-
Notifications
You must be signed in to change notification settings - Fork 972
/
RELEASE_NOTES.txt
3746 lines (2523 loc) · 147 KB
/
RELEASE_NOTES.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
Release 5.4
------------------
This is the first GA release in the 5.4 release series. This release finalizes the 5.4 APIs,
upgrades HttpCore to version 5.3 and improves the Public Suffix matching algorithm implementation.
IMPORTANT! The new cache entry serialization format is incompatible with earlier
versions of HttpClient Cache. Persistent caches (file system based, Memcached, EhCAche
with object serialization) created with any earlier version MUST be flushed and re-populated
or the cache backend MUST be configured to use the old, deprecated cache entry serializer.
Notable changes and features included in the 5.4 series:
* Improved conformance to RFC 9110 (HTTP Semantics), RFC 7616 (HTTP Digest Access
Authentication), RFC 2617 (’Basic’ HTTP Authentication Scheme).
* UTF-8 encoding is used by default for text where appropriate.
* Compatibility with Java Virtual Threads and Java 21 Runtime.
* Redesign and rewrite of the HTTP caching protocol layer for better efficiency
and improved conformance to RFC 9111 (HTTP Caching).
* Cache control and context APIs.
* ETag APIs.
* TLS SNI and endpoint identification improvements.
* Support for RFC 2817 (Upgrading to TLS Within HTTP/1.1).
* Auth cache no longer makes use of Java serialization.
* Deprecation of ConnectionSocketFactory and LayeredConnectionSocketFactory.
* HttpContext optimization and performance improvement.
* Async cache is no longer considered experimental.
Change Log
-------------------
* HTTPCLIENT-2338: Put compress exec interceptor after retry exec interceptor.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Upgraded HttpCore to version 5.3.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Javadoc improvements.
Contributed by Gary Gregory <garydgregory at gmail.com>
* DeflateInputStream extends FilterInputStream
Contributed by Gary Gregory <garydgregory at gmail.com>
* HTTPCLIENT-2335: Added close() method with CloseMode parameter to CloseableHttpResponse.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2336: Corrected hostname identity verification logic.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2336: Updated PublicSuffixMatcher to use the 'formal algorithm' as specified
https://github.com/publicsuffix/list/wiki/Format#formal-algorithm.
Contributed by Adrian Woodhead <adrian.woodhead at humansecurity.com>
* Input streams returned by DecompressingEntity#getContent to support mark(int) and reset()
if the underlying stream does.
Contributed by Gary Gregory <garydgregory at gmail.com>
* Improved FQDN matching.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Removed @Experimental from async cache classes.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2333: Update execution scope upon request redirect to avoid re-execution
of the original request in case of an I/O error.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Re-introduced LaxRedirectStrategy from 4.x
Contributed by Otavio Prado <otavio.prado at sensedia.com>
Release 5.4 BETA1
------------------
This is the first BETA release in the 5.4 release series. It upgrades HttpCore to version
5.3-beta1 and adds a few minor improvements and fixes.
Change Log
-------------------
* HTTPCLIENT-2328: Blocking I/O connections to check if the opposite TLS endpoint
has been closed by the opposite endpoint while writing out request body.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Redesign of test server APIs and integration test setup.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2331: Skip cookie header generation if a Cookie header is already
present (#561).
Contributed by Arturo Bernal <abernal at apache.org>
* HTTPCLIENT-2326: Propagate original proxy response to the caller in case of
HTTP CONNECT request failure.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2327: Propagate CancellationExceptions from MemcachedClient operations
as ResourceIOExceptions (#559).
Contributed by jattisha <jattisha at umich.edu>
* Callbacks for Connection initialization.
Contributed by Richard Tippl <richard.tippl at gmail.com>
* HTTPCLIENT-2325 Avoid adding "; charset=" for multipart/form-data requests
Contributed by Vladimir Sitnikov <sitnikov.vladimir at gmail.com>
Release 5.4 ALPHA2
------------------
This is the second and likely the last ALPHA release in the 5.3 release series.
