New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PoolManager is not thread-safe #1252
Comments
Yes, this is a known issue. An abortive attempt to resolve it was made in #1237 but was eventually abandoned when the scope of the change came into the open. As I noted in #1232, the window of this concurrency problem is very small and in reality I think it can be fairly easily managed from outside urllib3, so it's not high up my priority list. However, if anyone else wanted to tackle this we'd happily accept patches to resolve it. |
@Lukasa I think that the risk is a little higher than previously thought. Since HTTPConnectionPool.urlopen can end up recursing, the same pool can be used after network IO, potentially multiple times. This is a much larger window than from urlopen being invoked to the first _get_conn call as it involves actual network IO. |
The recursion is moderately risky, but in practice I'm still not convinced that the risk is that high. In the absence of data suggesting otherwise it's still unlikely to become a high priority for me. |
Only after I had done most of the initial work to potentially fix this issue did I realize that PoolManager forces redirect=False on the urlopen call to HTTPConnectionPool. This reduces the risk to the time period between the pool being acquired in PoolManager and the _get_conn call in HTTPConnectionPool (very small) and the case where a Retry-After header is returned. If the Retry-After logic was also moved to PoolManager the risk would be nearly none. That said, I have a fairly trivial test which shows the ClosedPoolError happening and I am preparing a PR which should fix all of the potential race conditions. The implementation is a little clunky as I was working to change the underlying logic and code as little as possible in the first iteration to keep the current behavior and functionality intact. |
I think there are other race conditions when I do multithread calls with Python requests I get a ClosedPoolError and had to patch to return a new connection |
This statement, without evidence, dismisses the probability of a proven reproduction as being below some magical, made-up threshold but asks for more evidence to suggest that it is above. Let me ask, what good is a connection pool if I can't be sure it can be shared by multiple threads? |
@hannes-ucsc you're asking a former maintainer to explain their time-management and prioritization explanation from 4 years ago in a confrontational way. I'm doing my best to assume you did so with the intent of provoking a productive conversation. Also, as I understand it, the discussion about recursion that you're responding to was rendered moot by the follow-up comment from OP. In other words, not only are you bringing the conversation down (as far as I'm concerned) but you're responding to a comment that OP agreed was correct (there is no recursion problem here). As a result, I'll pose a separate question to you: In the experiences of some of the maintainers, urllib3 appears thread-safe and appears to do the right things as necessary. I would posit a more productive tact would be to pick up the stale PRs, revive and rebase them and get them merged. Maintainers oft don't have time to treat every bug report that arises equally. If we investigated every report with equal vigor, we wouldn't have time for everything else. |
That is incorrect. There is only one question in my post and it does not relate to time-management or prioritization.
I don't follow. Maybe our definitions of the term confrontation differs.
I disagree. As far as I interpret the OP, the risk is reduced but not eliminated.
What is the question? Anyways, when thread-safety and correctness are expressed in terms of appearance and experience, as opposed to evidence, I start to worry.
I'm not asking anyone to investigate every bug report with equal vigor. I pointed out that the standards by which they are evaluated appear to be arbitrary. To confirm, are you proposing that I invest time into an issue that was closed by a maintainer, as, how I interpret it, not worth pursuing? I know thread safety is hard, believe me, but when credible reports about issues with thread safety are dismissed in this way, the issue is not so much with the correctness of the software itself, but with epistemological approach. |
@hannes-ucsc You quoted this comment:
This comment communicates:
You then say that it
Which isn't in fact what it says. Using the phrase "magical, made-up threshold" is a bad-faith interpretation of what was said that appears to be intended to evoke a response which is - perhaps not confrontational - but definitely unproductive as it would absolutely default any reasonable person to being on the defensive thus provoking a confrontation.
Correct and that's what the post you quoted was discussing - the risk.
I've forgotten 😆
When no evidence is given to the contrary beyond experiences, I start to question how much of my limited time and effort I must really put in to reproduce something without a reproducible test case.
I'm proposing that you attempt to take a tact that is not that of provocateur but instead "I've experienced this and been able to reproduce in such a way. I tested the proposed solution in PR #1257 and it fixes the issue for me. How can we re-open this issue and that PR and get solve this?" Your interpretation, in my opinion, is once again assuming bad faith on the part of a different maintainer from the one you quote. The issue was closed due to a lack of activity for years because it has no reproducible test case.
This is the first sign of good faith you've shown in your comments followed immediately by a bad faith assumption of the "dismissal" which isn't what happened. In fact, the former maintainer you quote says "Yes, we've had reports of this" and acknowledges the likelihood of a problem. What you interpret as a dismissal of the problem is in fact a ranking of priority given the understood impact it has on users. Your interpretations reveal that your assumptions here are automatically negative towards any statement from any maintainer - past or present. Your predisposition has biased you against looking for a productive outcome because you've assumed there isn't one. I've pointed you in the direction of what productive might look like and you've now turned the discussion from one of fixing a thread safety bug to assailing the maintainers for making decisions about what they choose to work on. I won't try to hide behind a veil of superiority in saying that - Your presence thus far has not demonstrated a desire to fix this bug or see it fixed but instead to provoke responses from (in less charitable terms - troll) maintainers and derail the conversation into other avenues. Further, in trying to confront people over years old discussion, you're wasting the time of someone who tried to turn this towards a positive outcome for everyone |
Let me assure you, your comments so far are based on a wild misreading of my intentions. To save us both time, I won't try to rectify them. I am still confused by your suggestion that I somehow "fix this bug" even though the closing of this issue indicates that there is no bug. Maybe this project has an unorthodox policy for closing |
Sorry, let me rephrase my question: Does THIS issue represent a valid issue with thread-safety in urllib3 or does it not? |
I had the same question and did an investigation by looking at the code.
