Published 2019-12-28 by Seth Michael Larson
Reading time: 2 minutes
Subscribe for more content like this through the mailing list or RSS.
urllib3 has had probably one of it's most eventful years in recent times, especially with regards to sustainability of the project thanks to sponsors and grants.
I'm looking forward to 2020 and have many ideas for where the project is headed that I'll be sharing in a future post. For now let's review what was accomplished in 2019:
urllib3 received $23,580 USD throughout the year of 2019. We're very grateful for our donators and sponsors, this year would not have been as productive without you. Thank you!
Here's the breakdown on where that money came from:
The breakdown above shows that most of our funding for this year came from grants. Hopefully we can continue this into 2020 as the major accomplishments for the project were completed as a result of dedicated developer(s) spending extended periods of time working on features.
If you or your organization rely on urllib3 and would like to sponsor urllib3's development
send an email to
urllib3 made 10 releases during 2019, up from only 3 releases during 2018. The highlights of those releases include:
Strict compliance to RFC 3986 for URL parsing. This functionality was implemented as a part of the two grants listed above and helped protect users from the new class of attacks related to URL parsers. See CVE-2019-9740, CVE-2019-9636, CVE-2019-10160.
Added support for TLSv1.3 for OpenSSL 1.1.1+. This functionality was implemented as a part of the grant from GOVCERT LU. TLS 1.3 adds additional security and performance benefits for HTTPS connections.
Added automatic downstream integration testing for Requests and Botocore and automated deploys to PyPI from CI. This means we can ship releases more frequently and also be more confident that the changes being made won't break the universe. Our CI was also augmented to be less flaky resulting in smoother merges for Pull Requests. This work was done as a part of both above grants.
Added support for Brotli as a
Content-Encoding. This means that if the requested website
also supports Brotli your response bodies will be even smaller than gzip and save bandwidth.
Added support for Python 3.8. Python 3.9 alphas have just started coming out and there are already issues on the horizon.
These achievements aren't related to library features but are still super-fun to celebrate!
We eclipsed 1 billion (1,000,000,000) total downloads on PyPI, something that only ~10 projects have done. This number is unimaginably large and shows how essential a secure HTTP client library is to the Python ecosystem.
We receive a majority of our downloads from Python 3.X instead of Python 2.X for the first time. About ~50% of all downloads still come from Python 2.7 but that number is very slowly decreasing over time.
We have a logo now thanks to Ryan Feeley and Jess Shapiro! ♥
Thanks to everyone who contributed to urllib3, your contributions are making a huge difference. If you'd like to join our little team and start contributing we have a guide on how to get started.