Now ``SSLContext.keylog_file`` + is not set in this situation (Pull #2016) + + +1.25.10 (2020-07-22) +-------------------- + +* Added support for ``SSLKEYLOGFILE`` environment variable for + logging TLS session keys with use with programs like + Wireshark for decrypting captured web traffic (Pull #1867) + +* Fixed loading of SecureTransport libraries on macOS Big Sur + due to the new dynamic linker cache (Pull #1905) + +* Collapse chunked request bodies data and framing into one + call to ``send()`` to reduce the number of TCP packets by 2-4x (Pull #1906) + +* Don't insert ``None`` into ``ConnectionPool`` if the pool + was empty when requesting a connection (Pull #1866) + +* Avoid ``hasattr`` call in ``BrotliDecoder.decompress()`` (Pull #1858) + + +1.25.9 (2020-04-16) +------------------- + +* Added ``InvalidProxyConfigurationWarning`` which is raised when + erroneously specifying an HTTPS proxy URL. urllib3 doesn't currently + support connecting to HTTPS proxies but will soon be able to + and we would like users to migrate properly without much breakage. + + See `this GitHub issue <https://github.com/urllib3/urllib3/issues/1850>`_ + for more information on how to fix your proxy config. (Pull #1851) + +* Drain connection after ``PoolManager`` redirect (Pull #1817) + +* Ensure ``load_verify_locations`` raises ``SSLError`` for all backends (Pull #1812) + +* Rename ``VerifiedHTTPSConnection`` to ``HTTPSConnection`` (Pull #1805) + +* Allow the CA certificate data to be passed as a string (Pull #1804) + +* Raise ``ValueError`` if method contains control characters (Pull #1800) + +* Add ``__repr__`` to ``Timeout`` (Pull #1795) + + +1.25.8 (2020-01-20) +------------------- + +* Drop support for EOL Python 3.4 (Pull #1774) + +* Optimize _encode_invalid_chars (Pull #1787) + + +1.25.7 (2019-11-11) +------------------- + +* Preserve ``chunked`` parameter on retries (Pull #1715, Pull #1734) + +* Allow unset ``SERVER_SOFTWARE`` in App Engine (Pull #1704, Issue #1470) + +* Fix issue where URL fragment was sent within the request target. (Pull #1732) + +* Fix issue where an empty query section in a URL would fail to parse. (Pull #1732) + +* Remove TLS 1.3 support in SecureTransport due to Apple removing support (Pull #1703) + + +1.25.6 (2019-09-24) +------------------- + +* Fix issue where tilde (``~``) characters were incorrectly + percent-encoded in the path. (Pull #1692) + + +1.25.5 (2019-09-19) +------------------- + +* Add mitigation for BPO-37428 affecting Python <3.7.4 and OpenSSL 1.1.1+ which + caused certificate verification to be enabled when using ``cert_reqs=CERT_NONE``. + (Issue #1682) + + +1.25.4 (2019-09-19) +------------------- + +* Propagate Retry-After header settings to subsequent retries. (Pull #1607) + +* Fix edge case where Retry-After header was still respected even when + explicitly opted out of. (Pull #1607) + +* Remove dependency on ``rfc3986`` for URL parsing. + +* Fix issue where URLs containing invalid characters within ``Url.auth`` would + raise an exception instead of percent-encoding those characters. + +* Add support for ``HTTPResponse.auto_close = False`` which makes HTTP responses + work well with BufferedReaders and other ``io`` module features. (Pull #1652) + +* Percent-encode invalid characters in URL for ``HTTPConnectionPool.request()`` (Pull #1673) + + +1.25.3 (2019-05-23) +------------------- + +* Change ``HTTPSConnection`` to load system CA certificates + when ``ca_certs``, ``ca_cert_dir``, and ``ssl_context`` are + unspecified. (Pull #1608, Issue #1603) + +* Upgrade bundled rfc3986 to v1.3.2. (Pull #1609, Issue #1605) + + +1.25.2 (2019-04-28) +------------------- + +* Change ``is_ipaddress`` to not detect IPvFuture addresses. (Pull #1583) + +* Change ``parse_url`` to percent-encode invalid characters within the + path, query, and target components. (Pull #1586) + + +1.25.1 (2019-04-24) +------------------- + +* Add support for Google's ``Brotli`` package. (Pull #1572, Pull #1579) + +* Upgrade bundled rfc3986 to v1.3.1 (Pull #1578) + + +1.25 (2019-04-22) +----------------- + +* Require and validate certificates by default when using HTTPS (Pull #1507) + +* Upgraded ``urllib3.utils.parse_url()`` to be RFC 3986 compliant. (Pull #1487) + +* Added support for ``key_password`` for ``HTTPSConnectionPool`` to use + encrypted ``key_file`` without creating your own ``SSLContext`` object. (Pull #1489) + +* Add TLSv1.3 support to CPython, pyOpenSSL, and SecureTransport ``SSLContext`` + implementations. (Pull #1496) + +* Switched the default multipart header encoder from RFC 2231 to HTML 5 working draft. (Issue #303, Pull #1492) + +* Fixed issue where OpenSSL would block if an encrypted client private key was + given and no password was given. Instead an ``SSLError`` is raised. (Pull #1489) + +* Added support for Brotli content encoding. It is enabled automatically if + ``brotlipy`` package is installed which can be requested with + ``urllib3[brotli]`` extra. (Pull #1532) + +* Drop ciphers using DSS key exchange from default TLS cipher suites. + Improve default ciphers when using SecureTransport. (Pull #1496) + +* Implemented a more efficient ``HTTPResponse.__iter__()`` method. (Issue #1483) + +1.24.3 (2019-05-01) +------------------- + +* Apply fix for CVE-2019-9740. (Pull #1591) + +1.24.2 (2019-04-17) +------------------- + +* Don't load system certificates by default when any other ``ca_certs``, ``ca_certs_dir`` or + ``ssl_context`` parameters are specified. + +* Remove Authorization header regardless of case when redirecting to cross-site. (Issue #1510) + +* Add support for IPv6 addresses in subjectAltName section of certificates. (Issue #1269) + + +1.24.1 (2018-11-02) +------------------- + +* Remove quadratic behavior within ``GzipDecoder.decompress()`` (Issue #1467) + +* Restored functionality of ``ciphers`` parameter for ``create_urllib3_context()``. (Issue #1462) + + +1.24 (2018-10-16) +----------------- + +* Allow key_server_hostname to be specified when initializing a PoolManager to allow custom SNI to be overridden. (Pull #1449) + +* Test against Python 3.7 on AppVeyor. (Pull #1453) + +* Early-out ipv6 checks when running on App Engine. (Pull #1450) + +* Change ambiguous description of backoff_factor (Pull #1436) + +* Add ability to handle multiple Content-Encodings (Issue #1441 and Pull #1442) + +* Skip DNS names that can't be idna-decoded when using pyOpenSSL (Issue #1405). + +* Add a server_hostname parameter to HTTPSConnection which allows for + overriding the SNI hostname sent in the handshake. (Pull #1397) + +* Drop support for EOL Python 