Urllib3 Versions Save

urllib3 is a user-friendly HTTP client library for Python

2.2.1

3 months ago

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Changes

  • Fixed issue where InsecureRequestWarning was emitted for HTTPS connections when using Emscripten. (#3331)
  • Fixed HTTPConnectionPool.urlopen to stop automatically casting non-proxy headers to HTTPHeaderDict. This change was premature as it did not apply to proxy headers and HTTPHeaderDict does not handle byte header values correctly yet. (#3343)
  • Changed ProtocolError to InvalidChunkLength when response terminates before the chunk length is sent. (#2860)
  • Changed ProtocolError to be more verbose on incomplete reads with excess content. (#3261)

2.2.0

3 months ago

🖥️ urllib3 now works in the browser

:tada: This release adds experimental support for using urllib3 in the browser with Pyodide! :tada:

Thanks to Joe Marshall (@joemarshall) for contributing this feature. This change was possible thanks to work done in urllib3 v2.0 to detach our API from http.client. Please report all bugs to the urllib3 issue tracker.

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Changes

  • Added support for Emscripten and Pyodide, including streaming support in cross-origin isolated browser environments where threading is enabled. (#2951)
  • Added support for HTTPResponse.read1() method. (#3186)
  • Added rudimentary support for HTTP/2. (#3284)
  • Fixed issue where requests against urls with trailing dots were failing due to SSL errors when using proxy. (#2244)
  • Fixed HTTPConnection.proxy_is_verified and HTTPSConnection.proxy_is_verified to be always set to a boolean after connecting to a proxy. It could be None in some cases previously. (#3130)
  • Fixed an issue where headers passed in a request with json= would be mutated (#3203)
  • Fixed HTTPSConnection.is_verified to be set to False when connecting from a HTTPS proxy to an HTTP target. It was set to True previously. (#3267)
  • Fixed handling of new error message from OpenSSL 3.2.0 when configuring an HTTP proxy as HTTPS (#3268)
  • Fixed TLS 1.3 post-handshake auth when the server certificate validation is disabled (#3325)

Note for downstream distributors: To run integration tests, you now need to run the tests a second time with the --integration pytest flag. (#3181)

2.1.0

6 months ago

Read the v2 migration guide for help upgrading to the latest version of urllib3.

Removals

  • Removed support for the deprecated urllib3[secure] extra. (#2680)
  • Removed support for the deprecated SecureTransport TLS implementation. (#2681)
  • Removed support for the end-of-life Python 3.7. (#3143)

Bugfixes

  • Allowed loading CA certificates from memory for proxies. (#3065)
  • Fixed decoding Gzip-encoded responses which specified x-gzip content-encoding. (#3174)

1.26.18

7 months ago
  • Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses. (GHSA-g4mx-q9vg-27p4)

2.0.7

7 months ago
  • Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses. (GHSA-g4mx-q9vg-27p4)

1.26.17

7 months ago
  • Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect. (GHSA-v845-jxx5-vc9f)

2.0.6

7 months ago
  • Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect. (GHSA-v845-jxx5-vc9f)

v2.0.5

7 months ago
  • Allowed pyOpenSSL third-party module without any deprecation warning. #3126
  • Fixed default blocksize of HTTPConnection classes to match high-level classes. Previously was 8KiB, now 16KiB. #3066

2.0.4

10 months ago
  • Added support for union operators to HTTPHeaderDict (#2254)
  • Added BaseHTTPResponse to urllib3.__all__ (#3078)
  • Fixed urllib3.connection.HTTPConnection to raise the http.client.connect audit event to have the same behavior as the standard library HTTP client (#2757)
  • Relied on the standard library for checking hostnames in supported PyPy releases (#3087)

2.0.3

11 months ago
  • Allowed alternative SSL libraries such as LibreSSL, while still issuing a warning as we cannot help users facing issues with implementations other than OpenSSL. #3020
  • Deprecated URLs which don't have an explicit scheme #2950
  • Fixed response decoding with Zstandard when compressed data is made of several frames. #3008
  • Fixed assert_hostname=False to correctly skip hostname check. #3051