Release 5.4 BETA1 ------------------ This is the first BETA release in the 5.4 release series. It upgrades HttpCore to version 5.3-beta1 and adds a few minor improvements and fixes. IMPORTANT! Please note the new cache entry serialization format is incompatible with earlier versions of HttpClient Cache. Persistent caches (file system based, Memcached, EhCAche with object serialization) created with any earlier version MUST be flushed and re-populated or the cache backend MUST be configured to use the old, deprecated cache entry serializer. Notable changes and features included in the 5.4 series: * Improved conformance to RFC 9110 (HTTP Semantics), RFC 7616 (HTTP Digest Access Authentication), RFC 2617 (’Basic’ HTTP Authentication Scheme). * UTF-8 encoding is used by default for text where appropriate. * Compatibility with Java Virtual Threads and Java 21 Runtime. * Redesign and rewrite of the HTTP caching protocol layer for better efficiency and improved conformance to RFC 9111 (HTTP Caching). * Cache control and context APIs. * ETag APIs. * TLS SNI and endpoint identification improvements. * Support for RFC 2817 (Upgrading to TLS Within HTTP/1.1). * Auth cache no longer makes use of Java serialization. * Deprecation of ConnectionSocketFactory and LayeredConnectionSocketFactory. * HttpContext optimization and performance improvement. Change Log ------------------- * HTTPCLIENT-2328: Blocking I/O connections to check if the opposite TLS endpoint has been closed by the opposite endpoint while writing out request body. Contributed by Oleg Kalnichevski * Redesign of test server APIs and integration test setup. Contributed by Oleg Kalnichevski * HTTPCLIENT-2331: Skip cookie header generation if a Cookie header is already present (#561). Contributed by Arturo Bernal * HTTPCLIENT-2326: Propagate original proxy response to the caller in case of HTTP CONNECT request failure. Contributed by Oleg Kalnichevski * HTTPCLIENT-2327: Propagate CancellationExceptions from MemcachedClient operations as ResourceIOExceptions (#559). Contributed by jattisha * Callbacks for Connection initialization. Contributed by Richard Tippl * HTTPCLIENT-2325 Avoid adding "; charset=" for multipart/form-data requests Contributed by Vladimir Sitnikov Release 5.4 ALPHA2 ------------------ This is the second and likely the last ALPHA release in the 5.3 release series. It finalizes the new Cache API introduced in the previous ALPHA release and also improves TLS customization for the classic transport, SNI and endpoint identification support, authentication data caching, and HTTP context performance. It also introduces support for optional TLS upgrades for HTTP/1.1 connections. Change Log ------------------- * HttpClientContext to use instance variables for standard attributes. Contributed by Oleg Kalnichevski * HTTPCLIENT-2151: Support for JSSE in-built endpoint identification. Contributed by Oleg Kalnichevski * Internal connection operators to make use of the target name from the request URI authority. Contributed by Oleg Kalnichevski * DefaultRoutePlanner to take the request authority into account when determining a route for HTTPS requests. Contributed by Oleg Kalnichevski * RouteInfo and HttpRoute to include the target name from the URI authority in case it differs from the target host (the host recognizes multiple authorities). Contributed by Oleg Kalnichevski * HTTPCLIENT-2316: BasicHttpClientConnectionManager incorrectly re-uses the released connection if it has been closed out by the protocol handler. Contributed by Oleg Kalnichevski * HTTPCLIENT-2070: Auth cache to no longer rely on Java serialization for auth state caching. Contributed by Oleg Kalnichevski * HTTPCLIENT-751: Support for RFC 2817 (Upgrading to TLS Within HTTP/1.1). Contributed by Oleg Kalnichevski * Connection endpoints to provide TLS details and protocol version. Contributed by Oleg Kalnichevski * Deprecated ConnectionSocketFactory, LayeredConnectionSocketFactory, and their plain and SSL implementations in favor of DefaultClientTlsStrategy. Contributed by Oleg Kalnichevski * Standard client TLS strategy implementations support the upgrading of blocking sockets. Contributed by Oleg Kalnichevski * FileResourceFactory to generate stable file names for the same request ID and entity tag. Contributed by Oleg Kalnichevski * Cache ResourceFactory to make use of strong eTags when available. Contributed by Oleg Kalnichevski * ETag APIs. Contributed by Oleg Kalnichevski * Fixed a design mistake of ConnectionEndpoint having a direct dependency on HttpRequestExecutor class. Contributed by Oleg Kalnichevski * Cache control and context APIs. Contributed by Oleg Kalnichevski * HTTPCLIENT-2315: Client builders fail to apply system properties to the default connection manager. Contributed by Oleg Kalnichevski * HTTPCLIENT-2314: Handle gracefully a failure of DnsResolver to return a list of resolved addresses (#533). Contributed by Philip Helger * HTTPCLIENT-2314: Throw ConnectionShutdownException in case of pooled connection having been closed or discarded instead of plain IllegalStateException. Contributed by Oleg Kalnichevski Release 5.4 ALPHA1 ------------------- This is the first ALPHA release in the 5.4 release series that improves HTTP protocol support by ensuring conformance to the latest HTTP specification (RFC 9110, RFC 9111, RFC 7616, RFC 7617), ensures compatibility with Java Virtual Threads by replacing 'synchronized' keywords in critical sections with Java lock primitives. The HTTP caching protocol layer has also been redesigned and overhauled to improve cache efficiency and optimize performance. Change Log ------------------- * `username*` validation and decoding in DigestScheme as per RFC (#511). Contributed by Arturo Bernal * Support for Userhash parameter in Digest authentication as per RFC 7616 (#509). Contributed by Arturo Bernal * Enforce UTF-8 encoding in Digest authentication according to RFC 7616 (#508). Contributed by Arturo Bernal * Enforce UTF-8 encoding in BasicSchemeFactory as per RFC 7617 (#506). Contributed by Arturo Bernal * Stricter password validation in BasicScheme (#505). Contributed by Arturo Bernal * Bug fix: When validating a cache entry the protocol handlers must use the current request message with additional headers generated by the previous request interceptors instead of the original request message. Contributed by Oleg Kalnichevski * Better debug logging in the caching protocol handlers. Contributed by Oleg Kalnichevski * Better HTTP execution context management by caching protocol handlers. Contributed by Oleg Kalnichevski * HTTPCLIENT-2301. Fixed a concurrency defect in the connection release code of BasicHttpClientConnectionManager. Contributed by Arturo Bernal * HttpCacheEntry to cache parsed DATE, EXPIRES, and LAST_MODIFIED values; avoid parsing DATE header of cache entries and HTTP messages multiple times. Contributed by Oleg Kalnichevski * HTTPCLIENT-2293: Via header protocol improvements and performance optimization. Contributed by Oleg Kalnichevski * HTTPCLIENT-2293: RFC-compliant TRACE request interceptor (#486). Contributed by Arturo Bernal * HTTPCLIENT-2293: 'If-Range' request validation as per RFC 9110 (#485). Contributed by Arturo Bernal * HTTPCLIENT-2293: Enforce port specification for CONNECT requests as per RFC 9110 (#482). Contributed by Arturo Bernal * HTTPCLIENT-2284: Internal cache storage improvements (#478). Contributed by Oleg Kalnichevski * Replace `synchronized` blocks with ReentrantLock to ensure compatibility with virtual threads (#476). Contributed by Arturo Bernal * HTTPCLIENT-2284: Cache entry representation improvements: (#477). Contributed by Oleg Kalnichevski * HTTPCLIENT-2277: Rewrite the caching protocol layer for improved efficiency and conformance to RFC 9111. Contributed by Arturo Bernal and Oleg Kalnichevski and * Request and response Cache-Control APIs Contributed by Arturo Bernal and Oleg Kalnichevski and * HttpByteArrayCacheEntrySerializer refactoring and performance improvements. Contributed by Arturo Bernal Release 5.3 ------------------- This is the first GA release in the 5.3 release series. This release finalizes the 5.3 APIs and also includes all bug fixes from the 5.2 release branch. The 5.3 release series introduces support for the Bearer authentication scheme (RFC 6750) and deprecates NTLM and GSS-based experimental authentication schemes in favor of Basic / Bearer authentication with TLS. Notable changes and features included in the 5.3 series: * Introduction of the Bearer authentication scheme. * Deprecation of the NTLM authentication scheme. * Deprecation of the GSS-based experimental authentication schemes. * Support for load distribution across multiple proxies. Change Log ------------------- * HTTPCLIENT-2310: Async Connect exec handler incorrectly pipes CONNECT requests through the main request protocol chain. Contributed by Oleg Kalnichevski * Upgraded HttpCore to version 5.2.4. Contributed by Oleg Kalnichevski * SEE OTHER redirect handling fix. Contributed by Oleg Kalnichevski * HTTPCLIENT-2305: SSLConnectionSocketFactory allows Socket.connect() to be decorated (#499). Contributed by Carter Kozak * Add security warning to TrustStrategy implementations documentation (#490). Contributed by Marcono1234 * More consistent handling of OperationTimeoutException in MemcachedHttpCacheStorage. Contributed by Oleg Kalnichevski * Document exec chain behavior when automatic retries are enabled. (#480). Contributed by cachescrubber * HTTPCLIENT-2291: Fixed inconsistency in behavior between the class and async implementation of the request re-execution. The async request retry exec will now restart request execution from itself instead of from the very beginning of the execution chain. Contributed by Oleg Kalnichevski Release 5.3 ALPHA1 ------------------ This is the first release in the 5.3 release series that introduces support for the Bearer authentication scheme (RFC 6750) and deprecates NTLM and GSS-based experimental authentication schemes in favor of Basic / Bearer authentication with TLS. Change Log ------------------- * GSS-based experimental authentication schemes deprecated and disabled by default. Contributed by Oleg Kalnichevski * NTLM scheme deprecated and disabled by default. Contributed by Oleg Kalnichevski * Added linear and exponential BackoffManager implementations. Contributed by Arturo Bernal * Improved AIMDBackoffManager. Contributed by Arturo Bernal * Added DistributedProxySelector with support for load distribution across multiple proxies. Contributed by Arturo Bernal * Support for preamble and epilogue in multipart entities. Contributed by Arturo Bernal * HttpResponseException to include response message content (up to 256 bytes). Contributed by Arturo Bernal * Workaround for URL quoting issue with LLv6 host literals. Contributed by Arturo Bernal * Bearer auth scheme support (RFC 6750) Contributed by Oleg Kalnichevski * Credentials interface should be able to represent different types of user credentials including token-based with no password. Contributed by Oleg Kalnichevski * Connection settings `timeToLive` and `validateAfterInactivity` set to zero to always close or validate connections being leased. Contributed by Christoph Kaser * Digest authentication scheme to omit the algorithm in the authentication response if it has not been explicitly set in the authentication challenge, as per RFC 7616. Contributed by John Vasileff * HTTPCLIENT-2271: Do not optimize the path component of the resolved URI by default. Contributed by Oleg Kalnichevski * Pass HttpContext to SSLConnectionSocketFactory#prepareSocket method (#404) Contributed by Alen Turkovic Release 5.2.1 ------------------ This is a maintenance release that fixes several regressions found in release 5.2. Change Log ------------------- * Regression: Async execution runtimes set the negotiated protocol version in the execution context at the wrong point of request execution. Contributed by Oleg Kalnichevski * Cancel connection request on exception. Contributed by Bryan Keller * Replace deprecated use of LangUtils#equals() with Objects.equals(). Contributed by Gary Gregory * Regression: Multipart body builder and multipart formatters fail to escape special characters such as backslash and quote mark. Contributed by Oleg Kalnichevski Release 5.2 ------------------ This is the first GA release in the 5.2 release series. This release finalizes the 5.2 APIs and corrects several defects discovered since the previous release. Please note that 5.2 upgrades the minimal JRE level to version 8 (8u251 is required). Please note this is likely to be the last release series with support for SPNEGO and NTLM authentication. As of version 5.3 GSS-API-based authentication schemes (Kerberos, SPNEGO) and NTLM authentication schemes are going to be deprecated and disabled by default. Notable changes and features included in the 5.2 series: * Upgrade to Java 8. * Improved support for TLS upgrade and HTTP protocol upgrade (async). * Support for H2 tunneling via HTTP/1.1 proxy. * Conformance to RFC 7617 (The 'Basic' HTTP Authentication Scheme). * Migration to Java 8 Time primitives in State Management and Cache APIs. * Connection and TLS configuration on a per-route basis. * Base64 codec based on Commons Codec replaced with JRE Base64 codec. Dependency on Commons Codec dropped. * Optional support for BR (Brotli) decompression. Change Log ------------------- * HTTPCLIENT-2242: RoutingSupport fails to copy InetAddress when normalizing HttpHost. Contributed by Oleg Kalnichevski * HTTPCLIENT-2240: Fixed incorrect CONNECT method initialization in ProxyClient. Contributed by Oleg Kalnichevski * HTTPCLIENT-2236: MultihomeIOSessionRequester fails to enhance the cause exception in case of connect failure if the remoteAddress argument has been given. Contributed by Oleg Kalnichevski * Use Objects.toString() instead of String type cast Contributed by Gary Gregory * HTTPCLIENT-2232: Last protocol interceptors moved at the end of the H2 protocol processing pipeline. Contributed by Oleg Kalnichevski * H2 async runtime to proactively set HTTP/2 protocol version in the execution context. Contributed by Oleg Kalnichevski * HTTPCLIENT-2231: Fixed a race condition in the main async executor when the request execution on an I/O thread is faster than execution pipeline management on the client thread. Contributed by Oleg Kalnichevski * Avoid duplicate redundant objects and use Singleton instead. Contributed by Arturo Bernal * HTTPCLIENT-2225: Connection route calculation does not take the default RequestConfig into account. Contributed by Oleg Kalnichevski * Avoid unnecessary use of Instant.toEpochMilli by using Instant#compareTo to compare Instants directly. Contributed by jkmcl * HTTPCLIENT-2221 Closing a classic response/entity allows connection reuse. Contributed by Carter Kozak Release 5.2 BETA1 ------------------ This is the first BETA release in the 5.2 release series that upgrades the minimal JRE level to version 8 (8u251 is required) and includes several protocol level and API improvements. It also includes all bug fixes from the 5.1 branch. Change Log ------------------- * Upgraded HttpCore to version 5.2-beta2. Contributed by Oleg Kalnichevski * HTTPCLIENT-2218: Use Java 8 Base64 utility (#370). Contributed by j3graham * Added support for BR (Brotli) decompression (#363). Contributed by 殷成涛 * HTTPCLIENT-2212: MinimalHttpAsyncClient fails to release client endpoints in case of a connect error (such as TLS handshake failure). Contributed by Oleg Kalnichevski * InternalAbstractHttpAsyncClient to create daemon threads. Contributed by Richard Hernandez * HTTPCLIENT-2080: Added #getRetryInterval method to HttpRequestRetryStrategy for use on retriable IOExceptions (#356). Contributed by Anthony Baldocchi <489445+ajbaldocchi at users.noreply.github.com> * Fixed infinite recursion in SSLConnectionSocketFactory. Contributed by Ryan Schmitt * HTTPCLIENT-2200: Protocol interceptors are executed before the connection route has been fully established. Contributed