10.18.1 2 3 explicit build-backend workaround for pip build isolation bug 4 "AttributeError: 'module' object has no attribute '__legacy__'" on pip install 5 https://github.com/httplib2/httplib2/issues/169 6 70.18.0 8 9 IMPORTANT security vulnerability CWE-93 CRLF injection 10 Force %xx quote of space, CR, LF characters in uri. 11 Special thanks to Recar https://github.com/Ciyfly for discrete notification. 12 https://cwe.mitre.org/data/definitions/93.html 13 140.17.4 15 16 Ship test suite in source dist 17 https://github.com/httplib2/httplib2/pull/168 18 190.17.3 20 21 IronPython2.7: relative import iri2uri fixes ImportError 22 https://github.com/httplib2/httplib2/pull/163 23 240.17.2 25 26 python3 + debug + IPv6 disabled: https raised 27 "IndexError: Replacement index 1 out of range for positional args tuple" 28 https://github.com/httplib2/httplib2/issues/161 29 300.17.1 31 32 python3: no_proxy was not checked with https 33 https://github.com/httplib2/httplib2/issues/160 34 350.17.0 36 37 feature: Http().redirect_codes set, works after follow(_all)_redirects check 38 This allows one line workaround for old gcloud library that uses 308 39 response without redirect semantics. 40 https://github.com/httplib2/httplib2/issues/156 41 420.16.0 43 44 IMPORTANT cache invalidation change, fix 307 keep method, add 308 Redirects 45 https://github.com/httplib2/httplib2/issues/151 46 47 proxy: username/password as str compatible with pysocks 48 https://github.com/httplib2/httplib2/issues/154 49 500.15.0 51 52 python2: regression in connect() error handling 53 https://github.com/httplib2/httplib2/pull/150 54 55 add support for password protected certificate files 56 https://github.com/httplib2/httplib2/pull/143 57 58 feature: Http.close() to clean persistent connections and sensitive data 59 https://github.com/httplib2/httplib2/pull/149 60 610.14.0 62 63 Python3: PROXY_TYPE_SOCKS5 with str user/pass raised TypeError 64 https://github.com/httplib2/httplib2/pull/145 65 660.13.1 67 68 Python3: Use no_proxy 69 https://github.com/httplib2/httplib2/pull/140 70 710.13.0 72 73 Allow setting TLS max/min versions 74 https://github.com/httplib2/httplib2/pull/138 75 760.12.3 77 78 No changes to library. Distribute py3 wheels. 79 800.12.1 81 82 Catch socket timeouts and clear dead connection 83 https://github.com/httplib2/httplib2/issues/18 84 https://github.com/httplib2/httplib2/pull/111 85 86 Officially support Python 3.7 (package metadata) 87 https://github.com/httplib2/httplib2/issues/123 88 890.12.0 90 91 Drop support for Python 3.3 92 93 ca_certs from environment HTTPLIB2_CA_CERTS or certifi 94 https://github.com/httplib2/httplib2/pull/117 95 96 PROXY_TYPE_HTTP with non-empty user/pass raised TypeError: bytes required 97 https://github.com/httplib2/httplib2/pull/115 98 99 Revert http:443->https workaround 100 https://github.com/httplib2/httplib2/issues/112 101 102 eliminate connection pool read race 103 https://github.com/httplib2/httplib2/pull/110 104 105 cache: stronger safename 106 https://github.com/httplib2/httplib2/pull/101 107 1080.11.3 109 110 No changes, just reupload of 0.11.2 after fixing automatic release conditions in Travis. 111 1120.11.2 113 114 proxy: py3 NameError basestring 115 https://github.com/httplib2/httplib2/pull/100 116 1170.11.1 118 119 Fix HTTP(S)ConnectionWithTimeout AttributeError proxy_info 120 https://github.com/httplib2/httplib2/pull/97 121 1220.11.0 123 124 Add DigiCert Global Root G2 serial 033af1e6a711a9a0bb2864b11d09fae5 125 https://github.com/httplib2/httplib2/pull/91 126 127 python3 proxy support 128 https://github.com/httplib2/httplib2/pull/90 129 130 If no_proxy environment value ends with comma then proxy is not used 131 https://github.com/httplib2/httplib2/issues/11 132 133 fix UnicodeDecodeError using socks5 proxy 134 https://github.com/httplib2/httplib2/pull/64 135 136 Respect NO_PROXY env var in proxy_info_from_url 137 https://github.com/httplib2/httplib2/pull/58 138 139 NO_PROXY=bar was matching foobar (suffix without dot delimiter) 140 New behavior matches curl/wget: 141 - no_proxy=foo.bar will only skip proxy for exact hostname match 142 - no_proxy=.wild.card will skip proxy for any.subdomains.wild.card 143 https://github.com/httplib2/httplib2/issues/94 144 145 Bugfix for Content-Encoding: deflate 146 https://stackoverflow.com/a/22311297 147 1480.10.3 149 150 Fix certificate validation on Python<=2.7.8 without ssl.CertificateError 151 https://github.com/httplib2/httplib2/issues/45 152 1530.10.2 154 155 Just a reupload of 0.10.1, which was broken for Python3 156 because wheel distribution doesn't play well with our 2/3 split code base. 157 https://github.com/httplib2/httplib2/issues/43 158 1590.10.1 160 161 This is the first release by new httplib2 team. See post by Joe 162 https://bitworking.org/news/2016/03/an_update_on_httplib2 163 164 Remove VeriSign Class 3 CA from trusted certs 165 https://googleonlinesecurity.blogspot.com/2015/12/proactive-measures-in-digital.html 166 167 Add IdenTrust DST Root CA X3 168 https://github.com/httplib2/httplib2/pull/26 169 170 Support for specifying the SSL protocol version (Python v2) 171 https://github.com/jcgregorio/httplib2/issues/329 172 173 On App Engine use urlfetch's default deadline if None is passed. 