forked from apache/httpcomponents-client
-
Notifications
You must be signed in to change notification settings - Fork 0
/
RELEASE_NOTES.txt
2909 lines (1975 loc) · 115 KB
/
RELEASE_NOTES.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
Release 5.0.2
-----------------
This release upgrades HttpCore to the latest version, improves conformance to RFC 7235
(Hypertext Transfer Protocol (HTTP/1.1): Authentication) and addresses a number of
issues found since 5.0.1 release.
Changelog:
-------------------
* HTTPCLIENT-2116: Incorrect request message composition when routing requests
via a proxy.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* PoolingAsyncClientConnectionManager incorrectly emits Ping commands to HTTP/1.1
endpoints (#255).
Contributed by 滕杰1 <tengjie1 at xdf.cn>
* HTTPCLIENT-2115: HttpAsyncClientBuilder and H2AsyncClientBuilder fail to take
`replaceExecInterceptor()` into account.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2112: AbstractMultipartFormat respects ByteBuffer.arrayOffset (#253).
Contributed by Carter Kozak <ckozak at apache.org>
* Avoid updating Content-Length header in a 304 response.
Contributed by Dirk Henselin <dirk.henselin at vwgis.de>
* HTTPCLIENT-2105: Async clients incorrectly handle redirects of requests with enclosed
entity.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2100: Incorrect handling of EXTENDED mode by MultipartEntityBuilder
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2099, HTTPCLIENT-2091: SSLConnectionSocketFactory connect timeout fix (#241).
Contributed by Carter Kozak <ckozak at apache.org>
* Bug fix: BasicExpiresHandler is annotated as immutable but is not (#240).
Contributed by Gary Gregory <ggregory at apache.org>
* HTTPCLIENT-2096: Migrate instance loggers to static fields
Contributed by Carter Kozak <ckozak at apache.org>
* Added Automatic-Module-Name to the artefact manifests.
Contributed by Niels Basjes <niels at basjes.nl>
* MultipartEntityBuilder#generateBoundary optimization (#233)
Contributed by slisaasquatch <slisaasquatch at users.noreply.github.com>
* HTTPCLIENT-2094: ConnectionManager validateAfterInactivity zero duration agreement
Contributed by Carter Kozak <ckozak at apache.org>
* RFC 7235 compliance, HTTPCLIENT-2086: Fixed parsing of token68 based (base64-encoded)
auth schemes.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2091: Connect timeout is used instead of socket timeout after a tls upgrade
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2084: Client builders incorrectly add message interceptors with LAST position
to the head of the list.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2083: Fix NPE when classic client interceptors are added.
Contributed by Carter Kozak <ckozak at apache.org>
Release 5.0.1
-----------------
This release upgrades HttpCore to the latest version and addresses a number of issues found
since 5.0 release.
Changelog:
-------------------
* Bug fix: Classic connection managers fail to take #isConsistent() flag into account when
re-using persistent connections.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2077: Authentication failure due to incorrect NTLM auth value check.
Contributed by vonahok <64310078+vonahok at users.noreply.github.com>
* HTTPCLIENT-2051: Corrected handling of 303 redirects.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPASYNC-160: HttpAsyncClient in INACTIVE or STOPPED state throws a IllegalStateException
causing the current thread to terminate.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2076: Fixed NPE in LaxExpiresHandler.
Contributed by heejeongkim <aprilhjk at gmail.com>
* HTTPCLIENT-2074: Disallow direct execution of CONNECT methods by standard client implementations.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2075: New method Request.responseTimeout(Timeout) in Fluent HC.
Contributed by Ralph <ralph.geerkens at rwth-aachen.de>
* HTTPCLIENT-2073: (regression) WindowsNegotiateScheme incorrectly rejects empty NTLM challenge.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2069: RequestConfig#copy does not copy #responseTimeout.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2061: Corrected sequence of request execution interceptors in classic HttpClient.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Fixed NPE for null HttpContext in minimal async clients.
Contributed by slisaasquatch <sli at saasquat.ch>
Release 5.0
-----------------
This is the first stable (GA) release of HttpClient 5.0.
Notable changes and features included in the 5.0 series are:
* Support for the HTTP/2 protocol and conformance to requirements and
recommendations of the latest HTTP/2 protocol specification documents
(RFC 7540, RFC 7541.)
