bfb74b5d59- Update to 2.5.0: * Security issues Pool managers now properly control redirects when retries is passed (CVE-2025-50181, GHSA-pq67-6m6q-mj2v, bsc#1244925) Redirects are now controlled by urllib3 in the Node.js runtime (CVE-2025-50182, GHSA-48p4-8xcf-vxj5, bsc#1244924) * Features Added support for the compression.zstd module that is new in Python 3.14. Added support for version 0.5 of hatch-vcs * Bugfixes Raised exception for HTTPResponse.shutdown on a connection already released to the pool. Fixed incorrect CONNECT statement when using an IPv6 proxy with connection_from_host. Previously would not be wrapped in [].Steve Kowalik2025-06-23 02:04:11 +00:00
75573f8736- Update to 2.5.0: * Security issues Pool managers now properly control redirects when retries is passed (CVE-2025-50181, GHSA-pq67-6m6q-mj2v, bsc#1244925) Redirects are now controlled by urllib3 in the Node.js runtime (CVE-2025-50182, GHSA-48p4-8xcf-vxj5, bsc#1244924) * Features Added support for the compression.zstd module that is new in Python 3.14. Added support for version 0.5 of hatch-vcs * Bugfixes Raised exception for HTTPResponse.shutdown on a connection already released to the pool. Fixed incorrect CONNECT statement when using an IPv6 proxy with connection_from_host. Previously would not be wrapped in [].Steve Kowalik2025-06-23 02:04:11 +00:00
b047ad7493- Update to 2.4.0 * Applied PEP 639 by specifying the license fields in pyproject.toml. (#3522) * Updated exceptions to save and restore more properties during the pickle/serialization process. (#3567) * Added verify_flags option to create_urllib3_context with a default of VERIFY_X509_PARTIAL_CHAIN and VERIFY_X509_STRICT for Python 3.13+. (#3571) * Fixed a bug with partial reads of streaming data in Emscripten. (#3555) * Switched to uv for installing development dependecies. (#3550) * Removed the multiple.intoto.jsonl asset from GitHub releases. Attestation of release files since v2.3.0 can be found on PyPI. (#3566) - 2.3.0: * Added HTTPResponse.shutdown() to stop any ongoing or future reads for a specific response. It calls shutdown(SHUT_RD) on the underlying socket. This feature was sponsored by LaunchDarkly. (#2868) * Added support for JavaScript Promise Integration on Emscripten. This enables more efficient WebAssembly requests and streaming, and makes it possible to use in Node.js if you launch it as node --experimental-wasm-stack-switching. (#3400) * Added the proxy_is_tunneling property to HTTPConnection and HTTPSConnection. (#3285) * Added pickling support to NewConnectionError and NameResolutionError. (#3480) * Fixed an issue in debug logs where the HTTP version was rendering as "HTTP/11" instead of "HTTP/1.1". (#3489) * Removed support for Python 3.8. (#3492)Daniel Garcia2025-05-27 09:29:34 +00:00
fa15163672- Update to 2.4.0 * Applied PEP 639 by specifying the license fields in pyproject.toml. (#3522) * Updated exceptions to save and restore more properties during the pickle/serialization process. (#3567) * Added verify_flags option to create_urllib3_context with a default of VERIFY_X509_PARTIAL_CHAIN and VERIFY_X509_STRICT for Python 3.13+. (#3571) * Fixed a bug with partial reads of streaming data in Emscripten. (#3555) * Switched to uv for installing development dependecies. (#3550) * Removed the multiple.intoto.jsonl asset from GitHub releases. Attestation of release files since v2.3.0 can be found on PyPI. (#3566) - 2.3.0: * Added HTTPResponse.shutdown() to stop any ongoing or future reads for a specific response. It calls shutdown(SHUT_RD) on the underlying socket. This feature was sponsored by LaunchDarkly. (#2868) * Added support for JavaScript Promise Integration on Emscripten. This enables more efficient WebAssembly requests and streaming, and makes it possible to use in Node.js if you launch it as node --experimental-wasm-stack-switching. (#3400) * Added the proxy_is_tunneling property to HTTPConnection and HTTPSConnection. (#3285) * Added pickling support to NewConnectionError and NameResolutionError. (#3480) * Fixed an issue in debug logs where the HTTP version was rendering as "HTTP/11" instead of "HTTP/1.1". (#3489) * Removed support for Python 3.8. (#3492)Daniel Garcia2025-05-27 09:29:34 +00:00
