Jump to solution
Details

urllib3 Likely bug in retry/release-conn code, need tests (Fix)

Fixed
Spec
Package
urllib3
Fixed In
1.25
Verdict
Status
Fixed
Safe for prod
No
Risk
Medium
Last verified
2026-02-09
Own content ratio
0.81
#651 ai retries timeouts Idempotency Violation Updated: 2026-02-13
Issue #651

The Fix

pip install urllib3==1.25

Based on closed urllib3/urllib3 issue #651 · PR/commit linked

Production note: This usually shows up under retries/timeouts. Treat it as a side-effect risk until you can verify behavior with a canary + real traffic.

Open PR/Commit
@@ -20,6 +20,9 @@ dev (master) called by subclasses. (Issue #873) +* Always respect ``ConnectionPool.urlopen(release_conn=False)``, even after a + retry. (Issue #651) +
fix.md
Option A — Upgrade to fixed release\npip install urllib3==1.25\nWhen NOT to use: Do not use this fix if the connection release behavior is intended to be altered.\n\n

Why This Fix Works in Production

  • Trigger: In this change: https://github.com/shazow/urllib3/pull/647/files#diff-211abff6a07837e4a89a8663a89d2c84R582
  • Mechanism: The connection was prematurely released after a retry, violating the release_conn parameter
  • Why the fix works: Ensures that the `release_conn` parameter is respected after a retry in the `ConnectionPool.urlopen` method, preventing premature connection release. (first fixed release: 1.25).
Production impact:
  • If left unfixed, retry loops can amplify load and turn a small outage into a cascade (thundering herd).

Why This Breaks in Prod

  • The connection was prematurely released after a retry, violating the release_conn parameter
  • Production symptom (often without a traceback): In this change: https://github.com/shazow/urllib3/pull/647/files#diff-211abff6a07837e4a89a8663a89d2c84R582

Proof / Evidence

  • GitHub issue: #651
  • Fix PR: https://github.com/urllib3/urllib3/pull/866
  • First fixed release: 1.25
  • Reproduced locally: No (not executed)
  • Last verified: 2026-02-09
  • Confidence: 0.85
  • Did this fix it?: Yes (upstream fix exists)
  • Own content ratio: 0.81

Discussion

High-signal excerpts from the issue thread (symptoms, repros, edge-cases).

Jump to Sources Open on GitHub
“I will try and confirm this next week sometime, but writing a test to force it might not be so easy.”
@jlatherfold · 2015-06-13 · source
“Take a look at the socketlevel tests in #647, should be some good examples.”
@shazow · 2015-06-13 · source
“Maybe, though not as certain as actually having a test in the suite which exercises this scenario. :) We'll see if we can add that…”
@shazow · 2015-06-16 · source
“Hi, I ran a few trial runs with your changes and set read timeout low enough to force the issue”
@jlatherfold · 2015-06-16 · source

Failure Signature (Search String)

  • In this change: https://github.com/shazow/urllib3/pull/647/files#diff-211abff6a07837e4a89a8663a89d2c84R582
  • put_conn_on_error = False
Copy-friendly signature
signature.txt
Failure Signature ----------------- In this change: https://github.com/shazow/urllib3/pull/647/files#diff-211abff6a07837e4a89a8663a89d2c84R582 put_conn_on_error = False

Error Message

Signature-only (no traceback captured)
error.txt
Error Message ------------- In this change: https://github.com/shazow/urllib3/pull/647/files#diff-211abff6a07837e4a89a8663a89d2c84R582 put_conn_on_error = False

What Broke

Connections were released back to the pool before responses were read, causing potential data loss.

Why It Broke

The connection was prematurely released after a retry, violating the release_conn parameter

Fix Options (Details)

Option A — Upgrade to fixed release Safe default (recommended)

pip install urllib3==1.25

When NOT to use: Do not use this fix if the connection release behavior is intended to be altered.

Use when you can deploy the upstream fix. It is usually lower-risk than long-lived workarounds.

Fix reference: https://github.com/urllib3/urllib3/pull/866

First fixed release: 1.25

Last verified: 2026-02-09. Validate in your environment.

Get updates

We publish verified fixes weekly. No spam.

Subscribe

When NOT to Use This Fix

  • Do not use this fix if the connection release behavior is intended to be altered.

Did This Fix Work in Your Case?

Quick signal helps us prioritize which fixes to verify and improve.

Prevention

  • Add a CI check that diffs key outputs after upgrades (OpenAPI schema snapshots, JSON payload shapes, CLI output).
  • Upgrade behind a canary and run integration tests against the canary before 100% rollout.
  • Make timeouts explicit and test them (unit + integration) to avoid silent behavior changes.
  • Instrument retries (attempt count + reason) and alert on spikes to catch dependency slowdowns.

Version Compatibility Table

VersionStatus
1.25 Fixed

Related Issues

No related fixes found.

Cluster: urllib3:retry-storm urllib3 hub urllib3 best practices All hubs All clusters
Related clusters: Configuration error Data consistency SSL handshake

Sources

We don’t republish the full GitHub discussion text. Use the links above for context.

Source & Disclaimer: Analysis derived from GitHub Issue #651. Not affiliated with the library maintainers. Verify before production use.