Supported features:
** HPACK header compression
** Stream multiplexing (client and server)
** Flow control
** Response push
** Message trailers
** Expect-continue handshake
** Connection validation (ping)
** Application-layer protocol negotiation (ALPN)
** TLS 1.2 security features
* Improved conformance to requirements and recommendations of the latest HTTP/1.1 protocol
specification documents (RFC 7230, RFC 7231.)
* New connection pool implementation with lax connection limit guarantees and better
performance under higher concurrency due to absence of a global pool lock.
* Support for Reactive Streams API [http://www.reactive-streams.org/]
* Package name space changed to 'org.apache.hc.client5'.
* Maven group id changed to 'org.apache.httpcomponents.client5'.
HttpClient 5.0 releases can be co-located with earlier major versions on the same classpath
due to the change in package names and Maven module coordinates.
Changelog:
-------------------
* Removed work-around for resumed TLS sessions given that JDK-8212885 fix has been ported to Java 11
and released in Oracle JDK 11.0.3.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Upgraded HttpCore dependency to version 5.0
Contributed by Oleg Kalnichevski <olegk at apache.org>
* DefaultHttpRequestRetryStrategy: Allow zero retry interval
Contributed by Ryan Schmitt <rschmitt at apache.org>
* HTTPCLIENT-2047: fixed regression in DefaultHostnameVerifier causing rejection of certs with non-standard domains.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* GitHub #204: Build requests from method names in ClassicHttpRequests:
ClassicHttpRequests.create(String, String)
ClassicHttpRequests.create(String, URI)
Contributed by Gary Gregory <ggregory at apache.org>
* GitHub #205: Update request factory classes with matching APIs for Method and String method name inputs:
BasicHttpRequests.create(String, URI)
BasicHttpRequests.create(String, String)
ClassicHttpRequests.create(Method, String)
ClassicHttpRequests.create(Method, URI)
SimpleHttpRequests.create(String, URI)
SimpleHttpRequests.create(String, String)
Contributed by Gary Gregory <ggregory at apache.org>
* GitHub #208: Do not use input type names in method names:
SimpleHttpRequest: Delete setBodyBytes(byte[], ContentType) in favor of setBody(byte[], ContentType)
SimpleHttpRequest: Delete setBodyText(String, ContentType) in favor of setBody(String, ContentType)
SimpleHttpResponse: Delete setBodyBytes(byte[], ContentType) in favor of setBody(byte[], ContentType)
SimpleHttpResponse: Delete setBodyText(String, ContentType) in favor of setBody(String, ContentType)
Contributed by Gary Gregory <ggregory at apache.org>
Release 5.0-BETA7
-----------------
This BETA release upgrades HttpCore to the latest version and addresses a number of issues found
since the previous BETA release.
IMPORTANT: This release is expected to be the last BETA version. If no major
design flaws are found the actual 5.0 API will be frozen and the next version will be
promoted to GA.
Changelog:
-------------------
* Improved domain name normalization by DefaultHostnameVerifier.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* DefaultHostnameVerifier: Match DNS and CN names against ICANN domains.
Contributed by Ryan Schmitt <rschmitt at apache.org>
* HTTPCORE-615: Implement HTTP-based cache serializer-deserializer.
Contributed by Scott Gifford <sgifford at suspectclass.com>
* HTTPCLIENT-2040: Copy headers from the original request to the redirect request.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Removed RFC 2965 specific requirements deprecated and superseded by RFC 6265.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2035: Remove HttpRequestRetryHandler in favor of HttpRequestRetryStrategy.
Contributed by Michael Osipov <michaelo at apache.org>
* HTTPCLIENT-2019: Remove ServiceUnavailableRetryStrategy in favor of HttpRequestRetryStrategy.
Contributed by Michael Osipov <michaelo at apache.org>
* HTTPCLIENT-2034: Introduce HttpRequestRetryStrategy.
Contributed by Michael Osipov <michaelo at apache.org>
* CloseableHttpAsyncClient to support explicit HttpHost execution parameter.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2020: DefaultBackoffStrategy to support TOO_MANY_REQUESTS (429).
Contributed by Michael Osipov <michaelo at apache.org>
* HTTPCLIENT-2030: Fixed PublicSuffixMatcher#getDomainRoot behavior with invalid hostnames.
Contributed by Niels Basjes <niels at basjes.nl>
* HTTPCLIENT-2028: Connection managers to allow 0 for `validateAfterInactivity` time value.
