The Fix
pip install urllib3==1.26.6
Based on closed urllib3/urllib3 issue #2282 · PR/commit linked
Production note: Most teams hit this during upgrades or environment changes. Roll out with a canary and smoke critical endpoints (health, OpenAPI/docs) before 100%.
@@ -5,6 +5,7 @@
from __future__ import absolute_import
+import warnings
from logging import getLogger
Option A — Upgrade to fixed release\npip install urllib3==1.26.6\nWhen NOT to use: This fix is not suitable for applications still relying on NTLM authentication.\n\n
Why This Fix Works in Production
- Trigger: - It has fallen into disrepair (e.g. timeout/ssl/other options not being respected).
- Mechanism: The NTLMConnectionPool module is deprecated due to lack of maintenance and support
- Why the fix works: Adds a DeprecationWarning for the urllib3.contrib.nltmpool module, indicating its removal in v2.0. (first fixed release: 1.26.6).
- If left unfixed, the same config can fail only in production (env differences), causing startup failures or partial feature outages.
Why This Breaks in Prod
- The NTLMConnectionPool module is deprecated due to lack of maintenance and support
- Production symptom (often without a traceback): - It has fallen into disrepair (e.g. timeout/ssl/other options not being respected).
Proof / Evidence
- GitHub issue: #2282
- Fix PR: https://github.com/urllib3/urllib3/pull/2289
- First fixed release: 1.26.6
- Reproduced locally: No (not executed)
- Last verified: 2026-02-09
- Confidence: 0.75
- Did this fix it?: Yes (upstream fix exists)
- Own content ratio: 0.86
Discussion
High-signal excerpts from the issue thread (symptoms, repros, edge-cases).
“Closed via https://github.com/urllib3/urllib3/pull/2289”
“Sounds good @imkaka, let me know if you have questions.”
“FYI I do work use Python with sites that use ntlm authentication”
Failure Signature (Search String)
- - It has fallen into disrepair (e.g. timeout/ssl/other options not being respected).
Copy-friendly signature
Failure Signature
-----------------
- It has fallen into disrepair (e.g. timeout/ssl/other options not being respected).
Error Message
Signature-only (no traceback captured)
Error Message
-------------
- It has fallen into disrepair (e.g. timeout/ssl/other options not being respected).
What Broke
Users may experience issues with NTLM authentication due to the module's disrepair.
Why It Broke
The NTLMConnectionPool module is deprecated due to lack of maintenance and support
Fix Options (Details)
Option A — Upgrade to fixed release Safe default (recommended)
pip install urllib3==1.26.6
Use when you can deploy the upstream fix. It is usually lower-risk than long-lived workarounds.
Fix reference: https://github.com/urllib3/urllib3/pull/2289
First fixed release: 1.26.6
Last verified: 2026-02-09. Validate in your environment.
When NOT to Use This Fix
- This fix is not suitable for applications still relying on NTLM authentication.
Did This Fix Work in Your Case?
Quick signal helps us prioritize which fixes to verify and improve.
Prevention
- Add a CI check that diffs key outputs after upgrades (OpenAPI schema snapshots, JSON payload shapes, CLI output).
- Upgrade behind a canary and run integration tests against the canary before 100% rollout.
- Add a TLS smoke test that performs a real handshake in CI (include CA bundle validation and hostname checks).
- Alert on handshake failures by error string and endpoint to catch cert/CA changes quickly.
Version Compatibility Table
| Version | Status |
|---|---|
| 1.26.6 | Fixed |
Related Issues
No related fixes found.
Sources
We don’t republish the full GitHub discussion text. Use the links above for context.