Jump to solution
Verify

Requests Possible Memory Leak (Fix)

Fixed
Spec
Package
Requests
Fixed In
2.27.0
Verdict
Status
Fixed
Safe for prod
No
Risk
Medium
Last verified
2026-02-07
Own content ratio
0.59
#1685 ai caching latency memory-leak tls Memory Leak Updated: 2026-02-13
Issue #1685

The Fix

pip install requests==2.27.0

Based on closed psf/requests issue #1685 · PR/commit linked

Jump to Verify Open PR/Commit
@@ -46,7 +46,12 @@ def request(method, url, **kwargs): session = sessions.Session() - return session.request(method=method, url=url, **kwargs) + response = session.request(method=method, url=url, **kwargs) + # By explicitly closing the session, we avoid leaving sockets open which
repro.py
5 12.5 MiB 0.0 MiB @profile 6 def lol(): 7 12.5 MiB 0.0 MiB print "sending request" 8 35.6 MiB 23.1 MiB r = requests.get('http://cachefly.cachefly.net/10mb.test') 9 35.6 MiB 0.0 MiB print "reading.." 10 35.6 MiB 0.0 MiB with open("test.dat", "wb") as f: 11 35.6 MiB 0.0 MiB f.write(r.content) 12 35.6 MiB 0.0 MiB print "Finished..."
verify
Re-run the minimal reproduction on your broken version, then apply the fix and re-run.
fix.md
Option A — Upgrade to fixed release\npip install requests==2.27.0\nWhen NOT to use: This fix is not applicable if sessions are not properly managed in the application.\n\n

Why This Fix Works in Production

  • Trigger: Possible Memory Leak
  • Mechanism: The memory leak occurs due to sockets not being closed properly after requests
  • Why the fix works: Addresses a potential memory leak by ensuring that sessions created in the functional API are closed properly, which helps clear the PoolManager and close all sockets. (first fixed release: 2.27.0).

Why This Breaks in Prod

  • The memory leak occurs due to sockets not being closed properly after requests
  • Production symptom (often without a traceback): Possible Memory Leak

Proof / Evidence

  • GitHub issue: #1685
  • Fix PR: https://github.com/psf/requests/pull/2326
  • First fixed release: 2.27.0
  • Reproduced locally: No (not executed)
  • Last verified: 2026-02-07
  • Confidence: 0.85
  • Did this fix it?: Yes (upstream fix exists)
  • Own content ratio: 0.59

Discussion

High-signal excerpts from the issue thread (symptoms, repros, edge-cases).

Jump to Sources Open on GitHub
“@barroca that's a different issue”
@sigmavirus24 · 2016-01-22 · confirmation · source
“And now it's all coming from the call to conn.urlopen on L355 and HTTPAdapter#get_connection”
@sigmavirus24 · 2014-11-02 · confirmation · source
“@stas I want to address one thing: > Requests users should be aware of those methods, because in most of the cases the methods are…”
@Lukasa · 2014-11-07 · confirmation · source
“So I dug into urllib3 and followed the rabbit hole further earlier this morning”
@sigmavirus24 · 2014-11-03 · confirmation · source

Failure Signature (Search String)

  • Possible Memory Leak
  • The memory usage does not grow with every iteration, but it does continue to creep up with `requests.get` being the culprit that increases memory usage.
Copy-friendly signature
signature.txt
Failure Signature ----------------- Possible Memory Leak The memory usage does not grow with every iteration, but it does continue to creep up with `requests.get` being the culprit that increases memory usage.

Error Message

Signature-only (no traceback captured)
error.txt
Error Message ------------- Possible Memory Leak The memory usage does not grow with every iteration, but it does continue to creep up with `requests.get` being the culprit that increases memory usage.

Minimal Reproduction

repro.py
5 12.5 MiB 0.0 MiB @profile 6 def lol(): 7 12.5 MiB 0.0 MiB print "sending request" 8 35.6 MiB 23.1 MiB r = requests.get('http://cachefly.cachefly.net/10mb.test') 9 35.6 MiB 0.0 MiB print "reading.." 10 35.6 MiB 0.0 MiB with open("test.dat", "wb") as f: 11 35.6 MiB 0.0 MiB f.write(r.content) 12 35.6 MiB 0.0 MiB print "Finished..."

What Broke

Memory usage increases over time, leading to potential application slowdowns or crashes.

Why It Broke

The memory leak occurs due to sockets not being closed properly after requests

Fix Options (Details)

Option A — Upgrade to fixed release Safe default (recommended)

pip install requests==2.27.0

When NOT to use: This fix is not applicable if sessions are not properly managed in the application.

Use when you can deploy the upstream fix. It is usually lower-risk than long-lived workarounds.

Fix reference: https://github.com/psf/requests/pull/2326

First fixed release: 2.27.0

Last verified: 2026-02-07. Validate in your environment.

Get updates

We publish verified fixes weekly. No spam.

Subscribe

When NOT to Use This Fix

  • This fix is not applicable if sessions are not properly managed in the application.

Verify Fix

verify
Re-run the minimal reproduction on your broken version, then apply the fix and re-run.

Did This Fix Work in Your Case?

Quick signal helps us prioritize which fixes to verify and improve.

Prevention

  • Add a TLS smoke test that performs a real handshake in CI (include CA bundle validation and hostname checks).
  • Alert on handshake failures by error string and endpoint to catch cert/CA changes quickly.
  • Track RSS + object counts after deployments; alert on monotonic growth and GC pressure.
  • Add a long-running test that repeats the failing call path and asserts stable memory.

Version Compatibility Table

VersionStatus
2.27.0 Fixed

Related Issues

No related fixes found.

Cluster: requests:ssl-handshake Requests hub Requests best practices All hubs All clusters
Related clusters: Configuration error Data consistency Other

Sources

We don’t republish the full GitHub discussion text. Use the links above for context.

Source & Disclaimer: Analysis derived from GitHub Issue #1685. Not affiliated with the library maintainers. Verify before production use.