by Oleg Kalnichevski * HTTPCLIENT-2209: Pass HttpContext to AsyncClientConnectionOperator (#353). Contributed by Andriy Redko * HTTPCLIENT-2206: Corrected resource de-allocation by fluent response objects. Contributed by Oleg Kalnichevski * ExecSupport#getNextExchangeId() optimization (#352) Contributed by David Schlosnagle * HTTPCLIENT-2203: Corrected target host normalization by the request execution interceptors; added ContextBuilder with support for preemptive authentication initialization. Contributed by Oleg Kalnichevski * HTTPCLIENT-2202: MemcachedHttpCacheStorage to support MemcachedClientIF interface. Contributed by Oleg Kalnichevski * Bug fix: ByteArrayBuilder incorrectly handles empty strings. Contributed by Oleg Kalnichevski * HTTPCLIENT-2198: Fixed AbstractClientTlsStrategy to respect HttpVersionPolicy. Contributed by Andrei Vasilev <59628447+AndreiSVasilev at users.noreply.github.com> * Updated AbstractClientTlsStrategy to pass only the HttpVersionPolicy set by TlsConfig instead of the entire TlsConfig to H2TlsSupport#selectApplicationProtocols() method. Contributed by Andrei Vasilev <59628447+AndreiSVasilev at users.noreply.github.com> * HTTPCLIENT-2195, regression: Classic ConnectExec incorrectly discards the proxy response body even if the request cannot be executed and the response is final. Contributed by Oleg Kalnichevski * HTTPCLIENT-2194: Async retry request interceptor fails to correct include request body on retry (#343). Contributed by JasonMathison * Deprecated execute methods that return an open response object in favor of execute methods with a response handler and automatic resource deallocation. Contributed by Oleg Kalnichevski * HTTPCLIENT-2189: Cookie and Cache APIs to use Java time primitives. Contributed by Arturo Bernal * Apply English locale to all date header formatters. Contributed by Michael Osipov * HTTPCLIENT-2184: Fixed an issue in which connections were not returned to the pool when requests contained non-repeatable bodies AND responses were streamed. Contributed by Carter Kozak Release 5.2 ALPHA1 ------------------ This is the first ALPHA release in the 5.2 release series that upgrades minimal JRE level to version 1.8 (8u251 is required) and includes several protocol level and API improvements. It also includes all bug fixes from the 5.1 branch. Notable changes and features included in the 5.2 series: * Upgrade to Java 8. * Improved support for TLS upgrade and HTTP protocol upgrade (async). * Support for H2 tunneling via HTTP/1.1 proxy. * Conformance to RFC 7617 (The 'Basic' HTTP Authentication Scheme). Change Log ------------------- * Replaced SimpleDateFormat and Calendar with Java 8 Time APIs; removed thread-local from DateUtils. Contributed by Oleg Kalnichevski * Support for connection 'total time to live' setting on a per-route basis. Contributed by Oleg Kalnichevski * Configurable IOReactor IO session decorator configurable. Contributed by Arturo Bernal * HTTPCLIENT-2182: Access to SSLSession attributes via reflection is disallowed as of Java 16. Core TLS functions now use new Java 1.8 API introduced by 8u251 update. Contributed by Oleg Kalnichevski * HTTPCLIENT-2135: TLS configuration on a per-host basis. Contributed by Oleg Kalnichevski * RFC 7230: Treat presence of userinfo in authority component in request URI as an HTTP protocol violation. Contributed by Oleg Kalnichevski * AuthCache conformance to RFC 7617. Contributed by Oleg Kalnichevski * Added immutable CredentialsProvider implementations and a CredentialsProvider builder. Contributed by Oleg Kalnichevski * HTTPCLIENT-2045: BASIC auth scheme conformance to RFC 7617. Contributed by Oleg Kalnichevski * HTTPCLIENT-2120: support for H2 via HTTP/1.1 proxy. Contributed by Oleg Kalnichevski * Moved connection management-related settings from RequestConfig to new class ConnectionConfig. Contributed by Oleg Kalnichevski * HTTPCLIENT-2139: Cookie Header HttpOnly attribute. Contributed by Arturo Bernal Release 5.1.1 ----------- This release upgrades HttpCore to the latest 5.1 version and fixes a number of issues found since release 5.1. Change Log ------------------- * Don't initialize AtomicReference to its default value. Contributed by Gary Gregory * Corrected resolution of the target host in DefaultUserTokenHandler. Contributed by Oleg Kalnichevski * HTTPCLIENT-2177: automatically force HTTP/1.1 protocol policy when executing requests via a proxy tunnel. Contributed by Oleg Kalnichevski * HTTPCLIENT-2177: fixed incorrect route state tracking by the async connect executor when negotiating a tunnel via a proxy. Contributed by Oleg Kalnichevski * HTTPCLIENT-2177: keep successful tunnel connections alive regardless of `Connection: close`. Contributed by Oleg Kalnichevski * HTTPCLIENT-2173: async pooling connection manager to close half-open connection gracefully. Contributed by Oleg Kalnichevski * Don't retry a request for NoRouteToHostException. Contributed by Jaikiran Pai * HTTPCLIENT-2170: Classic protocol layer no longer releases the underlying connection back to the pool prematurely while the NTLM handshake is still ongoing. Contributed by Oleg Kalnichevski * Fixed connection lease request cancellation race in both classic and asyc pooling connection managers. Contributed by Oleg Kalnichevski Release 5.1 ----------- This is the first GA release in the 5.1 release series. Notable changes and features included in the 5.1 series: * Conditional conformance with RFC 3986 (Uniform Resource Identifier (URI): Generic Syntax). * Improved support for out of sequence response message handing by the the classic (blocking) HTTP transport. * Improved message builders. Please note that 5.1 is going to be the last release series compatible with Java 1.7. HttpClient will require Java 1.8 as of 5.2. Change Log ------------------- * HTTPCLIENT-2157: Response object generated by the classic caching backend is missing the original content encoding. Contributed by Oleg Kalnichevski * HTTPCLIENT-2152: Fixed handling of unexpected unchecked exception by the async request retry exec interceptor. Contributed by Oleg Kalnichevski * Async clients to support scheduled (delayed) re-execution of requests. Contributed by Oleg Kalnichevski * HTTPCLIENT-2148: fluent Executor volatile access thread safety (#301). Contributed by Carter Kozak * HTTPCLIENT-2149: When no dNSName, match against CN. Contributed by Peter Dettman * HTTPCLIENT-2147: fixed broken preemptive auth in HC Fluent. Contributed by Robert Rodewald * HTTPCORE-672: cleanup of H2 connection validation code. Contributed by Oleg Kalnichevski * HttpAsyncClientBuilder: Make IOReactor exception callback configurable Contributed by Ryan Schmitt * HTTPCLIENT-2141: HttpClient to not retry requests if the retry interval exceeds the response timeout. Contributed by Oleg Kalnichevski * Fixed NPE during dispose in Response if entity is null Contributed by Sandeep Kulkarni * Blocking connection managers to validate connections after inactivity of more than 2s by default. Contributed by Oleg Kalnichevski * Deprecated request factory classes in favor of request builders. Contributed by Oleg Kalnichevski * HTTPCLIENT-2140: Upgraded Commons Codec to version 1.15. Contributed by Oleg Kalnichevski * Deprecated message copiers in favor of generic message builders. Contributed by Oleg Kalnichevski * Kerberos/SPNego fixes Contributed by Carey Lin Release 5.1 BETA1 ------------------ This is the first BETA release in the 5.1 release series that includes a number of new features as well performance optimizations in the classic HTTP transport. Notable changes and features included in the 5.1 series: * Conditional conformance with RFC 3986 (Uniform Resource Identifier (URI): Generic Syntax). * Improved support for out of sequence response message handing by the the classic (blocking) HTTP transport. Changelog: ------------------- * RFC 3986 conformance: URIUtils to re-use URIBuilder functionality. Contributed by Oleg Kalnichevski * Improved I/O session and wire logging. Contributed by Oleg Kalnichevski * Add interceptors before MAIN_TRANSPORT so they won't be ignored (#272) Contributed by Rob Spoor * HTTPCLIENT-2104: ManagedHttpClientConnectionFactory to support ResponseOutOfOrderStrategy configuration. Contributed by Carter Kozak * Fixed NPE when H2/Async client interceptors are added using first/last (#268). Contributed by Koji Lin * HTTPCLIENT-2126: `InternalAbstractHttpAsyncClient` incorrectly handles response messages with no enclosed entity. Contributed by Oleg Kalnichevski * HTTPCLIENT-2124: Fixed NOE in MinimalHttpClient#doExecute (#261). Contributed by Gary Gregory * HTTPCLIENT-2122: async client to throw `HTTP/2 tunneling not supported` protocol exception in case of `force HTTP/2` version policy used along with request proxy routing. Contributed by Oleg Kalnichevski * HTTPCLIENT-2123: H2AsyncClientBuilder incorrectly adds last request interceptors to the head of the interceptor list. Contributed by Oleg Kalnichevski * Use decimal numbers for endpoint/execution IDs (#249). Contributed by Michael Osipov * HTTPCLIENT-2106: Added charset parameter for DigestScheme. Contributed by Oleg Kalnichevski * HTTPCLIENT-2103: ManagedHttpClientConnectionFactory provides a fluent builder Contributed by Carter Kozak Release 5.0.3 ----------------- This release upgrades HttpCore to the latest version, improves conformance to RFC 7235 (Hypertext Transfer Protocol (HTTP/1.1): Authentication) and addresses a number of issues found since 5.0.2 release. Changelog: ------------------- * PR #270: Master try w res and more. - Use try-with-resources. - Use Arrays.fill(). - Add missing @override. - Simplify if/else. - Remove redundant modifiers. … - Remove redundant returns. Contributed by Gary Gregory Release 5.0.2 ----------------- This release upgrades HttpCore to the latest version, improves conformance to RFC 7235 (Hypertext Transfer Protocol (HTTP/1.1): Authentication) and addresses a number of issues found since 5.0.1 release. Changelog: ------------------- * HTTPCLIENT-2116: Incorrect request message composition when routing requests via a proxy. Contributed by Oleg Kalnichevski * PoolingAsyncClientConnectionManager incorrectly emits Ping commands to HTTP/1.1 endpoints (#255). Contributed by 滕杰1 * HTTPCLIENT-2115: HttpAsyncClientBuilder and H2AsyncClientBuilder fail to take `replaceExecInterceptor()` into account. Contributed by Oleg Kalnichevski * HTTPCLIENT-2112: AbstractMultipartFormat respects ByteBuffer.arrayOffset (#253). Contributed by Carter Kozak * Avoid updating Content-Length header in a 304 response. Contributed by Dirk Henselin * HTTPCLIENT-2105: Async clients incorrectly handle redirects of requests with enclosed entity. Contributed by Oleg Kalnichevski * HTTPCLIENT-2100: Incorrect handling of EXTENDED mode by MultipartEntityBuilder Contributed by Oleg Kalnichevski * HTTPCLIENT-2099, HTTPCLIENT-2091: SSLConnectionSocketFactory connect timeout fix (#241). Contributed by Carter Kozak * Bug fix: BasicExpiresHandler is annotated as immutable but is not (#240). Contributed by Gary Gregory * HTTPCLIENT-2096: Migrate instance loggers to static fields Contributed by Carter Kozak * Added Automatic-Module-Name to the artefact manifests. Contributed by Niels Basjes * MultipartEntityBuilder#generateBoundary optimization (#233) Contributed by slisaasquatch * HTTPCLIENT-2094: ConnectionManager validateAfterInactivity zero duration agreement Contributed by Carter Kozak * RFC 7235 compliance, HTTPCLIENT-2086: Fixed parsing of token68 based (base64-encoded) auth schemes. Contributed by Oleg Kalnichevski * HTTPCLIENT-2091: Connect timeout is used instead of socket timeout after a tls upgrade Contributed by Oleg Kalnichevski * HTTPCLIENT-2084: Client builders incorrectly add message interceptors with LAST position to the head of the list. Contributed by Oleg Kalnichevski * HTTPCLIENT-2083: Fix NPE when classic client interceptors are added. Contributed by Carter Kozak Release 5.0.1 ----------------- This release upgrades HttpCore to the latest version and addresses a number of issues found since 5.0 release. Changelog: ------------------- * Bug fix: Classic connection managers fail to take #isConsistent() flag into account when re-using persistent connections. 7 Contributed by Oleg Kalnichevski * HTTPCLIENT-2077: Authentication failure due to incorrect NTLM auth value check. Contributed by vonahok <64310078+vonahok at users.noreply.github.com> * HTTPCLIENT-2051: Corrected handling of 303 redirects. Contributed by Oleg Kalnichevski * HTTPASYNC-160: HttpAsyncClient in INACTIVE or STOPPED state throws a IllegalStateException causing the current thread to terminate. Contributed by Oleg Kalnichevski * HTTPCLIENT-2076: Fixed NPE in LaxExpiresHandler. Contributed by heejeongkim * HTTPCLIENT-2074: Disallow direct execution of CONNECT methods by standard client implementations. Contributed by Oleg Kalnichevski * HTTPCLIENT-2075: New method Request.responseTimeout(Timeout) in Fluent HC. Contributed by Ralph * HTTPCLIENT-2073: (regression) WindowsNegotiateScheme incorrectly rejects empty NTLM challenge. Contributed by Oleg Kalnichevski * HTTPCLIENT-2069: RequestConfig#copy does not copy #responseTimeout. Contributed by Oleg Kalnichevski * HTTPCLIENT-2061: Corrected sequence of request execution interceptors in classic HttpClient. Contributed by Oleg Kalnichevski * Fixed NPE for null HttpContext in minimal async clients. Contributed by slisaasquatch Release 5.0 ----------------- This is the first stable (GA) release of HttpClient 5.0. Notable changes and features included in the 5.0 series are: * Support for the HTTP/2 protocol and conformance to requirements and recommendations of the latest HTTP/2 protocol specification documents (RFC 7540, RFC 7541.) Supported features: ** HPACK header compression ** Stream multiplexing (client and server) ** Flow control ** Response push ** Message trailers ** Expect-continue handshake ** Connection validation (ping) ** Application-layer protocol negotiation (ALPN) ** TLS 1.2 security features * Improved conformance to requirements and recommendations of the latest HTTP/1.1 protocol specification documents (RFC 7230, RFC 7231.) * New connection pool implementation with lax connection limit guarantees and better performance under higher concurrency due to absence of a global pool lock. * Support for Reactive Streams API [http://www.reactive-streams.org/] * Package name space changed to 'org.apache.hc.client5'. * Maven group id changed to 'org.apache.httpcomponents.client5'. HttpClient 5.0 releases can be co-located with earlier major versions on the same classpath due to the change in package names and Maven module coordinates. Changelog: ------------------- * Removed work-around for resumed TLS sessions given that JDK-8212885 fix has been ported to Java 11 and released in Oracle JDK 11.0.3. Contributed by Oleg Kalnichevski * Upgraded HttpCore dependency to version 5.0 Contributed by Oleg Kalnichevski * DefaultHttpRequestRetryStrategy: Allow zero retry interval Contributed by Ryan Schmitt * HTTPCLIENT-2047: fixed regression in DefaultHostnameVerifier causing rejection of certs with non-standard domains. Contributed by Oleg Kalnichevski * GitHub #204: Build requests from method names in ClassicHttpRequests: ClassicHttpRequests.create(String, String) ClassicHttpRequests.create(String, URI) Contributed by Gary Gregory * GitHub #205: Update request factory classes with matching APIs for Method and String method name inputs: BasicHttpRequests.create(String, URI) BasicHttpRequests.create(String, String) ClassicHttpRequests.create(Method, String) ClassicHttpRequests.create(Method, URI) SimpleHttpRequests.create(String, URI) SimpleHttpRequests.create(String, String) Contributed by Gary Gregory * GitHub #208: Do not use input type names in method names: SimpleHttpRequest: Delete setBodyBytes(byte[], ContentType) in favor of setBody(byte[], ContentType) SimpleHttpRequest: Delete setBodyText(String, ContentType) in favor of setBody(String, ContentType) SimpleHttpResponse: Delete