Releases: urllib3/urllib3
Releases · urllib3/urllib3
1.26.16
2.0.2
2.0.1
2.0.0
Read the v2.0 migration guide for help upgrading to the latest version of urllib3.
Removed
- Removed support for Python 2.7, 3.5, and 3.6 (#883, #2336).
- Removed fallback on certificate
commonName
inmatch_hostname()
function. This behavior was deprecated in May 2000 in RFC 2818. Instead onlysubjectAltName
is used to verify the hostname by default. To enable verifying the hostname againstcommonName
useSSLContext.hostname_checks_common_name = True
(#2113). - Removed support for Python with an
ssl
module compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 (#2168). - Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support. When an incompatible OpenSSL version is detected an
ImportError
is raised (#2168). - Removed the list of default ciphers for OpenSSL 1.1.1+ and SecureTransport as their own defaults are already secure (#2082).
- Removed
urllib3.contrib.appengine.AppEngineManager
and support for Google App Engine Standard Environment (#2044). - Removed deprecated
Retry
optionsmethod_whitelist
,DEFAULT_REDIRECT_HEADERS_BLACKLIST
(#2086). - Removed
urllib3.HTTPResponse.from_httplib
(#2648). - Removed default value of
None
for therequest_context
parameter ofurllib3.PoolManager.connection_from_pool_key
. This change should have no effect on users as the default value ofNone
was an invalid option and was never used (#1897). - Removed the
urllib3.request
module.urllib3.request.RequestMethods
has been made a private API. This change was made to ensure thatfrom urllib3 import request
imported the top-levelrequest()
function instead of theurllib3.request
module (#2269). - Removed support for SSLv3.0 from the
urllib3.contrib.pyopenssl
even when support is available from the compiled OpenSSL library (#2233). - Removed the deprecated
urllib3.contrib.ntlmpool
module (#2339). - Removed
DEFAULT_CIPHERS
,HAS_SNI
,USE_DEFAULT_SSLCONTEXT_CIPHERS
, from the private moduleurllib3.util.ssl_
(#2168). - Removed
urllib3.exceptions.SNIMissingWarning
(#2168). - Removed the
_prepare_conn
method fromHTTPConnectionPool
. Previously this was only used to callHTTPSConnection.set_cert()
byHTTPSConnectionPool
(#1985). - Removed
tls_in_tls_required
property fromHTTPSConnection
. This is now determined from thescheme
parameter inHTTPConnection.set_tunnel()
(#1985).
Deprecated
- Deprecated
HTTPResponse.getheaders()
andHTTPResponse.getheader()
which will be removed in urllib3 v2.1.0. Instead useHTTPResponse.headers
andHTTPResponse.headers.get(name, default)
. (#1543, #2814). - Deprecated
urllib3.contrib.pyopenssl
module which will be removed in urllib3 v2.1.0 (#2691). - Deprecated
urllib3.contrib.securetransport
module which will be removed in urllib3 v2.1.0 (#2692). - Deprecated
ssl_version
option in favor ofssl_minimum_version
.ssl_version
will be removed in urllib3 v2.1.0 (#2110). - Deprecated the
strict
parameter as it's not longer needed in Python 3.x. It will be removed in urllib3 v2.1.0 (#2267) - Deprecated the
NewConnectionError.pool
attribute which will be removed in urllib3 v2.1.0 (#2271). - Deprecated
format_header_param_html5
andformat_header_param
in favor offormat_multipart_header_param
(#2257). - Deprecated
RequestField.header_formatter
parameter which will be removed in urllib3 v2.1.0 (#2257). - Deprecated
HTTPSConnection.set_cert()
method. Instead pass parameters to theHTTPSConnection
constructor (#1985). - Deprecated
HTTPConnection.request_chunked()
method which will be removed in urllib3 v2.1.0. Instead passchunked=True
toHTTPConnection.request()
(#1985).
Added
- Added top-level
urllib3.request
function which uses a preconfigured module-globalPoolManager
instance (#2150). - Added the
json
parameter tourllib3.request()
,PoolManager.request()
, andConnectionPool.request()
methods to send JSON bodies in requests. Using this parameter will set the headerContent-Type: application/json
ifContent-Type
isn't already defined. Added support for parsing JSON response bodies withHTTPResponse.json()
method (#2243). - Added type hints to the
urllib3
module (#1897). - Added
ssl_minimum_version
andssl_maximum_version
options which setSSLContext.minimum_version
andSSLContext.maximum_version
(#2110). - Added support for Zstandard (RFC 8878) when
zstandard
1.18.0 or later is installed. Added thezstd
extra which installs thezstandard
package (#1992). - Added
urllib3.response.BaseHTTPResponse
class. All future response classes will be subclasses ofBaseHTTPResponse
(#2083). - Added
FullPoolError
which is raised whenPoolManager(block=True)
and a connection is returned to a full pool (#2197). - Added
HTTPHeaderDict
to the top-levelurllib3
namespace (#2216). - Added support for configuring header merging behavior with HTTPHeaderDict When using a
HTTPHeaderDict
to provide headers for a request, by default duplicate header values will be repeated. But ifcombine=True
is passed into a call toHTTPHeaderDict.add
, then the added header value will be merged in with an existing value into a comma-separated list (X-My-Header: foo, bar
) (#2242). - Added
NameResolutionError
exception when a DNS error occurs (#2305). - Added
proxy_assert_hostname
andproxy_assert_fingerprint
kwargs toProxyManager
(#2409). - Added a configurable
backoff_max
parameter to theRetry
class. If a custombackoff_max
is provided to theRetry
class, it will replace theRetry.DEFAULT_BACKOFF_MAX
(#2494). - Added the
authority
property to the Url class as per RFC 3986 3.2. This property should be used in place ofnetloc
for users who want to include the userinfo (auth) component of the URI (#2520). - Added the
scheme
parameter toHTTPConnection.set_tunnel
to configure the scheme of the origin being tunnelled to (#1985). - Added the
is_closed
,is_connected
andhas_connected_to_proxy
properties toHTTPConnection
(#1985). - Added optional
backoff_jitter
parameter toRetry
. (#2952)
Changed
- Changed
urllib3.response.HTTPResponse.read
to respect the semantics ofio.BufferedIOBase
regardless of compression. Specifically, this method:- Only returns an empty bytes object to indicate EOF (that is, the response has been fully consumed).
- Never returns more bytes than requested.
- Can issue any number of system calls: zero, one or multiple.
If you want eachurllib3.response.HTTPResponse.read
call to issue a single system call, you need to disable decompression by settingdecode_content=False
(#2128).
- Changed
urllib3.HTTPConnection.getresponse
to return an instance ofurllib3.HTTPResponse
instead ofhttp.client.HTTPResponse
(#2648). - Changed
ssl_version
to instead set the correspondingSSLContext.minimum_version
andSSLContext.maximum_version
values. Regardless ofssl_version
passedSSLContext
objects are now constructed usingssl.PROTOCOL_TLS_CLIENT
(#2110). - Changed default
SSLContext.minimum_version
to beTLSVersion.TLSv1_2
in line with Python 3.10 (#2373). - Changed
ProxyError
to wrap any connection error (timeout, TLS, DNS) that occurs when connecting to the proxy ([#2482](#2482...
2.0.0a4
- Removed the
setup.py
shim,python setup.py install
will print[Errno 2] No such file or directory
instead of a warning to use pip (#2975) - Added optional
backoff_jitter
parameter toRetry
(#2952) - Fixed URL encoding by removing '!' from the 'unreserved' character set specified in RFC 3986 (#2899)
- Fixed a sign error in a check for whether a character is in the ASCII range (#2901)
- Fixed
urllib3.contrib.pyopenssl.WrappedSocket
andurllib3.contrib.securetransport.WrappedSocket
close methods (#2970)
1.26.15
2.0.0a3
Read the v2.0 migration guide for help upgrading to the latest version of urllib3.
1.26.14
2.0.0a2
Read the v2.0 migration guide for help upgrading to the latest version of urllib3.
- Changed
HTTPResponse.read()
to raise an error when calling withdecode_content=False
after usingdecode_content=True
to prevent data loss (#2800). - Changed
HTTPResponse.getheaders()
and.getheader()
to previous behavior in 1.26.x. Instead we are deprecating these methods in favor ofHTTPResponse.headers.items()
andHTTPResponse.headers.get()
. Both deprecated methods will be removed in v2.1.0 (#2814) - Fixed an issue where parsing a URL with leading zeroes in the port would be rejected even when the port number after removing the zeroes was valid. (#2806)
- Fixed deprecation warning when using cryptography v39.0.0. This fix requires using pyOpenSSL>=17.1.0 and cryptography>=1.9. (#2829)
1.26.13
- Deprecated the
HTTPResponse.getheaders()
andHTTPResponse.getheader()
methods. - Fixed an issue where parsing a URL with leading zeroes in the port would be rejected even when the port number after removing the zeroes was valid.
- Fixed a deprecation warning when using cryptography v39.0.0.
- Removed the
<4
in theRequires-Python
packaging metadata field.