It finalizes the new Cache API introduced in the previous ALPHA release and also
improves TLS customization for the classic transport, SNI and endpoint identification
support, authentication data caching, and HTTP context performance. It also introduces
support for optional TLS upgrades for HTTP/1.1 connections.
Change Log
-------------------
* HttpClientContext to use instance variables for standard attributes.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2151: Support for JSSE in-built endpoint identification.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Internal connection operators to make use of the target name from the request URI
authority.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* DefaultRoutePlanner to take the request authority into account when determining a route for
HTTPS requests.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* RouteInfo and HttpRoute to include the target name from the URI authority in case it differs
from the target host (the host recognizes multiple authorities).
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2316: BasicHttpClientConnectionManager incorrectly re-uses the released connection
if it has been closed out by the protocol handler.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2070: Auth cache to no longer rely on Java serialization for auth state caching.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-751: Support for RFC 2817 (Upgrading to TLS Within HTTP/1.1).
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Connection endpoints to provide TLS details and protocol version.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Deprecated ConnectionSocketFactory, LayeredConnectionSocketFactory, and their plain and SSL
implementations in favor of DefaultClientTlsStrategy.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Standard client TLS strategy implementations support the upgrading of blocking sockets.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* FileResourceFactory to generate stable file names for the same request ID and entity tag.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Cache ResourceFactory to make use of strong eTags when available.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* ETag APIs.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Fixed a design mistake of ConnectionEndpoint having a direct dependency on
HttpRequestExecutor class.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Cache control and context APIs.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2315: Client builders fail to apply system properties to the default
connection manager.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2314: Handle gracefully a failure of DnsResolver to return a list of
resolved addresses (#533).
Contributed by Philip Helger <philip at helger.com>
* HTTPCLIENT-2314: Throw ConnectionShutdownException in case of pooled connection
having been closed or discarded instead of plain IllegalStateException.
Contributed by Oleg Kalnichevski <olegk at apache.org>
Release 5.4 ALPHA1
-------------------
This is the first ALPHA release in the 5.4 release series that improves HTTP protocol support
by ensuring conformance to the latest HTTP specification (RFC 9110, RFC 9111, RFC 7616,
RFC 7617), ensures compatibility with Java Virtual Threads by replacing 'synchronized' keywords
in critical sections with Java lock primitives. The HTTP caching protocol layer has also been
redesigned and overhauled to improve cache efficiency and optimize performance.
Change Log
-------------------
* `username*` validation and decoding in DigestScheme as per RFC (#511).
Contributed by Arturo Bernal <abernal at apache.org>
* Support for Userhash parameter in Digest authentication as per RFC 7616 (#509).
Contributed by Arturo Bernal <abernal at apache.org>
* Enforce UTF-8 encoding in Digest authentication according to RFC 7616 (#508).
Contributed by Arturo Bernal <abernal at apache.org>
* Enforce UTF-8 encoding in BasicSchemeFactory as per RFC 7617 (#506).
Contributed by Arturo Bernal <abernal at apache.org>
* Stricter password validation in BasicScheme (#505).
Contributed by Arturo Bernal <abernal at apache.org>
* Bug fix: When validating a cache entry the protocol handlers must use the current request
message with additional headers generated by the previous request interceptors instead of
the original request message.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Better debug logging in the caching protocol handlers.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Better HTTP execution context management by caching protocol handlers.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2301. Fixed a concurrency defect in the connection release code of
BasicHttpClientConnectionManager.
Contributed by Arturo Bernal <abernal at apache.org>
* HttpCacheEntry to cache parsed DATE, EXPIRES, and LAST_MODIFIED values; avoid parsing
DATE header of cache entries and HTTP messages multiple times.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2293: Via header protocol improvements and performance optimization.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2293: RFC-compliant TRACE request interceptor (#486).