Contributed by Peter Frank <pfrank at fandango.com>
* HTTPCLIENT-2023: Allow nested arrays and all primitive types in DefaultHttpCacheEntrySerializer.
Contributed by Olof Larsson <olof at sylt.nu>
Release 5.0-BETA6
-------------------
This BETA release picks up the latest fixes and performance improvements from HttpCore
and addresses a number of issues found since the previous BETA release.
Changelog:
-------------------
* Fixed fallback PublicSuffixMatcher.
Contributed by Ryan Schmitt <rschmitt at apache.org>
* Enforce h2 TLS rules after negotiating TLS, not before.
Contributed by Ryan Schmitt <rschmitt at apache.org>
* HTTPCLIENT-2013: Revised handling of connect exceptions; improved consistency in behavior
of the classic and async clients; ConnectTimeoutException now extends SocketTimeoutException.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Improved handling of request cancellation (classic API).
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Fixed concurrent use of threading unsafe ClassicHttpRequest messages.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Execute Socket#connect under doPrivileged.
Contributed by Simon Willnauer <simonw at apache.org>
* HTTPCLIENT-2009: Fixed StringIndexOutOfBoundsException in AuthSupport#extractFromAuthority.
Contributed by itonyli <429284840 at qq.com>
* Make Accept-Encoding header handling thread-safe.
Contributed by Linton Miller <linton.miller at coxautoinc.com>
Release 5.0-BETA5
-------------------
This BETA release picks up the latest fixes and performance improvements from HttpCore
and addresses a number of issues found since the previous BETA release.
IMPORTANT: This release is expected to be the last BETA version. If no major
design flaws are found the actual 5.0 API will be frozen and the next version will be
promoted to GA.
Changelog:
-------------------
* Information response (1xx) processing support.
Contributed by Kirill Usov <kirill.usov at gmail.com>
* HTTPCLIENT-1968: Preserve escaped PATHSAFE characters when normalizing URI path segments.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-1992: Impossible to access trailer-headers available in chunked transfer-encoding
with classic API.
Contributed by Serkan Turgut <sturgut at amazon.com>
* HTTPCLIENT-1991: incorrect handling of non-standard DNS entries by PublicSuffixMatcher.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Refactor to enable support for non-form based multipart requests
Contributed by Adam Retter <adam.retter at googlemail.com>
* HTTPCLIENT-1981: disallow TRACE requests with an enclosed entity
Contributed by Jay Modi <jay at elastic dot com>
Release 5.0-BETA4
-------------------
This BETA release picks up the latest fixes and performance improvements from HttpCore
and addresses a number of issues found since the previous BETA release.
Notable features in this release:
* Security improvements.
* URI handling improvements.
Changelog:
-------------------
* HTTPCLIENT-1976: Unsafe deserialization in DefaultHttpCacheEntrySerializer.
Contributed by Artem Smotrakov <artem.smotrakov at gmail.com>
* HTTPCLIENT-1969: Filter out weak cipher suites.
Contributed by Artem Smotrakov <artem.smotrakov at gmail.com>
* HttpClient should not retry requests in case of ConnectionClosedException
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Bug fix: Simple response consumer to discard stored content when releasing resources.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Bug fix: main async request execution handlers to release the associated response consumer
upon exception.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Update Apache Commons Codec from 1.11 to 1.12.
Contributed by Gary Gregory <ggregory at apache.org>
* Update RxJava from 2.2.2 to 2.2.7.
Contributed by Gary Gregory <ggregory at apache.org>
* Update JNA from 5.0.0 to 5.2.0.
Contributed by Gary Gregory <ggregory at apache.org>
* Some well known proxies respond with Content-Length=0, when returning 304. For robustness,
always use the cached entity's content length, as modern browsers do.
Contributed by Jayson Raymond <Jayson.Raymond15 at T-Mobile.com>
* HTTPCLIENT-1960: URIBuilder incorrect handling of multiple leading slashes in path component.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-1958: PoolingHttpClientConnectionManager to throw ExecutionException
in case of a lease operation cancellation instead of InterruptedException.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Shutdown executorService on AbstractHttpAsyncClientBase shutdown.
Contributed by 吴雪山 <xueshan.wu at ndkey.com.cn>
* [HTTPCLIENT-1952: Allow default User Agent to be disabled
Contributed by Michael Osipov <michaelo at apache.org>
* Improve HttpResponseException#getMessage.
