* Don't load system certificates by default when any other ``ca_certs``, ``ca_certs_dir`` or ``ssl_context`` parameters are specified.
* Remove Authorization header regardless of case when redirecting to cross-site. (Issue 1510)
* Add support for IPv6 addresses in subjectAltName section of certificates. (Issue 1269)
1.24.1
Not secure
===================
* Remove quadratic behavior within ``GzipDecoder.decompress()`` (Issue 1467)
* Restored functionality of ``ciphers`` parameter for ``create_urllib3_context()``. (Issue 1462)
1.24
Not secure
=================
* Allow key_server_hostname to be specified when initializing a PoolManager to allow custom SNI to be overridden. (Pull 1449)
* Test against Python 3.7 on AppVeyor. (Pull 1453)
* Early-out ipv6 checks when running on App Engine. (Pull 1450)
* Change ambiguous description of backoff_factor (Pull 1436)
* Add ability to handle multiple Content-Encodings (Issue 1441 and Pull 1442)
* Skip DNS names that can't be idna-decoded when using pyOpenSSL (Issue 1405).
* Add a server_hostname parameter to HTTPSConnection which allows for overriding the SNI hostname sent in the handshake. (Pull 1397)
* Drop support for EOL Python 2.6 (Pull 1429 and Pull 1430)
* Fixed bug where responses with header Content-Type: message/* erroneously raised HeaderParsingError, resulting in a warning being logged. (Pull 1439)
* Move urllib3 to src/urllib3 (Pull 1409)
1.23
Not secure
=================
* Allow providing a list of headers to strip from requests when redirecting to a different host. Defaults to the ``Authorization`` header. Different headers can be set via ``Retry.remove_headers_on_redirect``. (Issue 1316)
* Fix ``util.selectors._fileobj_to_fd`` to accept ``long`` (Issue 1247).
* Dropped Python 3.3 support. (Pull 1242)
* Put the connection back in the pool when calling stream() or read_chunked() on a chunked HEAD response. (Issue 1234)
* Fixed pyOpenSSL-specific ssl client authentication issue when clients attempted to auth via certificate + chain (Issue 1060)
* Add the port to the connectionpool connect print (Pull 1251)
* Don't use the ``uuid`` module to create multipart data boundaries. (Pull 1380)
* ``read_chunked()`` on a closed response returns no chunks. (Issue 1088)
* Add Python 2.6 support to ``contrib.securetransport`` (Pull 1359)
* Added support for auth info in url for SOCKS proxy (Pull 1363)
1.22
Not secure
=================
* Fixed missing brackets in ``HTTP CONNECT`` when connecting to IPv6 address via IPv6 proxy. (Issue 1222)
* Made the connection pool retry on ``SSLError``. The original ``SSLError`` is available on ``MaxRetryError.reason``. (Issue 1112)
* Drain and release connection before recursing on retry/redirect. Fixes deadlocks with a blocking connectionpool. (Issue 1167)
* Fixed compatibility for cookiejar. (Issue 1229)
* pyopenssl: Use vendored version of ``six``. (Issue 1231)
1.21.1
Not secure
===================
* Fixed SecureTransport issue that would cause long delays in response body delivery. (Pull 1154)
* Fixed regression in 1.21 that threw exceptions when users passed the ``socket_options`` flag to the ``PoolManager``. (Issue 1165)
* Fixed regression in 1.21 that threw exceptions when users passed the ``assert_hostname`` or ``assert_fingerprint`` flag to the ``PoolManager``. (Pull 1157)