Contributed by Arturo Bernal <abernal at apache.org>
* HTTPCLIENT-2293: 'If-Range' request validation as per RFC 9110 (#485).
Contributed by Arturo Bernal <abernal at apache.org>
* HTTPCLIENT-2293: Enforce port specification for CONNECT requests as per RFC 9110 (#482).
Contributed by Arturo Bernal <abernal at apache.org>
* HTTPCLIENT-2284: Internal cache storage improvements (#478).
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Replace `synchronized` blocks with ReentrantLock to ensure compatibility with virtual
threads (#476).
Contributed by Arturo Bernal <abernal at apache.org>
* HTTPCLIENT-2284: Cache entry representation improvements: (#477).
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2277: Rewrite the caching protocol layer for improved efficiency and
conformance to RFC 9111.
Contributed by Arturo Bernal <arturobernalg@gmail.com> and
Oleg Kalnichevski <olegk at apache.org> and
* Request and response Cache-Control APIs
Contributed by Arturo Bernal <arturobernalg@gmail.com> and
Oleg Kalnichevski <olegk at apache.org> and
* HttpByteArrayCacheEntrySerializer refactoring and performance improvements.
Contributed by Arturo Bernal <abernal at apache.org>
Release 5.3
-------------------
This is the first GA release in the 5.3 release series. This release finalizes the 5.3 APIs
and also includes all bug fixes from the 5.2 release branch.
The 5.3 release series introduces support for the Bearer authentication scheme (RFC 6750) and
deprecates NTLM and GSS-based experimental authentication schemes in favor of Basic / Bearer
authentication with TLS.
Notable changes and features included in the 5.3 series:
* Introduction of the Bearer authentication scheme.
* Deprecation of the NTLM authentication scheme.
* Deprecation of the GSS-based experimental authentication schemes.
* Support for load distribution across multiple proxies.
Change Log
-------------------
* HTTPCLIENT-2310: Async Connect exec handler incorrectly pipes CONNECT requests through the main
request protocol chain.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Upgraded HttpCore to version 5.2.4.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* SEE OTHER redirect handling fix.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2305: SSLConnectionSocketFactory allows Socket.connect() to be decorated (#499).
Contributed by Carter Kozak <ckozak at apache.org>
* Add security warning to TrustStrategy implementations documentation (#490).
Contributed by Marcono1234 <Marcono1234 at users.noreply.github.com>
* More consistent handling of OperationTimeoutException in MemcachedHttpCacheStorage.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Document exec chain behavior when automatic retries are enabled. (#480).
Contributed by cachescrubber <lars.uffmann at gmail.com>
* HTTPCLIENT-2291: Fixed inconsistency in behavior between the class and async implementation
of the request re-execution. The async request retry exec will now restart request execution
from itself instead of from the very beginning of the execution chain.
Contributed by Oleg Kalnichevski <olegk at apache.org>
Release 5.3 ALPHA1
------------------
This is the first release in the 5.3 release series that introduces support for the Bearer
authentication scheme (RFC 6750) and deprecates NTLM and GSS-based experimental authentication
schemes in favor of Basic / Bearer authentication with TLS.
Change Log
-------------------
* GSS-based experimental authentication schemes deprecated and disabled by default.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* NTLM scheme deprecated and disabled by default.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Added linear and exponential BackoffManager implementations.
Contributed by Arturo Bernal <arturobernalg at gmail.com>
* Improved AIMDBackoffManager.
Contributed by Arturo Bernal <arturobernalg at gmail.com>
* Added DistributedProxySelector with support for load distribution across multiple
proxies.
Contributed by Arturo Bernal <arturobernalg at gmail.com>
* Support for preamble and epilogue in multipart entities.
Contributed by Arturo Bernal <arturobernalg at gmail.com>
* HttpResponseException to include response message content (up to 256 bytes).