Contributed by Michael Osipov <michaelo at apache.org>
* Better handling of http(s).proxyUser and http(s).proxyPassword
Contributed by Jens Borgland <jborglan at tibco.com>
* Wrong argument name in PoolingAsyncClientConnectionManagerBuilder#setConnPoolPolicy results
with self assignment of variable.
Contributed by Eryk Szymanski <eszymanski at collab.net>
Release 5.0-BETA3
-------------------
This BETA release adds support for advanced TLS functions (such as ALPN protocol negotiation)
on Java 1.7 and Java 1.8 through Conscrypt TLS library and picks up the latest fixes
and performance improvements from HttpCore.
Notable features in this release:
* TLS ALPN protocol negotiation support on older JREs through Conscrypt TLS library.
Changelog:
-------------------
* Added optional dependency on conscrypt-openjdk-uber 1.4.1; support for advanced TLS functions
(such as ALPN extension) on Java 1.7 and Java 1.8 through Conscrypt TLS library
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Removed OSGi module
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Removed experimental CredSsp auth scheme
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-1949: DigestScheme to use HttpRequest#getRequestUri instead of HttpRequest#getPath
Contributed by Oleg Kalnichevski <olegk at apache.org>
Release 5.0-BETA2
-------------------
This BETA release resolves compatibility issues with Java 11 new TLS engine as well as
a number of defects found since the previous release.
Notable new features in this release:
* JDK 11 compatibility
* Support for request specific push consumers
* Support for Reactive Streams API [http://www.reactive-streams.org/]
Changelog:
-------------------
* Hack to make hostname verification work with TLSv1.3 resumed sessions.
For details see https://markmail.org/message/mxf5v2d2gh6ws2j3
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Added builders for SSLConnectionSocketFactory and client TlsStrategy.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Added enum for supported TLS versions & TLS version parser.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-1946: handling of 308 status as per RFC 7538.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Upgraded HttpCore to version 5.0-beta5.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Async clients to support request specific push consumers.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-1944: Add hardCancellationEnabled option to RequestConfig.
Contributed by Ryan Schmitt <ryansch at amazon.com>
* Overload Request's execute method to allow custom CloseableHttpClient.
Contributed by Nicolas Gomez <nicolas at imogene.fr>
* Fix HttpClient 4.5.4 regression in BasicCookieStore serialization.
Contributed by Mark Mielke <mmielke at ciena.com>
* HTTPCLIENT-1934: Default client TLS strategy passes wrong hostname to the hostname verifier.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-1882: reset authentication state on I/O or runtime error for connection based
authentication schemes (such as NTLM).
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-1924: HttpClient to shut down the connection manager if a fatal error occurs
in the course of a request execution.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Pooling connection managers to implement graceful and immediate shut down.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-1906: certificates containing alternative subject names other than DNS and IP
(such as RFC822) get rejected as invalid.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-1904: check cookie domain for null
Contributed by Hans-Peter Keck <hans-peter.keck at haufe-lexware.com>
* HTTPCLIENT-1900: proxy protocol processor in the CONNECT exec interceptor does not
post-process CONNECT response messages.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-1898: Incorrect comment in example class ClientMultiThreadedExecution.java
Contributed by Ulrich Romahn <ulrich at ulrichromahn dot net>
* HTTPCLIENT-1931: Add factory enum org.apache.hc.client5.http.classic.methods.ClassicHttpRequests
Contributed by Gary Gregory <ggregory at apache.org>
* HTTPCLIENT-1932: Add factory enum org.apache.hc.client5.http.async.methods.HttpRequests
Contributed by Gary Gregory <ggregory at apache.org>
* HTTPCLIENT-1939: Update Apache Commons Codec from 1.10 to 1.11
Contributed by Gary Gregory <ggregory at apache.org>
* HTTPCLIENT-1947: Update JNA from 4.5.2 to 5.0.0
Contributed by Gary Gregory <ggregory at apache.org>
Release 5.0-BETA1
-------------------
This is the first BETA release of HttpClient 5.0. The 5.0 release serices introduces
support for the HTTP/2 protocol and event driven messaging APIs consistent for all
supported HTTP protocol versions.
Changelog:
-------------------
* DefaultHostnameVerifier to use a custom distinguished name (DN) parser instead of LdapName.