2262dc56eb- Skip test_close_after_handshake flaky test, it fails sometimes in ppc64le and s390x architectures, bsc#1243583Daniel Garcia2025-05-27 08:55:03 +00:00
af9a86ac19- Skip test_close_after_handshake flaky test, it fails sometimes in ppc64le and s390x architectures, bsc#1243583Daniel Garcia2025-05-27 08:55:03 +00:00
54eda1f9f2Accepting request 1232162 from devel:languages:pythonAna Guerrero2024-12-19 20:40:18 +00:00
2e3a3af491Accepting request 1232162 from devel:languages:pythonAna Guerrero2024-12-19 20:40:18 +00:00
69de784631Accepting request 1232160 from home:dgarcia:branches:devel:languages:pythonDaniel Garcia2024-12-19 10:26:30 +00:00
c9bda474fd- Skip some flaky tests that fail sometimes in OBS (bsc#1234681)Daniel Garcia2024-12-19 10:26:30 +00:00
a5be242803Accepting request 1231820 from devel:languages:pythonAna Guerrero2024-12-18 19:09:10 +00:00
9860f9689bAccepting request 1231820 from devel:languages:pythonAna Guerrero2024-12-18 19:09:10 +00:00
88a76d7d5a- Ignore DeprecationWarning in tests (bsc#1234681)Daniel Garcia2024-12-18 08:42:44 +00:00
ef1a31c0b1- Ignore DeprecationWarning in tests (bsc#1234681)Daniel Garcia2024-12-18 08:42:44 +00:00
f702af0f5dAccepting request 1205339 from devel:languages:pythonAna Guerrero2024-10-03 16:00:38 +00:00
a5d1101265Accepting request 1205339 from devel:languages:pythonAna Guerrero2024-10-03 16:00:38 +00:00
29ba66e58c- Update to 2.2.3: * Features + Added support for Python 3.13. * Bugfixes + Fixed the default encoding of chunked request bodies to be UTF-8 instead of ISO-8859-1. All other methods of supplying a request body already use UTF-8 starting in urllib3 v2.0. + Fixed ResourceWarning on CONNECT with Python < 3.11.4 by backporting python/cpython#103472. + Fixed a crash where certain standard library hash functions were absent in restricted environments. + Added the Proxy-Authorization header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect. + Allowed passing negative integers as amt to read methods of http.client.HTTPResponse as an alternative to None. + Fixed issue where InsecureRequestWarning was emitted for HTTPS connections when using Emscripten. + Fixed HTTPConnectionPool.urlopen to stop automatically casting non-proxy headers to HTTPHeaderDict. This change was premature as it did not apply to proxy headers and HTTPHeaderDict does not handle byte header values correctly yet. + Changed InvalidChunkLength to ProtocolError when response terminates before the chunk length is sent. + Changed ProtocolError to be more verbose on incomplete reads with excess content. + Added support for HTTPResponse.read1() method. + Fixed issue where requests against urls with trailing dots were failing due to SSL errors when using proxy. + Fixed HTTPConnection.proxy_is_verified andSteve Kowalik2024-09-24 05:07:08 +00:00
a6661b64be- Update to 2.2.3: * Features + Added support for Python 3.13. * Bugfixes + Fixed the default encoding of chunked request bodies to be UTF-8 instead of ISO-8859-1. All other methods of supplying a request body already use UTF-8 starting in urllib3 v2.0. + Fixed ResourceWarning on CONNECT with Python < 3.11.4 by backporting python/cpython#103472. + Fixed a crash where certain standard library hash functions were absent in restricted environments. + Added the Proxy-Authorization header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect. + Allowed passing negative integers as amt to read methods of http.client.HTTPResponse as an alternative to None. + Fixed issue where InsecureRequestWarning was emitted for HTTPS connections when using Emscripten. + Fixed HTTPConnectionPool.urlopen to stop automatically casting non-proxy headers to HTTPHeaderDict. This change was premature as it did not apply to proxy headers and HTTPHeaderDict does not handle byte header values correctly yet. + Changed InvalidChunkLength to ProtocolError when response terminates before the chunk length is sent. + Changed ProtocolError to be more verbose on incomplete reads with excess content. + Added support for HTTPResponse.read1() method. + Fixed issue where requests against urls with trailing dots were failing due to SSL errors when using proxy. + Fixed HTTPConnection.proxy_is_verified andSteve Kowalik2024-09-24 05:07:08 +00:00
