This is the first release that follows our new release process. For more, see `our documentation <http://docs.python-requests.org/en/latest/community/release-process/>`_.
**Bugfixes**
- Updated urllib3 to 1.10.4, resolving several bugs involving chunked transfer encoding and response framing.
2.6.2
++++++++++++++++++
**Bugfixes**
- Fix regression where compressed data that was sent as chunked data was not properly decompressed. (2561)
2.6.1
++++++++++++++++++
**Bugfixes**
- Remove VendorAlias import machinery introduced in v2.5.2.
- Simplify the PreparedRequest.prepare API: We no longer require the user to pass an empty list to the hooks keyword argument. (c.f. 2552)
- Resolve redirects now receives and forwards all of the original arguments to the adapter. (2503)
- Handle UnicodeDecodeErrors when trying to deal with a unicode URL that cannot be encoded in ASCII. (2540)
- Populate the parsed path of the URI field when performing Digest Authentication. (2426)
- Copy a PreparedRequest's CookieJar more reliably when it is not an instance of RequestsCookieJar. (2527)
2.6.0
++++++++++++++++++
**Bugfixes**
- CVE-2015-2296: Fix handling of cookies on redirect. Previously a cookie without a host value set would use the hostname for the redirected URL exposing requests users to session fixation attacks and potentially cookie stealing. This was disclosed privately by Matthew Daley of `BugFuzz <https://bugfuzz.com>`_. This affects all versions of requests from v2.1.0 to v2.5.3 (inclusive on both ends).
- Fix error when requests is an ``install_requires`` dependency and ``python setup.py test`` is run. (2462)
- Fix error when urllib3 is unbundled and requests continues to use the vendored import location.
- Include fixes to ``urllib3``'s header handling.
- Requests' handling of unvendored dependencies is now more restrictive.
**Features and Improvements**
- Support bytearrays when passed as parameters in the ``files`` argument. (2468)
- Avoid data duplication when creating a request with ``str``, ``bytes``, or ``bytearray`` input to the ``files`` argument.
2.5.3
++++++++++++++++++
**Bugfixes**
- Revert changes to our vendored certificate bundle. For more context see (2455, 2456, and http://bugs.python.org/issue23476)
- Improve the performance of headers. (`shazow/urllib3544`_)
**Bugfixes**
- Copy pip's import machinery. When downstream redistributors remove requests.packages.urllib3 the import machinery will continue to let those same symbols work. Example usage in requests' documentation and 3rd-party libraries relying on the vendored copies of urllib3 will work without having to fallback to the system urllib3.
- Attempt to quote parts of the URL on redirect if unquoting and then quoting fails. (2356)
- Fix filename type check for multipart form-data uploads. (2411)
- Properly handle the case where a server issuing digest authentication challenges provides both auth and auth-int qop-values. (2408)