v2025.11.12

Compare Source

v8.3.1

Compare Source

Released 2025-11-15

• Don't discard pager arguments by correctly usingsubprocess.Popen. :issue:3039
  :pr:3055
• ReplaceSentinel.UNSET default values byNone as they're passed through
  theContext.invoke() method. :issue:3066 :issue:3065 :pr:3068
• Fix conversion ofSentinel.UNSET happening too early, which caused incorrect
  behavior for multiple parameters using the same name. :issue:3071 :pr:3079
• HideSentinel.UNSET values asNone when looking up for other parameters
  through the context inside parameter callbacks. :issue:3136 :pr:3137
• Fix rendering whenprompt andconfirm parameterprompt_suffix is
  empty. :issue:3019 :pr:3021
• WhenSentinel.UNSET is found during parsing, it will skip calls to
  type_cast_value. :issue:3069 :pr:3090

v6.10.1

Compare Source

What's Changed

• When logging exceptions, enable colorized traceback by@​garyvdm in#​138

Full Changelog:borntyping/python-colorlog@v6.9.0...v6.10.1

v2.28.1

Compare Source

Bug Fixes

• Remove dependency on packaging and pkg_resources (#​852) (ca59a86)

v2.28.0

Compare Source

Features

• Provide and use Python version support check (#​832) (d36e896)

v2.27.0

Compare Source

Features

• Support for async bidi streaming apis (#​836) (9530548)

v2.26.0

Compare Source

Features

• Add trove classifier for Python 3.14 (#​842) (43690de)

v2.45.0

Compare Source

Features

• Adding Agent Identity bound token support and handling certificate mismatches with retries (#​1890) (b32c934e6b0d09b94c467cd432a0a635e8b05f5c)

v2.44.0

Compare Source

Features

• support Python 3.14 (#​1822) (0f7097e78f247665b6ef0287d482033f7be2ed6d)
• add ecdsa p-384 support (#​1872) (39c381a5f6881b590025f36d333d12eff8dc60fc)
• MDS connections use mTLS (#​1856) (0387bb95713653d47e846cad3a010eb55ef2db4c)
• Implement token revocation in STS client and add revoke() metho… (#​1849) (d5638986ca03ee95bfffa9ad821124ed7e903e63)
• Add shlex to correctly parse executable commands with spaces (#​1855) (cf6fc3cced78bc1362a7fe596c32ebc9ce03c26b)

Bug Fixes

• Use public refresh method for source credentials in ImpersonatedCredentials (#​1884) (e0c3296f471747258f6d98d2d9bfde636358ecde)
• Add temporary patch to workload cert logic to accomodate Cloud Run mis-configuration (#​1880) (78de7907b8bdb7b5510e3c6fa8a3f3721e2436d7)
• Delegate workload cert and key default lookup to helper function (#​1877) (b0993c7edaba505d0fb0628af28760c43034c959)

v2.43.0

Compare Source

Features

• Add public wrapper for _mtls_helper.check_use_client_cert which enables mTLS if GOOGLE_API_USE_CLIENT_CERTIFICATE is not set, when the MWID/X.509 cert sources detected (#​1859) Add public wrapper for check_use_client_cert which enables mTLS if
  GOOGLE_API_USE_CLIENT_CERTIFICATE is not set, when the MWID/X.509 cert
  sources detected. Also, fix check_use_client_cert to return boolean
  value.
  Change#​1848 added the check_use_client_cert method that helps know if
  client cert should be used for mTLS connection. However, that was in a
  private class, thus, created a public wrapper of the same function so
  that it can be used by python Client Libraries. Also, updated
  check_use_client_cert to return a boolean value instead of existing
  string value for better readability and future scope.
  --------- (1535eccbff0ad8f3fd6a9775316ac8b77dca66ba)
• Enable mTLS if GOOGLE_API_USE_CLIENT_CERTIFICATE is not set, if the MWID/X.509 cert sources detected (#​1848) The Python SDK will use a hybrid approach for mTLS enablement:

• If the GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is set
  (either true or false), the SDK will respect that setting. This is
  necessary for test scenarios and users who need to explicitly control
  mTLS behavior.
• If the GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is not
  set, the SDK will automatically enable mTLS only if it detects Managed
  Workload Identity (MWID) or X.509 Workforce Identity Federation (WIF)
  certificate sources. In other cases where the variable is not set, mTLS
  will remain disabled.
  ** This change also adds the helper methodcheck_use_client_cert and
  it's unit test, which will be used for checking the criteria for setting
  the mTLS to true
  ** This change is only for Auth-Library, other changes will be created
  for Client-Library use-cases.
  --------- (395e405b64b56ddb82ee639958c2e8056ad2e82b)

• onboardgoogle-auth to librarian (#​1838) This PR onboardsgoogle-auth library to the Librarian system.
  Wait for
  #​1819. (c503eaa511357d7a76cc1e1f1d3a3be2dabd5bca)

v2.42.1

Compare Source

Bug Fixes

• Catch ValueError for json.loads() (#​1842) (b074cad)

v2.42.0

Compare Source

Features

• Add trust boundary support for external accounts. (#​1809) (36ecb1d)

Bug Fixes

• Read scopes from ADC json for impersoanted cred (#​1820) (62c0fc8)

v2.5.0

Compare Source

Features

• Add Python 3.14 support (#​333) (c26e587)

Bug Fixes

• Remove setup.cfg configuration for creating universal wheels (#​332) (78ce8a6)
• Resolve issue where pre-release versions of dependencies are installed (#​329) (ab9785d)

v3.7.0

Compare Source

Features

• Auto enable mTLS when supported certificates are detected (#​1637) (4e91c54)
• Send entire object checksum in the final api call of resumable upload (#​1654) (ddce7e5)
• Support urllib3 >= 2.6.0 (#​1658) (57405e9)

Bug Fixes

• Fix formove_blob failure when the new blob name contains characters that need to be url encoded (#​1605) (ec470a2)

v3.6.0

Compare Source

Features

• Add support for partial list buckets (#​1606) (92fc2b0)
• Make return_partial_success and unreachable fields public for list Bucket (#​1601) (323cddd)
• zb-experimental: Add async write object stream (5ab8103)
• zb-experimental: Add async write object stream (#​1612) (5ab8103)

Bug Fixes

• Dont pass credentials to StorageClient (#​1608) (195d644)

v3.5.0

Compare Source

Features

• experimental: Add base resumption strategy for bidi streams (#​1594) (5fb85ea)
• experimental: Add checksum for bidi reads operation (#​1566) (93ce515)
• experimental: Add read resumption strategy (#​1599) (5d5e895)
• experimental: Handle BidiReadObjectRedirectedError for bidi reads (#​1600) (71b0f8a)
• Indicate that md5 is used as a CRC (#​1522) (961536c)
• Provide option to update user_agent (#​1596) (02f1451)

Bug Fixes

• Deprecate credentials_file argument (74415a2)
• Flaky system tests for resumable_media (#​1592) (7fee3dd)
• Makedownload_ranges compatible withasyncio.create_task(..) (#​1591) (faf8b83)
• Makedownload_ranges compatible withasyncio.create_task(..) (#​1591) (faf8b83)
• Redact sensitive data from OTEL traces and fix env var parsing (#​1553) (a38ca19)
• Redact sensitive data from OTEL traces and fix env var parsing (#​1553) (a38ca19)
• Use separate header object for each upload in Transfer Manager MPU (#​1595) (0d867bd)

v1.8.0

Compare Source

Features

• Add support for Python 3.14 (d3118d9)
• Support Python 3.14 (#​315) (49d0a36)

Bug Fixes

• Update toml file with setup.cfg content (#​319) (42e5268)

v2.8.0

Compare Source

Features

• Add support for Python 3.13 and 3.14 (#​485) (9937233ded26924179d717b69df7c76c93f8c133)

Bug Fixes

• remove setup.cfg configuration for creating universal wheels (#​484) (75dbecf8d140483da27dffc970e2e87338e71432)
• resolve issue where pre-release versions of dependencies are installed (#​481) (23dafcf3f216a090a0d0c6941048c7da13cbe496)

v1.72.0: googleapis-common-protos 1.72.0

Compare Source

Features

• add common_resources.proto (#​14851) (e4e0e2a9)