ba032a537bAccepting request 1181456 from devel:languages:pythonAna Guerrero2024-06-18 20:50:46 +00:00
259b7264d6Accepting request 1181456 from devel:languages:pythonAna Guerrero2024-06-18 20:50:46 +00:00
f36007869aAccepting request 1181452 from home:mcalabkova:branches:devel:languages:python:patchMarkéta Machová2024-06-18 09:56:35 +00:00
020c67f782Accepting request 1138118 from devel:languages:pythonAna Guerrero2024-01-12 22:44:33 +00:00
95eb7884e4- Add upstream patch openssl-3.2.patch, to fix tests with opennssl 3.2.0, gh#urllib3/urllib3#3271Daniel Garcia2024-01-11 11:49:26 +00:00
6533ff8336Accepting request 1130850 from devel:languages:pythonAna Guerrero2023-12-05 16:02:48 +00:00
e748795144- update to 2.1.0: * Removed support for the deprecated urllib3[secure] extra. * Removed support for the deprecated SecureTransport TLS implementation. * Removed support for the end-of-life Python 3.7. * Allowed loading CA certificates from memory for proxies. * Fixed decoding Gzip-encoded responses which specified `x-gzip` content-encoding.Dirk Mueller2023-11-27 20:30:05 +00:00
91110ae749Accepting request 1118603 from devel:languages:pythonAna Guerrero2023-10-19 20:46:47 +00:00
2e198fd675- update to 2.0.7 (bsc#1216377, CVE-2023-45803): * Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses.Daniel Garcia2023-10-18 14:25:18 +00:00
027dfe1969Accepting request 1117485 from devel:languages:pythonAna Guerrero2023-10-13 21:13:49 +00:00
761c1d117dAccepting request 1117445 from home:fcrozat:branches:devel:languages:pythonMatej Cepl2023-10-12 14:33:44 +00:00
b0cb844771Accepting request 1115892 from devel:languages:pythonAna Guerrero2023-10-06 19:12:45 +00:00
71ecb78924- update to 2.0.6 (bsc#1215968, CVE-2023-43804): * Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect - 2.0.5: * Allowed pyOpenSSL third-party module without any deprecation warning. #3126 * Fixed default blocksize of HTTPConnection classes to match high-level classes. Previously was 8KiB, now 16KiB. #3066Daniel Garcia2023-10-05 15:48:58 +00:00
0aa6795e5aAccepting request 1112725 from devel:languages:pythonAna Guerrero2023-09-21 20:20:25 +00:00
9e2080ddfc* Changed HTTPConnection.request_chunked() to not erroneously emit multiple * Added `urllib3.util.SKIP_HEADER for skipping User-Agent, Accept-Encoding`, - Add missing dependency on python-six (bsc#1150895) - update to 1.25 (bsc#1132663, bsc#1129071, CVE-2019-9740, CVE-2019-11236): * Allow providing a list of headers to strip from requests when redirecting without repeatedly flushing the decoder, to function better on * Accept ca_cert_dir for SSL-related PoolManager configuration. - add python-pyOpenSSL, python-certifi and python-pyasn1 requirements - Comment out test requirements, as tests are disabled anyway, and * Add support for directories of certificate authorities, as * New exception: NewConnectionError, raised when we fail to - Update 0001-Don-t-pin-dependency-to-exact-version.patch * Shuffled around development-related files. If you're maintaining a distro package of urllib3, you may need * Unverified HTTPS requests will trigger a warning on the first * New retry logic and urllib3.util.retry.Retry configuration * All raised exceptions should now wrapped in a urllib3.exceptions.HTTPException-extending exception. urllib3.exceptions.MaxRetryError, including timeout-related exceptions which were previously exempt. Underlying error is * urllib3.exceptions.ConnectionError renamed to * Requesting an empty host will raise * Catch read timeouts over SSL connections as * Fix TLS verification when using a proxy in Python 3.4.1. * Add disable_cache option to urllib3.util.make_headers. * Wrap socket.timeout exception with * Fixed proxy-related bug where connections were being reused * Added socket_options keyword parameter which allows to define * Removed HTTPConnection.tcp_nodelay in favor of * Don't install dummyserver into site-packages as it's onlyDirk Mueller2023-09-21 08:23:11 +00:00