2.6 (Pull #1429 and Pull #1430) + +* Fixed bug where responses with header Content-Type: message/* erroneously + raised HeaderParsingError, resulting in a warning being logged. (Pull #1439) + +* Move urllib3 to src/urllib3 (Pull #1409) + + +1.23 (2018-06-04) +----------------- + +* Allow providing a list of headers to strip from requests when redirecting + to a different host. Defaults to the ``Authorization`` header. Different + headers can be set via ``Retry.remove_headers_on_redirect``. (Issue #1316) + +* Fix ``util.selectors._fileobj_to_fd`` to accept ``long`` (Issue #1247). + +* Dropped Python 3.3 support. (Pull #1242) + +* Put the connection back in the pool when calling stream() or read_chunked() on + a chunked HEAD response. (Issue #1234) + +* Fixed pyOpenSSL-specific ssl client authentication issue when clients + attempted to auth via certificate + chain (Issue #1060) + +* Add the port to the connectionpool connect print (Pull #1251) + +* Don't use the ``uuid`` module to create multipart data boundaries. (Pull #1380) + +* ``read_chunked()`` on a closed response returns no chunks. (Issue #1088) + +* Add Python 2.6 support to ``contrib.securetransport`` (Pull #1359) + +* Added support for auth info in url for SOCKS proxy (Pull #1363) + + +1.22 (2017-07-20) +----------------- + +* Fixed missing brackets in ``HTTP CONNECT`` when connecting to IPv6 address via + IPv6 proxy. (Issue #1222) + +* Made the connection pool retry on ``SSLError``. The original ``SSLError`` + is available on ``MaxRetryError.reason``. (Issue #1112) + +* Drain and release connection before recursing on retry/redirect. Fixes + deadlocks with a blocking connectionpool. (Issue #1167) + +* Fixed compatibility for cookiejar. (Issue #1229) + +* pyopenssl: Use vendored version of ``six``. (Issue #1231) + + +1.21.1 (2017-05-02) +------------------- + +* Fixed SecureTransport issue that would cause long delays in response body + delivery. (Pull #1154) + +* Fixed regression in 1.21 that threw exceptions when users passed the + ``socket_options`` flag to the ``PoolManager``. (Issue #1165) + +* Fixed regression in 1.21 that threw exceptions when users passed the + ``assert_hostname`` or ``assert_fingerprint`` flag to the ``PoolManager``. + (Pull #1157) + + +1.21 (2017-04-25) +----------------- + +* Improved performance of certain selector system calls on Python 3.5 and + later. (Pull #1095) + +* Resolved issue where the PyOpenSSL backend would not wrap SysCallError + exceptions appropriately when sending data. (Pull #1125) + +* Selectors now detects a monkey-patched select module after import for modules + that patch the select module like eventlet, greenlet. (Pull #1128) + +* Reduced memory consumption when streaming zlib-compressed responses + (as opposed to raw deflate streams). (Pull #1129) + +* Connection pools now use the entire request context when constructing the + pool key. (Pull #1016) + +* ``PoolManager.connection_from_*`` methods now accept a new keyword argument, + ``pool_kwargs``, which are merged with the existing ``connection_pool_kw``. + (Pull #1016) + +* Add retry counter for ``status_forcelist``. (Issue #1147) + +* Added ``contrib`` module for using SecureTransport on macOS: + ``urllib3.contrib.securetransport``. (Pull #1122) + +* urllib3 now only normalizes the case of ``http://`` and ``https://`` schemes: + for schemes it does not recognise, it assumes they are case-sensitive and + leaves them unchanged. + (Issue #1080) + + +1.20 (2017-01-19) +----------------- + +* Added support for waiting for I/O using selectors other than select, + improving urllib3's behaviour with large numbers of concurrent connections. + (Pull #1001) + +* Updated the date for the system clock check. (Issue #1005) + +* ConnectionPools now correctly consider hostnames to be case-insensitive. + (Issue #1032) + +* Outdated versions of PyOpenSSL now cause the PyOpenSSL contrib module + to fail when it is injected, rather than at first use. (Pull #1063) + +* Outdated versions of cryptography now cause the PyOpenSSL contrib module + to fail when it is injected, rather than at first use. (Issue #1044) + +* Automatically attempt to rewind a file-like body object when a request is + retried or redirected. (Pull #1039) + +* Fix some bugs that occur when modules incautiously patch the queue module. + (Pull #1061) + +* Prevent retries from occurring on read timeouts for which the request method + was not in the method whitelist. (Issue #1059) + +* Changed the PyOpenSSL contrib module to lazily load idna to avoid + unnecessarily bloating the memory of programs that don't need it. (Pull + #1076) + +* Add support for IPv6 literals with zone identifiers. (Pull #1013) + +* Added support for socks5h:// and socks4a:// schemes when working with SOCKS + proxies, and controlled remote DNS appropriately. (Issue #1035) + + +1.19.1 (2016-11-16) +------------------- + +* Fixed AppEngine import that didn't function on Python 3.5. (Pull #1025) + + +1.19 (2016-11-03) +----------------- + +* urllib3 now respects Retry-After headers on 413, 429, and 503 responses when + using the default retry logic. (Pull #955) + +* Remove markers from setup.py to assist ancient setuptools versions. (Issue + #986) + +* Disallow superscripts and other integerish things in URL ports. (Issue #989) + +* Allow urllib3's HTTPResponse.stream() method to continue to work with + non-httplib underlying FPs. (Pull #990) + +* Empty filenames in multipart headers are now emitted as such, rather than + being suppressed. (Issue #1015) + +* Prefer user-supplied Host headers on chunked uploads. (Issue #1009) + + +1.18.1 (2016-10-27) +------------------- + +* CVE-2016-9015. Users who are using urllib3 version 1.17 or 1.18 along with + PyOpenSSL injection and OpenSSL 1.1.0 *must* upgrade to this version. This + release fixes a vulnerability whereby urllib3 in the above configuration + would silently fail to validate TLS certificates due to erroneously setting + invalid flags in OpenSSL's ``SSL_CTX_set_verify`` function. These erroneous + flags do not cause a problem in OpenSSL versions before 1.1.0, which + interprets the presence of any flag as requesting certificate validation. + + There is no PR for this patch, as it was prepared for simultaneous disclosure + and release. The master branch received the same fix in Pull #1010. + + +1.18 (2016-09-26) +----------------- + +* Fixed incorrect message for IncompleteRead exception. (Pull #973) + +* Accept ``iPAddress`` subject alternative name fields in TLS certificates. + (Issue #258) + +* Fixed consistency of ``HTTPResponse.closed`` between