Contributed by Arturo Bernal <arturobernalg at gmail.com>
* Workaround for URL quoting issue with LLv6 host literals.
Contributed by Arturo Bernal <arturobernalg at gmail.com>
* Bearer auth scheme support (RFC 6750)
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Credentials interface should be able to represent different types of user credentials
including token-based with no password.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Connection settings `timeToLive` and `validateAfterInactivity` set to zero to always
close or validate connections being leased.
Contributed by Christoph Kaser <berlin at caser.de>
* Digest authentication scheme to omit the algorithm in the authentication response
if it has not been explicitly set in the authentication challenge, as per RFC 7616.
Contributed by John Vasileff <john at vasileff.com>
* HTTPCLIENT-2271: Do not optimize the path component of the resolved URI by default.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Pass HttpContext to SSLConnectionSocketFactory#prepareSocket method (#404)
Contributed by Alen Turkovic <alturkovic at gmail.com>
Release 5.2.1
------------------
This is a maintenance release that fixes several regressions found in release 5.2.
Change Log
-------------------
* Regression: Async execution runtimes set the negotiated protocol version in the execution
context at the wrong point of request execution.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Cancel connection request on exception.
Contributed by Bryan Keller <bryanck at gmail.com>
* Replace deprecated use of LangUtils#equals() with Objects.equals().
Contributed by Gary Gregory <ggregory at apache.org>
* Regression: Multipart body builder and multipart formatters fail to escape special characters
such as backslash and quote mark.
Contributed by Oleg Kalnichevski <olegk at apache.org>
Release 5.2
------------------
This is the first GA release in the 5.2 release series. This release finalizes the 5.2 APIs
and corrects several defects discovered since the previous release.
Please note that 5.2 upgrades the minimal JRE level to version 8 (8u251 is required).
Please note this is likely to be the last release series with support for SPNEGO and NTLM
authentication. As of version 5.3 GSS-API-based authentication schemes (Kerberos, SPNEGO)
and NTLM authentication schemes are going to be deprecated and disabled by default.
Notable changes and features included in the 5.2 series:
* Upgrade to Java 8.
* Improved support for TLS upgrade and HTTP protocol upgrade (async).
* Support for H2 tunneling via HTTP/1.1 proxy.
* Conformance to RFC 7617 (The 'Basic' HTTP Authentication Scheme).
* Migration to Java 8 Time primitives in State Management and Cache APIs.
* Connection and TLS configuration on a per-route basis.
* Base64 codec based on Commons Codec replaced with JRE Base64 codec.
Dependency on Commons Codec dropped.
* Optional support for BR (Brotli) decompression.
Change Log
-------------------
* HTTPCLIENT-2242: RoutingSupport fails to copy InetAddress when normalizing HttpHost.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2240: Fixed incorrect CONNECT method initialization in ProxyClient.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2236: MultihomeIOSessionRequester fails to enhance the cause exception in case
of connect failure if the remoteAddress argument has been given.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Use Objects.toString() instead of String type cast
Contributed by Gary Gregory <garydgregory at gmail.com>
* HTTPCLIENT-2232: Last protocol interceptors moved at the end of the H2 protocol processing
pipeline.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* H2 async runtime to proactively set HTTP/2 protocol version in the execution context.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2231: Fixed a race condition in the main async executor when the request execution
on an I/O thread is faster than execution pipeline management on the client thread.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Avoid duplicate redundant objects and use Singleton instead.
Contributed by Arturo Bernal <arturobernalg at gmail.com>
* HTTPCLIENT-2225: Connection route calculation does not take the default RequestConfig into
account.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Avoid unnecessary use of Instant.toEpochMilli by using Instant#compareTo to compare
Instants directly.
Contributed by jkmcl
* HTTPCLIENT-2221 Closing a classic response/entity allows connection reuse.
