🐛 fix rare edge cases where upgrading or forcing HTTP/3 over QUIC wit…

…h zero SSL configuration (#254)

Release 2.13.904 (#250)

2.13.904 (2024-08-20)
=====================

- Improved performance when creating TLS connection. We removed a
redundant ssl_ctx creation due to our
  caching / reusability for ssl.SSLContext.
- Fixed forcing disabling SSL renegotiation when explicitly setting
``@SECLEVEL=0`` in the cipher suite.
- Fixed ssl_ctx caching invalidation when ca_certs and/or ca_cert_dir
file/directory changed.

Release 2.13.903 (#249)

2.13.903 (2024-08-11)
=====================

- Bumped lower bound of qh3. The ``crlDistributionPoints`` getter is now
officially implemented in qh3 >= 1.5.4.

Release 2.13.902 (#248)

2.13.902 (2024-08-10)
=====================

- Fixed long standing missing ``ciphers`` kwargs that can be propagated
without a
  custom ``ssl.SSLContext`` via ``(Async)PoolManager`` and others.
- Fixed a bug the connection was not properly closed (underlying fd)
when fingerprint matching failed in async.
- Fixed missing ``crlDistributionPoints`` not extracted from cert in
``ConnectionInfo`` (QUIC layer only).

Release 2.13.901 (#247)

2.13.901 (2024-08-02)
=====================

- Fixed a memory leakage when downloading large content and specifying a
chunk size
that is lower than your regular incoming chunk size.
(jawah/niquests#270)

Release 2.13.900 (#237)

2.13.900 (2024-06-22)
=====================

- Fixed passing ``ca_cert_data`` as ``bytes`` instead of ``str``.
- Backported Security fix CVE-2025-50181 (5.3 Medium,
GHSA-pq67-6m6q-mj2v) from upstream urllib3 v2.5.0
- Fixed backward incompatible change on the ssl configuration when
urllib3-future is invoked by other than Niquests.
The default cipher list will fallback to system's default when Niquests
is not the invoker. Also stop setting
  ``OP_NO_RENEGOTIATION`` in ssl_options when it's not Niquests.
- Fixed a rare bug causing the connection to improperly upgrade to QUIC
when no ssl ca are given.
- Updated the low bound version requirement for ``qh3`` to v1.5.3 due to
some significant improvement toward
unifying PKI validation behaviors with Python default expectation (w/
OpenSSL).
- Changed default behavior when passing a SSLContext with no loaded CA
in store. Previously we did not called
``load_default_certs``. We now check if the store is empty, then we load
the default certs.

Fix perf ssl ctx (#233)

2.12.922 (2024-05-19)
=====================

- Fixed a minor performance regression when reopening or upgrading a
HTTPS connection.

Release 2.12.921 (#232)

2.12.921 (2024-05-17)
=====================

- Extended in-memory mTLS loading support to every major platforms.
- Added support for built-in zstandard starting from Python 3.14 onward.
- Improved test suite execution speed using pytest-xdist.
- Fixed a rare edge case where the CAStore would be empty after upgrade
to a HTTP/3 connection when no CA bundle are given before.
This error occurred due to load_default_certs not being applied for the
QUIC connection.

Release 2.12.920 (#231)

2.12.920 (2024-05-04)
=====================

- Removed the persisting session ticket after first QUIC handshake. In a
effort to be stricter with security and align
  with our TLS 1.2 and 1.3 ``OP_NO_TICKET`` parameter.
- Improved performance in our event unpacking logic inside state machine
protocols. (micro-scale improvements)
- Improved our RDATA (DNS) parsing for HTTPS records toward our ECH
(Encrypted Client Hello) support coming soon.
- Fixed a rare HTTP/2 compatibility issue with servers that don't
acknowledge our settings (missing ACK frame).

Release 2.12.919 (#228)

2.12.919 (2024-04-28)
=====================

- Fixed http3 has_expired logic to take into account "client side abort
without close event". jawah/niquests#240
- Improved performances in our state machine protocols.
- Fixed PoolManager allocation when maxsize is reached (async).
jawah/niquests#247
- Fixed PoolManager response mapping per pool memory leak.