Removed dependency on Java Naming extensions.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTP/2 client implementations to support cancellation of ongoing message exchanges without
terminating the underlying connections.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-1395: added config parameter to skip an extra cache entry freshness check upon
cache update in case of a cache miss.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-1824, HTTPCLIENT-1384: asynchronous HTTP cache invalidator.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Redesign of CacheKeyGenerator and HttpCacheInvalidator APIs.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* New APIs for cache entry bulk retrieval; bulk retrieval support by Memcached storage
implementation.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-1824, HTTPCLIENT-1868: Asynchronous HTTP cache storage API. Memcached backend
implementation of async HTTP cache storage.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-1885: Content compression exec interceptor generates incorrect
'Accept-Encoding' header value.
Contributed by Oleg Kalnichevski <olegk at apache.org>
Release 5.0-ALPHA3
-------------------
This is a major release that introduces support for the HTTP/2 protocol and event driven
messaging APIs consistent for all supported HTTP protocol versions.
HttpClient ships with two client implementations:
* HttpClient Classic is based on the classic (blocking) I/O model; largely compatible
with the 4.x APIs; supports HTTP/1.1 only.
* HttpClient Async is based on NIO model; new event driven APIs consistent for all supported
HTTP protocol versions; supports both HTTP/1.1 and HTTP/2.
Notable new features in this release:
* Asynchronous HttpClient implementations optimized for HTTP/2 multiplexed request execution.
* Full support for HTTP caching by asynchronous HttpClient implementations including
streaming message exchanages.
Notable changes and features included in the 5.0 series are:
* Support for the HTTP/2 protocol and conformance to requirements and
recommendations of the latest HTTP/2 protocol specification documents
(RFC 7540, RFC 7541.)
Supported features:
** HPACK header compression
** Stream multiplexing (client and server)
** Flow control
** Response push
** Message trailers
** Expect-continue handshake
** Connection validation (ping)
** Application-layer protocol negotiation (ALPN) on Java 9.0.1+
** TLS 1.2 security features
* Improved conformance to requirements and recommendations of the latest HTTP/1.1 protocol
specification documents (RFC 7230, RFC 7231.)
* Redesigned connection pool implementation with reduced pool lock contention.
* Package name space changed to 'org.apache.hc.client5'.
* Maven group id changed to 'org.apache.httpcomponents.client5'.
* Apache Log4j2 logging APIs used for internal logging instead of Commons Logging APIs.
HttpClient 5.0 releases can be co-located with earlier major versions on the same classpath
due to the change in package names and Maven module coordinates.
Please note that as of 5.0, HttpClient requires Java 1.7 or newer.
Changelog:
-------------------
* HttpAsyncClient implementations optimized for HTTP/2 multiplexed
request execution.
Contributed by Oleg Kalnichevski <[email protected]>
* Improved Ehcache and Memcached storage backends.
Contributed by Oleg Kalnichevski <[email protected]>
* [HTTPCLIENT-1827] Full support for HTTP caching by asynchronous HTTP clients.
Contributed by Oleg Kalnichevski <[email protected]>
* Redesign of HTTP cache resource APIs.
Contributed by Oleg Kalnichevski <[email protected]>
* Deprecated Content-Transfer-Encoding field in MIME body parts per RFC 7578, section 4.7.
Contributed by Oleg Kalnichevski <[email protected]>
* [HTTPCLIENT-293] Implemented the percent encoding of the filename parameter of the Content-Disposition header.
Contributed by Ioannis Sermetziadis <[email protected]>
* [HTTPCLIENT-1845]: Extract InputStreamFactory classes out of GzipDecompressingEntity and
DeflateDecompressingEntity for reuse and to create less garbage.
Contributed by Gary Gregory <ggregory at apache.org>
* [HTTPCLIENT-1858] Alleviate GC pressure due to wire logging.
Contributed by Gary Gregory <ggregory at apache.org>
* Avoid fetching the cached entity twice on cache hit.
Contributed by Leandro Nunes <[email protected]>
* [HTTPASYNC-124] Add doPrivileged blocks to async client and connection manager builders
Contributed by Jay Modi <jay at elastic dot co>
Release 5.0-ALPHA2
-------------------
This is a major release that introduces support for the HTTP/2 protocol and event driven
messaging APIs consistent for all supported HTTP protocol versions.
