Jump to solution
Verify

urllib3 Performance issue in `BytesQueueBuffer.get()` byte slicing (Fix)

Fixed
Spec
Package
urllib3
Fixed In
2.6.0
Python
3.12.5
Verdict
Status
Fixed
Safe for prod
No
Risk
Medium
Last verified
2026-02-09
Own content ratio
0.60
#3710 ai caching latency queues tls Performance Issue Updated: 2026-02-13
Issue #3710

The Fix

pip install urllib3==2.6.0

Based on closed urllib3/urllib3 issue #3710 · PR/commit linked

Jump to Verify Open PR/Commit
@@ -0,0 +1 @@ @@ -0,0 +1 @@ +Improved the performance of content decoding by optimizing ``BytesQueueBuffer`` class. diff --git a/src/urllib3/response.py b/src/urllib3/response.py index d427e7148d..3df98184de 100644
repro.py
from compression import zstd import io import timeit from urllib3.response import HTTPResponse data = b"A" * (1024 * 1024 * 1024) # 1 GB compressed_data = zstd.ZstdCompressor().compress(data) def decompress(): fp = io.BytesIO(compressed_data) r = HTTPResponse(fp, headers={"content-encoding": "zstd"}, preload_content=False) while r.read(32 * 1024): pass time_taken = timeit.timeit(decompress, number=10) print(f"Decompression time: {time_taken:.2f} seconds")
verify
Re-run the minimal reproduction on your broken version, then apply the fix and re-run.
fix.md
Option A — Upgrade to fixed release\npip install urllib3==2.6.0\nWhen NOT to use: This fix should not be used if backward compatibility with older versions is required.\n\n

Why This Fix Works in Production

  • Trigger: OpenSSL 3.0.14 4 Jun 2024
  • Mechanism: Improves the speed of `BytesQueueBuffer.get()` by using memoryview, solving the problem described in #3710.
  • Why the fix works: Improves the speed of `BytesQueueBuffer.get()` by using memoryview, solving the problem described in #3710. (first fixed release: 2.6.0).

Why This Breaks in Prod

  • Shows up under Python 3.12.5 in real deployments (not just unit tests).
  • Production symptom (often without a traceback): OpenSSL 3.0.14 4 Jun 2024

Proof / Evidence

  • GitHub issue: #3710
  • Fix PR: https://github.com/urllib3/urllib3/pull/3711
  • First fixed release: 2.6.0
  • Reproduced locally: No (not executed)
  • Last verified: 2026-02-09
  • Confidence: 0.85
  • Did this fix it?: Yes (upstream fix exists)
  • Own content ratio: 0.60

Discussion

High-signal excerpts from the issue thread (symptoms, repros, edge-cases).

Jump to Sources Open on GitHub
“FYI, we did further improvements in c19571de34c47de3a766541b041637ba5f716ed7”
@illia-v · 2025-12-05 · source

Failure Signature (Search String)

  • OpenSSL 3.0.14 4 Jun 2024
  • CPU: 13th Gen Intel(R) Core(TM) i5-13500
Copy-friendly signature
signature.txt
Failure Signature ----------------- OpenSSL 3.0.14 4 Jun 2024 CPU: 13th Gen Intel(R) Core(TM) i5-13500

Error Message

Signature-only (no traceback captured)
error.txt
Error Message ------------- OpenSSL 3.0.14 4 Jun 2024 CPU: 13th Gen Intel(R) Core(TM) i5-13500

Minimal Reproduction

repro.py
from compression import zstd import io import timeit from urllib3.response import HTTPResponse data = b"A" * (1024 * 1024 * 1024) # 1 GB compressed_data = zstd.ZstdCompressor().compress(data) def decompress(): fp = io.BytesIO(compressed_data) r = HTTPResponse(fp, headers={"content-encoding": "zstd"}, preload_content=False) while r.read(32 * 1024): pass time_taken = timeit.timeit(decompress, number=10) print(f"Decompression time: {time_taken:.2f} seconds")

Environment

  • Python: 3.12.5
  • urllib3: 0.1

What Broke

Content retrieval time was significantly slower when decoding gzipped data.

Fix Options (Details)

Option A — Upgrade to fixed release Safe default (recommended)

pip install urllib3==2.6.0

When NOT to use: This fix should not be used if backward compatibility with older versions is required.

Use when you can deploy the upstream fix. It is usually lower-risk than long-lived workarounds.

Fix reference: https://github.com/urllib3/urllib3/pull/3711

First fixed release: 2.6.0

Last verified: 2026-02-09. Validate in your environment.

Get updates

We publish verified fixes weekly. No spam.

Subscribe

When NOT to Use This Fix

  • This fix should not be used if backward compatibility with older versions is required.

Verify Fix

verify
Re-run the minimal reproduction on your broken version, then apply the fix and re-run.

Did This Fix Work in Your Case?

Quick signal helps us prioritize which fixes to verify and improve.

Prevention

  • Add a CI check that diffs key outputs after upgrades (OpenAPI schema snapshots, JSON payload shapes, CLI output).
  • Upgrade behind a canary and run integration tests against the canary before 100% rollout.
  • Add a TLS smoke test that performs a real handshake in CI (include CA bundle validation and hostname checks).
  • Alert on handshake failures by error string and endpoint to catch cert/CA changes quickly.

Version Compatibility Table

VersionStatus
2.6.0 Fixed

Related Issues

No related fixes found.

Cluster: urllib3:ssl-handshake urllib3 hub urllib3 best practices All hubs All clusters
Related clusters: Configuration error Data consistency Other

Sources

We don’t republish the full GitHub discussion text. Use the links above for context.

Source & Disclaimer: Analysis derived from GitHub Issue #3710. Not affiliated with the library maintainers. Verify before production use.