Contributed by Carter Kozak <ckozak at apache.org>
Release 5.2 BETA1
------------------
This is the first BETA release in the 5.2 release series that upgrades the minimal JRE
level to version 8 (8u251 is required) and includes several protocol level and
API improvements. It also includes all bug fixes from the 5.1 branch.
Change Log
-------------------
* Upgraded HttpCore to version 5.2-beta2.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2218: Use Java 8 Base64 utility (#370).
Contributed by j3graham <j3graham@gmail.com>
* Added support for BR (Brotli) decompression (#363).
Contributed by 殷成涛 <yinwoods@163.com>
* HTTPCLIENT-2212: MinimalHttpAsyncClient fails to release client endpoints in case of
a connect error (such as TLS handshake failure).
Contributed by Oleg Kalnichevski <olegk at apache.org>
* InternalAbstractHttpAsyncClient to create daemon threads.
Contributed by Richard Hernandez <riher at amazon.com>
* HTTPCLIENT-2080: Added #getRetryInterval method to HttpRequestRetryStrategy for use
on retriable IOExceptions (#356).
Contributed by Anthony Baldocchi <489445+ajbaldocchi at users.noreply.github.com>
* Fixed infinite recursion in SSLConnectionSocketFactory.
Contributed by Ryan Schmitt <rschmitt at apache.org>
* HTTPCLIENT-2200: Protocol interceptors are executed before the connection route has
been fully established.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2209: Pass HttpContext to AsyncClientConnectionOperator (#353).
Contributed by Andriy Redko <drreta at gmail.com>
* HTTPCLIENT-2206: Corrected resource de-allocation by fluent response objects.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* ExecSupport#getNextExchangeId() optimization (#352)
Contributed by David Schlosnagle <schlosna at gmail.com>
* HTTPCLIENT-2203: Corrected target host normalization by the request execution interceptors;
added ContextBuilder with support for preemptive authentication initialization.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2202: MemcachedHttpCacheStorage to support MemcachedClientIF interface.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Bug fix: ByteArrayBuilder incorrectly handles empty strings.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2198: Fixed AbstractClientTlsStrategy to respect HttpVersionPolicy.
Contributed by Andrei Vasilev <59628447+AndreiSVasilev at users.noreply.github.com>
* Updated AbstractClientTlsStrategy to pass only the HttpVersionPolicy set by TlsConfig
instead of the entire TlsConfig to H2TlsSupport#selectApplicationProtocols() method.
Contributed by Andrei Vasilev <59628447+AndreiSVasilev at users.noreply.github.com>
* HTTPCLIENT-2195, regression: Classic ConnectExec incorrectly discards the proxy response
body even if the request cannot be executed and the response is final.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2194: Async retry request interceptor fails to correct include request body
on retry (#343).
Contributed by JasonMathison <JasonMathison at users.noreply.github.com>
* Deprecated execute methods that return an open response object in favor of execute
methods with a response handler and automatic resource deallocation.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2189: Cookie and Cache APIs to use Java time primitives.
Contributed by Arturo Bernal <arturobernalg at gmail.com>
* Apply English locale to all date header formatters.
Contributed by Michael Osipov <michaelo at apache.org>
* HTTPCLIENT-2184: Fixed an issue in which connections were not returned to the pool
when requests contained non-repeatable bodies AND responses were streamed.
Contributed by Carter Kozak <ckozak at apache.org>
Release 5.2 ALPHA1
------------------
This is the first ALPHA release in the 5.2 release series that upgrades minimal JRE
level to version 1.8 (8u251 is required) and includes several protocol level and
API improvements. It also includes all bug fixes from the 5.1 branch.
Notable changes and features included in the 5.2 series:
* Upgrade to Java 8.
* Improved support for TLS upgrade and HTTP protocol upgrade (async).
* Support for H2 tunneling via HTTP/1.1 proxy.
* Conformance to RFC 7617 (The 'Basic' HTTP Authentication Scheme).