174 175 Fix TypeError on AppEngine “__init__() got an unexpected keyword argument 'ssl_version’” 176 https://github.com/httplib2/httplib2/pull/12 177 178 Send SNI data for SSL connections on Python 2.7.9+ 179 Verify the server hostname if certificate validation is enabled 180 https://github.com/httplib2/httplib2/pull/13 181 182 Add proxy_headers argument to ProxyInfo constructor 183 https://github.com/httplib2/httplib2/pull/21 184 185 Make disable_ssl_certificate_validation work with Python 3.5. 186 https://github.com/httplib2/httplib2/pull/15 187 188 Fix socket error handling 189 https://github.com/httplib2/httplib2/commit/eb7468561714a5b700d5a3d8fa1a8794de02b9ef 190 https://github.com/httplib2/httplib2/commit/e7f6e622047107e701ee70e7ec586717d97b0cbb 191 1920.9.2 193 194 Fixes in this release: 195 196 https://github.com/jcgregorio/httplib2/pull/313 197 198 Fix incorrect ResponseNotReady exceptions, retry on transient errors. 199 2000.9.1 201 202 Fixes in this release: 203 204 https://github.com/jcgregorio/httplib2/pull/296 205 206 There was a problem with headers when a binary string is passed (like 207 b'Authorization'). 208 209 https://github.com/jcgregorio/httplib2/pull/276 210 211 Default to doing DNS resolution through a proxy server if present. 212 2130.9 214 Heartbleed 215 2160.8 217 More fixes for the App Engine support. 218 219 Added a new feature that allows you to supply your own provider for the 220 CA_CERTS file. Just create a module named ca_certs_locater that has a method 221 get() that returns the file location of the CA_CERTS file. 222 223 Lots of clean up of the code formatting to make it more consistent. 224 2250.7.7 226 More fixes for App Engine, now less likely to swallow important exceptions. 227 Adding proxy_info_from_* methods to Python3. Reviewed in https://codereview.appspot.com/6588078/. 228 Added GeoTrust cert 229 Make httplib2.Http() instances pickleable. Reviewed in https://codereview.appspot.com/6506074/ 230 231 The following issues have been fixed: 232 233 229 python3 httplib2 clobbers multiple headers of same key 234 230 Expose meaningful exception for App Engine URLFetch ResponseTooLargeError 235 231 Expose App Engine URLFetch DeadlineExceededError for debugging purposes 236 2370.7.6 238 Fixes for App Engine 2.7. 239 2400.7.5 241 Keys are lowercase in a Response object, regardless of how Response object is constructed. 242 Add control so that Authorization: headers aren't forwarded on a 3xx response by default. 243 Set the reason correctly when running on App Engine. Patch from Alain Vongsouvanh. Reviewed in http://codereview.appspot.com/6422051/ 244 Fix proxy socks for SSL connections. Fixes issue #199. 245 You can now set httplib2.RETRIES to the number of retries before a request 246 is considered to fail It is set to a default of 2 to mimic the traditional 247 behavior of httplib2. 248 249 The following issues have been addressed: 250 251 223 HEAD requests fail calling the close() method of ResponseDict instance. 252 222 Can't disable cert validation in appengine 253 204 Credentials can leak in HTTP redirects 254 210 Different API between Python 2 and Python 3 version breaks wsgi_intercept 255 214 ValueError on malformated cache entries 256 204 Credentials can leak in HTTP redirects 257 258 2590.7.3 260 ProxyInfo objects now can construct themselves from environment 261 variables commonly-used in Unix environments. By default, the Http 262 class will construct a ProxyInfo instance based on these environment 263 variables. To achieve the previous behavior, where environment 264 variables are ignored, pass proxy_info=None to Http(). 265 266 The following issues have been addressed: 267 268 Issue 159: automatic detection of proxy configuration. 269 Issue 179: Allow unicode in proxy hostname. 270 Issue 194: Added support for setuptools. 271 Fixes for HTTP CONNECT proxies. 272 2730.7.1 274 Fix failure to install cacerts.txt for 2.x installs. 275 2760.7.0 277 The two major changes in this release are SSL Certificate 278 checking and App Engine support. By default the certificates 279 of an HTTPS connection are checked, but that can be disabled 280 via disable_ssl_certificate_validation. The second change 281 is that on App Engine there is a new connection object 282 that utilizes the urlfetch capabilities on App Engine, including 283 setting timeouts and validating certificates. 284 285 The following issues have been addressed: 286 287 Fixes issue 72. Always lowercase authorization header. 288 Fix issue 47. Redirects that become a GET should not have a body. 289 Fixes issue 19. Set Content-location on redirected HEAD requests 290 Fixes issue 139. Redirect with a GET on 302 regardless of the originating method. 