053c01be78Accepting request 1109358 from devel:languages:pythonAna Guerrero2023-09-07 19:12:54 +00:00
65a3dc43cc- update to 1.25.9 (bsc#1177120, CVE-2020-26137):Dirk Mueller2023-09-06 21:43:15 +00:00
2682ddb5ffAccepting request 1100699 from devel:languages:pythonAna Guerrero2023-07-26 11:22:14 +00:00
c7e95ee43b- update to 2.0.4: * Added support for union operators to `HTTPHeaderDict * Added BaseHTTPResponse to urllib3.__all__ (#3078 * Fixed `urllib3.connection.HTTPConnection to raise the http.client.connect` audit event to have the same behavior as the standard library HTTP client * Relied on the standard library for checking hostnames in supported PyPy releasesDirk Mueller2023-07-25 18:37:53 +00:00
2ff9f6959cAccepting request 1096959 from devel:languages:pythonFabian Vogt2023-07-06 16:28:04 +00:00
ebc06a4521- Disable test_deprecated_no_scheme so it needs network connection to run correctly.Daniel Garcia2023-07-05 11:43:00 +00:00
a2ae3b2049- update to 2.0.3: * Allowed alternative SSL libraries such as LibreSSL, while still issuing a warning as we cannot help users facing issues with implementations other than OpenSSL. * Deprecated URLs which don't have an explicit scheme * Fixed response decoding with Zstandard when compressed data is made of several frames. * Fixed `assert_hostname=False` to correctly skip hostname check.Dirk Mueller2023-06-19 20:27:38 +00:00
27eb919afe- update to 2.0.2: * Fixed `HTTPResponse.stream()` to continue yielding bytes if buffered decompressed data was still available to be read even if the underlying socket is closed. This prevents a compressed response from being truncated.Dirk Mueller2023-05-14 12:37:31 +00:00
927c3f301eIgnore a file that does not play well on OBSSteve Kowalik2023-05-10 07:29:01 +00:00
9375f787df- Update to 2.0.1: * Fixed a socket leak when fingerprint or hostname verifications fail. * Fixed an error when HTTPResponse.read(0) was the first read call or when the internal response body buffer was otherwise empty. * Removed support for Python 2.7, 3.5, and 3.6. * Removed fallback on certificate commonName in match_hostname() function. * Removed support for Python with an ssl module compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. * Removed support for OpenSSL versions earlier than 1.1.1. * Removed urllib3.contrib.appengine.AppEngineManager and support for Google App Engine Standard Environment. * Changed ssl_version to instead set the corresponding SSLContext.minimum_version and SSLContext.maximum_version values. * Changed default SSLContext.minimum_version to be TLSVersion.TLSv1_2 in line with Python 3.10. * Changed urllib3.util.create_urllib3_context to not override the system cipher suites with a default value. * Changed multipart/form-data header parameter formatting matches the WHATWG HTML Standard as of 2021-06-10. * Changed HTTPConnection.request() to always use lowercase chunk boundaries when sending requests with Transfer-Encoding: chunked. * Changed enforce_content_length default to True, preventing silent data loss when reading streamed responses. * Changed all parameters in the HTTPConnection and HTTPSConnection constructors to be keyword-only except host and port. * Changed HTTPConnection.getresponse() to set the socket timeout from HTTPConnection.timeout value before reading data from the socket. * Changed name of Retry.BACK0FF_MAX to be Retry.DEFAULT_BACKOFF_MAX. * Changed TLS handshakes to use SSLContext.check_hostname when possible. * Changed the default blocksize to 16KB to match OpenSSL's default readSteve Kowalik2023-05-03 06:50:37 +00:00
2ac700f523- update to 1.26.15: * Fix socket timeout value when `HTTPConnection` is reused * Remove "!" character from the unreserved characters in IPv6 Zone ID parsing * Fix IDNA handling of '' byteDirk Mueller2023-03-14 22:47:38 +00:00
3f9ddd55c5- update to 1.26.12: * Deprecated the urllib3[secure] extra and the urllib3.contrib.pyopenssl module. Both will be removed in v2.x. See this GitHub issue <https://github.com/urllib3/urllib3/issues/2680>_ for justification and info on how to migrate.Dirk Mueller2022-08-22 22:02:52 +00:00
