Version 2.9.900

2.9.900 (2024-09-24)

• Fixed a rare issue where HTTPS record is misinterpreted, thus leading to a missed preemptive HTTP/3 negotiation.
• Restored support for older-and-deprecated PySocks if installed and python-socks is absent for synchronous support of SOCKS proxies.
• Added support for HTTP Trailers across HTTP/1, HTTP/2 and HTTP/3 responses. We added the property trailers in HTTPResponse to reflect that.
• Fixed unclosed resource warning for socket created in asynchronous mode.
• Added support for Upgrading to HTTP/2 (If coming from HTTP/1) via Alt-Svc. Whether it's h2c (http/2 over cleartext) or h2.
• Largely improve download speed on the QUIC layer by increasing automatically the blocksize to the largest value allowed on UDP (value taken from sysconf).
• Fixed the test suite outcome if no support for HTTP/3 exist in current environment.

Version 2.8.907

2.8.907 (2024-08-20)

• Fixed http2 maximum frame size error when the remote explicitly set a lower value than the default blocksize.
  This can happen when facing an Apache (httpd) server see apache/httpd@ff6b802
  Now we monitor the max_frame setting value to ensure we don't exceed it.

Version 2.8.906

2.8.906 (2024-08-15)

• Removed opinionated OpenSSL version constraint that forbid any version lower than 1.1.1.
  The reasoning behind this is that some companies expressed (to us) the need to upgrade urllib3 to urllib3-future
  in (very) old Python 3.7 built against patched OpenSSL 1.0.2 or 1.0.8 and collaborative testing showed us
  that this constraint is overly protective. Those build often lack TLS 1.3 support and may contain
  major vulnerabilities, but we have to be optimistic on their awareness.
  TLS 1.3 / QUIC is also an option for them as it works out of the box on those old distributions.
  Effective immediately, we added a dedicated pipeline in our CI to verify that urllib3-future works
  with the oldest Python 3.7 build we found out there.
  Blindly removing support for those libraries when supporting Python 3.7 ... 3.9 is as we "partially"
  support this range and end-users have no to little clues for why it's rejected when it clearly works.
  The only issue that can appear is for users that have Python built against a SSL library that does not
  support either TLS 1.2 or 1.3, they will encounter errors for sure.
• Changed to submodule http2 to subpackage http2. Purely upstream sync. Still no use for us.
• Changed minimum (C)Python interpreter version for qh3 automatic pickup to 3.7.11 as it bundle pip 21.2.4 and
  is the minimum version to pick an appropriate (abi3) pre-built wheel. You may still install qh3 manually
  by first upgrading your pip installation by running python -m pip install -U pip.
• Fixed an issue where a server is yielding an invalid/malformed Alt-Svc header and urllib3-future may crash upon it.
• Fixed an issue where sending a str body using a bytes value for Content-Type would induce a crash.
  This was due to our unicode transparency policy. See #142

Version 2.8.905

2.8.905 (2024-08-04)

• Fixed wrong upgrade attempt to QUIC when using a SOCKS proxy. Any usage of a proxy disable HTTP/3 over QUIC as per documented.
  until proper support is implemented in a next minor version.
• Backported upstream urllib3 urllib3#3434: util/ssl: make code resilient to missing hash functions.
  In certain environments such as in a FIPS enabled system, certain algorithms such as md5 may be unavailable. Due
  to the importing of such a module on a system where it is unavailable, urllib3(-future) will crash and is unusable.
  urllib3#3434
• Backported upstream urllib3 GHSA-34jh-p97f-mpxf: Strip Proxy-Authorization header on redirects.
  Added the Proxy-Authorization header to the list of headers to strip from requests when redirecting to a different host.
  As before, different headers can be set via Retry.remove_headers_on_redirect.
• Fixed state-machine desync on a rare scenario when uploading a body using HTTP/3 over QUIC.

Version 2.8.904

2.8.904 (2024-07-18)

• Relaxed h11 constraint around "pending proposal" and coming server event about upgrade.
  This is made to ensure near perfect compatibility against the legacy urllib3 which is based on http.client.
• Fixed h11 integration yielding bytearray instead of bytes in rare circumstances.
• Added docker-py in our CI/integration pipeline.

Version 2.8.903

2.8.903 (2024-07-17)

• Added IS_PYOPENSSL constant that is exposed by upstream in urllib3.util.ssl_ submodule.
• Fixed missing exception (ImportError) when importing urllib3.contrib.pyopenssl when PyOpenSSL isn't present in environment.
• Lowered and simplified testing requirements for HTTP/2, and HTTP/3.
• Added boto3, sphinx, and requests to our downstream test cases (nox).

Version 2.8.902

2.8.902 (2024-07-07)

• Added support for async iterable yielding either bytes or str when passing a body into your requests.
• Added dummy module (e.g. http2 and emscriptem) like upstream without serving any of them. Those modules won't be served and are empty as we diverged since.
• Added a better error message for http3 handshake failure to help out users figuring out what is happening.
• Added official support for Python 3.13

Version 2.8.901

2.8.901 (2024-06-27)

• Improved compatibility with httplib exception for IncompleteRead that did not behave exactly like expected (repr/str format over it).
• The metric TLS handshake delay was wrongfully set when using HTTP/2 over cleartext.
• Fixed compatibility with some third-party mocking library that are injecting io.BytesIO in HTTPResponse.
  In some cases, IncompleteRead might not be raised like expected.

Version 2.8.900

2.8.900 (2024-06-24)

• Support for HTTP/2 with prior knowledge over non-encrypted connection to leverage multiplexing in internal networks.
  To leverage this feature, you have to disable HTTP/1.1 so that urllib3-future can infer your intent.
  Disabling HTTP/1.1 is to be made as follow: PoolManager(disabled_svn={HttpVersion.h11}).
• Added raw data bytes counter in LowLevelResponse to help end-users track download speed accordingly if they use
  brotli, gzip or zstd transfer-encoding during downloads.

Version 2.7.914

2.7.914 (2024-06-15)

• Further improved compatibility with some third party programs that accessed hazardous materials within http.client standard library.
• Add "ARM64" architecture for qh3 automatic installation on Windows.