Change Log
-------------------
* Replaced SimpleDateFormat and Calendar with Java 8 Time APIs; removed thread-local
from DateUtils.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Support for connection 'total time to live' setting on a per-route basis.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Configurable IOReactor IO session decorator configurable.
Contributed by Arturo Bernal <arturobernalg at gmail.com>
* HTTPCLIENT-2182: Access to SSLSession attributes via reflection is disallowed as of Java 16.
Core TLS functions now use new Java 1.8 API introduced by 8u251 update.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2135: TLS configuration on a per-host basis.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* RFC 7230: Treat presence of userinfo in authority component in request URI as an HTTP
protocol violation.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* AuthCache conformance to RFC 7617.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Added immutable CredentialsProvider implementations and a CredentialsProvider builder.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2045: BASIC auth scheme conformance to RFC 7617.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2120: support for H2 via HTTP/1.1 proxy.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Moved connection management-related settings from RequestConfig to new class ConnectionConfig.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2139: Cookie Header HttpOnly attribute.
Contributed by Arturo Bernal <arturobernalg at gmail.com>
Release 5.1.1
-----------
This release upgrades HttpCore to the latest 5.1 version and fixes a number of issues found
since release 5.1.
Change Log
-------------------
* Don't initialize AtomicReference to its default value.
Contributed by Gary Gregory <ggregory at apache.org>
* Corrected resolution of the target host in DefaultUserTokenHandler.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2177: automatically force HTTP/1.1 protocol policy when executing requests
via a proxy tunnel.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2177: fixed incorrect route state tracking by the async connect executor
when negotiating a tunnel via a proxy.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2177: keep successful tunnel connections alive regardless of `Connection: close`.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2173: async pooling connection manager to close half-open connection gracefully.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Don't retry a request for NoRouteToHostException.
Contributed by Jaikiran Pai <jaikiran.pai at gmail.com>
* HTTPCLIENT-2170: Classic protocol layer no longer releases the underlying connection back
to the pool prematurely while the NTLM handshake is still ongoing.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Fixed connection lease request cancellation race in both classic and asyc pooling connection
managers.
Contributed by Oleg Kalnichevski <olegk at apache.org>
Release 5.1
-----------
This is the first GA release in the 5.1 release series.
Notable changes and features included in the 5.1 series:
* Conditional conformance with RFC 3986 (Uniform Resource Identifier (URI): Generic Syntax).
* Improved support for out of sequence response message handing by the the classic (blocking)
HTTP transport.
* Improved message builders.
Please note that 5.1 is going to be the last release series compatible with Java 1.7.
HttpClient will require Java 1.8 as of 5.2.
Change Log
-------------------
* HTTPCLIENT-2157: Response object generated by the classic caching backend is missing
the original content encoding.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2152: Fixed handling of unexpected unchecked exception by the async request
retry exec interceptor.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Async clients to support scheduled (delayed) re-execution of requests.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2148: fluent Executor volatile access thread safety (#301).
Contributed by Carter Kozak <ckozak at apache.org>
* HTTPCLIENT-2149: When no dNSName, match against CN.
Contributed by Peter Dettman <peter.dettman at bouncycastle.org>
* HTTPCLIENT-2147: fixed broken preemptive auth in HC Fluent.
Contributed by Robert Rodewald <robert.rodewald at kopsis.com>
* HTTPCORE-672: cleanup of H2 connection validation code.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HttpAsyncClientBuilder: Make IOReactor exception callback configurable
Contributed by Ryan Schmitt <ryansch at amazon.com>
* HTTPCLIENT-2141: HttpClient to not retry requests if the retry interval exceeds the response
timeout.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Fixed NPE during dispose in Response if entity is null
Contributed by Sandeep Kulkarni <sandeep at snk.local>
* Blocking connection managers to validate connections after inactivity of more than 2s
by default.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Deprecated request factory classes in favor of request builders.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2140: Upgraded Commons Codec to version 1.15.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Deprecated message copiers in favor of generic message builders.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Kerberos/SPNego fixes
Contributed by Carey Lin <careylin1111 at gmail.com>
Release 5.1 BETA1
------------------
This is the first BETA release in the 5.1 release series that includes a number of
new features as well performance optimizations in the classic HTTP transport.
Notable changes and features included in the 5.1 series:
* Conditional conformance with RFC 3986 (Uniform Resource Identifier (URI): Generic Syntax).
* Improved support for out of sequence response message handing by the the classic (blocking)
HTTP transport.
Changelog:
-------------------
* RFC 3986 conformance: URIUtils to re-use URIBuilder functionality.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Improved I/O session and wire logging.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Add interceptors before MAIN_TRANSPORT so they won't be ignored (#272)
Contributed by Rob Spoor <robtimus at users.noreply.github.com>
* HTTPCLIENT-2104: ManagedHttpClientConnectionFactory to support ResponseOutOfOrderStrategy configuration.
Contributed by Carter Kozak <ckozak at apache.org>
* Fixed NPE when H2/Async client interceptors are added using first/last (#268).
Contributed by Koji Lin <koji.lin at gmail.com>
* HTTPCLIENT-2126: `InternalAbstractHttpAsyncClient` incorrectly handles response messages with no enclosed
entity.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2124: Fixed NOE in MinimalHttpClient#doExecute (#261).
Contributed by Gary Gregory <ggregory at apache.org>
* HTTPCLIENT-2122: async client to throw `HTTP/2 tunneling not supported` protocol exception in case of
`force HTTP/2` version policy used along with request proxy routing.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2123: H2AsyncClientBuilder incorrectly adds last request interceptors to the head of
the interceptor list.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Use decimal numbers for endpoint/execution IDs (#249).
Contributed by Michael Osipov <michaelo@apache.org>
* HTTPCLIENT-2106: Added charset parameter for DigestScheme.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2103: ManagedHttpClientConnectionFactory provides a fluent builder
Contributed by Carter Kozak <ckozak at apache.org>
Release 5.0.3
-----------------
This release upgrades HttpCore to the latest version, improves conformance to RFC 7235
(Hypertext Transfer Protocol (HTTP/1.1): Authentication) and addresses a number of
issues found since 5.0.2 release.
Changelog:
-------------------
* PR #270: Master try w res and more.
- Use try-with-resources.
- Use Arrays.fill().
- Add missing @override.
- Simplify if/else.
- Remove redundant modifiers. …
- Remove redundant returns.
Contributed by Gary Gregory <ggregory at apache.org>
Release 5.0.2
-----------------
This release upgrades HttpCore to the latest version, improves conformance to RFC 7235
(Hypertext Transfer Protocol (HTTP/1.1): Authentication) and addresses a number of
issues found since 5.0.1 release.
Changelog:
-------------------
* HTTPCLIENT-2116: Incorrect request message composition when routing requests
via a proxy.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* PoolingAsyncClientConnectionManager incorrectly emits Ping commands to HTTP/1.1
endpoints (#255).
Contributed by 滕杰1 <tengjie1 at xdf.cn>
* HTTPCLIENT-2115: HttpAsyncClientBuilder and H2AsyncClientBuilder fail to take
`replaceExecInterceptor()` into account.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2112: AbstractMultipartFormat respects ByteBuffer.arrayOffset (#253).
Contributed by Carter Kozak <ckozak at apache.org>
* Avoid updating Content-Length header in a 304 response.
Contributed by Dirk Henselin <dirk.henselin at vwgis.de>
* HTTPCLIENT-2105: Async clients incorrectly handle redirects of requests with enclosed
entity.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2100: Incorrect handling of EXTENDED mode by MultipartEntityBuilder
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2099, HTTPCLIENT-2091: SSLConnectionSocketFactory connect timeout fix (#241).
Contributed by Carter Kozak <ckozak at apache.org>
* Bug fix: BasicExpiresHandler is annotated as immutable but is not (#240).
Contributed by Gary Gregory <ggregory at apache.org>
* HTTPCLIENT-2096: Migrate instance loggers to static fields
Contributed by Carter Kozak <ckozak at apache.org>
* Added Automatic-Module-Name to the artefact manifests.
Contributed by Niels Basjes <niels at basjes.nl>
* MultipartEntityBuilder#generateBoundary optimization (#233)
Contributed by slisaasquatch <slisaasquatch at users.noreply.github.com>
* HTTPCLIENT-2094: ConnectionManager validateAfterInactivity zero duration agreement
Contributed by Carter Kozak <ckozak at apache.org>
* RFC 7235 compliance, HTTPCLIENT-2086: Fixed parsing of token68 based (base64-encoded)
auth schemes.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2091: Connect timeout is used instead of socket timeout after a tls upgrade
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2084: Client builders incorrectly add message interceptors with LAST position
to the head of the list.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2083: Fix NPE when classic client interceptors are added.
Contributed by Carter Kozak <ckozak at apache.org>
Release 5.0.1
-----------------
This release upgrades HttpCore to the latest version and addresses a number of issues found
since 5.0 release.
Changelog:
-------------------
* Bug fix: Classic connection managers fail to take #isConsistent() flag into account when
re-using persistent connections.
7 Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2077: Authentication failure due to incorrect NTLM auth value check.
Contributed by vonahok <64310078+vonahok at users.noreply.github.com>
* HTTPCLIENT-2051: Corrected handling of 303 redirects.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPASYNC-160: HttpAsyncClient in INACTIVE or STOPPED state throws a IllegalStateException
causing the current thread to terminate.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2076: Fixed NPE in LaxExpiresHandler.
Contributed by heejeongkim <aprilhjk at gmail.com>
* HTTPCLIENT-2074: Disallow direct execution of CONNECT methods by standard client implementations.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2075: New method Request.responseTimeout(Timeout) in Fluent HC.
Contributed by Ralph <ralph.geerkens at rwth-aachen.de>
* HTTPCLIENT-2073: (regression) WindowsNegotiateScheme incorrectly rejects empty NTLM challenge.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2069: RequestConfig#copy does not copy #responseTimeout.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2061: Corrected sequence of request execution interceptors in classic HttpClient.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Fixed NPE for null HttpContext in minimal async clients.
Contributed by slisaasquatch <sli at saasquat.ch>
Release 5.0
-----------------
This is the first stable (GA) release of HttpClient 5.0.
Notable changes and features included in the 5.0 series are:
* Support for the HTTP/2 protocol and conformance to requirements and
recommendations of the latest HTTP/2 protocol specification documents
(RFC 7540, RFC 7541.)
Supported features:
** HPACK header compression
** Stream multiplexing (client and server)
** Flow control
** Response push
** Message trailers
** Expect-continue handshake
** Connection validation (ping)
** Application-layer protocol negotiation (ALPN)
** TLS 1.2 security features
* Improved conformance to requirements and recommendations of the latest HTTP/1.1 protocol
specification documents (RFC 7230, RFC 7231.)
* New connection pool implementation with lax connection limit guarantees and better
performance under higher concurrency due to absence of a global pool lock.
* Support for Reactive Streams API [http://www.reactive-streams.org/]
* Package name space changed to 'org.apache.hc.client5'.
* Maven group id changed to 'org.apache.httpcomponents.client5'.
HttpClient 5.0 releases can be co-located with earlier major versions on the same classpath
due to the change in package names and Maven module coordinates.
Changelog:
-------------------
* Removed work-around for resumed TLS sessions given that JDK-8212885 fix has been ported to Java 11
and released in Oracle JDK 11.0.3.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Upgraded HttpCore dependency to version 5.0
Contributed by Oleg Kalnichevski <olegk at apache.org>