a6fe4b937eAccepting request 992365 from home:bnavigator:branches:devel:languages:pythonMatej Cepl2022-08-02 16:42:20 +00:00
b5aef7fbb3- refresh remove_mock.patch with extra mock usages - Remove unneeded BuildRequires of mock.Dirk Mueller2022-08-02 14:55:32 +00:00
aecb18b5a2- update to 1.26.10: * Removed support for Python 3.5 * Fixed an issue where a `ProxyError` recommending configuring the proxy as HTTP instead of HTTPS could appear even when an HTTPS proxy wasn't configured.Dirk Mueller2022-07-24 08:04:55 +00:00
8b7b942d17Accepting request 967156 from home:bnavigator:branches:devel:languages:pythonMarkéta Machová2022-04-06 05:43:40 +00:00
51cc811858- update to 1.26.9: * Changed `urllib3[brotli] extra to favor installing Brotli libraries that are still receiving updates like brotli and brotlicffi instead of brotlipy. This change does not impact behavior of urllib3, only which dependencies are installed. * Fixed a socket leaking when HTTPSConnection.connect() raises an exception. * Fixed server_hostname being forwarded from PoolManager to HTTPConnectionPool` when requesting an HTTP URL. Should only be forwarded when requesting an HTTPS URL.Dirk Mueller2022-03-29 11:48:46 +00:00
768d17111c- update to 1.26.8: * Added extra message to`urllib3.exceptions.ProxyError when urllib3 detects that a proxy is configured to use HTTPS but the proxy itself appears to only use HTTP. * Added a mention of the size of the connection pool when discarding a connection due to the pool being full. * Added explicit support for Python 3.11. * Deprecated the Retry.MAX_BACKOFF class property in favor of Retry.DEFAULT_MAX_BACKOFF to better match the rest of the default parameter names. Retry.MAX_BACKOFF is removed in v2.0. * Changed location of the vendored ssl.match_hostname function from urllib3.packages.ssl_match_hostname to urllib3.util.ssl_match_hostname` to ensure Python 3.10+ compatibility after being repackaged by downstream distributors. * Fixed absolute imports, all imports are now relative.Dirk Mueller2022-01-10 22:42:38 +00:00
916eaab761- update to 1.26.7: * Fixed a bug with HTTPS hostname verification involving IP addresses and lack of SNI. * Fixed a bug where IPv6 braces weren't stripped during certificate hostname matching.Dirk Mueller2021-10-26 21:03:35 +00:00
42309fe0fcAccepting request 906097 from home:mcalabkova:branches:devel:languages:pythonMarkéta Machová2021-07-13 11:12:32 +00:00
7857238dd7Accepting request 898448 from home:jgrassler:branches:devel:languages:pythonMatej Cepl2021-06-08 16:31:30 +00:00
603e48d703- update to 1.26.5: * Fixed deprecation warnings emitted in Python 3.10. * Updated vendored `six` library to 1.16.0. * Improved performance of URL parser when splitting the authority component.Dirk Mueller2021-06-06 12:03:15 +00:00
febcba0e07Accepting request 879507 from devel:languages:python
Richard Brown
2021-03-19 15:39:55 +00:00
1378162248- update to 1.26.4: * Changed behavior of the default `SSLContext when connecting to HTTPS proxy during HTTPS requests. The default SSLContext now sets check_hostname=True`.Dirk Mueller2021-03-16 21:10:36 +00:00
b0430c52db- update to 1.26.3: * Fixed bytes and string comparison issue with headers (Pull #2141) * Changed `ProxySchemeUnknown` error message to be more actionable if the user supplies a proxy URL without a scheme. (Pull #2107)Dirk Mueller2021-01-28 23:21:12 +00:00
b29a44bf2aAccepting request 859717 from home:bnavigator:branches:devel:languages:pythonDirk Mueller2021-01-01 13:52:44 +00:00
bc99e941fc- Add CI variable, which makes timeouts in the test suite longer (gh#urllib3/urllib3#2109, bsc#1176389) and test_timeout_errors_cause_retries should not fail.Matej Cepl2020-12-17 19:34:50 +00:00
40597c3fed- gh#urllib3/urllib3#2109 is actually not reproduceable, so don't skip test_timeout_errors_cause_retries.Matej Cepl2020-12-17 18:15:47 +00:00
Ana Guerrero
Steve Kowalik
Dominique Leuenberger
Daniel Garcia
Markéta Machová
Dirk Mueller
Matej Cepl
Fabian Vogt
Robert Schweikert
Richard Brown