HttpClient ships with two client implementations:
* HttpClient Classic is based on the classic (blocking) I/O model; largely compatible
with the 4.x APIs; supports HTTP/1.1 only.
* HttpClient Async is based on NIO model; new event driven APIs consistent for all supported
HTTP protocol versions; supports both HTTP/1.1 and HTTP/2.
Notable changes and features included in the 5.0 series are:
* Partial support for the HTTP/2 protocol and conformance to requirements and
recommendations of the latest HTTP/2 protocol specification documents
(RFC 7540, RFC 7541.)
Supported features:
** HPACK header compression
** Stream multiplexing (client and server)
** Flow control
** Response push
** Message trailers
** Expect-continue handshake
** Connection validation (ping)
** Application-layer protocol negotiation (ALPN) on Java 1.9+
** TLS 1.2 security features
* Improved conformance to requirements and recommendations of the latest HTTP/1.1 protocol
specification documents (RFC 7230, RFC 7231.)
* Redesigned connection pool implementation with reduced pool lock contention.
* Package name space changed to 'org.apache.hc.client5'.
* Maven group id changed to 'org.apache.httpcomponents.client5'.
* Apache Log4j2 logging APIs used for internal logging instead of Commons Logging APIs.
Features that are presently NOT supported:
* HTTP/2 transport (classic)
* HTTP tunneling (async)
* Automatic response content decompression (async)
* Caching (async)
HttpClient 5.0 releases can be co-located with earlier major versions on the same classpath
due to the change in package names and Maven module coordinates.
Please note that as of 5.0, HttpClient requires Java 1.7 or newer.
Please note that at this point 5.0 APIs are considered experimental and unstable and are
expected to change in the coming releases without providing a migration path.
Changelog:
-------------------
* [HTTPCLIENT-1714] Add HttpClientBuilder.setDnsResolver(DnsResolver).
Contributed by Alexis Thaveau <alexis.thaveau at gmail.com>
* [HTTPCLIENT-1715] NTLMEngineImpl.Type1Message not thread safe but declared as a constant.
Contributed by Olivier Lafontaine <olafontaine at gmail.com>, Gary Gregory <ggregory at apache.org>
* [HTTPCLIENT-1716] redirect handling of unsafe methods defined by RFC 7231.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* [HTTPCLIENT-1717] Make fluent API .Content.Content(byte[], ContentType) public.
Contributed by Cash Costello <cash.costello at gmail.com>
* [HTTPCLIENT-1730] added #setValidateAfterInactivity to HttpClientBuilder.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* [HTTPCLIENT-1752] Allow to configure the OSGI clients with relaxed SSL checks.
Contributed by Simone Tripodi <simonetripodi at apache.org>
* [HTTPCLIENT-1748] Improved compatibility with system authentication API in applets.
Contributed by Sebastien Caille <sebastien.caille at gmail.com>
* [HTTPCLIENT-1786] Port from Apache Commons Logging to Apache Log4j 2.
Contributed by Gary Gregory <ggregory at apache.org>
* [HTTPCLIENT-1817] Add a "Trust All" TrustStrategy implementation.
Contributed by Gary Gregory <ggregory at apache.org>
* [HTTPCLIENT-1836] DefaultHostnameVerifier#getSubjectAltNames(X509Certificate) throws
java.lang.ClassCastException.
Contributed by Gary Gregory <ggregory at apache.org>, Ilian Iliev <ilian_iliev at yahoo.com>
* [HTTPCLIENT-1691] HttpClient instance used internally by HC Fluent to take system properties into
account by default.
Contributed by Oleg Kalnichevski <olegk at apache.org>
Release 5.0-ALPHA1
-------------------
This major release renders HttpClient API incompatible with the stable 4.x branch
and upgrades HTTP/1.1 protocol conformance to the requirements and recommendations of the latest
protocol specification. This release lays the foundation for transition to HTTP/2 as the primary
transport protocol in the future releases.
Notable changes and features included in the 5.0 series are:
* Improved conformance to requirements and recommendations of the latest HTTP/1.1 protocol
specification (RFC 7230, RFC 7231, RFC 7235)
* Package name space changed to 'org.apache.hc.client5'
* Maven group id changed to 'org.apache.httpcomponents.client5'
* By default the maximum connections per route limit is set to 5
* By default connection request timeout and connect timeout are set to 3 minutes.