I basically repeat what @reversefold already said (thanks), just in different words. Even more simplified: As already correctly analysed by @reversefold (really - you did all the work) the issue is the premature eviction/close of a connection pool by PoolManager. I experimented (successfully) with the following patch. https://gist.github.com/stephan-hof/c87aefa776779e2bc1dccec649d0d663 The idea is to use a weak reference to handle the close of the connections in the pool. I'm fully aware that this diff is not ready for commit and needs polishing, but it illustrates the main idea. |
Does it means that this subclass is a thread safe alternative? ( in my tests it seems to work but I am sure I didn't cover many scenarios ) class TSPoolManager(urllib3.PoolManager):
def _new_pool(self, scheme, host, port, request_context=None):
result = super()._new_pool(scheme, host, port, request_context)
class PoolProxy:
def __getattr__(self, item):
return getattr(result, item)
def close(self):
...
def __del__(self):
result.close()
return PoolProxy() |
@bennylut I would say yes, since you delay the close and let the garbage collector trigger it. |
@stephan-hof Thanks for suggesting a method to solve this issue, could you open a PR with your patch to |
2.0.0 (2023-04-26) ================== Read the `v2.0 migration guide <https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html>`__ for help upgrading to the latest version of urllib3. Removed ------- * Removed support for Python 2.7, 3.5, and 3.6 (`#883 <https://github.com/urllib3/urllib3/issues/883>`__, `#2336 <https://github.com/urllib3/urllib3/issues/2336>`__). * Removed fallback on certificate ``commonName`` in ``match_hostname()`` function. This behavior was deprecated in May 2000 in RFC 2818. Instead only ``subjectAltName`` is used to verify the hostname by default. To enable verifying the hostname against ``commonName`` use ``SSLContext.hostname_checks_common_name = True`` (`#2113 <https://github.com/urllib3/urllib3/issues/2113>`__). * Removed support for Python with an ``ssl`` module compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 (`#2168 <https://github.com/urllib3/urllib3/issues/2168>`__). * Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support. When an incompatible OpenSSL version is detected an ``ImportError`` is raised (`#2168 <https://github.com/urllib3/urllib3/issues/2168>`__). * Removed the list of default ciphers for OpenSSL 1.1.1+ and SecureTransport as their own defaults are already secure (`#2082 <https://github.com/urllib3/urllib3/issues/2082>`__). * Removed ``urllib3.contrib.appengine.AppEngineManager`` and support for Google App Engine Standard Environment (`#2044 <https://github.com/urllib3/urllib3/issues/2044>`__). * Removed deprecated ``Retry`` options ``method_whitelist``, ``DEFAULT_REDIRECT_HEADERS_BLACKLIST`` (`#2086 <https://github.com/urllib3/urllib3/issues/2086>`__). * Removed ``urllib3.HTTPResponse.from_httplib`` (`#2648 <https://github.com/urllib3/urllib3/issues/2648>`__). * Removed default value of ``None`` for the ``request_context`` parameter of ``urllib3.PoolManager.connection_from_pool_key``. This change should have no effect on users as the default value of ``None`` was an invalid option and was never used (`#1897 <https://github.com/urllib3/urllib3/issues/1897>`__). * Removed the ``urllib3.request`` module. ``urllib3.request.RequestMethods`` has been made a private API. This change was made to ensure that ``from urllib3 import request`` imported the top-level ``request()`` function instead of the ``urllib3.request`` module (`#2269 <https://github.com/urllib3/urllib3/issues/2269>`__). * Removed support for SSLv3.0 from the ``urllib3.contrib.pyopenssl`` even when support is available from the compiled OpenSSL library (`#2233 <https://github.com/urllib3/urllib3/issues/2233>`__). * Removed the deprecated ``urllib3.contrib.ntlmpool`` module (`#2339 <https://github.com/urllib3/urllib3/issues/2339>`__). * Removed ``DEFAULT_CIPHERS``, ``HAS_SNI``, ``USE_DEFAULT_SSLCONTEXT_CIPHERS``, from the private module ``urllib3.util.ssl_`` (`#2168 <https://github.com/urllib3/urllib3/issues/2168>`__). * Removed ``urllib3.exceptions.SNIMissingWarning`` (`#2168 <https://github.com/urllib3/urllib3/issues/2168>`__). * Removed the ``_prepare_conn`` method from ``HTTPConnectionPool``. Previously this was only used to call ``HTTPSConnection.set_cert()`` by ``HTTPSConnectionPool`` (`#1985 <https://github.com/urllib3/urllib3/issues/1985>`__). * Removed ``tls_in_tls_required`` property from ``HTTPSConnection``. This is now determined from the ``scheme`` parameter in ``HTTPConnection.set_tunnel()`` (`#1985 <https://github.com/urllib3/urllib3/issues/1985>`__). Deprecated ---------- * Deprecated ``HTTPResponse.getheaders()`` and ``HTTPResponse.getheader()`` which will be removed in urllib3 v2.1.0. Instead use ``HTTPResponse.headers`` and ``HTTPResponse.headers.get(name, default)``. (`#1543 <https://github.com/urllib3/urllib3/issues/1543>`__, `#2814 <https://github.com/urllib3/urllib3/issues/2814>`__). * Deprecated ``urllib3.contrib.pyopenssl`` module which will be removed in urllib3 v2.1.0 (`#2691 <https://github.com/urllib3/urllib3/issues/2691>`__). * Deprecated ``urllib3.contrib.securetransport`` module which will be removed in urllib3 v2.1.0 (`#2692 <https://github.com/urllib3/urllib3/issues/2692>`__). * Deprecated ``ssl_version`` option in favor of ``ssl_minimum_version``. ``ssl_version`` will be removed in urllib3 v2.1.0 (`#2110 <https://github.com/urllib3/urllib3/issues/2110>`__). * Deprecated the ``strict`` parameter as it's not longer needed in Python 3.x. It will be removed in urllib3 v2.1.0 (`#2267 <https://github.com/urllib3/urllib3/issues/2267>`__) * Deprecated the ``NewConnectionError.pool`` attribute which will be removed in urllib3 v2.1.0 (`#2271 <https://github.com/urllib3/urllib3/issues/2271>`__). * Deprecated ``format_header_param_html5`` and ``format_header_param`` in favor of ``format_multipart_header_param`` (`#2257 <https://github.com/urllib3/urllib3/issues/2257>`__). * Deprecated ``RequestField.header_formatter`` parameter which will be removed in urllib3 v2.1.0 (`#2257 <https://github.com/urllib3/urllib3/issues/2257>`__). * Deprecated ``HTTPSConnection.set_cert()`` method. Instead pass parameters to the ``HTTPSConnection`` constructor (`#1985 <https://github.com/urllib3/urllib3/issues/1985>`__). * Deprecated ``HTTPConnection.request_chunked()`` method which will be removed in urllib3 v2.1.0. Instead pass ``chunked=True`` to ``HTTPConnection.request()`` (`#1985 <https://github.com/urllib3/urllib3/issues/1985>`__). Added ----- * Added top-level ``urllib3.request`` function which uses a preconfigured module-global ``PoolManager`` instance (`#2150 <https://github.com/urllib3/urllib3/issues/2150>`__). * Added the ``json`` parameter to ``urllib3.request()``, ``PoolManager.request()``, and ``ConnectionPool.request()`` methods to send JSON bodies in requests. Using this parameter will set the header ``Content-Type: application/json`` if ``Content-Type`` isn't already defined. Added support for parsing JSON response bodies with ``HTTPResponse.json()`` method (`#2243 <https://github.com/urllib3/urllib3/issues/2243>`__). * Added type hints to the ``urllib3`` module (`#1897 <https://github.com/urllib3/urllib3/issues/1897>`__). * Added ``ssl_minimum_version`` and ``ssl_maximum_version`` options which set ``SSLContext.minimum_version`` and ``SSLContext.maximum_version`` (`#2110 <https://github.com/urllib3/urllib3/issues/2110>`__). * Added support for Zstandard (RFC 8878) when ``zstandard`` 1.18.0 or later is installed. Added the ``zstd`` extra which installs the ``zstandard`` package (`#1992 <https://github.com/urllib3/urllib3/issues/1992>`__). * Added ``urllib3.response.BaseHTTPResponse`` class. All future response classes will be subclasses of ``BaseHTTPResponse`` (`#2083 <https://github.com/urllib3/urllib3/issues/2083>`__). * Added ``FullPoolError`` which is raised when ``PoolManager(block=True)`` and a connection is returned to a full pool (`#2197 <https://github.com/urllib3/urllib3/issues/2197>`__). * Added ``HTTPHeaderDict`` to the top-level ``urllib3`` namespace (`#2216 <https://github.com/urllib3/urllib3/issues/2216>`__). * Added support for configuring header merging behavior with HTTPHeaderDict When using a ``HTTPHeaderDict`` to provide headers for a request, by default duplicate header values will be repeated. But if ``combine=True`` is passed into a call to ``HTTPHeaderDict.add``, then the added header value will be merged in with an existing value into a comma-separated list (``X-My-Header: foo, bar``) (`#2242 <https://github.com/urllib3/urllib3/issues/2242>`__). * Added ``NameResolutionError`` exception when a DNS error occurs (`#2305 <https://github.com/urllib3/urllib3/issues/2305>`__). * Added ``proxy_assert_hostname`` and ``proxy_assert_fingerprint`` kwargs to ``ProxyManager`` (`#2409 <https://github.com/urllib3/urllib3/issues/2409>`__). * Added a configurable ``backoff_max`` parameter to the ``Retry`` class. If a custom ``backoff_max`` is provided to the ``Retry`` class, it will replace the ``Retry.DEFAULT_BACKOFF_MAX`` (`#2494 <https://github.com/urllib3/urllib3/issues/2494>`__). * Added the ``authority`` property to the Url class as per RFC 3986 3.2. This property should be used in place of ``netloc`` for users who want to include the userinfo (auth) component of the URI (`#2520 <https://github.com/urllib3/urllib3/issues/2520>`__). * Added the ``scheme`` parameter to ``HTTPConnection.set_tunnel`` to configure the scheme of the origin being tunnelled to (`#1985 <https://github.com/urllib3/urllib3/issues/1985>`__). * Added the ``is_closed``, ``is_connected`` and ``has_connected_to_proxy`` properties to ``HTTPConnection`` (`#1985 <https://github.com/urllib3/urllib3/issues/1985>`__). * Added optional ``backoff_jitter`` parameter to ``Retry``. (`#2952 <https://github.com/urllib3/urllib3/issues/2952>`__) Changed ------- * Changed ``urllib3.response.HTTPResponse.read`` to respect the semantics of ``io.BufferedIOBase`` regardless of compression. Specifically, this method: * Only returns an empty bytes object to indicate EOF (that is, the response has been fully consumed). * Never returns more bytes than requested. * Can issue any number of system calls: zero, one or multiple. If you want each ``urllib3.response.HTTPResponse.read`` call to issue a single system call, you need to disable decompression by setting ``decode_content=False`` (`#2128 <https://github.com/urllib3/urllib3/issues/2128>`__). * Changed ``urllib3.HTTPConnection.getresponse`` to return an instance of ``urllib3.HTTPResponse`` instead of ``http.client.HTTPResponse`` (`#2648 <https://github.com/urllib3/urllib3/issues/2648>`__). * Changed ``ssl_version`` to instead set the corresponding ``SSLContext.minimum_version`` and ``SSLContext.maximum_version`` values. Regardless of ``ssl_version`` passed ``SSLContext`` objects are now constructed using ``ssl.PROTOCOL_TLS_CLIENT`` (`#2110 <https://github.com/urllib3/urllib3/issues/2110>`__). * Changed default ``SSLContext.minimum_version`` to be ``TLSVersion.TLSv1_2`` in line with Python 3.10 (`#2373 <https://github.com/urllib3/urllib3/issues/2373>`__). * Changed ``ProxyError`` to wrap any connection error (timeout, TLS, DNS) that occurs when connecting to the proxy (`#2482 <https://github.com/urllib3/urllib3/pull/2482>`__). * Changed ``urllib3.util.create_urllib3_context`` to not override the system cipher suites with a default value. The new default will be cipher suites configured by the operating system (`#2168 <https://github.com/urllib3/urllib3/issues/2168>`__). * Changed ``multipart/form-data`` header parameter formatting matches the WHATWG HTML Standard as of 2021-06-10. Control characters in filenames are no longer percent encoded (`#2257 <https://github.com/urllib3/urllib3/issues/2257>`__). * Changed the error raised when connecting via HTTPS when the ``ssl`` module isn't available from ``SSLError`` to ``ImportError`` (`#2589 <https://github.com/urllib3/urllib3/issues/2589>`__). * Changed ``HTTPConnection.request()`` to always use lowercase chunk boundaries when sending requests with ``Transfer-Encoding: chunked`` (`#2515 <https://github.com/urllib3/urllib3/issues/2515>`__). * Changed ``enforce_content_length`` default to True, preventing silent data loss when reading streamed responses (`#2514 <https://github.com/urllib3/urllib3/issues/2514>`__). * Changed internal implementation of ``HTTPHeaderDict`` to use ``dict`` instead of ``collections.OrderedDict`` for better performance (`#2080 <https://github.com/urllib3/urllib3/issues/2080>`__). * Changed the ``urllib3.contrib.pyopenssl`` module to wrap ``OpenSSL.SSL.Error`` with ``ssl.SSLError`` in ``PyOpenSSLContext.load_cert_chain`` (`#2628 <https://github.com/urllib3/urllib3/issues/2628>`__). * Changed usage of the deprecated ``socket.error`` to ``OSError`` (`#2120 <https://github.com/urllib3/urllib3/issues/2120>`__). * Changed all parameters in the ``HTTPConnection`` and ``HTTPSConnection`` constructors to be keyword-only except ``host`` and ``port`` (`#1985 <https://github.com/urllib3/urllib3/issues/1985>`__). * Changed ``HTTPConnection.getresponse()`` to set the socket timeout from ``HTTPConnection.timeout`` value before reading data from the socket. This previously was done manually by the ``HTTPConnectionPool`` calling ``HTTPConnection.sock.settimeout(...)`` (`#1985 <https://github.com/urllib3/urllib3/issues/1985>`__). * Changed the ``_proxy_host`` property to ``_tunnel_host`` in ``HTTPConnectionPool`` to more closely match how the property is used (value in ``HTTPConnection.set_tunnel()``) (`#1985 <https://github.com/urllib3/urllib3/issues/1985>`__). * Changed name of ``Retry.BACK0FF_MAX`` to be ``Retry.DEFAULT_BACKOFF_MAX``. * Changed TLS handshakes to use ``SSLContext.check_hostname`` when possible (`#2452 <https://github.com/urllib3/urllib3/pull/2452>`__). * Changed ``server_hostname`` to behave like other parameters only used by ``HTTPSConnectionPool`` (`#2537 <https://github.com/urllib3/urllib3/pull/2537>`__). * Changed the default ``blocksize`` to 16KB to match OpenSSL's default read amounts (`#2348 <https://github.com/urllib3/urllib3/pull/2348>`__). * Changed ``HTTPResponse.read()`` to raise an error when calling with ``decode_content=False`` after using ``decode_content=True`` to prevent data loss (`#2800 <https://github.com/urllib3/urllib3/issues/2800>`__). Fixed ----- * Fixed thread-safety issue where accessing a ``PoolManager`` with many distinct origins would cause connection pools to be closed while requests are in progress (`#1252 <https://github.com/urllib3/urllib3/issues/1252>`__). * Fixed an issue where an ``HTTPConnection`` instance would erroneously reuse the socket read timeout value from reading the previous response instead of a newly configured connect timeout. Instead now if ``HTTPConnection.timeout`` is updated before sending the next request the new timeout value will be used (`#2645 <https://github.com/urllib3/urllib3/issues/2645>`__). * Fixed ``socket.error.errno`` when raised from pyOpenSSL's ``OpenSSL.SSL.SysCallError`` (`#2118 <https://github.com/urllib3/urllib3/issues/2118>`__). * Fixed the default value of ``HTTPSConnection.socket_options`` to match ``HTTPConnection`` (`#2213 <https://github.com/urllib3/urllib3/issues/2213>`__). * Fixed a bug where ``headers`` would be modified by the ``remove_headers_on_redirect`` feature (`#2272 <https://github.com/urllib3/urllib3/issues/2272>`__). * Fixed a reference cycle bug in ``urllib3.util.connection.create_connection()`` (`#2277 <https://github.com/urllib3/urllib3/issues/2277>`__). * Fixed a socket leak if ``HTTPConnection.connect()`` fails (`#2571 <https://github.com/urllib3/urllib3/pull/2571>`__). * Fixed ``urllib3.contrib.pyopenssl.WrappedSocket`` and ``urllib3.contrib.securetransport.WrappedSocket`` close methods (`#2970 <https://github.com/urllib3/urllib3/issues/2970>`__)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [urllib3](https://togithub.com/urllib3/urllib3) ([changelog](https://togithub.com/urllib3/urllib3/blob/main/CHANGES.rst)) | `==1.26.16` -> `==2.0.4` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/urllib3/2.0.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/urllib3/2.0.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/urllib3/1.26.16/2.0.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/urllib3/1.26.16/2.0.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- ### ⚠ Dependency Lookup Warnings ⚠ Warnings were logged while processing this repo. Please check the logs for more information. --- ### Release Notes <details> <summary>urllib3/urllib3 (urllib3)</summary> ### [`v2.0.4`](https://togithub.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#204-2023-07-19) [Compare Source](https://togithub.com/urllib3/urllib3/compare/2.0.3...2.0.4) \================== - Added support for union operators to `HTTPHeaderDict` (`#​2254 <https://github.com/urllib3/urllib3/issues/2254>`\__) - Added `BaseHTTPResponse` to `urllib3.__all__` (`#​3078 <https://github.com/urllib3/urllib3/issues/3078>`\__) - Fixed `urllib3.connection.HTTPConnection` to raise the `http.client.connect` audit event to have the same behavior as the standard library HTTP client (`#​2757 <https://github.com/urllib3/urllib3/issues/2757>`\__) - Relied on the standard library for checking hostnames in supported PyPy releases (`#​3087 <https://github.com/urllib3/urllib3/issues/3087>`\__) ### [`v2.0.3`](https://togithub.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#203-2023-06-07) [Compare Source](https://togithub.com/urllib3/urllib3/compare/2.0.2...2.0.3) \================== - Allowed alternative SSL libraries such as LibreSSL, while still issuing a warning as we cannot help users facing issues with implementations other than OpenSSL. (`#​3020 <https://github.com/urllib3/urllib3/issues/3020>`\__) - Deprecated URLs which don't have an explicit scheme (`#​2950 <https://github.com/urllib3/urllib3/pull/2950>`\_) - Fixed response decoding with Zstandard when compressed data is made of several frames. (`#​3008 <https://github.com/urllib3/urllib3/issues/3008>`\__) - Fixed `assert_hostname=False` to correctly skip hostname check. (`#​3051 <https://github.com/urllib3/urllib3/issues/3051>`\__) ### [`v2.0.2`](https://togithub.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#202-2023-05-03) [Compare Source](https://togithub.com/urllib3/urllib3/compare/2.0.1...2.0.2) \================== - Fixed `HTTPResponse.stream()` to continue yielding bytes if buffered decompressed data was still available to be read even if the underlying socket is closed. This prevents a compressed response from being truncated. (`#​3009 <https://github.com/urllib3/urllib3/issues/3009>`\__) ### [`v2.0.1`](https://togithub.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#201-2023-04-30) [Compare Source](https://togithub.com/urllib3/urllib3/compare/2.0.0...2.0.1) \================== - Fixed a socket leak when fingerprint or hostname verifications fail. (`#​2991 <https://github.com/urllib3/urllib3/issues/2991>`\__) - Fixed an error when `HTTPResponse.read(0)` was the first `read` call or when the internal response body buffer was otherwise empty. (`#​2998 <https://github.com/urllib3/urllib3/issues/2998>`\__) ### [`v2.0.0`](https://togithub.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#200-2023-04-26) [Compare Source](https://togithub.com/urllib3/urllib3/compare/1.26.16...2.0.0) \================== Read the `v2.0 migration guide <https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html>`\__ for help upgrading to the latest version of urllib3. ## Removed - Removed support for Python 2.7, 3.5, and 3.6 (`#​883 <https://github.com/urllib3/urllib3/issues/883>`**, `#​2336 <https://github.com/urllib3/urllib3/issues/2336>`**). - Removed fallback on certificate `commonName` in `match_hostname()` function. This behavior was deprecated in May 2000 in RFC 2818. Instead only `subjectAltName` is used to verify the hostname by default. To enable verifying the hostname against `commonName` use `SSLContext.hostname_checks_common_name = True` (`#​2113 <https://github.com/urllib3/urllib3/issues/2113>`\__). - Removed support