291 Fixes issue 138. Handle unicode in headers when writing and retrieving cache entries. Who says headers have to be ASCII! 292 Add certificate validation. Work initially started by Christoph Kern. 293 Set a version number. Fixes issue # 135. 294 Sync to latest version of socks.py 295 Add gzip to the user-agent, in case we are making a request to an app engine project: http://code.google.com/appengine/kb/general.html#compression 296 Uses a custom httplib shim on App Engine to wrap urlfetch, as opposed 297 Add default support for optimistic concurrency on PATCH requests 298 Fixes issue 126. IPv6 under various conditions would fail. 299 Fixes issue 131. Handle socket.timeout's that occur during send. 300 proxy support: degrade gracefully when socket.socket is unavailable 301 302 3030.6.0 304 305 The following issues have been addressed: 306 307 #51 - Failure to handle server legitimately closing connection before request body is fully sent 308 #77 - Duplicated caching test 309 #65 - Transform _normalize_headers into a method of Http class 310 #45 - Vary header 311 #73 - All files in Mercurial are executable 312 #81 - Have a useful .hgignore 313 #78 - Add release tags to the Mercurial repository 314 #67 - HEAD requests cause next request to be retried 315 316 Mostly bug fixes, the big enhancement is the addition of proper Vary: header 317 handling. Thanks to Chris Dent for that change. 318 319 The other big change is the build process for distributions so that both python2 and python3 320 are included in the same .tar.gz/.zip file. 321 3220.5.0 323 324 Added Python 3 support 325 326 Fixed the following bugs: 327 328 #12 - Cache-Control: only-if-cached incorrectly does request if item not in cache 329 #39 - Deprecation warnings in Python 2.6 330 #54 - Http.request fails accessing Google account via http proxy 331 #56 - Block on response.read() for HEAD requests. 332 #57 - Timeout ignore for Python 2.6 333 #58 - Fixed parsing of Cache-Control: header to make it more robust 334 335 Also fixed a deprecation warning that appeared between Python 3.0 and 3.1. 336 3370.4.0 338 339 Added support for proxies if the Socksipy module is installed. 340 341 Fixed bug with some HEAD responses having content-length set to 342 zero incorrectly. 343 344 Fixed most except's to catch a specific exception. 345 346 Added 'connection_type' parameter to Http.request(). 347 348 The default for 'force_exception_to_status_code' was changed to False. Defaulting 349 to True was causing quite a bit of confusion. 350 351 3520.3.0 353 Calling Http.request() with a relative URI, as opposed to an absolute URI, 354 will now throw a specific exception. 355 356 Http() now has an additional optional parameter for the socket timeout. 357 358 Exceptions can now be forced into responses. That is, instead of 359 throwing an exception, a good httlib2.Response object is returned 360 that describe the error with an appropriate status code. 361 362 Many improvements to the file cache: 363 364 1. The names in the cache are now much less 365 opaque, which should help with debugging. 366 367 2. The disk cache is now Apache mod_asis compatible. 368 369 3. A Content-Location: header is supplied and stored in the 370 cache which points to the original requested URI. 371 372 User supplied If-* headers now override httplib2 supplied 373 versions. 374 375 IRIs are now fully supported. Note that they MUST be passed in 376 as unicode objects. 377 378 Http.add_credentials() now takes an optional domain to restrict 379 the credentials to being only used on that domain. 380 381 Added Http.add_certificate() which allows setting 382 a key and cert for SSL connections. 383 384 Many other bugs fixed. 385 386 3870.2.0 388 Added support for Google Auth. 389 390 Added experimental support for HMACDigest. 391 392 Added support for a pluggable caching system. Now supports 393 the old system of using the file system and now memcached. 394 395 Added httplib2.debuglevel which turns on debugging. 396 397 Change Response._previous to Response.previous. 398 399 Added Http.follow_all_redirects which forces 400 httplib2 to follow all redirects, as opposed to 401 following only the safe redirects. This makes the 402 GData protocol easier to use. 403 404 All known bugs fixed to date. 405 4060.1.1 407 408 Fixed several bugs raised by James Antill: 409 1. HEAD didn't get an Accept: header added like GET. 410 2. HEAD requests did not use the cache. 411 3. GET requests with Range: headers would erroneously return a full cached response. 412 4. Subsequent requests to resources that had timed out would raise an exception. 413 And one feature request for 'method' to default to GET. 414 415 Xavier Verges Farrero supplied what I needed to make the 416 library work with Python 2.3. 417 418 I added distutils based setup.py. 419 4200.1 Rev 86 421 422 Initial Release 423 424