HttpClient 5.0 releases can be co-located with earlier versions, meaning you can have both 5.x and
4.x on the classpath without experiencing jar hell.
Please note that as of 5.0 HttpClient requires Java 1.7 or newer.
Please note that at this point we consider 5.0 APIs experimental and unstable and expect them to
change in the coming releases without providing a migration path.
Changelog:
-------------------
* [HTTPCLIENT-1575] route target port must be non negative
Contributed by Oleg Kalnichevski <olegk at apache.org>
* [HTTPCLIENT-1106] Use character arrays for passwords in Credentials objects
Contributed by Oleg Kalnichevski <olegk at apache.org>
* RFC 7235: redesign of HTTP authenticator and related classes
Contributed by Oleg Kalnichevski <olegk at apache.org>
* RFC 7231: parse capable of parsing multiple auth challenges
Contributed by Oleg Kalnichevski <olegk at apache.org>
* RFC 7231: DefaultServiceUnavailableRetryStrategy to take Retry-After header value into account if specified
Contributed by Oleg Kalnichevski <olegk at apache.org>
* RFC 7231: removed restriction on the use of relative URIs in Location header
Contributed by Oleg Kalnichevski <olegk at apache.org>
* RFC 7231: revised redirect handling
Contributed by Oleg Kalnichevski <olegk at apache.org>
* RFC 7231: do not generate header fields in TRACE requests containing sensitive data such as cookie and user
credentials
Contributed by Oleg Kalnichevski <olegk at apache.org>
* RFC 7231: automatic retrial of idempotent methods
Contributed by Oleg Kalnichevski <olegk at apache.org>
* RFC 7230: increased the default max number of concurrent connection for the same route from 2 to 5
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Cache request line in HttpRequestWrapper
Contributed by Dmitry Potapov <dpotapov at yandex-team.ru>
* [HTTPCLIENT-1651] Add ability to disable content compression on a request basis
Contributed by Oleg Kalnichevski <olegk at apache.org>
* [HTTPCLIENT-1696]: Add convenience methods to fluent API class Request.
Contributed by Gary Gregory <ggregory @ apache.org>
Release 4.5.1
-------------------
HttpClient 4.5.1 (GA) is a maintenance release that fixes a number of minor defects found since 4.5.
Please note that as of 4.4 HttpClient requires Java 1.6 or newer.
Changelog:
-------------------
* [HTTPCLIENT-1680] redirect of a POST request causes ClientProtocolException.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* [HTTPCLIENT-1673] org.apache.http.entity.mime.content.* missing from OSGi exports.
Contributed by Benson Margulies <benson at basistech.com>
* [HTTPCLIENT-1668] Fluent request incorrectly handles connect timeout setting.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* [HTTPCLIENT-1667] RequestBuilder does not take charset into account when creating
UrlEncodedFormEntity.
Contributed by Sergey Smith <smithsv at bk.ru>
* [HTTPCLIENT-1655] HttpClient sends RST instead of FIN ACK sequence when using non-persistant
connections.
Contributed by Oleg Kalnichevski <olegk at apache.org>
Release 4.5
-------------------
HttpClient 4.5 (GA) is a minor feature release that includes several incremental enhancements
to the exisitng functionality such as support for private domains in the Mozilla Public Suffix List.
Changelog:
-------------------
* Reduced default validate after inactivity setting from 5 sec to 2 sec.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* [HTTPCLIENT-1649] Fixed serialization of auth schemes.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* [HTTPCLIENT-1645]: Fluent requests to inherit config parameters of the executor.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* [HTTPCLIENT-1640]: RFC6265 lax cookie policy fails to parse 'max-age' attribute.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* [HTTPCLIENT-1633]: RFC6265CookieSpecProvider compatibility level setting has no effect.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* [HTTPCLIENT-1613]: Support for private domains in Mozilla Public Suffix List.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* [HTTPCLIENT-1651]: Add ability to disable content compression on a request basis.
Contributed by Michael Osipov <michaelo at apache.org>
* [HTTPCLIENT-1654]: Deprecate/remove RequestConfig#decompressionEnabled in favor of #contentCompressionEnabled.
Contributed by Michael Osipov <michaelo at apache.org>
Release 4.4.1
-------------------
HttpClient 4.4.1 (GA) is a maintenance release that fixes a number of defects in new functionality
introduced in version 4.4.