setBodyBytes(byte[], ContentType) in favor of setBody(byte[], ContentType) SimpleHttpResponse: Delete setBodyText(String, ContentType) in favor of setBody(String, ContentType) Contributed by Gary Gregory Release 5.0-BETA7 ----------------- This BETA release upgrades HttpCore to the latest version and addresses a number of issues found since the previous BETA release. IMPORTANT: This release is expected to be the last BETA version. If no major design flaws are found the actual 5.0 API will be frozen and the next version will be promoted to GA. Changelog: ------------------- * Improved domain name normalization by DefaultHostnameVerifier. Contributed by Oleg Kalnichevski * DefaultHostnameVerifier: Match DNS and CN names against ICANN domains. Contributed by Ryan Schmitt * HTTPCORE-615: Implement HTTP-based cache serializer-deserializer. Contributed by Scott Gifford * HTTPCLIENT-2040: Copy headers from the original request to the redirect request. Contributed by Oleg Kalnichevski * Removed RFC 2965 specific requirements deprecated and superseded by RFC 6265. Contributed by Oleg Kalnichevski * HTTPCLIENT-2035: Remove HttpRequestRetryHandler in favor of HttpRequestRetryStrategy. Contributed by Michael Osipov * HTTPCLIENT-2019: Remove ServiceUnavailableRetryStrategy in favor of HttpRequestRetryStrategy. Contributed by Michael Osipov * HTTPCLIENT-2034: Introduce HttpRequestRetryStrategy. Contributed by Michael Osipov * CloseableHttpAsyncClient to support explicit HttpHost execution parameter. Contributed by Oleg Kalnichevski * HTTPCLIENT-2020: DefaultBackoffStrategy to support TOO_MANY_REQUESTS (429). Contributed by Michael Osipov * HTTPCLIENT-2030: Fixed PublicSuffixMatcher#getDomainRoot behavior with invalid hostnames. Contributed by Niels Basjes * HTTPCLIENT-2028: Connection managers to allow 0 for `validateAfterInactivity` time value. Contributed by Peter Frank * HTTPCLIENT-2023: Allow nested arrays and all primitive types in DefaultHttpCacheEntrySerializer. Contributed by Olof Larsson Release 5.0-BETA6 ------------------- This BETA release picks up the latest fixes and performance improvements from HttpCore and addresses a number of issues found since the previous BETA release. Changelog: ------------------- * Fixed fallback PublicSuffixMatcher. Contributed by Ryan Schmitt * Enforce h2 TLS rules after negotiating TLS, not before. Contributed by Ryan Schmitt * HTTPCLIENT-2013: Revised handling of connect exceptions; improved consistency in behavior of the classic and async clients; ConnectTimeoutException now extends SocketTimeoutException. Contributed by Oleg Kalnichevski * Improved handling of request cancellation (classic API). Contributed by Oleg Kalnichevski * Fixed concurrent use of threading unsafe ClassicHttpRequest messages. Contributed by Oleg Kalnichevski * Execute Socket#connect under doPrivileged. Contributed by Simon Willnauer * HTTPCLIENT-2009: Fixed StringIndexOutOfBoundsException in AuthSupport#extractFromAuthority. Contributed by itonyli <429284840 at qq.com> * Make Accept-Encoding header handling thread-safe. Contributed by Linton Miller Release 5.0-BETA5 ------------------- This BETA release picks up the latest fixes and performance improvements from HttpCore and addresses a number of issues found since the previous BETA release. IMPORTANT: This release is expected to be the last BETA version. If no major design flaws are found the actual 5.0 API will be frozen and the next version will be promoted to GA. Changelog: ------------------- * Information response (1xx) processing support. Contributed by Kirill Usov * HTTPCLIENT-1968: Preserve escaped PATHSAFE characters when normalizing URI path segments. Contributed by Oleg Kalnichevski * HTTPCLIENT-1992: Impossible to access trailer-headers available in chunked transfer-encoding with classic API. Contributed by Serkan Turgut * HTTPCLIENT-1991: incorrect handling of non-standard DNS entries by PublicSuffixMatcher. Contributed by Oleg Kalnichevski * Refactor to enable support for non-form based multipart requests Contributed by Adam Retter * HTTPCLIENT-1981: disallow TRACE requests with an enclosed entity Contributed by Jay Modi Release 5.0-BETA4 ------------------- This BETA release picks up the latest fixes and performance improvements from HttpCore and addresses a number of issues found since the previous BETA release. Notable features in this release: * Security improvements. * URI handling improvements. Changelog: ------------------- * HTTPCLIENT-1976: Unsafe deserialization in DefaultHttpCacheEntrySerializer. Contributed by Artem Smotrakov * HTTPCLIENT-1969: Filter out weak cipher suites. Contributed by Artem Smotrakov * HttpClient should not retry requests in case of ConnectionClosedException Contributed by Oleg Kalnichevski * Bug fix: Simple response consumer to discard stored content when releasing resources. Contributed by Oleg Kalnichevski * Bug fix: main async request execution handlers to release the associated response consumer upon exception. Contributed by Oleg Kalnichevski * Update Apache Commons Codec from 1.11 to 1.12. Contributed by Gary Gregory * Update RxJava from 2.2.2 to 2.2.7. Contributed by Gary Gregory * Update JNA from 5.0.0 to 5.2.0. Contributed by Gary Gregory * Some well known proxies respond with Content-Length=0, when returning 304. For robustness, always use the cached entity's content length, as modern browsers do. Contributed by Jayson Raymond * HTTPCLIENT-1960: URIBuilder incorrect handling of multiple leading slashes in path component. Contributed by Oleg Kalnichevski * HTTPCLIENT-1958: PoolingHttpClientConnectionManager to throw ExecutionException in case of a lease operation cancellation instead of InterruptedException. Contributed by Oleg Kalnichevski * Shutdown executorService on AbstractHttpAsyncClientBase shutdown. Contributed by 吴雪山 * [HTTPCLIENT-1952: Allow default User Agent to be disabled Contributed by Michael Osipov * Improve HttpResponseException#getMessage. Contributed by Michael Osipov * Better handling of http(s).proxyUser and http(s).proxyPassword Contributed by Jens Borgland * Wrong argument name in PoolingAsyncClientConnectionManagerBuilder#setConnPoolPolicy results with self assignment of variable. Contributed by Eryk Szymanski Release 5.0-BETA3 ------------------- This BETA release adds support for advanced TLS functions (such as ALPN protocol negotiation) on Java 1.7 and Java 1.8 through Conscrypt TLS library and picks up the latest fixes and performance improvements from HttpCore. Notable features in this release: * TLS ALPN protocol negotiation support on older JREs through Conscrypt TLS library. Changelog: ------------------- * Added optional dependency on conscrypt-openjdk-uber 1.4.1; support for advanced TLS functions (such as ALPN extension) on Java 1.7 and Java 1.8 through Conscrypt TLS library Contributed by Oleg Kalnichevski * Removed OSGi module Contributed by Oleg Kalnichevski * Removed experimental CredSsp auth scheme Contributed by Oleg Kalnichevski * HTTPCLIENT-1949: DigestScheme to use HttpRequest#getRequestUri instead of HttpRequest#getPath Contributed by Oleg Kalnichevski Release 5.0-BETA2 ------------------- This BETA release resolves compatibility issues with Java 11 new TLS engine as well as a number of defects found since the previous release. Notable new features in this release: * JDK 11 compatibility * Support for request specific push consumers * Support for Reactive Streams API [http://www.reactive-streams.org/] Changelog: ------------------- * Hack to make hostname verification work with TLSv1.3 resumed sessions. For details see https://markmail.org/message/mxf5v2d2gh6ws2j3 Contributed by Oleg Kalnichevski * Added builders for SSLConnectionSocketFactory and client TlsStrategy. Contributed by Oleg Kalnichevski * Added enum for supported TLS versions & TLS version parser. Contributed by Oleg Kalnichevski * HTTPCLIENT-1946: handling of 308 status as per RFC 7538. Contributed by Oleg Kalnichevski * Upgraded HttpCore to version 5.0-beta5. Contributed by Oleg Kalnichevski * Async clients to support request specific push consumers. Contributed by Oleg Kalnichevski * HTTPCLIENT-1944: Add hardCancellationEnabled option to RequestConfig. Contributed by Ryan Schmitt * Overload Request's execute method to allow custom CloseableHttpClient. Contributed by Nicolas Gomez * Fix HttpClient 4.5.4 regression in BasicCookieStore serialization. Contributed by Mark Mielke * HTTPCLIENT-1934: Default client TLS strategy passes wrong hostname to the hostname verifier. Contributed by Oleg Kalnichevski * HTTPCLIENT-1882: reset authentication state on I/O or runtime error for connection based authentication schemes (such as NTLM). Contributed by Oleg Kalnichevski * HTTPCLIENT-1924: HttpClient to shut down the connection manager if a fatal error occurs in the course of a request execution. Contributed by Oleg Kalnichevski * Pooling connection managers to implement graceful and immediate shut down. Contributed by Oleg Kalnichevski * HTTPCLIENT-1906: certificates containing alternative subject names other than DNS and IP (such as RFC822) get rejected as invalid. Contributed by Oleg Kalnichevski * HTTPCLIENT-1904: check cookie domain for null Contributed by Hans-Peter Keck * HTTPCLIENT-1900: proxy protocol processor in the CONNECT exec interceptor does not post-process CONNECT response messages. Contributed by Oleg Kalnichevski * HTTPCLIENT-1898: Incorrect comment in example class ClientMultiThreadedExecution.java Contributed by Ulrich Romahn * HTTPCLIENT-1931: Add factory enum org.apache.hc.client5.http.classic.methods.ClassicHttpRequests Contributed by Gary Gregory * HTTPCLIENT-1932: Add factory enum org.apache.hc.client5.http.async.methods.HttpRequests Contributed by Gary Gregory * HTTPCLIENT-1939: Update Apache Commons Codec from 1.10 to 1.11 Contributed by Gary Gregory * HTTPCLIENT-1947: Update JNA from 4.5.2 to 5.0.0 Contributed by Gary Gregory Release 5.0-BETA1 ------------------- This is the first BETA release of HttpClient 5.0. The 5.0 release serices introduces support for the HTTP/2 protocol and event driven messaging APIs consistent for all supported HTTP protocol versions. Changelog: ------------------- * DefaultHostnameVerifier to use a custom distinguished name (DN) parser instead of LdapName. Removed dependency on Java Naming extensions. Contributed by Oleg Kalnichevski * HTTP/2 client implementations to support cancellation of ongoing message exchanges without terminating the underlying connections. Contributed by Oleg Kalnichevski * HTTPCLIENT-1395: added config parameter to skip an extra cache entry freshness check upon cache update in case of a cache miss. Contributed by Oleg Kalnichevski * HTTPCLIENT-1824, HTTPCLIENT-1384: asynchronous HTTP cache invalidator. Contributed by Oleg Kalnichevski * Redesign of CacheKeyGenerator and HttpCacheInvalidator APIs. Contributed by Oleg Kalnichevski * New APIs for cache entry bulk retrieval; bulk retrieval support by Memcached storage implementation. Contributed by Oleg Kalnichevski * HTTPCLIENT-1824, HTTPCLIENT-1868: Asynchronous HTTP cache storage API. Memcached backend implementation of async HTTP cache storage. Contributed by Oleg Kalnichevski * HTTPCLIENT-1885: Content compression exec interceptor generates incorrect 'Accept-Encoding' header value. Contributed by Oleg Kalnichevski Release 5.0-ALPHA3 ------------------- This is a major release that introduces support for the HTTP/2 protocol and event driven messaging APIs consistent for all supported HTTP protocol versions. HttpClient ships with two client implementations: * HttpClient Classic is based on the classic (blocking) I/O model; largely compatible with the 4.x APIs; supports HTTP/1.1 only. * HttpClient Async is based on NIO model; new event driven APIs consistent for all supported HTTP protocol versions; supports both HTTP/1.1 and HTTP/2. Notable new features in this release: * Asynchronous HttpClient implementations optimized for HTTP/2 multiplexed request execution. * Full support for HTTP caching by asynchronous HttpClient implementations including streaming message exchanages. Notable changes and features included in the 5.0 series are: * Support for the HTTP/2 protocol and conformance to requirements and recommendations of the latest HTTP/2 protocol specification documents (RFC 7540, RFC 7541.) Supported features: ** HPACK header compression ** Stream multiplexing (client and server) ** Flow control ** Response push ** Message trailers ** Expect-continue handshake ** Connection validation (ping) ** Application-layer protocol negotiation (ALPN) on Java 9.0.1+ ** TLS 1.2 security features * Improved conformance to requirements and recommendations of the latest HTTP/1.1 protocol specification documents (RFC 7230, RFC 7231.) * Redesigned connection pool implementation with reduced pool lock contention. * Package name space changed to 'org.apache.hc.client5'. * Maven group id changed to 'org.apache.httpcomponents.client5'. * Apache Log4j2 logging APIs used for internal logging instead of Commons Logging APIs. HttpClient 5.0 releases can be co-located with earlier major versions on the same classpath due to the change in package names and Maven module coordinates. Please note that as of 5.0, HttpClient requires Java 1.7 or newer. Changelog: ------------------- * HttpAsyncClient implementations optimized for HTTP/2 multiplexed request execution. Contributed by Oleg Kalnichevski * Improved Ehcache and Memcached storage backends. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1827] Full support for HTTP caching by asynchronous HTTP clients. Contributed by Oleg Kalnichevski * Redesign of HTTP cache resource APIs. Contributed by Oleg Kalnichevski * Deprecated Content-Transfer-Encoding field in MIME body parts per RFC 7578, section 4.7. Contributed by Oleg Kalnichevski * [HTTPCLIENT-293] Implemented the percent encoding of the filename parameter of the Content-Disposition header. Contributed by Ioannis Sermetziadis * [HTTPCLIENT-1845]: Extract InputStreamFactory classes out of GzipDecompressingEntity and DeflateDecompressingEntity for reuse and to create less garbage. Contributed by Gary Gregory * [HTTPCLIENT-1858] Alleviate GC pressure due to wire logging. Contributed by Gary Gregory * Avoid fetching the cached entity twice on cache hit. Contributed by Leandro Nunes * [HTTPASYNC-124] Add doPrivileged blocks to async client and connection manager builders Contributed by Jay Modi Release 5.0-ALPHA2 ------------------- This is a major release that introduces support for the HTTP/2 protocol and event driven messaging APIs consistent for all supported HTTP protocol versions. HttpClient ships with two client implementations: * HttpClient Classic is based on the classic (blocking) I/O model; largely compatible with the 4.x APIs; supports HTTP/1.1 only. * HttpClient Async is based on NIO model; new event driven APIs consistent for all supported HTTP protocol versions; supports both HTTP/1.1 and HTTP/2. Notable changes and features included in the 5.0 series are: * Partial support for the HTTP/2 protocol and conformance to requirements and recommendations of the latest HTTP/2 protocol specification documents (RFC 7540, RFC 7541.) Supported features: ** HPACK header compression ** Stream multiplexing (client and server) ** Flow control ** Response push ** Message trailers ** Expect-continue handshake ** Connection validation (ping) ** Application-layer protocol negotiation (ALPN) on Java 1.9+ ** TLS 1.2 security features * Improved conformance to requirements and recommendations of the latest HTTP/1.1 protocol specification documents (RFC 7230, RFC 7231.) * Redesigned connection pool implementation with reduced pool lock contention. * Package name space changed to 'org.apache.hc.client5'. * Maven group id changed to 'org.apache.httpcomponents.client5'. * Apache Log4j2 logging APIs used for internal logging instead of Commons Logging APIs. Features that are presently NOT supported: * HTTP/2 transport (classic) * HTTP tunneling (async) * Automatic response content decompression (async) * Caching (async) HttpClient 5.0 releases can be co-located with earlier major versions on the same classpath due to the change in package names and Maven module coordinates. Please note that as of 5.0, HttpClient requires Java 1.7 or newer. Please note that at this point 5.0 APIs are considered experimental and unstable and are expected to change in the coming releases without providing a migration path. Changelog: ------------------- * [HTTPCLIENT-1714] Add HttpClientBuilder.setDnsResolver(DnsResolver). Contributed by Alexis Thaveau * [HTTPCLIENT-1715] NTLMEngineImpl.Type1Message not thread safe but declared as a constant. Contributed by Olivier Lafontaine , Gary Gregory * [HTTPCLIENT-1716] redirect handling of unsafe methods defined by RFC 7231. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1717] Make fluent API .Content.Content(byte[], ContentType) public. Contributed by Cash Costello * [HTTPCLIENT-1730] added #setValidateAfterInactivity to HttpClientBuilder. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1752] Allow to configure the OSGI clients with relaxed SSL checks. Contributed by Simone Tripodi * [HTTPCLIENT-1748] Improved compatibility with system authentication API in applets. Contributed by Sebastien Caille * [HTTPCLIENT-1786] Port from Apache Commons Logging to Apache Log4j 2. Contributed by Gary Gregory * [HTTPCLIENT-1817] Add a "Trust All" TrustStrategy implementation. Contributed by Gary Gregory * [HTTPCLIENT-1836] DefaultHostnameVerifier#getSubjectAltNames(X509Certificate) throws java.lang.ClassCastException. Contributed by Gary Gregory , Ilian Iliev * [HTTPCLIENT-1691] HttpClient instance used internally by HC Fluent to take system properties into account by default. Contributed by Oleg Kalnichevski Release 5.0-ALPHA1 ------------------- This major release renders HttpClient API incompatible with the stable 4.x branch and upgrades HTTP/1.1 protocol conformance to the requirements and recommendations of the latest protocol specification. This release lays the foundation for transition to HTTP/2 as the primary transport protocol in the future releases. Notable changes and features included in the 5.0 series are: * Improved conformance to requirements and recommendations of the latest HTTP/1.1 protocol specification (RFC 7230, RFC 7231, RFC 7235) * Package name space changed to 'org.apache.hc.client5' * Maven group id changed to 'org.apache.httpcomponents.client5' * By default the maximum connections per route limit is set to 5 * By default connection request timeout and connect timeout are set to 3 minutes. HttpClient 5.0 releases can be co-located with earlier versions, meaning you can have both 5.x and 4.x on the classpath without experiencing jar hell. Please note that as of 5.0 HttpClient requires Java 1.7 or newer. Please note that at this point we consider 5.0 APIs experimental and unstable and expect them to change in the coming releases without providing a migration path. Changelog: ------------------- * [HTTPCLIENT-1575] route target port must be non negative Contributed by Oleg Kalnichevski * [HTTPCLIENT-1106] Use character arrays for passwords in Credentials objects Contributed by Oleg Kalnichevski * RFC 7235: redesign of HTTP authenticator and related classes Contributed by Oleg Kalnichevski * RFC 7231: parse capable of parsing multiple auth challenges Contributed by Oleg Kalnichevski * RFC 7231: DefaultServiceUnavailableRetryStrategy to take Retry-After header value into account if specified Contributed by Oleg Kalnichevski * RFC 7231: removed restriction on the use of relative URIs in Location header Contributed by Oleg Kalnichevski * RFC 7231: revised redirect handling Contributed by Oleg Kalnichevski * RFC 7231: do not generate header fields in TRACE requests containing sensitive data such as cookie and user credentials Contributed by Oleg Kalnichevski * RFC 7231: automatic retrial of idempotent methods Contributed by Oleg Kalnichevski * RFC 7230: increased the default max number of concurrent connection for the same route from 2 to 5 Contributed by Oleg Kalnichevski * Cache request line in HttpRequestWrapper Contributed by Dmitry Potapov * [HTTPCLIENT-1651] Add ability to disable content compression on a request basis Contributed by Oleg Kalnichevski * [HTTPCLIENT-1696]: Add convenience methods to fluent API class Request. Contributed by Gary Gregory Release 4.5.1 ------------------- HttpClient 4.5.1 (GA) is a maintenance release that fixes a number of minor defects found since 4.5. Please note that as of 4.4 HttpClient requires Java 1.6 or newer. Changelog: ------------------- * [HTTPCLIENT-1680] redirect of a POST request causes ClientProtocolException. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1673] org.apache.http.entity.mime.content.* missing from OSGi exports. Contributed by Benson Margulies * [HTTPCLIENT-1668] Fluent request incorrectly handles connect timeout setting. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1667] RequestBuilder does not take charset into account when creating UrlEncodedFormEntity. Contributed by Sergey Smith * [HTTPCLIENT-1655] HttpClient sends RST instead of FIN ACK sequence when using non-persistant connections. Contributed by Oleg Kalnichevski Release 4.5 ------------------- HttpClient 4.5 (GA) is a minor feature release that includes several incremental enhancements to the exisitng functionality such as support for private domains in the Mozilla Public Suffix List. Changelog: ------------------- * Reduced default validate after inactivity setting from 5 sec to 2 sec. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1649] Fixed serialization of auth schemes. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1645]: Fluent requests to inherit config parameters of the executor. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1640]: RFC6265 lax cookie policy fails to parse 'max-age' attribute. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1633]: RFC6265CookieSpecProvider compatibility level setting has no effect. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1613]: Support for private domains in Mozilla Public Suffix List. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1651]: Add ability to disable content compression on a request basis. Contributed by Michael Osipov * [HTTPCLIENT-1654]: Deprecate/remove RequestConfig#decompressionEnabled in favor of #contentCompressionEnabled. Contributed by Michael Osipov Release 4.4.1 ------------------- HttpClient 4.4.1 (GA) is a maintenance release that fixes a number of defects in new functionality introduced in version 4.4. Users of HttpClient 4.4 are encouraged to upgrade. Please note that as of 4.4 HttpClient requires Java 1.6 or newer. Changelog: ------------------- * Marked RFC 2109, RFC 2965, Netscape draft cookie specs as obsolete. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1633] RFC6265CookieSpecProvider compatibility level setting has no effect. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1628]: Auth cache can fail when domain name contains uppercase characters. Contributed by Dennis Ju * [HTTPCLIENT-1609] Stale connection check in PoolingHttpClientConnectionManager has no effect. Internal connection pool does not correctly implement connection validation. Contributed by Charles Lip Release 4.4 Final ------------------- This is the first stable (GA) release of HttpClient 4.4. Notable features and enhancements included in 4.4 series are: * Support for the latest HTTP state management specification (RFC 6265). Please note that the old cookie policy is still used by default for compatibility reasons. RFC 6265 compliant cookie policies need to be explicitly configured by the user. Please also note that as of next feature release support for Netscape draft, RFC 2109 and RFC 2965 cookie policies will be deprecated and disabled by default. It is recommended to use RFC 6265 compliant policies for new applications unless compatibility with RFC 2109 and RFC 2965 is required and to migrate existing applications to the default cookie policy. * Enhanced, redesigned and rewritten default SSL hostname verifier with improved RFC 2818 compliance. * Default SSL hostname verifier and default cookie policy now validate certificate identity and cookie domain of origin against the public suffix list maintained by Mozilla.org * More efficient stale connection checking: indiscriminate connection checking which results in approximately 20 to 50 ms overhead per request has been deprecated in favor of conditional connection state validation (persistent connections are to be re-validated only if a specified period inactivity has elapsed.) * Authentication cache thread-safety: authentication cache used by HttpClient is now thread-safe and can be shared by multiple threads in order to re-use authentication state for subsequent requests. * Native Windows Negotiate and NTLM via SSPI through JNA: when running on Windows OS HttpClient configured to use native NTLM or SPNEGO authentication schemes can make use of platform specific functionality via JNA and current user credentials. This functionality is still considered experimental, known to have compatibility issues and subject to change without prior notice. Use at your discretion. This release also includes all fixes from the stable 4.3.x release branch. Please note that as of 4.4 HttpClient requires Java 1.6 or newer. Changelog: ------------------- * Support for the latest HTTP state management specification (RFC 6265). Contributed by Oleg Kalnichevski * [HTTPCLIENT-1515] Caching of responses to HEAD requests Contributed by Tyrone Cutajar and Francois-Xavier Bonnet * [HTTPCLIENT-1560] Native Windows auth improvements. Contributed by Michael Osipov * Update Apache Commons Logging version from 1.1.3 to 1.2. Contributed by Gary Gregory * Update Apache Commons Codec version from 1.6 to 1.9. Contributed by Gary Gregory * Update Ehcache version from 2.2.0 to 2.6.9. Contributed by Gary Gregory * Update Ehcache version from 2.2.0 to 2.6.9. Contributed by Gary Gregory * Update Spymemcached version from 2.6 to 2.11.4. Contributed by Gary Gregory * Update SLF4J version from 1.5.11 to 1.7.7. Contributed by Gary Gregory Release 4.4 BETA1 ------------------- This is the first BETA release of HttpClient 4.4. Notable features and enhancements included in 4.4 series are: * Enhanced redesigned and rewritten default SSL hostname verifier with improved RFC 2818 compliance * Default SSL hostname verifier and default cookie policy now validate certificate identity and cookie domain of origin against the public suffix list maintained by Mozilla.org * Native windows Negotiate/NTLM via JNA: when running on Windows OS HttpClient configured to use native NTLM or SPNEGO authentication schemes can make use of platform specific functionality via JNA and current user system credentials * More efficient stale connection checking: indiscriminate connection checking which results in approximately 20 to 50 ms overhead per request has been deprecated in favor of conditional connection state validation (persistent connections are to be re-validated only if a specified period inactivity has elapsed) * Authentication cache thread-safety: authentication caches used by HttpClient is now thread-safe and can be shared by multiple threads in order to re-use authentication state for subsequent requests This release also includes all fixes from the stable 4.3.x release branch. Please note that as of 4.4 HttpClient requires Java 1.6 or newer. Changelog: ------------------- * [HTTPCLIENT-1547] HttpClient OSGi bundle doesn't import the package "javax.naming". Contributed by Willem Jiang * [HTTPCLIENT-1541] Use correct (HTTP/hostname) service principal name for Windows native Negotiate/NTLM auth schemes. Contributed by Ka-Lok Fung * Improved compliance with RFC 2818: default hostname verifier to ignore the common name of the certificate subject if alternative subject names (dNSName or iPAddress) are present. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1540] Support delegated credentials (ISC_REQ_DELEGATE) by Native windows native Negotiate/NTLM auth schemes. Contributed by Ka-Lok Fung Release 4.4 ALPHA1 ------------------- This is the first ALPHA release of HttpClient 4.4. Notable features and enhancements included in the 4.4 branch are: * More efficient stale connection checking: indiscriminate connection checking which results in approximately 20 to 50 ms overhead per request has been deprecated in favor of conditional connection state validation (persistent connections are to be re-validated only if a specified period inactivity has elapsed) * Native windows Negotiate/NTLM via JNA: when running on Windows OS HttpClient configured to use native NTLM or SPNEGO authentication schemes can make use of platform specific functionality via JNA and current user system credentials * Authentication cache thread-safety: authentication caches used by HttpClient is now thread-safe and can be shared by multiple threads in order to re-use authentication state for subsequent requests This release also includes all fixes from the stable 4.3.x release branch. Please note that as of 4.4 HttpClient requires Java 1.6 or newer. Please note that new features included in this release are still considered experimental and their API may change in the future 4.4 alpha and beta releases. Changelog: ------------------- * [HTTPCLIENT-1493] Indiscriminate connection checking has been deprecated in favor of conditional connection state validation. Persistent connections are to be re-validated only after a defined period inactivity prior to being leased to the consumer. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1519] Use the original HttpHost instance passed as a parameter to HttpClient#execute when generating 'Host' request header. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1491] Enable provision of Service Principal Name in Windows native auth scheme. Contributed by Malcolm Smith * [HTTPCLIENT-1403] Pluggable content decoders. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1466] FileBodyPart#generateContentType() ignores custom ContentType values. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1461] fixed performance degradation in gzip encoded content processing introduced by HTTPCLIENT-1432. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1457] Incorrect handling of Windows (NT) credentials by SystemDefaultCredentialsProvider. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1456] Request retrial after status 503 causes ClientProtocolException. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1454] Make connection operator APIs public. Contributed by Tamas Cservenak * Update JUnit to version 4.11 from 4.9 Contributed by Gary Gregory Release 4.3.4 ------------------- HttpClient 4.3.4 (GA) is a maintenance release that improves performance in high concurrency scenarios. This version replaces dynamic proxies with custom proxy classes and eliminates thread contention in java.reflect.Proxy.newInstance() when leasing connections from the connection pool and processing response messages. Changelog: ------------------- * Replaced dynamic proxies with custom proxy classes to reduce thread contention. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1484] GzipCompressingEntity should not close the underlying output stream if the entity has not been fully written out due to an exception. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1474] Fixed broken entity enclosing requests in HC Fluent. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1470] CachingExec(ClientExecChain, HttpCache, CacheConfig, AsynchronousValidator) throws NPE if config is null Release 4.3.3 ------------------- HttpClient 4.3.3 (GA) is a bug fix release that fixes a regression introduced by the previous release causing a significant performance degradation in compressed content processing. Users of HttpClient 4.3 are encouraged to upgrade. Changelog: ------------------- * [HTTPCLIENT-1466] FileBodyPart#generateContentType() ignores custom ContentType values. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1453] Thread safety regression in PoolingHttpClientConnectionManager #closeExpiredConnections that can lead to ConcurrentModificationException. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1461] fixed performance degradation in compressed content processing introduced by HTTPCLIENT-1432. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1457] Incorrect handling of Windows (NT) credentials by SystemDefaultCredentialsProvider. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1456] Request retrial after status 503 causes ClientProtocolException. Contributed by Oleg Kalnichevski Release 4.3.2 ------------------- HttpClient 4.3.2 (GA) is a maintenance release that delivers a number of improvements as well as bug fixes for issues reported since 4.3.1 release. SNI support for Oracle JRE 1.7+ is being among the most notable improvements. Users of HttpClient 4.3 are encouraged to upgrade. Changelog: ------------------- * [HTTPCLIENT-1447] Clients created with HttpClients.createMinimal do not work with absolute URIs Contributed by Joseph Walton * [HTTPCLIENT-1446] NTLM proxy + BASIC target auth fails with 'Unexpected state: MSG_TYPE3_GENERATED'. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1443] HttpCache uses the physical host instead of the virtual host as a cache key. Contributed by Francois-Xavier Bonnet * [HTTPCLIENT-1442] Authentication header set by the user gets removed in case of proxy authentication (affects plan HTTP requests only). Contributed by Oleg Kalnichevski * [HTTPCLIENT-1441] Caching AsynchronousValidationRequest leaks connections. Contributed by Dominic Tootell * [HTTPCLIENT-1440] 'file' scheme in redirect location URI causes NPE. Contributed by James Leigh * [HTTPCLIENT-1437] Made Executor#execute thread safe. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1119] SNI support (Oracle Java 1.7+ only). Contributed by Bruno Harbulot * [HTTPCLIENT-1435] Fluent Executor ignores custom request properties. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1432] Lazy decompressing of HttpEntity#getContent() to avoid EOFException in case of an empty response with 'Content-Encoding: gzip' header. Contributed by Yihua Huang * [HTTPCLIENT-1431] (Regression) deprecated connection manager cannot be used with a custom LayeredSchemeSocketFactory. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1425] Fixed socket closed exception thrown by caching HttpClient when the origin server sends a long chunked response. Contributed by James Leigh * [HTTPCLIENT-1417] Fixed NPE in BrowserCompatSpec#formatCookies caused by version 1 cookies with null cookie value. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1416] Fixed NPE in CachingHttpClientBuilder#build(). Contributed by Oleg Kalnichevski Release 4.3.1 ------------------- HttpClient 4.3.1 (GA) is a bug fix release that addresses a number of issues reported since release 4.3. Users of HttpClient 4.3 are strongly encouraged to upgrade. Changelog ------------------- * [HTTPCLIENT-1410] Browser compatible hostname verifier no longer rejects *.co., *.gov., *.info., etc as invalid. Contributed by Oleg Kalnichevski * Ensure X509HostnameVerifier is never null. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1405] CONNECT HTTP/1.1 requests lack mandatory 'Host' header. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1402] Cache default User-Agent value. Contributed by yuexiaojun * [HTTPCLIENT-1398] Fixed invalid OSGi metadata caused by corrupted Maven bundle plugin metadata. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1399] Fixed NPE in RequestBuilder. Contributed by Oleg Kalnichevski Release 4.3 Final ------------------- This is the first stable (GA) release of HttpClient 4.3. The most notable enhancements included in this release are: * Support for Java 7 try-with-resources for resource management (connection release.) * Added fluent Builder classes for HttpEntity, HttpRequest, HttpClient and SSLContext instances. * Deprecation of preference and configuration API based on HttpParams interface in favor of constructor injection and plain configuration objects. * Reliance on object immutability instead of access synchronization for thread safety. Several old classes whose instances can be shared by multiple request exchanges have been replaced by immutable equivalents. * DefaultHttpClient, DecompressingHttpClient, CachingHttpClient and similar classes are deprecated in favor of builder classes that produce immutable HttpClient instances. * HttpClient builders now dynamically construct a request execution pipeline tailored specifically to the user configuration by physically excluding unnecessary protocol components. * There is now an option to construct a minimal HttpClient implementation that can only execute basic HTTP message exchanges without redirects, authentication, state management or proxy support. This feature might be of particular use in web crawler development. * There is now option to avoid strict URI syntax for request URIs by executing HTTP requests with an explicitly specified target host. HttpClient will no longer attempt to parse the request URI if it does not need to extract the target host from it. This release also includes all fixes from the stable 4.2.x release branch. Changelog ------------------- * [HTTPCLIENT-1371] Weak ETag Validation is Useful On PUT With If-Match Contributed by James Leigh * [HTTPCLIENT-1394] Support for Native windows Negotiate/NTLM via JNA Contributed by Ryan McKinley * [HTTPCLIENT-1384] Expose CacheInvalidator interface. Contributed by Nicolas Richeton * [HTTPCLIENT-1385] Fixed path normalization in CacheKeyGenerator Contributed by James Leigh * [HTTPCLIENT-1370] Response to non-GET requests should never be cached with the default ResponseCachingPolicy Contributed by James Leigh * [HTTPCLIENT-1373] OPTIONS and TRACE should not invalidate cache Contributed by James Leigh * [HTTPCLIENT-1383] HttpClient enters an infinite loop during NTLM authentication if the opposite endpoint keeps responding with a type 2 NTLM response after type 3 MTLM message has already been sent by the client. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1372] Refactor HttpMultipart, and add RFC6532 mode, so that headers in post are no longer constrained to ASCII values. Contributed by Karl Wright * [HTTPCLIENT-1377] User principal for non-NTLM authentication is incorrectly generated when using user credentials are specified as NTCredentials Contributed by Gary Gregory Release 4.3 BETA2 ------------------- This is the second BETA release of HttpClient 4.3. The most notable features and improvements in the 4.3 branch are: Support for Java 7 try-with-resources for resource management (connection release); fluent Builder classes for HttpEntity, HttpRequest and HttpClient instances, deprecation of preference and configuration API based on HttpParams interface in favor of constructor injection and plain configuration objects, reliance on object immutability instead of access synchronization for thread safety. This release also includes all fixes from the stable 4.2.x release branch. Changelog ------------------- * [HTTPCLIENT-1366] org.apache.http.client.utils.URLEncodedUtils should parse the semicolon as a query parameter separator. Contributed by Gary Gregory * [HTTPCLIENT-1365] NPE when ManagedHttpClientConnectionFactory.create(ConnectionConfig) is called with null. Contributed by Gary Gregory * [HTTPCLIENT-1362] Better error messages for connect timed out and connection refused exceptions. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1360] separate out DeflateInputStream as an independent class, so it can be used by others. Contributed by Karl Wright * [HTTPCLIENT-1359] repeated requests using the same context fail if they redirect. Contributed by James Leigh * [HTTPCLIENT-1354] do not quote algorithm parameter in DIGEST auth response. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1351] Added utility method to resolve final location from original request, target host and a list of redirects. Contributed by James Leigh * [HTTPCLIENT-1344] Userinfo credentials in URI should not default to preemptive BASIC authentication. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1345] Useinfo credentials ignored in redirect location header. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1294] HttpClient to rewrite host name of the redirect location URI in order to avoid circular redirect exception due to host name case mismatch. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1264] Add support for multiple levels of browser compatibility to BrowserCompatSpec and BrowserCompatSpecFactory. Include constructor argument for IE medium-security compatibility. Contributed by Karl Wright (kwright at apache.org) * [HTTPCLIENT-1349] SSLSocketFactory incorrectly identifies key passed with keystore as the keystore password. Contributed by David Graff * [HTTPCLIENT-1346] Ensure propagation of SSL handshake exceptions. Contributed by Pasi Eronen * [HTTPCLIENT-1343] SSLSocketFactory optional parameters for supported SSL protocols and cipher suites. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1238] Contribute Bundle Activator And Central Proxy Configuration. Contributed by Simone Tripodi * [HTTPCLIENT-1299] (regression) cache incorrectly disposes of the underlying cache resource when storing variant entry. Contributed by James Leigh * [HTTPCLIENT-1342] Redirects with underscore character in the location hostname cause "java.lang.IllegalArgumentException: Host name may not be null". Contributed by Oleg Kalnichevski Release 4.3 BETA1 ------------------- This is the first BETA release of HttpClient 4.3. The 4.3 branch enhances HttpClient in several key areas and includes several notable features and improvements: Support for Java 7 try-with-resources for resource management (connection release); fluent Builder classes for HttpEntity, HttpRequest and HttpClient instances, deprecation of preference and configuration API based on HttpParams interface in favor of constructor injection and plain configuration objects, reliance on object immutability instead of access synchronization for thread safety. This release also includes all fixes from the stable 4.2.x release branch. Changelog ------------------- * [HTTPCLIENT-1317] InetAddressUtils should handle IPv6 Addresses with Embedded IPv4 Addresses Contributed Sebastian Bazley . * [HTTPCLIENT-1320] Leverage javax.net.ssl.SSLSocketFactory#getDefault() to initialize SSL context based on system defaults instead of using an internal custom routine. Contributed by Abe Backus and Oleg Kalnichevski * [HTTPCLIENT-1316] Certificate verification rejects IPv6 addresses which are not String-equal. Contributed Sebastian Bazley . * [HTTPCLIENT-1307] Future based asynchronous request execution. Contributed by Jilles van Gurp * [HTTPCLIENT-1313] Fixed IllegalStateException in deprecated ThreadSafeClientConnManager. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1298] Add AsynchronousValidator in HttpClientBuilder's list of closeable objects. Contributed by Martin Meinhold Release 4.3 ALPHA1 ------------------- This is the first ALPHA release of HttpClient 4.3. The 4.3 branch enhances HttpClient in several key areas and includes several notable features and improvements: Support for Java 7 try-with-resources for resource management (connection release); fluent Builder classes for HttpEntity, HttpRequest and HttpClient instances, deprecation of preference and configuration API based on HttpParams interface in favor of constructor injection and plain configuration objects, reliance on object immutability instead of access synchronization for thread safety. We are kindly asking all upstream projects to review API changes and help us improve the APIs by providing feedback and sharing ideas on dev@hc.apache.org. This release also includes all fixes from the stable 4.2.x release branch. Please note that new features included in this release are still considered experimental and their API may change in the future 4.3 alpha and beta releases. Changelog ------------------- * [HTTPCLIENT-1250] Allow query string to be ignored when determining cacheability for HTTP 1.0 responses. Contributed by Don Brown * [HTTPCLIENT-1261] Make SystemDefaultHttpClient honor http.agent system property. Contributed by Oleg Kalnichevski * [HTTPCLIENT-900] Don't enforce URI syntax for messages with an explicit target host. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1190] HttpClient cache does not support "Vary: Cookie" Contributed by Oleg Kalnichevski * [HTTPCLIENT-1259] Calling #abort() on requests executed with DecompressingHttpClient has no effect. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1253] URIBuilder setParameter() method could exceed the HTTP header size. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1216] Added method to force clean thread-local used by DateUtils. Contributed by Oleg Kalnichevski Release 4.2.3 ------------------- HttpClient 4.2.3 (GA) is a bug fix release that addresses a number of issues reported since release 4.2.2. This release also includes a thoroughly reworked NTLM authentication engine which should result in a better compatibility with the newest Microsoft products. Users of HttpClient 4.x are advised to upgrade. Changelog ------------------- * [HTTPCLIENT-1296] NPE gets thrown if you combine a default host with a virtual host that has a -1 value for the port. Contributed by Karl Wright * [HTTPCLIENT-1290] 304 cached response never reused with If-modified-since conditional requests. Contributed by Francois-Xavier Bonnet * [HTTPCLIENT-1291] Absolute request URIs without an explicitly specified path are rewritten to have "/" path). Contributed by Oleg Kalnichevski * [HTTPCLIENT-1286] Request URI rewriting is inconsistent - URI fragments are not removed from absolute request URIs. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1284] HttpClient incorrectly generates Host header when physical connection route differs from the host name specified in the request URI. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1293] Kerberos and SPNego auth schemes use incorrect authorization header name when authenticating with a proxy. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1283] NTLM needs to use Locale-independent form of toUpperCase(). Contributed by Karl Wright * [HTTPCLIENT-1279] Target host responding with status 407 (proxy authentication required) causes an NPE. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1281] GzipDecompressingEntity does not release InputStream when an IOException occurs while reading the Gzip header Contributed by Francois-Xavier Bonnet * [HTTPCLIENT-1277] Caching client sends a 304 to an unconditional request. Contributed by Francois-Xavier Bonnet * [HTTPCLIENT-1278] Update NTLM documentation. Contributed by Karl Wright * SystemDefaultHttpClient misinterprets 'http.keepAlive' default value and disables connection persistence if the system property is not set. This causes connection based authentication schemes such as NTLM to fail. * [HTTPCLIENT-1276] cache update on a 304 response causes NPE. Contributed by Francois-Xavier Bonnet * [HTTPCLIENT-1273] DecompressingHttpClient does not automatically consume response content in case of an i/o, HTTP or runtime exception thrown by the decompressing protocol interceptor leading to a potential connection leak. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1268] NTLM engine refactor fix, to correct a buffer overrun, and get NTLMv2 flags right. Contributed by Karl Wright * [HTTPCLIENT-1266] NTLM engine refactoring and compatibility improvements. Contributed by Karl Wright * [HTTPCLIENT-1263] BrowserCompatSpec: attribute values containing spaces or special characters should be enclosed with quotes marks for version 1 cookies. Contributed by Francois-Xavier Bonnet * [HTTPCLIENT-1263] CachingHttpClient fails to release connections back to the connection manager for some type of HTTP response messages when used together with DecompressingHttpClient. Contributed by Francois-Xavier Bonnet * [HTTPCLIENT-1258] Fixed NullPointerException in NTLMEngineImpl caused by null NT domain attribute. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1254] Redirect with underscore in hostname causes ProtocolException. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1255] AbstractVerifier incorrectly parses certificate CN containing wildcard. Contributed by Oleg Kalnichevski Release 4.2.2 ------------------- HttpClient 4.2.2 (GA) is a bug fix release that addresses a number of issues reported since release 4.2.1. Users of HttpClient 4.2 are advised to upgrade. Changelog ------------------- * [HTTPCLIENT-1248] Default and lax redirect strategies should not convert requests redirected with 307 status to GET method. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1215] BasicAuthCache does not take default ports into consideration when looking up cached authentication details by HttpHost key. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1241] (regression) Preemptive BASIC authentication failure should be considered final and no further attempts to re-authenticate using the same credentials should be made. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1229] Fixed NPE in BasicClientConnectionManager that can be triggered by releasing connection after the connection manager has already been shut down. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1227] Date parsing in DateUtils made more efficient. Contributed by Patrick Linskey * [HTTPCLIENT-1224] (regression) NTLM auth not retried after a redirect over a non-persistent connection. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1223] Cache could be more aggressive on cache invalidations from Content-Location. Contributed by Jon Moore . Contributed by Jon Moore * [HTTPCLIENT-1217] AutoRetryHttpClient does not release connection used by the previous response when request is retried Contributed by Oleg Kalnichevski Release 4.2.1 ------------------- HttpClient 4.2.1 (GA) is a bug fix release that addresses a number of issues reported since release 4.2. Users of HttpClient 4.2 are advised to upgrade. Changelog ------------------- * [HTTPCLIENT-1209] Redirect URIs are now normalized. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1202] ResponseCachingPolicy should honor explicit cache-control directives for other status codes Contributed by Jon Moore * [HTTPCLIENT-1199] DecompressingHttpClient strips content from entity enclosing requests Contributed by Oleg Kalnichevski * [HTTPCLIENT-1198] HttpHost is not set in HttpContext in CachingHttpClient. Contributed by Jon Moore * [HTTPCLIENT-1200] DecompressingHttpClient fails to generate correct HttpHost context attribute. Contributed by Guillaume Castagnino * [HTTPCLIENT-1192] URIBuilder encodes query parameters twice. Contributed by Oleg Kalnichevski and Sebastian Bazley . * [HTTPCLIENT-1196] Fixed NPE in UrlEncodedFormEntity constructor thrown if charset is null. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1193] Fixed regression in the route tracking logic of the default connection manager causing cross-site redirect failures. Contributed by Oleg Kalnichevski Release 4.2 ------------------- This is the first stable (GA) release of HttpClient 4.2. The most notable enhancements included in this release are: * New facade API for HttpClient based on the concept of a fluent interface. The fluent API exposes only the most fundamental functions of HttpClient and is intended for relatively simple use cases that do not require the full flexibility of HttpClient. However, the fluent API almost fully relieves the users from having to deal with connection management and resource deallocation. * Redesigned and rewritten connection management code. * Enhanced HTTP authentication API that enables HttpClient to handle more complex authentication scenarios. HttpClient 4.2 is now capable of making use of multiple authentication challenges and retry authentication with a fall-back scheme in case the primary one fails. This can be important for compatibility with Microsoft products that are often configured to use SPNEGO/Kerberos as the preferred authentication scheme. Changelog ------------------- * [HTTPCLIENT-1187] If a revalidation response is deemed too old CachingHttpClient fails to consume its content resulting in a connection leak. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1186] State of newly created connections in the connection pool is not always correctly updated potentially allowing those connections to be leased to users with a different security context. Contributed by Ralf Poehlmann * [HTTPCLIENT-1179] Upgraded Commons Codec dependency to version 1.6 Contributed by Oleg Kalnichevski * [HTTPCLIENT-1177] always remove fragments from request URIs Contributed by Oleg Kalnichevski Incompatible changes -------------------- [Compared to release version 4.1.3] The following fields have been deprecated for some time now and have been deleted: org.apache.http.client.params.ClientPNames#CONNECTION_MANAGER_FACTORY org.apache.http.impl.cookie.BrowserCompatSpec#DATE_PATTERNS The following methods have been deprecated for some time now and have been deleted: org.apache.http.client.params.ClientParamBean#setConnectionManagerFactory(org.apache.http.conn.ClientConnectionManagerFactory) org.apache.http.client.protocol.ClientContextConfigurer#setAuthSchemePref(java.util.List) org.apache.http.entity.mime.content.FileBody#writeTo(java.io.OutputStream, int) org.apache.http.entity.mime.content.InputStreamBody#writeTo(java.io.OutputStream, int) org.apache.http.entity.mime.content.StringBody#writeTo(java.io.OutputStream, int) The following classes have been deprecated for some while now and have been deleted: org.apache.http.impl.conn.tsccm.RefQueueHandler org.apache.http.impl.conn.tsccm.AbstractConnPool no longer implements interface org.apache.http.impl.conn.tsccm.RefQueueHandler org.apache.http.impl.conn.tsccm.ConnPoolByRoute no longer implements interface org.apache.http.impl.conn.tsccm.RefQueueHandler org.apache.http.impl.conn.tsccm.RefQueueWorker Release 4.2 BETA1 ------------------- This is the first BETA release of HttpClient 4.2. This release completes development of several notable enhancements in HttpClient: * New facade API for HttpClient based on the concept of a fluent interface. The fluent API exposes only the most fundamental functions of HttpClient and is intended for relatively simple use cases that do not require the full flexibility of HttpClient. However, the fluent API almost fully relieves the users from having to deal with connection management and resource deallocation. * Redesigned and rewritten connection management code. As of release 4.2 HttpClient will be using pooling connection manager per default. * Enhanced HTTP authentication API that enables HttpClient to handle more complex authentication scenarios. HttpClient 4.2 is now capable of making use of multiple authentication challenges and retry authentication with a fall-back scheme in case the primary one fails. This can be important for compatibility with Microsoft products that are often configured to use SPNEGO/Kerberos as the preferred authentication scheme. Changelog ------------------- * [HTTPCLIENT-1164] Compressed entities are not being cached properly. Contributed by Jon Moore . * [HTTPCLIENT-1154] MemcachedHttpCacheStorage should allow client to specify custom prefix string for keys. Contributed by Jon Moore . * [HTTPCLIENT-1153] MemcachedHttpCacheStorage uses URL as cache key; shouldn't due to fixed maximum-length memcached keys. Contributed by Jon Moore . * [HTTPCLIENT-1157] MemcachedHttpCacheStroage should throw IOExceptions instead of RuntimeExceptions. Contributed by James Miller . * [HTTPCLIENT-1152] MemcachedHttpCacheStorage should verify class of returned object before casting. Contributed by Rajika Kumarasiri . * [HTTPCLIENT-1155] CachingHttpClient fails to ensure that the response content gets fully consumed when using a ResponseHandler, which can potentially lead to connection leaks. Contributed by James Miller * [HTTPCLIENT-1147] When HttpClient-Cache cannot open cache file, should act like miss. Contributed by Joe Campbell * [HTTPCLIENT-1137] Values for the Via header are cached and reused by httpclient-cache. Contributed by Alin Vasile * [HTTPCLIENT-1142] Infinite loop on NTLM authentication failure. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1143] CachingHttpClient leaks connections with stale-if-error. Contributed by James Miller Release 4.2 ALPHA1 ------------------- This is the first ALPHA release of HttpClient 4.2. The 4.2 branch enhances HttpClient in several key areas and includes several notable features and improvements: * New facade API for HttpClient based on the concept of a fluent interface. The fluent API exposes only the most fundamental functions of HttpClient and is intended for relatively simple use cases that do not require the full flexibility of HttpClient. However, the fluent API almost fully relieves the users from having to deal with connection management and resource deallocation. * Redesigned and rewritten connection management code. As of release 4.2 HttpClient will be using pooling connection manager per default. * Enhanced HTTP authentication API that enables HttpClient to handle more complex authentication scenarios. HttpClient 4.2 is now capable of making use of multiple authentication challenges and retry authentication with a fall-back scheme in case the primary one fails. This can be important for compatibility with Microsoft products that are often configured to use SPNEGO/Kerberos as the preferred authentication scheme. Please note that new features included in this release are still considered experimental and their API may change in the future ALPHA releases. Changelog ------------------- * [HTTPCLIENT-1128] SystemDefaultHttpClient (HttpClient implementation initialized using system properties). Contributed by Oleg Kalnichevski * [HTTPCLIENT-1135] RandomAccessFile mode 'w' used by HttpClientCache is not valid. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1131] HttpClient to authenticate preemptively using BASIC scheme if a userinfo attribute is specified in the request URI. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1134] make BasicResponseHandler consume response content in case of an unsuccessful result (status code >= 300). Contributed by Oleg Kalnichevski * [HTTPCLIENT-1132] ProxyClient implementation. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1127] fixed dead-lock between SingleClientConnManager and AbstractPooledConnAdapter. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1107] Auth framework redesign. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1116] ResponseCachingPolicy uses integers for sizes Contributed by Greg Bowyer * [HTTPCLIENT-1123] Support for pluggable DNS resolvers. Contributed by Alin Vasile * [HTTPCLIENT-1120] DefaultHttpRequestRetryHandler#retryRequest should not retry aborted requests. Contributed by Alin Vasile * Support for auth-int qop (quality of protection) option in Digest auth scheme. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1076] Fluent facade API (Google summer of code 2011 project). Contributed by Xu Lilu * UriBuilder implementation. Contributed by Xu Lilu * Redesign of connection management classes based on new pooling components from HttpCore. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1111] Added #prepareSocket method to SSLSocketFactory. Contributed by Pasi Eronen * Added #reset() and #releaseConnection() methods to HttpRequestBase. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1105] AutoRetryHttpClient: built-in way to do auto-retry for certain status codes. Contributed by Dan Checkoway * [HTTPCLIENT-1094] Digest auth scheme refactoring. Contributed by Oleg Kalnichevski * Lax implementation of RedirectStrategy. Contributed by Bartosz Firyn * [HTTPCLIENT-1044] HttpRequestRetryHandler implementation compliant with the definition of idempotent methods given in the RFC 2616. Contributed by Oleg Kalnichevski Release 4.1.2 ------------------- The HttpClient 4.1.2 is a bug fix release that addresses a number of non-critical issues reported since release 4.1.1. * [HTTPCLIENT-1100] Missing Content-Length header makes cached entry invalid Contributed by Bart Robeyns * [HTTPCLIENT-1098] Avoid expensive reverse DNS lookup on connect timeout exception. Contributed by Thomas Boettcher * [HTTPCLIENT-1097] BrowserCompatHostnameVerifier and StrictHostnameVerifier should handle wildcards in SSL certificates better. Contributed by Sebastian Bazley * [HTTPCLIENT-1092] If ClientPNames.VIRTUAL_HOST does not provide the port, derive it from the current request. Contributed by Sebastian Bazley * [HTTPCLIENT-1087] NTLM proxy authentication fails on retry if the underlying connection is closed as a result of a target authentication failure. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1079] Fixed Kerberos cross-realm support Contributed by Michael Osipov <1983-01-06 at gmx.net> * [HTTPCLIENT-1078] Decompressing entities (DeflateDecompressingEntity, GzipDecompressingEntity) do not close content stream in #writeTo() method. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1075] Decompressing entities (DeflateDecompressingEntity, GzipDecompressingEntity) do not correctly handle content streaming. Contributed by James Abley * [HTTPCLIENT-1051] Avoid reverse DNS lookups when opening SSL connections by IP address. Contributed by Oleg Kalnichevski Release 4.1.1 ------------------- HttpClient v4.1.1 is a bug fix release that addresses a number of issues reported since release 4.1, including one critical security issue (HTTPCLIENT-1061). All users of HttpClient 4.0.x and 4.1 are strongly encouraged to upgrade. * [HTTPCLIENT-1069] HttpHostConnectException not correctly retried for direct and non-tunnelled proxy connections. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1066] Changed the way URIUtils#rewriteURI handles multiple consecutive slashes in the URI path component: multiple leading slashes will be replaced by one slash in order to avoid confusion with the authority component. The remaining content of the path will not be modified. (also see HTTPCLIENT-929). Contributed by Oleg Kalnichevski * [HTTPCLIENT-1061] Fixed critical bug causing Proxy-Authorization header to be sent to the target host when tunneling requests through a proxy server that requires authentication. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1056] Fixed bug causing the RequestAuthCache protocol interceptor to generate an invalid AuthScope instance when looking up user credentials for preemptive authentication. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1053] Fixed the way DigestScheme generates nonce-count values. Contributed by Oleg Kalnichevski Release 4.1 ------------------- The HttpClient 4.1 release builds upon the stable foundation laid by HttpClient 4.0 and adds several functional improvements and popular features. * Response caching conditionally compliant with HTTP/1.1 specification (full compliance with MUST requirements, partial compliance with SHOULD requirements) * Full support for NTLMv1, NTLMv2, and NTLM2 Session authentication. The NTLM protocol code was kindly contributed by the Lucene Connector Framework project. * Support for SPNEGO/Kerberos authentication. * Persistence of authentication data between request executions within the same execution context. * Support for preemptive authentication for BASIC and DIGEST schemes. * Support for transparent content encoding. Please note transparent content encoding is not enabled per default in order to avoid conflicts with already existing custom content encoding solutions. * Mechanism to bypass the standard certificate trust verification (useful when dealing with self-signed certificates). * Simplified configuration for connection managers. * Transparent support for host multihoming. IMPORTANT: please note that the HttpClient 3.x branch is now officially END OF LIFE and is no longer maintained and supported by the Apache HttpComponents project. Changelog ------------------- * The public API for the caching module had a minor change between 4.1-beta and 4.1-GA to the HttpCacheEntry class - the deprecated public Set getVariantURIs() method and constructor public HttpCacheEntry(Date requestDate, Date responseDate, StatusLine statusLine, Header[] responseHeaders, Resource resource, Set variants) were both removed. This will not affect you unless you are implementing new storage backends that use the deprecated code and/or are implementing custom serializers for cache entries. * Changed Browser-Compatibility and Best-Match cookie policies to emulate the behaviour of FireFox more closely when parsing Netscape style cookies. Comma will no longer be treated as a header element separator if Set-Cookie does not contain a Version attribute mandated by the RFC2109 / RFC 2965 cookie specifications. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1036] StringBody has incorrect default for characterset. (Default changed to US-ASCII) Contributed by Sebastian Bazley * [HTTPCLIENT-975] Support stale-if-error and stale-while-revalidate extension directive (RFC5861). Contributed by Mohammed Azeem Uddin , Michajlo Matijkiw , and Matthew Hawthorne . * [HTTPCLIENT-1033] HttpRoute.equals(Object o) is quite inefficient, as it does not take full advantage of shortcut logic. Contributed by Sebastian Bazley * [HTTPCLIENT-1030] Implement "ignoreCookies" CookieSpec Contributed by Sebastian Bazley Release 4.1 BETA1 ------------------- HttpClient 4.1 BETA1 finalizes the 4.1 API and brings a number of major improvements to the HTTP caching module. This release also adds full support for NTLMv1, NTLMv2, and NTLM2 Session authentication. The NTLM protocol code was kindly contributed by the Lucene Connector Framework project. Changelog ------------------- * [HTTPCLIENT-1015] Support only-if-cached directive. Contributed by Michajlo Matijkiw * [HTTPCLIENT-990] Allow heuristic freshness caching. Contributed by Michajlo Matijkiw * [HTTPCLIENT-919] Support for NTLMv1, NTLMv2, and NTLM2 Session authentication. Contributed by Karl Wright * [HTTPCLIENT-1008] Send all variants' ETags on "variant miss". Contributed by Michajlo Matijkiw and Mohammed Azeem Uddin * [HTTPCLIENT-1011] Handling of IOExceptions thrown by cache components. Contributed by Jonathan Moore * [HTTPCLIENT-1003] Handle conditional requests in cache. Contributed by Michajlo Matijkiw and Mohammed Azeem Uddin * [HTTPCLIENT-1002] Stale connection check fails if wire logging is on. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1000] Maximum connection lifetimes settings for ThreadSafeClientConnManager. Contributed by Michajlo Matijkiw * [HTTPCLIENT-960] HttpMultipart doesn't generate Content-Type header for binary parts in BROWSER_COMPATIBLE mode. Contributed by Oleg Kalnichevski * [HTTPCLIENT-998] Cache should use both Last-Modified and ETag for validations when available. Contributed by Jonathan Moore * [HTTPCLIENT-997] Cache module should handle out-of-order validations properly and unconditionally refresh. Contributed by Jonathan Moore * [HTTPCLIENT-994] Cache does not allow client to override origin-specified freshness using max-stale. Contributed by Jonathan Moore * [HTTPCLIENT-995] Cache returns cached responses even if validators not consistent with all conditional headers. Contributed by Jonathan Moore * [HTTPCLIENT-977] Memcached implementation for HttpCache. Contributed by Mohammed Azeem Uddin * [HTTPCLIENT-992] cache should not generate stale responses to requests explicitly requesting first-hand or fresh ones. Contributed by Jonathan Moore * [HTTPCLIENT-991] cache module produces improperly formatted Warning header when revalidation fails. Contributed by Jonathan Moore * [HTTPCLIENT-989] DefaultHttpRequestRetryHandler no longer retries non-idempotent http methods if NoHttpResponseException is thrown. Contributed by Oleg Kalnichevski * [HTTPCLIENT-988] Cache module should strip 'Content-Encoding: identity' from responses Contributed by Jonathan Moore * [HTTPCLIENT-987] cache module does not recognize equivalent URIs. Contributed by Jonathan Moore * [HTTPCLIENT-986] cache module does not completely handle upstream Warning headers correctly Contributed by Jonathan Moore * [HTTPCLIENT-985] cache module should populate Via header to capture upstream and downstream protocols Contributed by Jonathan Moore * [HTTPCLIENT-984] Additional conditional compliance tests for the caching module for Content-Encoding, Content-Location, Date, Expires, Server, Transfer-Encoding, and Vary headers. Contributed by Jonathan Moore * [HTTPCLIENT-978] HTTP cache update exception handling Contributed by Michajlo Matijkiw * [HTTPCLIENT-981] CachingHttpClient returns a 411 respones when executing a POST (HttpPost) request. Contributed by Joe Campbell * [HTTPCLIENT-980] CachingHttpClient returns a 503 response when the backend HttpClient produces an IOException. Contributed by Jonathan Moore * [HTTPCLIENT-978] Ehcache based HTTP cache implementation Contributed by Michajlo Matijkiw * [HTTPCLIENT-967] support for non-shared (private) caches Contributed by Jonathan Moore * [HTTPCLIENT-969] BasicCookieStore#getCookies() to return a copy of Cookie list Contributed by David Smiley * [HTTPCLIENT-965] Fixed problem with cache not honoring must-revalidate or proxy-revalidate Cache-Control directives. Contributed by Jonathan Moore * [HTTPCLIENT-964] 'no-cache' directives with field names are no longer transmitted downstream. Contributed by Jonathan Moore * [HTTPCLIENT-963] Fixed handling of 'Cache-Control: no-store' on requests. Contributed by Jonathan Moore * [HTTPCLIENT-962] Fixed handling of Authorization headers in shared cache mode. Contributed by Jonathan Moore * [HTTPCLIENT-961] Not all applicable URIs are invalidated on PUT/POST/DELETEs that pass through client cache. Contributed by Jonathan Moore * [HTTPCLIENT-958] Client cache no longer allows incomplete responses to be passed on to the client. Contributed by Jonathan Moore * [HTTPCLIENT-951] Non-repeatable entity enclosing requests are not correctly retried when 'expect-continue' handshake is active. Contributed by Oleg Kalnichevski * [HTTPCLIENT-948] In rare circumstances the idle connection handling code can leave closed connections in a inconsistent state. Contributed by Oleg Kalnichevski * [HTTPCLIENT-953] IllegalStateException thrown by RouteSpecificPool. Contributed by Guillaume * [HTTPCLIENT-952] Trust store parameter is ignored by SSLSocketFactory (affects version 4.1-alpha2 only) Contributed by Oleg Kalnichevski * [HTTPCLIENT-937] CacheEntry made immutable; now uses immutable HttpEntity to store cached content. Contributed by David Mays and Oleg Kalnichevski Release 4.1 ALPHA2 ------------------- HttpClient 4.1 ALPHA2 fixes a number of non-severe bugs discovered since the last release and introduces support for two frequently requested features: * HTTP/1.1 response caching * transparent support for host multihoming * a mechanism to bypass the standard certificate trust verification (useful when dealing with self-signed certificates) Compatibility notes ------------------- (1) Please note the HTTP caching module is still considered experimental and its API may change significantly in the future releases. (2) This release eliminates Mime4J as a dependency for the HttpMime module. HttpMime is no longer binary compatible with the previous releases. Full API and binary compatibility between minor versions of HttpMime will be maintained as of 4.1 GA release. Changelog ------------------- * [HTTPCLIENT-936] Fixed bug causing NPE or an infinite loop in the authentication code in case of a SPNEGO authentication failure. Contributed by Oleg Kalnichevski * [HTTPCLIENT-427] HTTP caching support Contributed by Joe Campbell, David Cleaver, David Mays, Jon Moore, Brad Spenla * Dropped dependency on Mime4j for HttpMime. Contributed by Oleg Kalnichevski * Extended SSLSocketFactory with a mechanism to bypass the standard certificate trust verification (primarily to simplify dealing with self-signed certificates) Contributed by Oleg Kalnichevski * [HTTPCLIENT-898] Improved support for host multihoming Contributed by Oleg Kalnichevski * [HTTPCLIENT-916] UsernamePasswordCredentials, NTUserPrincipal, BasicClientCookie, BasicClientCookie2 and BasicCookieStore made Serializable. Contributed by Oleg Kalnichevski * [HTTPCLIENT-914] Upgraded Commons Codec dependency to version 1.4 Contributed by Oleg Kalnichevski * [HTTPCLIENT-903] Use ConcurrentHashMap instead of [Linked]HashMap for thread-safety. Improve performance of AuthSchemeRegistry, CookieSpecRegistry and SchemeRegistry classes. Contributed by Sebastian Bazley * [HTTPCLIENT-902] HttpRequestRetryHandler not called on I/O exceptions thrown when opening a new connection. Contributed by Olivier Lamy and Oleg Kalnichevski Release 4.1 ALPHA1 ------------------- HttpClient 4.1 ALPHA1 builds on the stable 4.0 release and adds several functionality improvements and new features. * Simplified configuration of connection managers. * Persistence of authentication data between request executions within the same execution context. * Support for SPNEGO/Kerberos authentication scheme * Support for transparent content encoding. Please note transparent content encoding is not enabled per default in order to avoid conflicts with already existing custom content encoding solutions. * 5 to 10% performance increase due to elimination of unnecessary Log object lookups by short-lived components. Please note all methods and classes added in this release and marked as 4.1 are API unstable and can change in the future 4.1 ALPHA releases. Changelog ------------------- * [HTTPCLIENT-889] 'expect: continue' handshake disabled per default. Contributed by Oleg Kalnichevski * [HTTPCLIENT-862] Extended client's redirect handling interface to allow control of the content of the redirect. Contributed by Oleg Kalnichevski * [HTTPCLIENT-872] HttpClient can now persist authentication data between request executions as long as they share the same execution context. It has also become much easier to make HttpClient authenticate preemptively by pre-populating authentication data cache. Contributed by Oleg Kalnichevski * [HTTPCLIENT-883] SO_TIMEOUT is not reset on persistent (re-used) connections. Contributed by Oleg Kalnichevski * [HTTPCLIENT-832] Distinguish cookie format errors from violations of restrictions imposed by a cookie specification. In the latter case CookieRestrictionViolationException will be thrown. Contributed by Oleg Kalnichevski * [HTTPCLIENT-523] Support for SPNEGO authentication scheme. Contributed by Matthew Stevenson * Simplified configuration of connection managers. Total connection maximum and maximum connection per route limits can be set using methods of the class instead of HTTP parameters. Contributed by Oleg Kalnichevski * Added parameters to define the order of preference for supported auth schemes for target host and proxy authentication. Contributed by Oleg Kalnichevski * [HTTPCLIENT-875] DefaultClientConnectionOperator#openConnection doesn't update the connection state if the connection socket changed after the call to SocketFactory#connectSocket(). Contributed by Oleg Kalnichevski * [HTTPCLIENT-834] Transparent content encoding support. Contributed by James Abley Release 4.0.1 ------------------- This is a bug fix release that addresses a number of issues discovered since the previous stable release. None of the fixed bugs is considered critical. Most notably this release eliminates eliminates dependency on JCIP annotations. This release is also expected to improve performance by 5 to 10% due to elimination of unnecessary Log object lookups by short-lived components. Changelog ------------------- * [HTTPCLIENT-895] Eliminated Log lookups in short lived objects impairing performance. Contributed by Oleg Kalnichevski * [HTTPCLIENT-885] URLEncodedUtils now correctly parses form-url-encoded entities that specify a charset. Contributed by Oleg Kalnichevski * [HTTPCLIENT-884] UrlEncodedFormEntity now sets charset on the Content-Type header. Contributed by Jared Jacobs * [HTTPCLIENT-883] SO_TIMEOUT is not reset on persistent (re-used) connections. Contributed by Oleg Kalnichevski * [HTTPCLIENT-882] Auth state is now correctly updated if a successful NTLM authentication results in a redirect. This is a minor bug as HttpClient manages to recover from the problem automatically. Contributed by Oleg Kalnichevski * [HTTPCLIENT-881] Fixed race condition in AbstractClientConnAdapter that makes it possible for an aborted connection to be returned to the pool. Contributed by Tim Boemker and Oleg Kalnichevski * [HTTPCLIENT-866] Removed dependency on jcip-annotations.jar. Contributed by Oleg Kalnichevski and Sebastian Bazley Release 4.0 ------------------- HttpClient 4.0 represents a complete, ground-up redesign and almost a complete rewrite of the HttpClient 3.x codeline. This release finally addresses several design flaws that existed since the 1.0 release and could not be fixed without a major code overhaul and breaking API compatibility. Architectural changes --------------------- * Redesign of the HttpClient internals addressing all known major architectural shortcomings of the 3.x codeline. * Cleaner, more flexible and expressive API. * More modular structure. * Better performance and smaller memory footprint due to a more efficient HTTP transport based on HttpCore. * Implementation of cross-cutting HTTP protocol aspects through protocol interceptors. * Improved connection management, better handling of persistent connections, support for stateful connections * Pluggable redirect and authentication handlers. * Improved support for sending requests via a proxy or a chain of proxies * More flexible SSL context customization * Reduced intermediate garbage in the process of generating HTTP requests and parsing HTTP responses Important notes ------------------- * Future releases of HttpMime module may be binary incompatible with this release due to possible API changes in Apache Mime4J. Apache Mime4J is still being actively developed and its API is considered unstable. * HttpClient 4.0 is not fully binary compatible with 4.0 BETA1 release. Some protected variables in connection management class have been made final in order to help ensure their thread safety: org.apache.http.conn.BasicEofSensorWatcher#attemptReuse org.apache.http.conn.BasicEofSensorWatcher#managedConn org.apache.http.impl.conn.DefaultClientConnectionOperator#schemeRegistry org.apache.http.impl.conn.DefaultHttpRoutePlanner#schemeRegistry org.apache.http.impl.conn.ProxySelectorRoutePlanner#schemeRegistry org.apache.http.impl.conn.SingleClientConnManager#alwaysShutDown org.apache.http.impl.conn.SingleClientConnManager#connOperator org.apache.http.impl.conn.SingleClientConnManager#schemeRegistry org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager#connOperator org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager#schemeRegistry Bug fixes since 4.0 BETA2 release ------------------- * [HTTPCLIENT-861] URIUtils#resolve is now compatible with all examples given in RFC 3986. Contributed by Johannes Koch * [HTTPCLIENT-860] HttpClient no longer converts redirects of PUT/POST to GET for status codes 301, 302, 307, as required by the HTTP spec. Contributed by Oleg Kalnichevski * [HTTPCLIENT-859] CookieIdentityComparator now takes path attribute into consideration when comparing cookies. Contributed by Oleg Kalnichevski * HttpClient will no longer send expired cookies back to the origin server. Contributed by Oleg Kalnichevski * [HTTPCLIENT-856] Proxy NTLM authentication no longer fails on a redirect to a different host. Contributed by Oleg Kalnichevski * [HTTPCLIENT-841] Removed automatic connection release using garbage collection due to a memory leak. Contributed by Oleg Kalnichevski * [HTTPCLIENT-853] Fixed bug causing invalid cookie origin