Version 2.17.901

2.17.901 (2026-03-11)

• Relax strict assertion on response object. Ease the support of vcrpy mocking utility. (#320)
  This alone does not solve the compatibility issue with vcrpy. See #320

Version 2.17.900

2.17.900 (2026-03-03)

• Added GRO/GSO support for Linux users in order to leverage UDP coalescing when available.
  This should increase QUIC/UDP performances in high throughput networking environment (very-fast NIC).
  Expect no more than 10 to 20% improvement usually.
• Changed timings in our AsyncPoliceTraffic scheduler implementation in order to not penalize fast servers.
• Fixed passing non-str/non-bytes as an header value. It was previously allowed by accident from urllib3. (#318)

Version 2.16.900

2.16.900 (2026-02-22)

• Rewritten most of our weak AsyncPoliceTraffic implementation toward the direction we took with the sync counterpart.
  This is a impactful patch, hence the version bump. Most people should expect a performance bump when using HTTP/2+
  in real world usage. While it's still imperfect we are confident this version will outperform our previous scheduler.
• Fixed eager import of web extensions from contrib when it's never used (part of jawah/niquests#333).
• Fixed a thread safety issue when using many event loops within the same interpreter each using a thread when TLS is used. (#313)
• Fixed rare FD collision error in the connect/allocation phase within the async context causing a RuntimeError instead of ConnectionError.
• Fixed coroutine 'AsyncFile.tell' was never awaited (part of jawah/niquests#334).

Version 2.15.903

2.15.903 (2026-02-08)

• Improved AsyncTrafficPolice for better multiplexing distribution.
  We recently issued a fix in 2.15.902 regarding (#309) and accidentally induced a massive slowdown in highly concurrent scenarii.
  after seeing such impact we decided to yank 2.15.902 in favor of spending more time investigating and improving. This release
  include every change from the yanked release.

Version 2.15.902

2.15.902 (2026-02-03) (yanked)

• Fixed multiplexing mixing issue under specific concurrency condition. (#309)
• Backported "GHSA-38jv-5279-wg99" security patch for "decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed" from upstream.
• Backported "Started treating Retry-After times greater than 6 hours as 6 hours by default" from upstream (urllib3#3743).

Version 2.15.901

2.15.901 (2025-12-22)

• Extended pre-check for socket liveness probe capabilities and resiliency across OSes.
• Added explicit support for Python freethreaded.

Version 2.15.900

2.15.900 (2025-12-16)

• Improved pre-check for socket liveness probe before connection reuse from pool.
• Backported "HTTPHeaderDict bytes key handling" from upstream urllib3#3653
• Backported "Expand environment variable of SSLKEYLOGFILE" from upstream urllib3#3705
• Backported "Fix redirect handling when an integer is passed to a pool manager" from upstream urllib3#3655
• Backported "Improved the performance of content decoding by optimizing BytesQueueBuffer class." from upstream urllib3#3711
• Backported "GHSA-gm62-xv2j-4w53" security patch for "attacker could compose an HTTP response with virtually unlimited links in the Content-Encoding header" from upstream urllib3@24d7b67

Version 2.14.908

2.14.908 (2025-11-27)

• Fixed the close procedure for webextensions when using HTTP/2 transport.
• Fixed shutdown procedure when under uvloop.
• Fixed rare stream read exception when protocol is closed in flight.
• Fixed DNS-over-HTTPS reliability (non async, under load).

Version 2.14.907

2.14.907 (2025-11-14)

• Fixed usage of asyncio.SelectEventLoop on Windows when the default proactor event loop is left aside.
• Improved the synchronous background discrete watcher to avoid the usage of syscall sleep in favor of pthread like signal.
• Ensured the pool to never allow creating surplus connection capacity that gets instantaneously disposed of after usage.
• Improved reliability of async DNS-over-HTTPS.

Version 2.14.906

2.14.906 (2025-11-06)

• Fixed performance scaling issue on the free threaded build when using one or several multiplexed connection.
• Fixed in-memory client certificate (mTLS) loading on the free threaded build.
• Fixed unintended MustRedialError exception in DNS-over-HTTPS for rare edge cases.