• add field api_version to message ServiceForTransport (#​14843) (81812fde)

v1.71.0: googleapis-common-protos 1.71.0

Compare Source

Features

• add support for Python 3.14 (#​14699) (8b69540b)

v3.11

Compare Source

v1.27.0

Compare Source

Features

• Add classifier for Python 3.14 (#​544) (d9f41512648c4551fc3e926649864c5dfe3964b2)

v2.6.2

Compare Source

==================

• FixedHTTPResponse.read_chunked() to properly handle leftover data in
  the decoder's buffer when reading compressed chunked responses.
  (#&#8203;3734 <https://github.com/urllib3/urllib3/issues/3734>__)

v2.6.1

Compare Source

==================

• Restore previously removedHTTPResponse.getheaders() and
  HTTPResponse.getheader() methods.
  (#&#8203;3731 <https://github.com/urllib3/urllib3/issues/3731>__)

v2.6.0

Compare Source

==================

Security

• Fixed a security issue where streaming API could improperly handle highly
  compressed HTTP content ("decompression bombs") leading to excessive resource
  consumption even when a small amount of data was requested. Reading small
  chunks of compressed data is safer and much more efficient now.
  (GHSA-2xpw-w6gg-jr37 <https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37>__)
• Fixed a security issue where an attacker could compose an HTTP response with
  virtually unlimited links in theContent-Encoding header, potentially
  leading to a denial of service (DoS) attack by exhausting system resources
  during decoding. The number of allowed chained encodings is now limited to 5.
  (GHSA-gm62-xv2j-4w53 <https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53>__)

.. caution::

• If urllib3 is not installed with the optionalurllib3[brotli] extra, but
  your environment contains a Brotli/brotlicffi/brotlipy package anyway, make
  sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to
  benefit from the security fixes and avoid warnings. Prefer using
  urllib3[brotli] to install a compatible Brotli package automatically.

• If you use custom decompressors, please make sure to update them to
  respect the changed API ofurllib3.response.ContentDecoder.

Features

• Enabled retrieval, deletion, and membership testing inHTTPHeaderDict using bytes keys. (#&#8203;3653 <https://github.com/urllib3/urllib3/issues/3653>__)
• Added host and port information to string representations ofHTTPConnection. (#&#8203;3666 <https://github.com/urllib3/urllib3/issues/3666>__)
• Added support for Python 3.14 free-threading builds explicitly. (#&#8203;3696 <https://github.com/urllib3/urllib3/issues/3696>__)

Removals

• Removed theHTTPResponse.getheaders() method in favor ofHTTPResponse.headers.
  Removed theHTTPResponse.getheader(name, default) method in favor ofHTTPResponse.headers.get(name, default). (#&#8203;3622 <https://github.com/urllib3/urllib3/issues/3622>__)

Bugfixes

• Fixed redirect handling inurllib3.PoolManager when an integer is passed
  for the retries parameter. (#&#8203;3649 <https://github.com/urllib3/urllib3/issues/3649>__)
• FixedHTTPConnectionPool when used in Emscripten with no explicit port. (#&#8203;3664 <https://github.com/urllib3/urllib3/issues/3664>__)
• Fixed handling ofSSLKEYLOGFILE with expandable variables. (#&#8203;3700 <https://github.com/urllib3/urllib3/issues/3700>__)

Misc

• Changed thezstd extra to installbackports.zstd instead ofzstandard on Python 3.13 and before. (#&#8203;3693 <https://github.com/urllib3/urllib3/issues/3693>__)
• Improved the performance of content decoding by optimizingBytesQueueBuffer class. (#&#8203;3710 <https://github.com/urllib3/urllib3/issues/3710>__)
• Allowed building the urllib3 package with newer setuptools-scm v9.x. (#&#8203;3652 <https://github.com/urllib3/urllib3/issues/3652>__)
• Ensured successful urllib3 builds by setting Hatchling requirement to >= 1.27.0. (#&#8203;3638 <https://github.com/urllib3/urllib3/issues/3638>__)