for Python with an `ssl` module compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 (`#​2168 <https://github.com/urllib3/urllib3/issues/2168>`\__). - Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support. When an incompatible OpenSSL version is detected an `ImportError` is raised (`#​2168 <https://github.com/urllib3/urllib3/issues/2168>`\__). - Removed the list of default ciphers for OpenSSL 1.1.1+ and SecureTransport as their own defaults are already secure (`#​2082 <https://github.com/urllib3/urllib3/issues/2082>`\__). - Removed `urllib3.contrib.appengine.AppEngineManager` and support for Google App Engine Standard Environment (`#​2044 <https://github.com/urllib3/urllib3/issues/2044>`\__). - Removed deprecated `Retry` options `method_whitelist`, `DEFAULT_REDIRECT_HEADERS_BLACKLIST` (`#​2086 <https://github.com/urllib3/urllib3/issues/2086>`\__). - Removed `urllib3.HTTPResponse.from_httplib` (`#​2648 <https://github.com/urllib3/urllib3/issues/2648>`\__). - Removed default value of `None` for the `request_context` parameter of `urllib3.PoolManager.connection_from_pool_key`. This change should have no effect on users as the default value of `None` was an invalid option and was never used (`#​1897 <https://github.com/urllib3/urllib3/issues/1897>`\__). - Removed the `urllib3.request` module. `urllib3.request.RequestMethods` has been made a private API. This change was made to ensure that `from urllib3 import request` imported the top-level `request()` function instead of the `urllib3.request` module (`#​2269 <https://github.com/urllib3/urllib3/issues/2269>`\__). - Removed support for SSLv3.0 from the `urllib3.contrib.pyopenssl` even when support is available from the compiled OpenSSL library (`#​2233 <https://github.com/urllib3/urllib3/issues/2233>`\__). - Removed the deprecated `urllib3.contrib.ntlmpool` module (`#​2339 <https://github.com/urllib3/urllib3/issues/2339>`\__). - Removed `DEFAULT_CIPHERS`, `HAS_SNI`, `USE_DEFAULT_SSLCONTEXT_CIPHERS`, from the private module `urllib3.util.ssl_` (`#​2168 <https://github.com/urllib3/urllib3/issues/2168>`\__). - Removed `urllib3.exceptions.SNIMissingWarning` (`#​2168 <https://github.com/urllib3/urllib3/issues/2168>`\__). - Removed the `_prepare_conn` method from `HTTPConnectionPool`. Previously this was only used to call `HTTPSConnection.set_cert()` by `HTTPSConnectionPool` (`#​1985 <https://github.com/urllib3/urllib3/issues/1985>`\__). - Removed `tls_in_tls_required` property from `HTTPSConnection`. This is now determined from the `scheme` parameter in `HTTPConnection.set_tunnel()` (`#​1985 <https://github.com/urllib3/urllib3/issues/1985>`\__). - Removed the `strict` parameter/attribute from `HTTPConnection`, `HTTPSConnection`, `HTTPConnectionPool`, `HTTPSConnectionPool`, and `HTTPResponse` (`#​2064 <https://github.com/urllib3/urllib3/issues/2064>`\__). ## Deprecated - Deprecated `HTTPResponse.getheaders()` and `HTTPResponse.getheader()` which will be removed in urllib3 v2.1.0. Instead use `HTTPResponse.headers` and `HTTPResponse.headers.get(name, default)`. (`#​1543 <https://github.com/urllib3/urllib3/issues/1543>`**, `#​2814 <https://github.com/urllib3/urllib3/issues/2814>`**). - Deprecated `urllib3.contrib.pyopenssl` module which will be removed in urllib3 v2.1.0 (`#​2691 <https://github.com/urllib3/urllib3/issues/2691>`\__). - Deprecated `urllib3.contrib.securetransport` module which will be removed in urllib3 v2.1.0 (`#​2692 <https://github.com/urllib3/urllib3/issues/2692>`\__). - Deprecated `ssl_version` option in favor of `ssl_minimum_version`. `ssl_version` will be removed in urllib3 v2.1.0 (`#​2110 <https://github.com/urllib3/urllib3/issues/2110>`\__). - Deprecated the `strict` parameter of `PoolManager.connection_from_context()` as it's not longer needed in Python 3.x. It will be removed in urllib3 v2.1.0 (`#​2267 <https://github.com/urllib3/urllib3/issues/2267>`\__) - Deprecated the `NewConnectionError.pool` attribute which will be removed in urllib3 v2.1.0 (`#​2271 <https://github.com/urllib3/urllib3/issues/2271>`\__). - Deprecated `format_header_param_html5` and `format_header_param` in favor of `format_multipart_header_param` (`#​2257 <https://github.com/urllib3/urllib3/issues/2257>`\__). - Deprecated `RequestField.header_formatter` parameter which will be removed in urllib3 v2.1.0 (`#​2257 <https://github.com/urllib3/urllib3/issues/2257>`\__). - Deprecated `HTTPSConnection.set_cert()` method. Instead pass parameters to the `HTTPSConnection` constructor (`#​1985 <https://github.com/urllib3/urllib3/issues/1985>`\__). - Deprecated `HTTPConnection.request_chunked()` method which will be removed in urllib3 v2.1.0. Instead pass `chunked=True` to `HTTPConnection.request()` (`#​1985 <https://github.com/urllib3/urllib3/issues/1985>`\__). ## Added - Added top-level `urllib3.request` function which uses a preconfigured module-global `PoolManager` instance (`#​2150 <https://github.com/urllib3/urllib3/issues/2150>`\__). - Added the `json` parameter to `urllib3.request()`, `PoolManager.request()`, and `ConnectionPool.request()` methods