Python 2 and 3. + (Issue #977) + +* Fixed handling of wildcard certificates when using PyOpenSSL. (Issue #979) + + +1.17 (2016-09-06) +----------------- + +* Accept ``SSLContext`` objects for use in SSL/TLS negotiation. (Issue #835) + +* ConnectionPool debug log now includes scheme, host, and port. (Issue #897) + +* Substantially refactored documentation. (Issue #887) + +* Used URLFetch default timeout on AppEngine, rather than hardcoding our own. + (Issue #858) + +* Normalize the scheme and host in the URL parser (Issue #833) + +* ``HTTPResponse`` contains the last ``Retry`` object, which now also + contains retries history. (Issue #848) + +* Timeout can no longer be set as boolean, and must be greater than zero. + (Pull #924) + +* Removed pyasn1 and ndg-httpsclient from dependencies used for PyOpenSSL. We + now use cryptography and idna, both of which are already dependencies of + PyOpenSSL. (Pull #930) + +* Fixed infinite loop in ``stream`` when amt=None. (Issue #928) + +* Try to use the operating system's certificates when we are using an + ``SSLContext``. (Pull #941) + +* Updated cipher suite list to allow ChaCha20+Poly1305. AES-GCM is preferred to + ChaCha20, but ChaCha20 is then preferred to everything else. (Pull #947) + +* Updated cipher suite list to remove 3DES-based cipher suites. (Pull #958) + +* Removed the cipher suite fallback to allow HIGH ciphers. (Pull #958) + +* Implemented ``length_remaining`` to determine remaining content + to be read. (Pull #949) + +* Implemented ``enforce_content_length`` to enable exceptions when + incomplete data chunks are received. (Pull #949) + +* Dropped connection start, dropped connection reset, redirect, forced retry, + and new HTTPS connection log levels to DEBUG, from INFO. (Pull #967) + + +1.16 (2016-06-11) +----------------- + +* Disable IPv6 DNS when IPv6 connections are not possible. (Issue #840) + +* Provide ``key_fn_by_scheme`` pool keying mechanism that can be + overridden. (Issue #830) + +* Normalize scheme and host to lowercase for pool keys, and include + ``source_address``. (Issue #830) + +* Cleaner exception chain in Python 3 for ``_make_request``. + (Issue #861) + +* Fixed installing ``urllib3[socks]`` extra. (Issue #864) + +* Fixed signature of ``ConnectionPool.close`` so it can actually safely be + called by subclasses. (Issue #873) + +* Retain ``release_conn`` state across retries. (Issues #651, #866) + +* Add customizable ``HTTPConnectionPool.ResponseCls``, which defaults to + ``HTTPResponse`` but can be replaced with a subclass. (Issue #879) + + +1.15.1 (2016-04-11) +------------------- + +* Fix packaging to include backports module. (Issue #841) + + +1.15 (2016-04-06) +----------------- + +* Added Retry(raise_on_status=False). (Issue #720) + +* Always use setuptools, no more distutils fallback. (Issue #785) + +* Dropped support for Python 3.2. (Issue #786) + +* Chunked transfer encoding when requesting with ``chunked=True``. + (Issue #790) + +* Fixed regression with IPv6 port parsing. (Issue #801) + +* Append SNIMissingWarning messages to allow users to specify it in + the PYTHONWARNINGS environment variable. (Issue #816) + +* Handle unicode headers in Py2. (Issue #818) + +* Log certificate when there is a hostname mismatch. (Issue #820) + +* Preserve order of request/response headers. (Issue #821) + + +1.14 (2015-12-29) +----------------- + +* contrib: SOCKS proxy support! (Issue #762) + +* Fixed AppEngine handling of transfer-encoding header and bug + in Timeout defaults checking. (Issue #763) + + +1.13.1 (2015-12-18) +------------------- + +* Fixed regression in IPv6 + SSL for match_hostname. (Issue #761) + + +1.13 (2015-12-14) +----------------- + +* Fixed ``pip install urllib3[secure]`` on modern pip. (Issue #706) + +* pyopenssl: Fixed SSL3_WRITE_PENDING error. (Issue #717) + +* pyopenssl: Support for TLSv1.1 and TLSv1.2. (Issue #696) + +* Close connections more defensively on exception. (Issue #734) + +* Adjusted ``read_chunked`` to handle gzipped, chunk-encoded bodies without + repeatedly flushing the decoder, to function better on Jython. (Issue #743) + +* Accept ``ca_cert_dir`` for SSL-related PoolManager configuration. (Issue #758) + + +1.12 (2015-09-03) +----------------- + +* Rely on ``six`` for importing ``httplib`` to work around + conflicts with other Python 3 shims. (Issue #688) + +* Add support for directories of certificate authorities, as supported by + OpenSSL. (Issue #701) + +* New exception: ``NewConnectionError``, raised when we fail to establish + a new connection, usually ``ECONNREFUSED`` socket error. + + +1.11 (2015-07-21) +----------------- + +* When ``ca_certs`` is given, ``cert_reqs`` defaults to + ``'CERT_REQUIRED'``. (Issue #650) + +* ``pip install urllib3[secure]`` will install Certifi and + PyOpenSSL as dependencies. (Issue #678) + +* Made ``HTTPHeaderDict`` usable as a ``headers`` input value + (Issues #632, #679) + +* Added `urllib3.contrib.appengine <https://urllib3.readthedocs.io/en/latest/contrib.html#google-app-engine>`_ + which has an ``AppEngineManager`` for using ``URLFetch`` in a + Google AppEngine environment. (Issue #664) + +* Dev: Added test suite for AppEngine. (Issue #631) + +* Fix performance regression when using PyOpenSSL. (Issue #626) + +* Passing incorrect scheme (e.g. ``foo://``) will raise + ``ValueError`` instead of ``AssertionError`` (backwards + compatible for now, but please migrate). (Issue #640) + +* Fix pools not getting replenished when an error occurs during a + request using ``release_conn=False``. (Issue #644) + +* Fix pool-default headers not applying for url-encoded requests + like GET. (Issue #657) + +* log.warning in Python 3 when headers are skipped due to parsing + errors. (Issue #642) + +* Close and discard connections if an error occurs during read. + (Issue #660) + +* Fix host parsing for IPv6 proxies. (Issue #668) + +* Separate warning type SubjectAltNameWarning, now issued once + per host. (Issue #671) + +* Fix ``httplib.IncompleteRead`` not getting converted to + ``ProtocolError`` when using ``HTTPResponse.stream()`` + (Issue #674) + +1.10.4 (2015-05-03) +------------------- + +* Migrate tests to Tornado 4. (Issue #594) + +* Append default warning configuration rather than overwrite. + (Issue #603) + +* Fix streaming decoding regression. (Issue #595) + +* Fix chunked requests losing state across keep-alive connections. + (Issue #599) + +* Fix hanging when chunked HEAD response has no body. (Issue #605) + + +1.10.3 (2015-04-21) +------------------- + +* Emit ``InsecurePlatformWarning`` when SSLContext object is missing. + (Issue #558) + +* Fix regression of duplicate header keys being discarded. + (Issue #563) + +* ``Response.stream()`` returns a generator for chunked responses. + (Issue #560) + +* Set upper-bound timeout when waiting for a socket in PyOpenSSL. + (Issue #585) + +* Work on platforms without `ssl` module for plain HTTP requests. + (Issue #587) + +* Stop relying on the stdlib's default cipher list. (Issue #588) + + +1.10.2 (2015-02-25) +------------------- + +* Fix file descriptor leakage on retries. (Issue #548) + +* Removed RC4 from default cipher list. (Issue #551) + +* Header performance improvements. (Issue #544) + +* Fix PoolManager not obeying redirect retry settings. (Issue #553) + + +1.10.1 (2015-02-10) +------------------- + +* Pools can be used as context managers. (Issue #545) + +* Don't re-use connections which experienced an SSLError. (Issue #529) + +* Don't fail when gzip decoding an empty stream. (Issue #535) + +* Add sha256 support for fingerprint verification. (Issue #540) + +* Fixed handling of header values containing commas. (Issue #533) + + +1.10 (2014-12-14) +----------------- + +* Disabled SSLv3. (Issue #473) + +* Add ``Url.url`` property to return the composed url string. (Issue #394) + +* Fixed PyOpenSSL + gevent ``WantWriteError``. (Issue #412) + +* ``MaxRetryError.reason`` will always be an exception, not string. + (Issue #481) + +* Fixed SSL-related timeouts not being detected as timeouts. (Issue #492) + +* Py3: Use ``ssl.create_default_context()`` when available. (Issue #473) + +* Emit ``InsecureRequestWarning`` for *every* insecure HTTPS request. + (Issue #496) + +* Emit ``SecurityWarning`` when certificate has no ``subjectAltName``. + (Issue #499) + +* Close and discard sockets which experienced SSL-related errors. + (Issue #501) + +* Handle ``body`` param in ``.request(...)``. (Issue #513) + +* Respect timeout with HTTPS proxy. (Issue #505) + +* PyOpenSSL: Handle ZeroReturnError exception. (Issue #520) + + +1.9.1 (2014-09-13) +------------------ + +* Apply socket arguments before binding. (Issue #427) + +* More careful checks if fp-like object is closed. (Issue #435) + +* Fixed packaging issues of some development-related files not + getting included. (Issue #440) + +* Allow performing *only* fingerprint verification. (Issue #444) + +* Emit ``SecurityWarning`` if system clock is waaay off. (Issue #445) + +* Fixed PyOpenSSL compatibility with PyPy. (Issue #450) + +* Fixed ``BrokenPipeError`` and ``ConnectionError`` handling in Py3. + (Issue #443) + + + +1.9 (2014-07-04) +---------------- + +* Shuffled around development-related files. If you're maintaining a distro + package of urllib3, you may need to tweak things. (Issue #415) + +* Unverified HTTPS requests will trigger a warning on the first request. See + our new `security documentation + <https://urllib3.readthedocs.io/en/latest/security.html>`_ for details. + (Issue #426) + +* New retry logic and ``urllib3.util.retry.Retry`` configuration object. + (Issue #326) + +* All raised exceptions should now wrapped in a + ``urllib3.exceptions.HTTPException``-extending exception. (Issue #326) + +* All errors during a retry-enabled request should be wrapped in + ``urllib3.exceptions.MaxRetryError``, including timeout-related exceptions + which were previously exempt. Underlying error is accessible from the + ``.reason`` property. (Issue #326) + +* ``urllib3.exceptions.ConnectionError`` renamed to + ``urllib3.exceptions.ProtocolError``. (Issue #326) + +* Errors during response read (such as IncompleteRead) are now wrapped in + ``urllib3.exceptions.ProtocolError``. (Issue #418) + +* Requesting an empty host will raise ``urllib3.exceptions.LocationValueError``. + (Issue #417) + +* Catch read timeouts over SSL connections as + ``urllib3.exceptions.ReadTimeoutError``. (Issue #419) + +* Apply socket arguments before connecting. (Issue #427) + + +1.8.3 (2014-06-23) +------------------ + +* Fix TLS verification when using a proxy in Python 3.4.1. (Issue #385) + +* Add ``disable_cache`` option to ``urllib3.util.make_headers``. (Issue #393) + +* Wrap ``socket.timeout`` exception with + ``urllib3.exceptions.ReadTimeoutError``. (Issue #399) + +* Fixed proxy-related bug where connections were being reused incorrectly. + (Issues #366, #369) + +* Added ``socket_options`` keyword parameter which allows to define + ``setsockopt`` configuration of new sockets. (Issue #397) + +* Removed ``HTTPConnection.tcp_nodelay`` in favor of + ``HTTPConnection.default_socket_options``. (Issue #397) + +* Fixed ``TypeError`` bug in Python 2.6.4. (Issue #411) + + +1.8.2 (2014-04-17) +------------------ + +* Fix ``urllib3.util`` not being included in the package. + + +1.8.1 (2014-04-17) +------------------ + +* Fix AppEngine bug of HTTPS requests going out as HTTP. (Issue #356) + +* Don't install ``dummyserver`` into ``site-packages`` as it's only needed + for the test suite. (Issue #362) + +* Added support for specifying ``source_address``. (Issue #352) + + +1.8 (2014-03-04) +---------------- + +* Improved url parsing in ``urllib3.util.parse_url`` (properly parse '@' in + username, and blank ports like 'hostname:'). + +* New ``urllib3.connection`` module which contains all the HTTPConnection + objects. + +* Several ``urllib3.util.Timeout``-related fixes. Also changed constructor + signature to a more sensible order. [Backwards incompatible] + (Issues #252, #262, #263) + +* Use ``backports.ssl_match_hostname`` if it's installed. (Issue #274) + +* Added ``.tell()`` method to ``urllib3.response.HTTPResponse`` which + returns the number of bytes read so far. (Issue #277) + +* Support for platforms without threading. (Issue #289) + +* Expand default-port comparison in ``HTTPConnectionPool.is_same_host`` + to allow a pool with no specified port to be considered equal to to an + HTTP/HTTPS url with port 80/443 explicitly provided. (Issue #305) + +* Improved default SSL/TLS settings to avoid vulnerabilities. + (Issue #309) + +* Fixed ``urllib3.poolmanager.ProxyManager`` not retrying on connect errors. + (Issue #310) + +* Disable Nagle's Algorithm on the socket for non-proxies. A subset of requests + will send the entire HTTP request ~200 milliseconds faster; however, some of + the resulting TCP packets will be smaller. (Issue #254) + +* Increased maximum number of SubjectAltNames in ``urllib3.contrib.pyopenssl`` + from the default 64 to 1024 in a single certificate. (Issue #318) + +* Headers are now passed and stored as a custom + ``urllib3.collections_.HTTPHeaderDict`` object rather than a plain ``dict``. + (Issue #329, #333) + +* Headers no longer lose their case on Python 3. (Issue #236) + +* ``urllib3.contrib.pyopenssl`` now uses the operating system's default CA + certificates on inject. (Issue #332) + +* Requests with ``retries=False`` will immediately raise any exceptions without + wrapping them in ``MaxRetryError``. (Issue #348) + +* Fixed open socket leak with SSL-related failures. (Issue #344, #348) + + +1.7.1 (2013-09-25) +------------------ + +* Added granular timeout support with new ``urllib3.util.Timeout`` class. + (Issue #231) + +* Fixed Python 3.4 support. (Issue #238) + + +1.7 (2013-08-14) +---------------- + +* More exceptions are now pickle-able, with tests. (Issue #174) + +* Fixed redirecting with relative URLs in Location header. (Issue #178) + +* Support for relative urls in ``Location: ...`` header. (Issue #179) + +* ``urllib3.response.HTTPResponse`` now inherits from ``io.IOBase`` for bonus + file-like functionality. (Issue #187) + +* Passing ``assert_hostname=False`` when creating a HTTPSConnectionPool will + skip hostname verification for SSL connections. (Issue #194) + +* New method ``urllib3.response.HTTPResponse.stream(...)`` which acts as a + generator wrapped around ``.read(...)``. (Issue #198) + +* IPv6 url parsing enforces brackets around the hostname. (Issue #199) + +* Fixed thread race condition in + ``urllib3.poolmanager.PoolManager.connection_from_host(...)`` (Issue #204) + +* ``ProxyManager`` requests now include non-default port in ``Host: ...`` + header. (Issue #217) + +* Added HTTPS proxy support in ``ProxyManager``. (Issue #170 #139) + +* New ``RequestField`` object can be passed to the ``fields=...`` param which + can specify headers. (Issue #220) + +* Raise ``urllib3.exceptions.ProxyError`` when connecting to proxy fails. + (Issue #221) + +* Use international headers when posting file names. (Issue #119) + +* Improved IPv6 support. (Issue #203) + + +1.6 (2013-04-25) +---------------- + +* Contrib: Optional SNI support for Py2 using PyOpenSSL. (Issue #156) + +* ``ProxyManager`` automatically adds ``Host: ...`` header if not given. + +* Improved SSL-related code. ``cert_req`` now optionally takes a string like + "REQUIRED" or "NONE". Same with ``ssl_version`` takes strings like "SSLv23" + The string values reflect the suffix of the respective constant variable. + (Issue #130) + +* Vendored ``socksipy`` now based on Anorov's fork which handles unexpectedly + closed proxy connections and larger read buffers. (Issue #135) + +* Ensure the connection is closed if no data is received, fixes connection leak + on some platforms. (Issue #133) + +* Added SNI support for SSL/TLS connections on Py32+. (Issue #89) + +* Tests fixed to be compatible with Py26 again. (Issue #125) + +* Added ability to choose SSL version by passing an ``ssl.PROTOCOL_*`` constant + to the ``ssl_version`` parameter of ``HTTPSConnectionPool``. (Issue #109) + +* Allow an explicit content type to be specified when encoding file fields. + (Issue #126) + +* Exceptions are now pickleable, with tests. (Issue #101) + +* Fixed default headers not getting passed in some cases. (Issue #99) + +* Treat "content-encoding" header value as case-insensitive, per RFC 2616 + Section 3.5. (Issue #110) + +* "Connection Refused" SocketErrors will get retried rather than raised. + (Issue #92) + +* Updated vendored ``six``, no longer overrides the global ``six`` module + namespace. (Issue #113) + +* ``urllib3.exceptions.MaxRetryError`` contains a ``reason`` property holding + the exception that prompted the final retry. If ``reason is None`` then it + was due to a redirect. (Issue #92, #114) + +* Fixed ``PoolManager.urlopen()`` from not redirecting more than once. + (Issue #149) + +* Don't assume ``Content-Type: text/plain`` for multi-part encoding parameters + that are not files. (Issue #111) + +* Pass `strict` param down to ``httplib.HTTPConnection``. (Issue #122) + +* Added mechanism to verify SSL certificates by fingerprint (md5, sha1) or + against an arbitrary hostname (when connecting by IP or for misconfigured + servers). (Issue #140) + +* Streaming decompression support. (Issue #159) + + +1.5 (2012-08-02) +---------------- + +* Added ``urllib3.add_stderr_logger()`` for quickly enabling STDERR debug + logging in urllib3. + +* Native full URL parsing (including auth, path, query, fragment) available in + ``urllib3.util.parse_url(url)``. + +* Built-in redirect will switch method to 'GET' if status code is 303. + (Issue #11) + +* ``urllib3.PoolManager`` strips the scheme and host before sending the request + uri. (Issue #8) + +* New ``urllib3.exceptions.DecodeError`` exception for when automatic decoding, + based on the Content-Type header, fails. + +* Fixed bug with pool depletion and leaking connections (Issue #76). Added + explicit connection closing on pool eviction. Added + ``urllib3.PoolManager.clear()``. + +* 99% -> 100% unit test coverage. + + +1.4 (2012-06-16) +---------------- + +* Minor AppEngine-related fixes. + +* Switched from ``mimetools.choose_boundary`` to ``uuid.uuid4()``. + +* Improved url parsing. (Issue #73) + +* IPv6 url support. (Issue #72) + + +1.3 (2012-03-25) +---------------- + +* Removed pre-1.0 deprecated API. + +* Refactored helpers into a ``urllib3.util`` submodule. + +* Fixed multipart encoding to support list-of-tuples for keys with multiple + values. (Issue #48) + +* Fixed multiple Set-Cookie headers in response not getting merged properly in + Python 3. (Issue #53) + +* AppEngine support with Py27. (Issue #61) + +* Minor ``encode_multipart_formdata`` fixes related to Python 3 strings vs + bytes. + + +1.2.2 (2012-02-06) +------------------ + +* Fixed packaging bug of not shipping ``test-requirements.txt``. (Issue #47) + + +1.2.1 (2012-02-05) +------------------ + +* Fixed another bug related to when ``ssl`` module is not available. (Issue #41) + +* Location parsing errors now raise ``urllib3.exceptions.LocationParseError`` + which inherits from ``ValueError``. + + +1.2 (2012-01-29) +---------------- + +* Added Python 3 support (tested on 3.2.2) + +* Dropped Python 2.5 support (tested on 2.6.7, 2.7.2) + +* Use ``select.poll`` instead of ``select.select`` for platforms that support + it. + +* Use ``Queue.LifoQueue`` instead of ``Queue.Queue`` for more aggressive + connection reusing. Configurable by overriding ``ConnectionPool.QueueCls``. + +* Fixed ``ImportError`` during install when ``ssl`` module is not available. + (Issue #41) + +* Fixed ``PoolManager`` redirects between schemes (such as HTTP -> HTTPS) not + completing properly. (Issue #28, uncovered by Issue #10 in v1.1) + +* Ported ``dummyserver`` to use ``tornado`` instead of ``webob`` + + ``eventlet``. Removed extraneous unsupported dummyserver testing backends. + Added socket-level tests. + +* More tests. Achievement Unlocked: 99% Coverage. + + +1.1 (2012-01-07) +---------------- + +* Refactored ``dummyserver`` to its own root namespace module (used for + testing). + +* Added hostname verification for ``VerifiedHTTPSConnection`` by vendoring in + Py32's ``ssl_match_hostname``. (Issue #25) + +* Fixed cross-host HTTP redirects when using ``PoolManager``. (Issue #10) + +* Fixed ``decode_content`` being ignored when set through ``urlopen``. (Issue + #27) + +* Fixed timeout-related bugs. (Issues #17, #23) + + +1.0.2 (2011-11-04) +------------------ + +* Fixed typo in ``VerifiedHTTPSConnection`` which would only present as a bug if + you're using the object manually. (Thanks pyos) + +* Made RecentlyUsedContainer (and consequently PoolManager) more thread-safe by + wrapping the access log in a mutex. (Thanks @christer) + +* Made RecentlyUsedContainer more dict-like (corrected ``__delitem__`` and + ``__getitem__`` behaviour), with tests. Shouldn't affect core urllib3 code. + + +1.0.1 (2011-10-10) +------------------ + +* Fixed a bug where the same connection would get returned into the pool twice, + causing extraneous "HttpConnectionPool is full" log warnings. + + +1.0 (2011-10-08) +---------------- + +* Added ``PoolManager`` with LRU expiration of connections (tested and + documented). +* Added ``ProxyManager`` (needs tests, docs, and confirmation that it works + with HTTPS proxies). +* Added optional partial-read support for responses when + ``preload_content=False``. You can now make requests and just read the headers + without loading the content. +* Made response decoding optional (default on, same as before). +* Added optional explicit boundary string for ``encode_multipart_formdata``. +* Convenience request methods are now inherited from ``RequestMethods``. Old + helpers like ``get_url`` and ``post_url`` should be abandoned in favour of + the new ``request(method, url, ...)``. +* Refactored code to be even more decoupled, reusable, and extendable. +* License header added to ``.py`` files. +* Embiggened the documentation: Lots of Sphinx-friendly docstrings in the code + and docs in ``docs/`` and on https://urllib3.readthedocs.io/. +* Embettered all the things! +* Started writing this file. + + +0.4.1 (2011-07-17) +------------------ + +* Minor bug fixes, code cleanup. + + +0.4 (2011-03-01) +---------------- + +* Better unicode support. +* Added ``VerifiedHTTPSConnection``. +* Added ``NTLMConnectionPool`` in contrib. +* Minor improvements. + + +0.3.1 (2010-07-13) +------------------ + +* Added ``assert_host_name`` optional parameter. Now compatible with proxies. + + +0.3 (2009-12-10) +---------------- + +* Added HTTPS support. +* Minor bug fixes. +* Refactored, broken backwards compatibility with 0.2. +* API to be treated as stable from this version forward. + + +0.2 (2008-11-17) +---------------- + +* Added unit tests. +* Bug fixes. + + +0.1 (2008-11-16) +---------------- + +* First release. + + diff -Nru python-urllib3-1.26.4/test/appengine/test_gae_manager.py python-urllib3-1.26.5/test/appengine/test_gae_manager.py --- python-urllib3-1.26.4/test/appengine/test_gae_manager.py 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/test/appengine/test_gae_manager.py 2021-05-26 19:01:29.000000000 +0200 @@ -129,7 +129,7 @@ self.pool = MockPool(self.host, self.port, self.manager) def test_default_method_whitelist_retried(self): - """ urllib3 should retry methods in the default method whitelist """ + """urllib3 should retry methods in the default method whitelist""" retry = urllib3.util.retry.Retry(total=1, status_forcelist=[418]) # Use HEAD instead of OPTIONS, as URLFetch doesn't support OPTIONS resp = self.pool.request( diff -Nru python-urllib3-1.26.4/test/__init__.py python-urllib3-1.26.5/test/__init__.py --- python-urllib3-1.26.4/test/__init__.py 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/test/__init__.py 2021-05-26 19:01:29.000000000 +0200 @@ -54,7 +54,7 @@ def _can_resolve(host): - """ Returns True if the system can resolve host to an address. """ + """Returns True if the system can resolve host to an address.""" try: socket.getaddrinfo(host, None, socket.AF_UNSPEC) return True @@ -63,7 +63,7 @@ def has_alpn(ctx_cls=None): - """ Detect if ALPN support is enabled. """ + """Detect if ALPN support is enabled.""" ctx_cls = ctx_cls or util.SSLContext ctx = ctx_cls(protocol=ssl_.PROTOCOL_TLS) try: diff -Nru python-urllib3-1.26.4/test/test_retry_deprecated.py python-urllib3-1.26.5/test/test_retry_deprecated.py --- python-urllib3-1.26.4/test/test_retry_deprecated.py 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/test/test_retry_deprecated.py 2021-05-26 19:01:29.000000000 +0200 @@ -28,7 +28,7 @@ class TestRetry(object): def test_string(self): - """ Retry string representation looks the way we expect """ + """Retry string representation looks the way we expect""" retry = Retry() assert ( str(retry) @@ -52,7 +52,7 @@ assert e.value.reason == error def test_retry_higher_total_loses(self): - """ A lower connect timeout than the total is honored """ + """A lower connect timeout than the total is honored""" error = ConnectTimeoutError() retry = Retry(connect=2, total=3) retry = retry.increment(error=error) @@ -61,7 +61,7 @@ retry.increment(error=error) def test_retry_higher_total_loses_vs_read(self): - """ A lower read timeout than the total is honored """ + """A lower read timeout than the total is honored""" error = ReadTimeoutError(None, "/", "read timed out") retry = Retry(read=2, total=3) retry = retry.increment(method="GET", error=error) @@ -70,7 +70,7 @@ retry.increment(method="GET", error=error) def test_retry_total_none(self): - """ if Total is none, connect error should take precedence """ + """if Total is none, connect error should take precedence""" error = ConnectTimeoutError() retry = Retry(connect=2, total=None) retry = retry.increment(error=error) @@ -87,7 +87,7 @@ assert not retry.is_exhausted() def test_retry_default(self): - """ If no value is specified, should retry connects 3 times """ + """If no value is specified, should retry connects 3 times""" retry = Retry() assert retry.total == 10 assert retry.connect is None @@ -109,7 +109,7 @@ assert not Retry(False).raise_on_redirect def test_retry_other(self): - """ If an unexpected error is raised, should retry other times """ + """If an unexpected error is raised, should retry other times""" other_error = SSLError() retry = Retry(connect=1) retry = retry.increment(error=other_error) @@ -123,7 +123,7 @@ assert e.value.reason == other_error def test_retry_read_zero(self): - """ No second chances on read timeouts, by default """ + """No second chances on read timeouts, by default""" error = ReadTimeoutError(None, "/", "read timed out") retry = Retry(read=0) with pytest.raises(MaxRetryError) as e: @@ -142,7 +142,7 @@ ) def test_backoff(self): - """ Backoff is computed correctly """ + """Backoff is computed correctly""" max_backoff = Retry.BACKOFF_MAX retry = Retry(total=100, backoff_factor=0.2) diff -Nru python-urllib3-1.26.4/test/test_retry.py python-urllib3-1.26.5/test/test_retry.py --- python-urllib3-1.26.4/test/test_retry.py 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/test/test_retry.py 2021-05-26 19:01:29.000000000 +0200 @@ -26,7 +26,7 @@ class TestRetry(object): def test_string(self): - """ Retry string representation looks the way we expect """ + """Retry string representation looks the way we expect""" retry = Retry() assert ( str(retry) @@ -50,7 +50,7 @@ assert e.value.reason == error def test_retry_higher_total_loses(self): - """ A lower connect timeout than the total is honored """ + """A lower connect timeout than the total is honored""" error = ConnectTimeoutError() retry = Retry(connect=2, total=3) retry = retry.increment(error=error) @@ -59,7 +59,7 @@ retry.increment(error=error) def test_retry_higher_total_loses_vs_read(self): - """ A lower read timeout than the total is honored """ + """A lower read timeout than the total is honored""" error = ReadTimeoutError(None, "/", "read timed out") retry = Retry(read=2, total=3) retry = retry.increment(method="GET", error=error) @@ -68,7 +68,7 @@ retry.increment(method="GET", error=error) def test_retry_total_none(self): - """ if Total is none, connect error should take precedence """ + """if Total is none, connect error should take precedence""" error = ConnectTimeoutError() retry = Retry(connect=2, total=None) retry = retry.increment(error=error) @@ -85,7 +85,7 @@ assert not retry.is_exhausted() def test_retry_default(self): - """ If no value is specified, should retry connects 3 times """ + """If no value is specified, should retry connects 3 times""" retry = Retry() assert retry.total == 10 assert retry.connect is None @@ -107,7 +107,7 @@ assert not Retry(False).raise_on_redirect def test_retry_other(self): - """ If an unexpected error is raised, should retry other times """ + """If an unexpected error is raised, should retry other times""" other_error = SSLError() retry = Retry(connect=1) retry = retry.increment(error=other_error) @@ -121,7 +121,7 @@ assert e.value.reason == other_error def test_retry_read_zero(self): - """ No second chances on read timeouts, by default """ + """No second chances on read timeouts, by default""" error = ReadTimeoutError(None, "/", "read timed out") retry = Retry(read=0) with pytest.raises(MaxRetryError) as e: @@ -140,7 +140,7 @@ ) def test_backoff(self): - """ Backoff is computed correctly """ + """Backoff is computed correctly""" max_backoff = Retry.BACKOFF_MAX retry = Retry(total=100, backoff_factor=0.2) diff -Nru python-urllib3-1.26.4/test/test_ssltransport.py python-urllib3-1.26.5/test/test_ssltransport.py --- python-urllib3-1.26.4/test/test_ssltransport.py 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/test/test_ssltransport.py 2021-05-26 19:01:29.000000000 +0200 @@ -101,7 +101,7 @@ @pytest.mark.timeout(PER_TEST_TIMEOUT) def test_start_closed_socket(self): - """ Errors generated from an unconnected socket should bubble up.""" + """Errors generated from an unconnected socket should bubble up.""" sock = socket.socket(socket.AF_INET) context = ssl.create_default_context() sock.close() @@ -110,7 +110,7 @@ @pytest.mark.timeout(PER_TEST_TIMEOUT) def test_close_after_handshake(self): - """ Socket errors should be bubbled up """ + """Socket errors should be bubbled up""" self.start_dummy_server() sock = socket.create_connection((self.host, self.port)) @@ -123,7 +123,7 @@ @pytest.mark.timeout(PER_TEST_TIMEOUT) def test_wrap_existing_socket(self): - """ Validates a single TLS layer can be established. """ + """Validates a single TLS layer can be established.""" self.start_dummy_server() sock = socket.create_connection((self.host, self.port)) @@ -187,7 +187,7 @@ @pytest.mark.timeout(PER_TEST_TIMEOUT) def test_ssl_object_attributes(self): - """ Ensures common ssl attributes are exposed """ + """Ensures common ssl attributes are exposed""" self.start_dummy_server() sock = socket.create_connection((self.host, self.port)) @@ -215,7 +215,7 @@ @pytest.mark.timeout(PER_TEST_TIMEOUT) def test_socket_object_attributes(self): - """ Ensures common socket attributes are exposed """ + """Ensures common socket attributes are exposed""" self.start_dummy_server() sock = socket.create_connection((self.host, self.port)) @@ -258,6 +258,7 @@ ) self._read_write_loop(client_sock, upstream_sock) upstream_sock.close() + client_sock.close() self._start_server(proxy_handler) @@ -286,6 +287,10 @@ if write_socket in writable: try: b = read_socket.recv(chunks) + if len(b) == 0: + # One of the sockets has EOFed, we return to close + # both. + return write_socket.send(b) except ssl.SSLEOFError: # It's possible, depending on shutdown order, that we'll @@ -335,6 +340,7 @@ request = consume_socket(ssock) validate_request(request) ssock.send(sample_response()) + sock.close() cls._start_server(socket_handler) diff -Nru python-urllib3-1.26.4/test/test_util.py python-urllib3-1.26.5/test/test_util.py --- python-urllib3-1.26.4/test/test_util.py 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/test/test_util.py 2021-05-26 19:01:29.000000000 +0200 @@ -438,6 +438,16 @@ fragment="hash", ), ), + # Tons of '@' causing backtracking + ("https://"; + ("@" * 10000) + "[", False), + ( + "https://user:"; + ("@" * 10000) + "example.com", + Url( + scheme="https", + auth="user:" + ("%40" * 9999), + host="example.com", + ), + ), ] @pytest.mark.parametrize("url, expected_url", url_vulnerabilities) @@ -580,7 +590,7 @@ assert len(w) == 1 def _make_time_pass(self, seconds, timeout, time_mock): - """ Make some time pass for the timeout object """ + """Make some time pass for the timeout object""" time_mock.return_value = TIMEOUT_EPOCH timeout.start_connect() time_mock.return_value = TIMEOUT_EPOCH + seconds diff -Nru python-urllib3-1.26.4/test/with_dummyserver/test_connectionpool.py python-urllib3-1.26.5/test/with_dummyserver/test_connectionpool.py --- python-urllib3-1.26.4/test/with_dummyserver/test_connectionpool.py 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/test/with_dummyserver/test_connectionpool.py 2021-05-26 19:01:29.000000000 +0200 @@ -284,7 +284,7 @@ assert r.status == 200, r.data def test_nagle(self): - """ Test that connections have TCP_NODELAY turned on """ + """Test that connections have TCP_NODELAY turned on""" # This test needs to be here in order to be run. socket.create_connection actually tries # to connect to the host provided so we need a dummyserver to be running. with HTTPConnectionPool(self.host, self.port) as pool: @@ -354,7 +354,7 @@ s.close() def test_connection_error_retries(self): - """ ECONNREFUSED error should raise a connection error, with retries """ + """ECONNREFUSED error should raise a connection error, with retries""" port = find_unused_port() with HTTPConnectionPool(self.host, port) as pool: with pytest.raises(MaxRetryError) as e: @@ -794,13 +794,13 @@ assert response.status == 200 def test_preserves_path_dot_segments(self): - """ ConnectionPool preserves dot segments in the URI """ + """ConnectionPool preserves dot segments in the URI""" with HTTPConnectionPool(self.host, self.port) as pool: response = pool.request("GET", "/echo_uri/seg0/../seg2") assert response.data == b"/echo_uri/seg0/../seg2" def test_default_user_agent_header(self): - """ ConnectionPool has a default user agent """ + """ConnectionPool has a default user agent""" default_ua = _get_default_user_agent() custom_ua = "I'm not a web scraper, what are you talking about?" custom_ua2 = "Yet Another User Agent" @@ -853,7 +853,7 @@ assert request_headers["User-Agent"] == "key" def test_no_user_agent_header(self): - """ ConnectionPool can suppress sending a user agent header """ + """ConnectionPool can suppress sending a user agent header""" custom_ua = "I'm not a web scraper, what are you talking about?" with HTTPConnectionPool(self.host, self.port) as pool: # Suppress user agent in the request headers. @@ -1025,7 +1025,7 @@ pool.request("GET", "/redirect", fields={"target": "/"}, retries=0) def test_disabled_retry(self): - """ Disabled retries should disable redirect handling. """ + """Disabled retries should disable redirect handling.""" with HTTPConnectionPool(self.host, self.port) as pool: r = pool.request("GET", "/redirect", fields={"target": "/"}, retries=False) assert r.status == 303 @@ -1045,7 +1045,7 @@ pool.request("GET", "/test", retries=False) def test_read_retries(self): - """ Should retry for status codes in the whitelist """ + """Should retry for status codes in the whitelist""" with HTTPConnectionPool(self.host, self.port) as pool: retry = Retry(read=1, status_forcelist=[418]) resp = pool.request( @@ -1057,7 +1057,7 @@ assert resp.status == 200 def test_read_total_retries(self): - """ HTTP response w/ status code in the whitelist should be retried """ + """HTTP response w/ status code in the whitelist should be retried""" with HTTPConnectionPool(self.host, self.port) as pool: headers = {"test-name": "test_read_total_retries"} retry = Retry(total=1, status_forcelist=[418]) @@ -1079,7 +1079,7 @@ assert resp.status == 418 def test_default_method_whitelist_retried(self): - """ urllib3 should retry methods in the default method whitelist """ + """urllib3 should retry methods in the default method whitelist""" with HTTPConnectionPool(self.host, self.port) as pool: retry = Retry(total=1, status_forcelist=[418]) resp = pool.request( @@ -1107,7 +1107,7 @@ assert resp.status == 418 def test_retry_reuse_safe(self): - """ It should be possible to reuse a Retry object across requests """ + """It should be possible to reuse a Retry object across requests""" with HTTPConnectionPool(self.host, self.port) as pool: headers = {"test-name": "test_retry_safe"} retry = Retry(total=1, status_forcelist=[418]) diff -Nru python-urllib3-1.26.4/test/with_dummyserver/test_https.py python-urllib3-1.26.5/test/with_dummyserver/test_https.py --- python-urllib3-1.26.4/test/with_dummyserver/test_https.py 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/test/with_dummyserver/test_https.py 2021-05-26 19:01:29.000000000 +0200 @@ -368,7 +368,7 @@ assert isinstance(cm.value.reason, SSLError) def test_unverified_ssl(self): - """ Test that bare HTTPSConnection can connect, make requests """ + """Test that bare HTTPSConnection can connect, make requests""" with HTTPSConnectionPool(self.host, self.port, cert_reqs=ssl.CERT_NONE) as pool: with mock.patch("warnings.warn") as warn: r = pool.request("GET", "/") @@ -567,7 +567,7 @@ https_pool.request("GET", "/") def test_tunnel(self): - """ test the _tunnel behavior """ + """test the _tunnel behavior""" timeout = Timeout(total=None) with HTTPSConnectionPool( self.host, self.port, timeout=timeout, cert_reqs="CERT_NONE" diff -Nru python-urllib3-1.26.4/test/with_dummyserver/test_proxy_poolmanager.py python-urllib3-1.26.5/test/with_dummyserver/test_proxy_poolmanager.py --- python-urllib3-1.26.4/test/with_dummyserver/test_proxy_poolmanager.py 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/test/with_dummyserver/test_proxy_poolmanager.py 2021-05-26 19:01:29.000000000 +0200 @@ -142,7 +142,7 @@ assert r.status == 200 def test_nagle_proxy(self): - """ Test that proxy connections do not have TCP_NODELAY turned on """ + """Test that proxy connections do not have TCP_NODELAY turned on""" with ProxyManager(self.proxy_url) as http: hc2 = http.connection_from_host(self.http_host, self.http_port) conn = hc2._get_conn() diff -Nru python-urllib3-1.26.4/test/with_dummyserver/test_socketlevel.py python-urllib3-1.26.5/test/with_dummyserver/test_socketlevel.py --- python-urllib3-1.26.4/test/with_dummyserver/test_socketlevel.py 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/test/with_dummyserver/test_socketlevel.py 2021-05-26 19:01:29.000000000 +0200 @@ -467,7 +467,7 @@ timed_out.set() def test_https_connection_read_timeout(self): - """ Handshake timeouts should fail with a Timeout""" + """Handshake timeouts should fail with a Timeout""" timed_out = Event() def socket_handler(listener): @@ -630,7 +630,7 @@ response.read() def test_retry_weird_http_version(self): - """ Retry class should handle httplib.BadStatusLine errors properly """ + """Retry class should handle httplib.BadStatusLine errors properly""" def socket_handler(listener): sock = listener.accept()[0]Attachment: signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
- To: 989881-done@bugs.debian.org
- Subject: unblock python-urllib3
- From: Sebastian Ramacher <sramacher@respighi.debian.org>
- Date: Wed, 07 Jul 2021 20:09:34 +0000
- Message-id: <E1m1DrS-0005Q5-D8@respighi.debian.org>
Unblocked.
--- End Message ---