Users of HttpClient 4.4 are encouraged to upgrade.
Please note that as of 4.4 HttpClient requires Java 1.6 or newer.
Changelog:
-------------------
* Marked RFC 2109, RFC 2965, Netscape draft cookie specs as obsolete.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* [HTTPCLIENT-1633] RFC6265CookieSpecProvider compatibility level setting has no effect.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* [HTTPCLIENT-1628]: Auth cache can fail when domain name contains uppercase characters.
Contributed by Dennis Ju <dejuknow at gmail.com>
* [HTTPCLIENT-1609] Stale connection check in PoolingHttpClientConnectionManager has no effect.
Internal connection pool does not correctly implement connection validation.
Contributed by Charles Lip <rene1 at singnet.com.sg>
Release 4.4 Final
-------------------
This is the first stable (GA) release of HttpClient 4.4. Notable features and enhancements included
in 4.4 series are:
* Support for the latest HTTP state management specification (RFC 6265). Please note that the old
cookie policy is still used by default for compatibility reasons. RFC 6265 compliant cookie
policies need to be explicitly configured by the user. Please also note that as of next feature
release support for Netscape draft, RFC 2109 and RFC 2965 cookie policies will be deprecated
and disabled by default. It is recommended to use RFC 6265 compliant policies for new applications
unless compatibility with RFC 2109 and RFC 2965 is required and to migrate existing applications
to the default cookie policy.
* Enhanced, redesigned and rewritten default SSL hostname verifier with improved RFC 2818
compliance.
* Default SSL hostname verifier and default cookie policy now validate certificate identity
and cookie domain of origin against the public suffix list maintained by Mozilla.org
<https://publicsuffix.org/list>
* More efficient stale connection checking: indiscriminate connection checking which results
in approximately 20 to 50 ms overhead per request has been deprecated in favor of conditional
connection state validation (persistent connections are to be re-validated only if a specified
period inactivity has elapsed.)
* Authentication cache thread-safety: authentication cache used by HttpClient is now thread-safe
and can be shared by multiple threads in order to re-use authentication state for subsequent
requests.
* Native Windows Negotiate and NTLM via SSPI through JNA: when running on Windows OS HttpClient
configured to use native NTLM or SPNEGO authentication schemes can make use of platform specific
functionality via JNA and current user credentials. This functionality is still considered
experimental, known to have compatibility issues and subject to change without prior notice.
Use at your discretion.
This release also includes all fixes from the stable 4.3.x release branch.
Please note that as of 4.4 HttpClient requires Java 1.6 or newer.
Changelog:
-------------------
* Support for the latest HTTP state management specification (RFC 6265).
Contributed by Oleg Kalnichevski <olegk at apache.org>
* [HTTPCLIENT-1515] Caching of responses to HEAD requests
Contributed by Tyrone Cutajar <tj.cutajar at gmail.com> and
Francois-Xavier Bonnet <fx at apache.org>
* [HTTPCLIENT-1560] Native Windows auth improvements.
Contributed by Michael Osipov <michaelo at apache.org>
* Update Apache Commons Logging version from 1.1.3 to 1.2.
Contributed by Gary Gregory <ggregory at apache.org>
* Update Apache Commons Codec version from 1.6 to 1.9.
Contributed by Gary Gregory <ggregory at apache.org>
* Update Ehcache version from 2.2.0 to 2.6.9.
Contributed by Gary Gregory <ggregory at apache.org>
* Update Ehcache version from 2.2.0 to 2.6.9.
Contributed by Gary Gregory <ggregory at apache.org>
* Update Spymemcached version from 2.6 to 2.11.4.
Contributed by Gary Gregory <ggregory at apache.org>
* Update SLF4J version from 1.5.11 to 1.7.7.
Contributed by Gary Gregory <ggregory at apache.org>
Release 4.4 BETA1
-------------------
This is the first BETA release of HttpClient 4.4. Notable features and enhancements included
in 4.4 series are:
* Enhanced redesigned and rewritten default SSL hostname verifier with improved RFC 2818
compliance
* Default SSL hostname verifier and default cookie policy now validate certificate identity
and cookie domain of origin against the public suffix list maintained by Mozilla.org
<https://publicsuffix.org/list>
* Native windows Negotiate/NTLM via JNA: when running on Windows OS HttpClient configured to use
native NTLM or SPNEGO authentication schemes can make use of platform specific functionality