to send JSON bodies in requests. Using this parameter will set the header `Content-Type: application/json` if `Content-Type` isn't already defined. Added support for parsing JSON response bodies with `HTTPResponse.json()` method (`#​2243 <https://github.com/urllib3/urllib3/issues/2243>`\__). - Added type hints to the `urllib3` module (`#​1897 <https://github.com/urllib3/urllib3/issues/1897>`\__). - Added `ssl_minimum_version` and `ssl_maximum_version` options which set `SSLContext.minimum_version` and `SSLContext.maximum_version` (`#​2110 <https://github.com/urllib3/urllib3/issues/2110>`\__). - Added support for Zstandard (RFC 8878) when `zstandard` 1.18.0 or later is installed. Added the `zstd` extra which installs the `zstandard` package (`#​1992 <https://github.com/urllib3/urllib3/issues/1992>`\__). - Added `urllib3.response.BaseHTTPResponse` class. All future response classes will be subclasses of `BaseHTTPResponse` (`#​2083 <https://github.com/urllib3/urllib3/issues/2083>`\__). - Added `FullPoolError` which is raised when `PoolManager(block=True)` and a connection is returned to a full pool (`#​2197 <https://github.com/urllib3/urllib3/issues/2197>`\__). - Added `HTTPHeaderDict` to the top-level `urllib3` namespace (`#​2216 <https://github.com/urllib3/urllib3/issues/2216>`\__). - Added support for configuring header merging behavior with HTTPHeaderDict When using a `HTTPHeaderDict` to provide headers for a request, by default duplicate header values will be repeated. But if `combine=True` is passed into a call to `HTTPHeaderDict.add`, then the added header value will be merged in with an existing value into a comma-separated list (`X-My-Header: foo, bar`) (`#​2242 <https://github.com/urllib3/urllib3/issues/2242>`\__). - Added `NameResolutionError` exception when a DNS error occurs (`#​2305 <https://github.com/urllib3/urllib3/issues/2305>`\__). - Added `proxy_assert_hostname` and `proxy_assert_fingerprint` kwargs to `ProxyManager` (`#​2409 <https://github.com/urllib3/urllib3/issues/2409>`\__). - Added a configurable `backoff_max` parameter to the `Retry` class. If a custom `backoff_max` is provided to the `Retry` class, it will replace the `Retry.DEFAULT_BACKOFF_MAX` (`#​2494 <https://github.com/urllib3/urllib3/issues/2494>`\__). - Added the `authority` property to the Url class as per RFC 3986 3.2. This property should be used in place of `netloc` for users who want to include the userinfo (auth) component of the URI (`#​2520 <https://github.com/urllib3/urllib3/issues/2520>`\__). - Added the `scheme` parameter to `HTTPConnection.set_tunnel` to configure the scheme of the origin being tunnelled to (`#​1985 <https://github.com/urllib3/urllib3/issues/1985>`\__). - Added the `is_closed`, `is_connected` and `has_connected_to_proxy` properties to `HTTPConnection` (`#​1985 <https://github.com/urllib3/urllib3/issues/1985>`\__). - Added optional `backoff_jitter` parameter to `Retry`. (`#​2952 <https://github.com/urllib3/urllib3/issues/2952>`\__) ## Changed - Changed `urllib3.response.HTTPResponse.read` to respect the semantics of `io.BufferedIOBase` regardless of compression. Specifically, this method: - Only returns an empty bytes object to indicate EOF (that is, the response has been fully consumed). - Never returns more bytes than requested. - Can issue any number of system calls: zero, one or multiple. If you want each `urllib3.response.HTTPResponse.read` call to issue a single system call, you need to disable decompression by setting `decode_content=False` (`#​2128 <https://github.com/urllib3/urllib3/issues/2128>`\__). - Changed `urllib3.HTTPConnection.getresponse` to return an instance of `urllib3.HTTPResponse` instead of `http.client.HTTPResponse` (`#​2648 <https://github.com/urllib3/urllib3/issues/2648>`\__). - Changed `ssl_version` to instead set the corresponding `SSLContext.minimum_version` and `SSLContext.maximum_version` values. Regardless of `ssl_version` passed `SSLContext` objects are now constructed using `ssl.PROTOCOL_TLS_CLIENT` (`#​2110 <https://github.com/urllib3/urllib3/issues/2110>`\__). - Changed default `SSLContext.minimum_version` to be `TLSVersion.TLSv1_2` in line with Python 3.10 (`#​2373 <https://github.com/urllib3/urllib3/issues/2373>`\__). - Changed `ProxyError` to wrap any connection error (timeout, TLS, DNS) that occurs when connecting to the proxy (`#​2482 <https://github.com/urllib3/urllib3/pull/2482>`\__). - Changed `urllib3.util.create_urllib3_context` to not override the system cipher suites with a default value. The new default will be cipher suites configured by the operating system (`#​2168 <https://github.com/urllib3/urllib3/issues/2168>`\__). - Changed `multipart/form-data` header parameter formatting matches the WHATWG HTML Standard as of 2021-06-10. Control characters in filenames are no longer percent encoded (`#​2257 <https://github.com/urllib3/urllib3/issues/2257>`\__). - Changed the error raised when connecting via HTTPS when the `ssl` module isn't available from `SSLError` to `ImportError` (`#​2589 <https://github.com/urllib3/urllib3/issues/2589>`\__). - Changed `HTTPConnection.request()` to always use lowercase chunk boundaries when sending requests with `Transfer-Encoding: chunked` (`#​2515 <https://github.com/urllib3/urllib3/issues/2515>`\__). - Changed `enforce_content_length` default to True, preventing silent data loss when reading streamed responses (`#​2514 <https://github.com/urllib3/urllib3/issues/2514>`\__). - Changed internal implementation of `HTTPHeaderDict` to use `dict` instead of `collections.OrderedDict` for better performance (`#​2080 <https://github.com/urllib3/urllib3/issues/2080>`\__). - Changed the `urllib3.contrib.pyopenssl` module to wrap `OpenSSL.SSL.Error` with `ssl.SSLError` in `PyOpenSSLContext.load_cert_chain` (`#​2628 <https://github.com/urllib3/urllib3/issues/2628>`\__). - Changed usage of the deprecated `socket.error` to `OSError` (`#​2120 <https://github.com/urllib3/urllib3/issues/2120>`\__). - Changed all parameters in the `HTTPConnection` and `HTTPSConnection` constructors to be keyword-only except `host` and `port` (`#​1985 <https://github.com/urllib3/urllib3/issues/1985>`\__). - Changed `HTTPConnection.getresponse()` to set the socket timeout from `HTTPConnection.timeout` value before reading data from the socket. This previously was done manually by the `HTTPConnectionPool` calling `HTTPConnection.sock.settimeout(...)` (`#​1985 <https://github.com/urllib3/urllib3/issues/1985>`\__). - Changed the `_proxy_host` property to `_tunnel_host` in `HTTPConnectionPool` to more closely match how the property is used (value in `HTTPConnection.set_tunnel()`) (`#​1985 <https://github.com/urllib3/urllib3/issues/1985>`\__). - Changed name of `Retry.BACK0FF_MAX` to be `Retry.DEFAULT_BACKOFF_MAX`. - Changed TLS handshakes to use `SSLContext.check_hostname` when possible (`#​2452 <https://github.com/urllib3/urllib3/pull/2452>`\__). - Changed `server_hostname` to behave like other parameters only used by `HTTPSConnectionPool` (`#​2537 <https://github.com/urllib3/urllib3/pull/2537>`\__). - Changed the default `blocksize` to 16KB to match OpenSSL's default read amounts (`#​2348 <https://github.com/urllib3/urllib3/pull/2348>`\__). - Changed `HTTPResponse.read()` to raise an error when calling with `decode_content=False` after using `decode_content=True` to prevent data loss (`#​2800 <https://github.com/urllib3/urllib3/issues/2800>`\__). ## Fixed - Fixed thread-safety issue where accessing a `PoolManager` with many distinct origins would cause connection pools to be closed while requests are in progress (`#​1252 <https://github.com/urllib3/urllib3/issues/1252>`\__). - Fixed an issue where an `HTTPConnection` instance would erroneously reuse the socket read timeout value from reading the previous response instead of a newly configured connect timeout. Instead now if `HTTPConnection.timeout` is updated before sending the next request the new timeout value will be used (`#​2645 <https://github.com/urllib3/urllib3/issues/2645>`\__). - Fixed `socket.error.errno` when raised from pyOpenSSL's `OpenSSL.SSL.SysCallError` (`#​2118 <https://github.com/urllib3/urllib3/issues/2118>`\__). - Fixed the default value of `HTTPSConnection.socket_options` to match `HTTPConnection` (`#​2213 <https://github.com/urllib3/urllib3/issues/2213>`\__). - Fixed a bug where `headers` would be modified by the `remove_headers_on_redirect` feature (`#​2272 <https://github.com/urllib3/urllib3/issues/2272>`\__). - Fixed a reference cycle bug in `urllib3.util.connection.create_connection()` (`#​2277 <https://github.com/urllib3/urllib3/issues/2277>`\__). - Fixed a socket leak if `HTTPConnection.connect()` fails (`#​2571 <https://github.com/urllib3/urllib3/pull/2571>`\__). - Fixed `urllib3.contrib.pyopenssl.WrappedSocket` and `urllib3.contrib.securetransport.WrappedSocket` close methods (`#​2970 <https://github.com/urllib3/urllib3/issues/2970>`\__) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/owntracks/android). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi41Ni4wIiwidXBkYXRlZEluVmVyIjoiMzYuNjQuOCIsInRhcmdldEJyYW5jaCI6Im1hc3RlciJ9--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
See, for reference this issue on the requests library:
psf/requests#1871
In looking into the issue, which appears to happen when too many hosts are connected to through the same PoolManager in parallel, the issue appears to be with PoolManager's use of an LRU cache for the connection pool instances within it. A pool is pulled from the cache but within the time it takes for pool._get_conn to be called the PoolManager can potentially evict the ConnectionPool if too many other hosts are connected to in parallel.
In addition, since the pool also handles retries and redirects within urlopen, the pool needs to stay alive until the final connection is acquired from the pool, meaning we can't be sure we can release the pool from PoolManager until urlopen returns, essentially making PoolManager make requests serially only.
I only see a few options for fixing this.
The text was updated successfully, but these errors were encountered: