Urllib3

Latest version: v2.3.0

Safety actively analyzes 710445 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 11 of 17

1.17

Not secure
=================

* Accept ``SSLContext`` objects for use in SSL/TLS negotiation. (Issue 835)

* ConnectionPool debug log now includes scheme, host, and port. (Issue 897)

* Substantially refactored documentation. (Issue 887)

* Used URLFetch default timeout on AppEngine, rather than hardcoding our own.
(Issue 858)

* Normalize the scheme and host in the URL parser (Issue 833)

* ``HTTPResponse`` contains the last ``Retry`` object, which now also
contains retries history. (Issue 848)

* Timeout can no longer be set as boolean, and must be greater than zero.
(Pull 924)

* Removed pyasn1 and ndg-httpsclient from dependencies used for PyOpenSSL. We
now use cryptography and idna, both of which are already dependencies of
PyOpenSSL. (Pull 930)

* Fixed infinite loop in ``stream`` when amt=None. (Issue 928)

* Try to use the operating system's certificates when we are using an
``SSLContext``. (Pull 941)

* Updated cipher suite list to allow ChaCha20+Poly1305. AES-GCM is preferred to
ChaCha20, but ChaCha20 is then preferred to everything else. (Pull 947)

* Updated cipher suite list to remove 3DES-based cipher suites. (Pull 958)

* Removed the cipher suite fallback to allow HIGH ciphers. (Pull 958)

* Implemented ``length_remaining`` to determine remaining content
to be read. (Pull 949)

* Implemented ``enforce_content_length`` to enable exceptions when
incomplete data chunks are received. (Pull 949)

* Dropped connection start, dropped connection reset, redirect, forced retry,
and new HTTPS connection log levels to DEBUG, from INFO. (Pull 967)

1.16

Not secure
=================

* Disable IPv6 DNS when IPv6 connections are not possible. (Issue 840)

* Provide ``key_fn_by_scheme`` pool keying mechanism that can be
overridden. (Issue 830)

* Normalize scheme and host to lowercase for pool keys, and include
``source_address``. (Issue 830)

* Cleaner exception chain in Python 3 for ``_make_request``.
(Issue 861)

* Fixed installing ``urllib3[socks]`` extra. (Issue 864)

* Fixed signature of ``ConnectionPool.close`` so it can actually safely be
called by subclasses. (Issue 873)

* Retain ``release_conn`` state across retries. (Issues 651, 866)

* Add customizable ``HTTPConnectionPool.ResponseCls``, which defaults to
``HTTPResponse`` but can be replaced with a subclass. (Issue 879)

1.15.1

Not secure
===================

* Fix packaging to include backports module. (Issue 841)

1.15

Not secure
=================

* Added Retry(raise_on_status=False). (Issue 720)

* Always use setuptools, no more distutils fallback. (Issue 785)

* Dropped support for Python 3.2. (Issue 786)

* Chunked transfer encoding when requesting with ``chunked=True``.
(Issue 790)

* Fixed regression with IPv6 port parsing. (Issue 801)

* Append SNIMissingWarning messages to allow users to specify it in
the PYTHONWARNINGS environment variable. (Issue 816)

* Handle unicode headers in Py2. (Issue 818)

* Log certificate when there is a hostname mismatch. (Issue 820)

* Preserve order of request/response headers. (Issue 821)

1.14

Not secure
=================

* contrib: SOCKS proxy support! (Issue 762)

* Fixed AppEngine handling of transfer-encoding header and bug
in Timeout defaults checking. (Issue 763)

1.13.1

Not secure
===================

* Fixed regression in IPv6 + SSL for match_hostname. (Issue 761)

Page 11 of 17

© 2025 Safety CLI Cybersecurity Inc. All Rights Reserved.