Jump to solution
Details

urllib3 Tilde characters encoded in URLs starting in 1.25.4 (Fix)

Fixed
Spec
Package
urllib3
Fixed In
1.25.6
Verdict
Status
Fixed
Safe for prod
Yes
Risk
Low
Last verified
2026-02-09
Own content ratio
0.69
#1683 ai auth llm webhooks Idempotency Violation Updated: 2026-02-13
Issue #1683

The Fix

pip install urllib3==1.25.6

Based on closed urllib3/urllib3 issue #1683 · PR/commit linked

Open PR/Commit
@@ -50,7 +50,7 @@ ] -UNRESERVED_PAT = r"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789._!\-" +UNRESERVED_PAT = r"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789._!\-~" IPV6_PAT = "(?:" + "|".join([x % _subs for x in _variations]) + ")"
fix.md
Option A — Upgrade to fixed release\npip install urllib3==1.25.6\nWhen NOT to use: This fix should not be applied if the system requires percent-encoded tildes for compatibility.\n\n

Why This Fix Works in Production

  • Trigger: E AuthenticationErrorDetail:The MAC signature found in the HTTP request '+9LrJpPDKHcsIcv+cxVVmD0147OshzlnRn+YLRgJdSE=' is not the same as any computed…
  • Mechanism: Tilde characters were erroneously percent-encoded due to a missing character in the UNRESERVED_CHARS section
  • Why the fix works: Fixes the issue where tilde characters in URLs were erroneously percent-encoded due to a missing character in the UNRESERVED_CHARS section. (first fixed release: 1.25.6).
Production impact:
  • If left unfixed, this can cause silent data inconsistencies that propagate (bad cache entries, incorrect downstream decisions).

Why This Breaks in Prod

  • Tilde characters were erroneously percent-encoded due to a missing character in the UNRESERVED_CHARS section
  • Surfaces as: E AuthenticationErrorDetail:The MAC signature found in the HTTP request '+9LrJpPDKHcsIcv+cxVVmD0147OshzlnRn+YLRgJdSE=' is not the same as any computed signature. Server used…

Proof / Evidence

  • GitHub issue: #1683
  • Fix PR: https://github.com/urllib3/urllib3/pull/1692
  • First fixed release: 1.25.6
  • Reproduced locally: No (not executed)
  • Last verified: 2026-02-09
  • Confidence: 0.95
  • Did this fix it?: Yes (upstream fix exists)
  • Own content ratio: 0.69

Discussion

High-signal excerpts from the issue thread (symptoms, repros, edge-cases).

Jump to Sources Open on GitHub
“I'll take a look at this and prepare a release if needed once it's resolved. Thanks for the report.”
@sethmlarson · 2019-09-23 · confirmation · source
“It is breaking badly for us, as the redirect download urls contains a "~" and it transform it to %7E. All the downloads from conan-center…”
@lasote · 2019-09-24 · source
“For instance, it breaks code like the Azure Storage signing, because it's building a signature based on URL, and now the service refuses our request…”
@lmazuel · 2019-09-23 · source

Failure Signature (Search String)

  • E AuthenticationErrorDetail:The MAC signature found in the HTTP request '+9LrJpPDKHcsIcv+cxVVmD0147OshzlnRn+YLRgJdSE=' is not the same as any computed signature. Server used

Error Message

Stack trace
error.txt
Error Message ------------- E AuthenticationErrorDetail:The MAC signature found in the HTTP request '+9LrJpPDKHcsIcv+cxVVmD0147OshzlnRn+YLRgJdSE=' is not the same as any computed signature. Server used following string to sign: 'PUT
Stack trace
error.txt
Error Message ------------- E /amqptest/utcontainer6826924cfebd44dc847eac07516e17c1/%7Ea%7Ea%7E'.

Environment

  • urllib3: 1.25.6

What Broke

This change caused user-visible errors in systems expecting unreserved characters in URLs.

Why It Broke

Tilde characters were erroneously percent-encoded due to a missing character in the UNRESERVED_CHARS section

Fix Options (Details)

Option A — Upgrade to fixed release Safe default (recommended)

pip install urllib3==1.25.6

When NOT to use: This fix should not be applied if the system requires percent-encoded tildes for compatibility.

Use when you can deploy the upstream fix. It is usually lower-risk than long-lived workarounds.

Fix reference: https://github.com/urllib3/urllib3/pull/1692

First fixed release: 1.25.6

Last verified: 2026-02-09. Validate in your environment.

Get updates

We publish verified fixes weekly. No spam.

Subscribe

When NOT to Use This Fix

  • This fix should not be applied if the system requires percent-encoded tildes for compatibility.

Did This Fix Work in Your Case?

Quick signal helps us prioritize which fixes to verify and improve.

Prevention

  • Add a CI check that diffs key outputs after upgrades (OpenAPI schema snapshots, JSON payload shapes, CLI output).
  • Upgrade behind a canary and run integration tests against the canary before 100% rollout.

Version Compatibility Table

VersionStatus
1.25.6 Fixed

Related Issues

No related fixes found.

Cluster: urllib3:data-consistency urllib3 hub urllib3 best practices All hubs All clusters
Related clusters: Configuration error SSL handshake Other

Sources

We don’t republish the full GitHub discussion text. Use the links above for context.

Source & Disclaimer: Analysis derived from GitHub Issue #1683. Not affiliated with the library maintainers. Verify before production use.