Requests

------------------

**Bugfixes**

- Unicode URL improvements for Python 2.
- Re-order JSON param for backwards compat.
- Automatically defrag authentication schemes from host/pass URIs.
([\2249](https://github.com/psf/requests/issues/2249))

------------------

**Improvements**

- FINALLY! Add json parameter for uploads!
([\2258](https://github.com/psf/requests/pull/2258))
- Support for bytestring URLs on Python 3.x
([\2238](https://github.com/psf/requests/pull/2238))

**Bugfixes**

- Avoid getting stuck in a loop
([\2244](https://github.com/psf/requests/pull/2244))
- Multiple calls to iter\* fail with unhelpful error.
([\2240](https://github.com/psf/requests/issues/2240),
[\2241](https://github.com/psf/requests/issues/2241))

**Documentation**

- Correct redirection introduction
([\2245](https://github.com/psf/requests/pull/2245/))
- Added example of how to send multiple files in one request.
([\2227](https://github.com/psf/requests/pull/2227/))
- Clarify how to pass a custom set of CAs
([\2248](https://github.com/psf/requests/pull/2248/))

------------------

- Now has a "security" package extras set,
`$ pip install requests[security]`
- Requests will now use Certifi if it is available.
- Capture and re-raise urllib3 ProtocolError
- Bugfix for responses that attempt to redirect to themselves forever
(wtf?).

------------------

**Behavioral Changes**

- `Connection: keep-alive` header is now sent automatically.

**Improvements**

- Support for connect timeouts! Timeout now accepts a tuple (connect,
read) which is used to set individual connect and read timeouts.
- Allow copying of PreparedRequests without headers/cookies.
- Updated bundled urllib3 version.
- Refactored settings loading from environment -- new
Session.merge\_environment\_settings.
- Handle socket errors in iter\_content.

------------------

**API Changes**

- New `Response` property `is_redirect`, which is true when the
library could have processed this response as a redirection (whether
or not it actually did).
- The `timeout` parameter now affects requests with both `stream=True`
and `stream=False` equally.
- The change in v2.0.0 to mandate explicit proxy schemes has been
reverted. Proxy schemes now default to `http://`.
- The `CaseInsensitiveDict` used for HTTP headers now behaves like a
normal dictionary when references as string or viewed in the
interpreter.

**Bugfixes**

- No longer expose Authorization or Proxy-Authorization headers on
redirect. Fix CVE-2014-1829 and CVE-2014-1830 respectively.
- Authorization is re-evaluated each redirect.
- On redirect, pass url as native strings.
- Fall-back to autodetected encoding for JSON when Unicode detection
fails.
- Headers set to `None` on the `Session` are now correctly not sent.
- Correctly honor `decode_unicode` even if it wasn't used earlier in
the same response.
- Stop advertising `compress` as a supported Content-Encoding.
- The `Response.history` parameter is now always a list.
- Many, many `urllib3` bugfixes.

------------------

**Bugfixes**

- Fixes incorrect parsing of proxy credentials that contain a literal
or encoded '\' character.
- Assorted urllib3 fixes.