h11 is a pure-Python, bring-your-own-I/O HTTP/1.1 library that implements the basics of framing and header handling. It provides a connection state API for servers and clients, where you feed in network bytes to produce HTTP events and send event objects back as bytes. This is useful if you want to build HTTP functionality without using a higher-level HTTP client or server framework.
Project status
- Maintenance status: The last recorded upstream push and recent update (v0.16.0, and v0.15.0) was on 2025-04-24, which is over a year ago relative to 2026-06-09, so the source appears quiet/dormant rather than actively maintained.
- Update cadence: There was a burst of updates on 2025-04-24 (v0.16.0 and v0.15.0 back-to-back), but otherwise the history shows long gaps (for example, from 2022-09-25 to 2025-04-24). This suggests an infrequent, maintenance-style cadence.
AI summary generated 2026-06-09
Recent updates
v0.16.0
2025-04-24v0.16.0 primarily introduces a security hardening change in h11's chunked transfer decoding. The code now rejects malformed chunk termination bytes that were previously tolerated, which can prevent request-smuggling style edge cases.
Securityv0.15.0
2025-04-24Release v0.15.0 updates h11’s CI/test matrix and documentation to drop Python 3.7 support and test newer CPython versions. The only behaviorally significant library change is stricter validation for extremely large Content-Length values, which can alter the error path developers observe for malformed requests. Most other changes are tooling, typing, and test/documentation updates.
v0.14.0
2022-09-25The v0.14.0 release notes were not provided, so the specific changes, potential breaking changes, and migration guidance are not documented in the release description. Developers should review the diff from the previous version (v0.13.x) and validate API and behavior changes before upgrading.
v0.13.0
2022-01-19v0.13.0 introduces improved typing and public API clarity (notably Headers and event classes), plus protocol validation tweaks. The diff also shows a larger internal refactor toward dataclass-based immutable event objects and more explicit exports, which may introduce behavioral changes not covered by the release notes.
BreakingFeaturesv0.12.0
2021-01-01This release (v0.12.0) modernizes h11 for Python 3 only, dropping Python 2.7 and PyPy2 support, and extends parsing to better handle non-standard line endings. It also adds earlier detection of clearly invalid HTTP data at the beginning of the request/response, before a full line terminator is received.
BreakingFeaturesv0.11.0
2020-10-05v0.11.0 introduces a header-casing preservation feature, so h11 keeps the original header name casing it received and also writes header names using casing derived from how headers were provided. It also changes how multiple Content-Length headers are handled, merging equal values and raising an error when they conflict.
BreakingFeaturesv0.10.0
2020-08-13This v0.10.0 release primarily updates supported Python versions (dropping Python 3.4, adding 3.8) and refreshes CI, docs, and tooling configuration. The only substantive library-side code change in the diff improves validation error messages by passing extra context into internal header/request/status parsing validation. Release notes were not provided by the publisher.
Breakingv0.9.0
2019-04-22This release (v0.9.0) introduces stricter request-target validation and relaxes accepted header-value character rules in the HTTP/1.1 parsing logic. CI and project metadata were also updated, including dropping Python 3.3 support and raising the minimum supported Python 3 version in documentation.
v0.8.1
2018-04-15v0.8.1 primarily addresses a header typing bug, ensuring parsed HTTP headers are always returned as bytes objects. The release also includes documentation and tooling updates, including adding proper license notices in bundled documentation JavaScript and updating repository metadata to the python-hyper org.
v0.8.0
2018-03-20Release v0.8.0 is published, but no release notes were provided. As a result, this analysis cannot confirm new features, bug fixes, breaking changes, or security updates from the published documentation.