Illia Volochii

@illiav
27 Followers
21 Following
13 Posts
GitHubhttps://github.com/illia-v
Bloghttps://volochii.dev/blog/
Illia VolochiiMay 7

📦️ urllib3 2.7.0 is now available!

This release comes alongside two advisories for high-severity issues; however, we estimate overall user exposure to be marginal.

Additionally, the new version makes deprecation warnings more visible, fixes a few bugs and improves type hints.

https://github.com/urllib3/urllib3/releases/tag/2.7.0

#urllib3 #python #security #opensource

Release 2.7.0 · urllib3/urllib3

🚀 urllib3 is fundraising for HTTP/2 support urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial ...

GitHub
Illia VolochiiMay 7
Seth LarsonMay 6

RE: https://mastodon.social/@7ASecurity/116521920390604616

💪 “urllib3's supply chain posture was described as exceptionally strong, with advanced compliance across SLSA Source, Build, and Provenance requirements. The project maintainers were helpful, responsive, and engaged throughout the audit, ensuring that 7ASecurity had the necessary access and information at all times”

Excellent work @illiav and @quentinpradet! 👏

#security #python #opensource #oss #supplychain #slsa

Illia VolochiiApr 5
Savannah OstrowskiApr 5

RE: https://mastodon.social/@coredispatch/116350032773821393

Okay friends, new side quest! I've started a Python core development newsletter!

If you've ever wanted a regular summary straight to your inbox about all the cool things happening in CPython (and adjacent areas), this is it! Like and subscribe!

First edition, room to grow! 🌳

Illia VolochiiFeb 22

RE: https://hachyderm.io/@github/116088660663888747

@quentinpradet and I can finally share that we participated in Session 3 of the GitHub Secure Open Source Fund. As part of this cohort, we focused on hardening the library's security, setting up a formal Security Policy, and auditing our repository settings.

Open source sustainability isn't just about features; it's about security.

Read more on the blog: https://volochii.dev/blog/github-secure-open-source-session/

#urllib3 #python #github #security

Illia VolochiiJan 28
Hugo van KemenadeJan 28

Using the new Tachyon profiler coming to Python 3.15 I profiled a one-liner to find a bottleneck, then sped up some 26-year-old code in @pillow!

https://hugovk.dev/blog/2026/faster-pillow/

#Python #python315 #Tachyon #Pillow #PythonPillow #performance

Speeding up Pillow's open and save

Hugo van Kemenade
Illia VolochiiJan 20

I've finally launched my personal blog! 📝

To kick things off, my first post is the urllib3 2025 Annual Report. We discuss entering the "Billion-a-Month" club, our strengthened security posture, and the road to Python 3.14.

Check it out: https://volochii.dev/blog/urllib3-in-2025/

#urllib3 #python

urllib3 entered the "Billion-a-Month" club in 2025

Welcome to the 2025 annual report for urllib3. I’m Illia, and this is my first time writing this update for the second most downloaded Python package. Long-time readers will recognize these reports from Seth Larson or Quentin Pradet, but this year I’m taking the baton to share what we’ve been up to. 2025 was a busy year defined by security hardening and future-proofing. We released 5 versions and merged over 100 pull requests, working to secure the library and prepare it for Python 3.14. For the first time ever, urllib3 was installed over 1 billion times per month consistently throughout the last quarter, signaling new levels of adoption for both the Python language and foundational open source libraries like urllib3.

Illia VolochiiJan 7

📦 urllib3 2.6.3 is now available!

This release continues our recent series of decompression-related security fixes by mitigating decompression bombs in HTTP redirect responses (see GHSA-38jv-5279-wg99).

Also, the new version avoids indefinite sleeps with big Retry-After values and improves compatibility with popular dependents in Emscripten environments.

https://github.com/urllib3/urllib3/releases/tag/2.6.3

Illia VolochiiDec 5

📦 urllib3 2.6.0 is now available!

It fixes two high-severity security issues related to decompression of response content.

Additionally, the new version:
- switched to the backports.zstd package for the zstd support on Python 3.13 and before
- added explicit support for Python 3.14 and free threading
- removed two deprecated methods
- fixed a few bugs, added new small features, and improved performance

Check details in our release notes https://github.com/urllib3/urllib3/releases/tag/2.6.0

Release 2.6.0 · urllib3/urllib3

🚀 urllib3 is fundraising for HTTP/2 support urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial ...

GitHub
Illia VolochiiJun 18, 2025

📦 urllib3 2.5.0 is now available!

It fixes two moderate security issues:
- pool managers now properly control redirects when `retries` is passed — CVE-2025-50181 (5.3 Medium) reported by Jacob Sandum
- redirects are now controlled by urllib3 in the Node.js runtime — CVE-2025-50182 (5.3 Medium)

Additionally, the new version adds support for the zstd module in Python 3.14 and fixes issues related to shutting down responses and HTTP tunneling with IPv6.

https://github.com/urllib3/urllib3/releases/tag/2.5.0

Release 2.5.0 · urllib3/urllib3

🚀 urllib3 is fundraising for HTTP/2 support urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial ...

GitHub
Illia VolochiiApr 10, 2025

📦 urllib3 2.4.0 is now available! It hardens certificate verification for Python 3.13+, fixes an Emscripten issue, improves own exceptions, and applies PEP 639.

https://github.com/urllib3/urllib3/releases/tag/2.4.0