The Fix
pip install urllib3==1.26.5
Based on closed urllib3/urllib3 issue #2203 · PR/commit linked
Production note: Most teams hit this during upgrades or environment changes. Roll out with a canary and smoke critical endpoints (health, OpenAPI/docs) before 100%.
@@ -16,7 +16,7 @@ def is_connection_dropped(conn: socket.socket) -> bool: # Platform-specific
:class:`http.client.HTTPConnection` object.
"""
- sock = getattr(conn, "sock", False)
+ sock = getattr(conn, "sock", None)
if sock is None: # Connection already closed (such as by httplib).
Option A — Upgrade to fixed release\npip install urllib3==1.26.5\nWhen NOT to use: This fix should not be applied if the behavior of distinguishing between None and False is required for debugging.\n\n
Why This Fix Works in Production
- Trigger: If there is no property `sock` on `conn`, then we will call `wait_for_read(False, timeout=0.0)`, which e.g. may end up putting the `False` into the iterable…
- Mechanism: The default value of getattr for the sock attribute is incorrectly set to False instead of None
- Why the fix works: Fixes the confusion between None and False in the is_connection_dropped function by changing the default value of getattr from False to None. (first fixed release: 1.26.5).
- If left unfixed, the same config can fail only in production (env differences), causing startup failures or partial feature outages.
Why This Breaks in Prod
- The default value of getattr for the sock attribute is incorrectly set to False instead of None
- Production symptom (often without a traceback): If there is no property `sock` on `conn`, then we will call `wait_for_read(False, timeout=0.0)`, which e.g. may end up putting the `False` into the iterable passed to `select`.
Proof / Evidence
- GitHub issue: #2203
- Fix PR: https://github.com/urllib3/urllib3/pull/2204
- First fixed release: 1.26.5
- Reproduced locally: No (not executed)
- Last verified: 2026-02-09
- Confidence: 0.75
- Did this fix it?: Yes (upstream fix exists)
- Own content ratio: 0.68
Discussion
High-signal excerpts from the issue thread (symptoms, repros, edge-cases).
“Great catch, luckily this doesn't effect any released version as 1.26.x series has the proper handling of conn without sock. Would you be willing to…”
“@sigmavirus24 That is what the version linked by @sethmlarson on the 1.26.x branch does”
“Would it be useful to distinguish between conn.sock is None and conn.sock isn't an attribute present by having False versus having None? We could use…”
Failure Signature (Search String)
- If there is no property `sock` on `conn`, then we will call `wait_for_read(False, timeout=0.0)`, which e.g. may end up putting the `False` into the iterable passed to `select`.
- Great catch, luckily this doesn't effect any released version as 1.26.x series has the [proper handling of `conn` without
Copy-friendly signature
Failure Signature
-----------------
If there is no property `sock` on `conn`, then we will call `wait_for_read(False, timeout=0.0)`, which e.g. may end up putting the `False` into the iterable passed to `select`.
Great catch, luckily this doesn't effect any released version as 1.26.x series has the [proper handling of `conn` without `sock`](https://github.com/urllib3/urllib3/blob/1.26.x/src/urllib3/util/connection.py).
Error Message
Signature-only (no traceback captured)
Error Message
-------------
If there is no property `sock` on `conn`, then we will call `wait_for_read(False, timeout=0.0)`, which e.g. may end up putting the `False` into the iterable passed to `select`.
Great catch, luckily this doesn't effect any released version as 1.26.x series has the [proper handling of `conn` without `sock`](https://github.com/urllib3/urllib3/blob/1.26.x/src/urllib3/util/connection.py).
What Broke
Potential confusion in connection handling could lead to unexpected behavior in socket operations.
Why It Broke
The default value of getattr for the sock attribute is incorrectly set to False instead of None
Fix Options (Details)
Option A — Upgrade to fixed release Safe default (recommended)
pip install urllib3==1.26.5
Use when you can deploy the upstream fix. It is usually lower-risk than long-lived workarounds.
Fix reference: https://github.com/urllib3/urllib3/pull/2204
First fixed release: 1.26.5
Last verified: 2026-02-09. Validate in your environment.
When NOT to Use This Fix
- This fix should not be applied if the behavior of distinguishing between None and False is required for debugging.
Did This Fix Work in Your Case?
Quick signal helps us prioritize which fixes to verify and improve.
Prevention
- Add a CI check that diffs key outputs after upgrades (OpenAPI schema snapshots, JSON payload shapes, CLI output).
- Upgrade behind a canary and run integration tests against the canary before 100% rollout.
- Make timeouts explicit and test them (unit + integration) to avoid silent behavior changes.
- Instrument retries (attempt count + reason) and alert on spikes to catch dependency slowdowns.
Version Compatibility Table
| Version | Status |
|---|---|
| 1.26.5 | Fixed |
Related Issues
No related fixes found.
Sources
We don’t republish the full GitHub discussion text. Use the links above for context.