- Update to 2.5.0:
* Security issues
Pool managers now properly control redirects when retries is passed
(CVE-2025-50181, GHSA-pq67-6m6q-mj2v, bsc#1244925)
Redirects are now controlled by urllib3 in the Node.js runtime
(CVE-2025-50182, GHSA-48p4-8xcf-vxj5, bsc#1244924)
* Features
Added support for the compression.zstd module that is new in Python 3.14.
Added support for version 0.5 of hatch-vcs
* Bugfixes
Raised exception for HTTPResponse.shutdown on a connection already
released to the pool.
Fixed incorrect CONNECT statement when using an IPv6 proxy with
connection_from_host. Previously would not be wrapped in [].
OBS-URL: https://build.opensuse.org/request/show/1287779
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-urllib3?expand=0&rev=72
* Security issues
Pool managers now properly control redirects when retries is passed
(CVE-2025-50181, GHSA-pq67-6m6q-mj2v, bsc#1244925)
Redirects are now controlled by urllib3 in the Node.js runtime
(CVE-2025-50182, GHSA-48p4-8xcf-vxj5, bsc#1244924)
* Features
Added support for the compression.zstd module that is new in Python 3.14.
Added support for version 0.5 of hatch-vcs
* Bugfixes
Raised exception for HTTPResponse.shutdown on a connection already
released to the pool.
Fixed incorrect CONNECT statement when using an IPv6 proxy with
connection_from_host. Previously would not be wrapped in [].
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-urllib3?expand=0&rev=190
- Update to 2.4.0
* Applied PEP 639 by specifying the license fields in
pyproject.toml. (#3522)
* Updated exceptions to save and restore more properties during the
pickle/serialization process. (#3567)
* Added verify_flags option to create_urllib3_context with a default
of VERIFY_X509_PARTIAL_CHAIN and VERIFY_X509_STRICT for Python
3.13+. (#3571)
* Fixed a bug with partial reads of streaming data in Emscripten.
(#3555)
* Switched to uv for installing development dependecies. (#3550)
* Removed the multiple.intoto.jsonl asset from GitHub releases.
Attestation of release files since v2.3.0 can be found on PyPI.
(#3566)
- 2.3.0:
* Added HTTPResponse.shutdown() to stop any ongoing or future reads
for a specific response. It calls shutdown(SHUT_RD) on the
underlying socket. This feature was sponsored by LaunchDarkly.
(#2868)
* Added support for JavaScript Promise Integration on Emscripten.
This enables more efficient WebAssembly requests and streaming,
and makes it possible to use in Node.js if you launch it as node
--experimental-wasm-stack-switching. (#3400)
* Added the proxy_is_tunneling property to HTTPConnection and
HTTPSConnection. (#3285)
* Added pickling support to NewConnectionError and
NameResolutionError. (#3480)
* Fixed an issue in debug logs where the HTTP version was rendering
as "HTTP/11" instead of "HTTP/1.1". (#3489)
* Removed support for Python 3.8. (#3492)
OBS-URL: https://build.opensuse.org/request/show/1280514
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-urllib3?expand=0&rev=71
* Applied PEP 639 by specifying the license fields in
pyproject.toml. (#3522)
* Updated exceptions to save and restore more properties during the
pickle/serialization process. (#3567)
* Added verify_flags option to create_urllib3_context with a default
of VERIFY_X509_PARTIAL_CHAIN and VERIFY_X509_STRICT for Python
3.13+. (#3571)
* Fixed a bug with partial reads of streaming data in Emscripten.
(#3555)
* Switched to uv for installing development dependecies. (#3550)
* Removed the multiple.intoto.jsonl asset from GitHub releases.
Attestation of release files since v2.3.0 can be found on PyPI.
(#3566)
- 2.3.0:
* Added HTTPResponse.shutdown() to stop any ongoing or future reads
for a specific response. It calls shutdown(SHUT_RD) on the
underlying socket. This feature was sponsored by LaunchDarkly.
(#2868)
* Added support for JavaScript Promise Integration on Emscripten.
This enables more efficient WebAssembly requests and streaming,
and makes it possible to use in Node.js if you launch it as node
--experimental-wasm-stack-switching. (#3400)
* Added the proxy_is_tunneling property to HTTPConnection and
HTTPSConnection. (#3285)
* Added pickling support to NewConnectionError and
NameResolutionError. (#3480)
* Fixed an issue in debug logs where the HTTP version was rendering
as "HTTP/11" instead of "HTTP/1.1". (#3489)
* Removed support for Python 3.8. (#3492)
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-urllib3?expand=0&rev=188
- Update to 2.2.3:
* Features
+ Added support for Python 3.13.
* Bugfixes
+ Fixed the default encoding of chunked request bodies to be UTF-8
instead of ISO-8859-1. All other methods of supplying a request body
already use UTF-8 starting in urllib3 v2.0.
+ Fixed ResourceWarning on CONNECT with Python < 3.11.4 by backporting
python/cpython#103472.
+ Fixed a crash where certain standard library hash functions were absent
in restricted environments.
+ Added the Proxy-Authorization header to the list of headers to strip
from requests when redirecting to a different host. As before,
different headers can be set via Retry.remove_headers_on_redirect.
+ Allowed passing negative integers as amt to read methods of
http.client.HTTPResponse as an alternative to None.
+ Fixed issue where InsecureRequestWarning was emitted for HTTPS
connections when using Emscripten.
+ Fixed HTTPConnectionPool.urlopen to stop automatically casting
non-proxy headers to HTTPHeaderDict. This change was premature as it
did not apply to proxy headers and HTTPHeaderDict does not handle byte
header values correctly yet.
+ Changed InvalidChunkLength to ProtocolError when response terminates
before the chunk length is sent.
+ Changed ProtocolError to be more verbose on incomplete reads with
excess content.
+ Added support for HTTPResponse.read1() method.
+ Fixed issue where requests against urls with trailing dots were
failing due to SSL errors when using proxy.
+ Fixed HTTPConnection.proxy_is_verified and
OBS-URL: https://build.opensuse.org/request/show/1205339
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-urllib3?expand=0&rev=68
* Features
+ Added support for Python 3.13.
* Bugfixes
+ Fixed the default encoding of chunked request bodies to be UTF-8
instead of ISO-8859-1. All other methods of supplying a request body
already use UTF-8 starting in urllib3 v2.0.
+ Fixed ResourceWarning on CONNECT with Python < 3.11.4 by backporting
python/cpython#103472.
+ Fixed a crash where certain standard library hash functions were absent
in restricted environments.
+ Added the Proxy-Authorization header to the list of headers to strip
from requests when redirecting to a different host. As before,
different headers can be set via Retry.remove_headers_on_redirect.
+ Allowed passing negative integers as amt to read methods of
http.client.HTTPResponse as an alternative to None.
+ Fixed issue where InsecureRequestWarning was emitted for HTTPS
connections when using Emscripten.
+ Fixed HTTPConnectionPool.urlopen to stop automatically casting
non-proxy headers to HTTPHeaderDict. This change was premature as it
did not apply to proxy headers and HTTPHeaderDict does not handle byte
header values correctly yet.
+ Changed InvalidChunkLength to ProtocolError when response terminates
before the chunk length is sent.
+ Changed ProtocolError to be more verbose on incomplete reads with
excess content.
+ Added support for HTTPResponse.read1() method.
+ Fixed issue where requests against urls with trailing dots were
failing due to SSL errors when using proxy.
+ Fixed HTTPConnection.proxy_is_verified and
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-urllib3?expand=0&rev=180