port to be selected when the target is accessed on the default port and the connection is established via a proxy. Contributed by Oleg Kalnichevski * [HTTPCLIENT-852] Fixed bug causing automatically retried redirects fail with CircularRedirectException. Contributed by Oleg Kalnichevski * Fixed problem with the default HTTP response parser failing to handle garbage preceding a valid HTTP response. Contributed by Oleg Kalnichevski * NonRepeatableRequestExceptions now include the cause that the original request failed. Contributed by Sam Berlin * [HTTPCLIENT-837] Fixed problem with the wire log skipping zero byte values if read one byte at a time. Contributed by Kirill Safonov * [HTTPCLIENT-823] 'http.conn-manager.max-total' parameter can be adjusted dynamically. However, the size of existing connection pools per route, once allocated, will not be adjusted. Contributed by Oleg Kalnichevski * [HTTPCLIENT-822] Default socket factories to rethrow SocketTimeoutException as ConnectTimeoutException in case of connect failure due to a time out. Contributed by Oleg Kalnichevski * [HTTPCLIENT-813] Fixed default port resolution. Invalid ports no longer get replaced with the default port value. Contributed by Oleg Kalnichevski Release 4.0 beta 2 ------------------- BETA2 is a maintenance release, which addresses a number of issues discovered since the previous release. The only significant new feature is an addition of an OSGi compliant bundle combining HttpClient and HttpMime jars. All upstream projects are strongly encouraged to upgrade. * Fixed NPE in DefaultRequestDirector thrown when retrying a failed request over a proxied connection. Contributed by Oleg Kalnichevski * [HTTPCLIENT-803] Fixed bug in SSL host verifier implementations causing the SSL certificate to be rejected as invalid if the connection is established using an IP address. Contributed by Oleg Kalnichevski * [HTTPCLIENT-806] DefaultHttpMethodRetryHandler will no longer retry on ConnectExceptions. Contributed by Oleg Kalnichevski * DigestScheme can use an arbitrary digest algorithm requested by the target server (such as SHA) as long as this algorithm is supported by the Java runtime. Contributed by Oleg Kalnichevski * Fixed parsing and validation of RFC2109 compliant Set-Cookie headers by the Best-Match cookie spec. Contributed by Oleg Kalnichevski * Fixed bug that can cause a managed connection to be returned from the pool in an inconsistent state. Contributed by Oleg Kalnichevski 4.0 Beta 1 ------------------- BETA1 release brings yet another round of API enhancements and improvements in the area of connection management. Among the most notable ones is the capability to handle stateful connections such as persistent NTLM connections and private key authenticated SSL connections. This is the first API stable release of HttpClient 4.0. All further releases in the 4.0 code line will maintain API compatibility with this release. There has been a number of important bug fixes since ALPHA4. All upstream projects are encouraged to upgrade to the latest release. Please note HttpClient currently provides only limited support for NTLM authentication. For details please see NTLM_SUPPORT.txt. ------------------- Changelog: ------------------- * [HTTPCLIENT-790] Protocol interceptors are now correctly invoked when executing CONNECT methods. Contributed by Oleg Kalnichevski * [HTTPCLIENT-668] Do not use static loggers. Contributed by Oleg Kalnichevski * [HTTPCLIENT-781] Respect Keep-Alive header's timeout value. Contributed by Sam Berlin * [HTTPCLIENT-779] Top-level classes (HttpClient, and HttpGet, HttpPut and similar HttpMethods) throw fewer checked exceptions. Contributed by Sam Berlin * HttpClient will throw an exception if an attempt is made to retry a request with a non-repeatable request entity. Contributed by Oleg Kalnichevski * Fixed request re-generation logic when retrying a failed request. Auto-generated headers will no accumulate. Contributed by Oleg Kalnichevski * [HTTPCLIENT-424] Preemptive authentication no longer limited to BASIC scheme only. HttpClient can be customized to authenticate preemptively with DIGEST scheme. Contributed by Oleg Kalnichevski * [HTTPCLIENT-670] Pluggable hostname resolver. Contributed by Oleg Kalnichevski * [HTTPCLIENT-719] Clone support for HTTP request and cookie objects. Contributed by Oleg Kalnichevski * [HTTPCLIENT-776] Fixed concurrency issues with AbstractPoolEntry. Contributed by Sam Berlin * Resolved a long standing problem with HttpClient not taking into account the user context when pooling / re-using connections. HttpClient now correctly handles stateful / user specific connections such as persistent NTLM connections and SSL connections with client side authentication. Contributed by Oleg Kalnichevski * [HTTPCLIENT-773] Improved handling of the 'expires' attribute by the 'Best Match' cookie spec. Contributed by Oleg Kalnichevski * Partial NTLM support (requires an external NTLM engine). For details see NTLM_SUPPORT.txt Contributed by Oleg Kalnichevski * Redesigned local execution context management. Contributed by Oleg Kalnichevski -------------------------------------- Release 4.0 Alpha 4 ------------------- ALPHA4 marks the completion of the overhaul of the connection management code in HttpClient. All known shortcomings of the old HttpClient 3.x connection management API have been addressed. NTLM authentication remains the only missing major feature in the new codeline that prevents us from moving awards the API freeze. There has been a number of important bug fixes since ALPHA3. All upstream projects are encouraged to upgrade to the latest release. ------------------- HttpClient 3.x features that have NOT yet been ported: ------------------- * NTLM authentication scheme ------------------- Changelog: ------------------- * [HTTPCLIENT-765] String.toLowerCase() / toUpperCase() should specify Locale.ENGLISH Contributed by Sebastian Bazley * [HTTPCLIENT-769] Do not pool connection marked non-reusable. Contributed by Oleg Kalnichevski * [HTTPCLIENT-763] Fixed problem with AbstractClientConnAdapter#abortConnection() not releasing the connection if called from the main execution thread while there is no blocking I/O operation. Contributed by Oleg Kalnichevski * [HTTPCLIENT-652] Added optional state attribute to managed client connections. This enables connection managers to correctly handle stateful connections. Contributed by Oleg Kalnichevski * [HTTPCLIENT-673] Revised max connections per route configuration Contributed by Oleg Kalnichevski * [HTTPCLIENT-753] Class Scheme and related classes moved to a separate package Contributed by Oleg Kalnichevski * [HTTPCLIENT-757] Improved request wrapping in the DefaultClientRequestDirector. This also fixed the problem with the default proxy set at the client level having no effect. Contributed by Oleg Kalnichevski * [HTTPCLIENT-734] Request abort will unblock the thread waiting for a connection Contributed by Sam Berlin * [HTTPCLIENT-759] Ensure release of connections back to the connection manager on exceptions. Contributed by Sam Berlin * [HTTPCLIENT-758] Fixed the use of generics in AbstractHttpClient #removeRequestInterceptorByClass and #removeResponseInterceptorByClass Contributed by Johannes Koch * [HTTPCLIENT-749] HttpParams beans Contributed by Stojce Dimski * [HTTPCLIENT-755] Workaround for known bugs in java.net.URI.resolve() Bug ID: 4708535 Contributed by Johannes Koch -------------------------------------- Release 4.0 Alpha 3 ------------------- ALPHA3 release brings another round of API refinements and improvements in functionality. As of this release HttpClient requires Java 5 compatible runtime environment and takes full advantage of generics and new concurrency primitives. This release also introduces new default cookie policy that selects a cookie specification depending on the format of cookies sent by the target host. It is no longer necessary to know beforehand what kind of HTTP cookie support the target host provides. HttpClient is now able to pick up either a lenient or a strict cookie policy depending on the compliance level of the target host. Another notable improvement is a completely reworked support for multipart entities based on Apache mime4j library. ------------------- HttpClient 3.x features that have NOT yet been ported: ------------------- * NTLM authentication scheme ------------------- Changelog: ------------------- * [HTTPCLIENT-742] common interface for HttpRoute and RouteTracker Contributed by Roland Weber * [HTTPCLIENT-741] Fixed concurrency issues in AbstractClientConnAdapter. Contributed by Oleg Kalnichevski * [HTTPCLIENT-726] testcase for spurious wakeups in ThreadSafeClientConnManager Contributed by Roland Weber * [HTTPCLIENT-643] Automatic connect fail-over for multi-home remote servers. Contributed by Oleg Kalnichevski * [HTTPCLIENT-735] unsetting of DEFAULT_PROXY and FORCED_ROUTE in hierarchies Contributed by Roland Weber * [HTTPCLIENT-723] route planner based on java.net.ProxySelector Contributed by Roland Weber * [HTTPCLIENT-740] don't start connection GC thread in pool constructor Contributed by Roland Weber * [HTTPCLIENT-736] route planners use SchemeRegistry instead of ConnManager Contributed by Roland Weber * [HTTPCLIENT-730] Fixed rewriting of URIs containing escaped characters Contributed by Sam Berlin and Oleg Kalnichevski * [HTTPCLIENT-667] Added 'Meta' cookie policy that selects a cookie specification depending on the format of the cookie(s). Contributed by Oleg Kalnichevski * [HTTPCLIENT-729] Move HttpRoute and related classes to routing package. Contributed by Roland Weber * [HTTPCLIENT-725] Use TimeUnit arguments for timeouts in connection manager. Contributed by Roland Weber * [HTTPCLIENT-677] Connection manager no longer uses Thread.interrupt(). Contributed by Roland Weber * [HTTPCLIENT-716] Allow application-defined routes. Contributed by Roland Weber * [HTTPCLIENT-712] Improve HttpRoute API Contributed by Roland Weber * [HTTPCLIENT-711] Bad route computed for redirected requests Contributed by Oleg Kalnichevski * [HTTPCLIENT-715] Remove RoutedRequest from API Contributed by Roland Weber * [HTTPCLIENT-705] Fixed incorrect handling of URIs with null path component. Contributed by Oleg Kalnichevski * [HTTPCLIENT-688] HttpOptions#getAllowedMethods can now handle multiple Allow headers. Contributed by Andrea Selva -------------------------------------- Release 4.0 Alpha 2 ------------------- ALPHA2 release is another milestone in the redesign of HttpClient. It includes a number of improvements since ALPHA1, among which are improved connection pooling, support for proxy chains, redesigned HTTP state and authentication credentials management API, improved RFC 2965 cookie specification. ------------------- HttpClient 3.x features that have NOT yet been ported ------------------- * NTLM authentication scheme * Support for multipart MIME coded entities ------------------- Changelog ------------------- * [HTTPCLIENT-698] Resolve non-absolute redirect URIs relative to the request URI Contributed by Johannes Koch * [HTTPCLIENT-697] Throw a more intelligible exception when connection to a remote host cannot be established. Contributed by Oleg Kalnichevski * [HTTPCLIENT-689] Caching of SimpleDateFormat in DateUtils Contributed by Daniel Müller * [HTTPCLIENT-689] stackable parameters in AbstractHttpClient Contributed by Roland Weber * [HTTPCLIENT-477] Use distinct instances of the authentication handler interface for authentication with target and proxy hosts Contributed by Oleg Kalnichevski * [HTTPCLIENT-690] ManagedClientConnection provides access to SSLSession Contributed by Roland Weber * [HTTPCLIENT-692] ClientConnectionManager throws InterruptedException Contributed by Roland Weber * [HTTPCORE-116] moved parameter names to interfaces Contributed by Roland Weber * [HTTPCLIENT-649] support for proxy chains in HttpConn Contributed by Roland Weber * [HTTPCLIENT-636] refactor ThreadSafeClientConnManager in separate package Contributed by Roland Weber * [HTTPCLIENT-669] new HttpRoutePlanner interface and implementation Contributed by Andrea Selva * [HTTPCLIENT-653] detached connection wrapper no longer prevents garbage collection of ThreadSafeClientConnManager Contributed by Roland Weber * [HTTPCLIENT-674] use org.apache.http.util.VersionInfo instead of a local one Contributed by Roland Weber * [HTTPCLIENT-666] Replaced HttpState with CredentialsProvier and CookieStore interfaces Contributed by Oleg Kalnichevski * [HTTPCORE-100] revised HttpContext hierarchy Contributed by Roland Weber * [HTTPCLIENT-618] eliminate class HostConfiguration Contributed by Roland Weber * [HTTPCLIENT-672] re-sync with API changes in core alpha6-SNAPSHOT Contributed by Roland Weber -------------------------------------- Release 4.0 Alpha 1 ------------------- HttpClient 4.0 represents a complete, ground-up redesign and almost a complete rewrite of the HttpClient 3.x codeline. This release finally addresses several design flaws that existed since the 1.0 release and could not be fixed without a major code overhaul and breaking API compatibility. The HttpClient 4.0 API is still very experimental and is bound to change during the course of the ALPHA development phase. Several important features have not yet been ported to the new API. Architectural changes --------------------- * Redesign of the HttpClient internals addressing all known major architectural shortcomings of the 3.x codeline * Cleaner, more flexible and expressive API * Better performance and smaller memory footprint due to a more efficient HTTP transport based on HttpCore. HttpClient 4.0 is expected to be 10% to 25% faster than HttpClient 3.x codeline * More modular structure * Pluggable redirect and authentication handlers * Support for protocol incerceptors * Improved connection management * Improved support for sending requests via a proxy or a chain of proxies * Improved handling redirects of entity enclosing requests * More flexible SSL context customization * Reduced intermediate garbage in the process of generating HTTP requests and parsing HTTP responses ------------------- HttpClient 3.x features that have NOT yet been ported ------------------- * NTLM authentication scheme * RFC2965 cookie policy (Cookie2) * Support for multipart MIME coded entities ------------------- Changelog ------------------- The following is a list of contributions tracked in JIRA. Note that this is not a complete list of contributions or changes. Since the API was redesigned completely, tracking everything outside of the source code repository would have been too burdensome. * [HTTPCLIENT-655] User-Agent string no longer violates RFC Contributed by Oleg Kalnichevski * [HTTPCLIENT-541] Virtual host API redesign Contributed by Oleg Kalnichevski * [HTTPCLIENT-614] Allow for different strategies when checking CN of x509 certificates Contributed by Julius Davies * [HTTPCLIENT-136] Fixed inadequate proxy support Long standing architectural problem. Issue opened on 19/Dec/2002. Contributed by Oleg Kalnichevski * [HTTPCLIENT-63] Support for pluggable redirect and authentication handlers Long standing architectural problem. Issue opened on 15/Jul/2002. Contributed by Oleg Kalnichevski * [HTTPCLIENT-245] Fixed redirect handling. HttpClient can now automatically handle redirects of entity enclosing requests. Long standing architectural problem. Issue opened on 14/Jul/2003. Contributed by Oleg Kalnichevski * [HTTPCLIENT-613] HTTPS connections now verify CN of x509 certificates Contributed by Julius Davies * [HTTPCLIENT-497] Wire/header logger names consistent with class loggers Contributed by Oleg Kalnichevski * [HTTPCLIENT-484] AuthSSLProtocolSocketFactory in the main distribution Contributed by Oleg Kalnichevski * [HTTPCLIENT-589] Do not consume the remaining response content if the connection is to be closed Contributed by Roland Weber * [HTTPCLIENT-475] Support for unconnected sockets. HTTP requests can now be aborted while network socket is still being connected. Contributed by Roland Weber