From 0185d66d18398662daec486e38137b15de469a1c Mon Sep 17 00:00:00 2001
From: Oleg Kalnichevski <olegk@apache.org>
Date: Mon, 25 Mar 2019 15:20:25 +0100
Subject: [PATCH 1/2] Updated release notes for HttpClient 4.5.8 release

---
 RELEASE_NOTES.txt | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)

diff --git a/RELEASE_NOTES.txt b/RELEASE_NOTES.txt
index 2bc203150..685bf3b59 100644
--- a/RELEASE_NOTES.txt
+++ b/RELEASE_NOTES.txt
@@ -1,3 +1,39 @@
+Release 4.5.8
+-------------------
+
+This is a maintenance release that makes request URI normalization configurable on per request basis
+and also ports several improvements in URI handling from HttpCore master.
+
+
+Changelog:
+-------------------
+
+* HTTPCLIENT-1969: Filter out weak cipher suites.
+  Contributed by Artem Smotrakov <artem.smotrakov at sap.com>
+
+* HTTPCLIENT-1968: Preserve escaped PATHSAFE characters when normalizing URI path segments.
+  Contributed by Oleg Kalnichevski <olegk at apache.org>
+
+* HTTPCLIENT-1968: URIBuilder to split path component into path segments when digesting a URI
+  (ported from HttpCore master).
+  Contributed by Oleg Kalnichevski <olegk at apache.org>
+
+* Improved cache key generation (ported from HttpCore master).
+  Contributed by Oleg Kalnichevski <olegk at apache.org>
+
+* HTTPCLIENT-1968: added utility methods to parse and format URI path segments (ported
+  from HttpCore master).
+  Contributed by Oleg Kalnichevski <olegk at apache.org>
+
+* HTTPCLIENT-1968: Make normalization of URI paths optional.
+  Contributed by Tamas Cservenak <tamas at cservenak.net>
+
+* Some well known proxies respond with Content-Length=0, when returning 304. For robustness, always use the
+  cached entity's content length, as modern browsers do.
+  Contributed by Author: Jayson Raymond <jraymond at accelerantmobile.com>
+
+
+
 Release 4.5.7
 -------------------
 

From 2ecf72567ddc226930e2d933212ca11befceff6b Mon Sep 17 00:00:00 2001
From: Oleg Kalnichevski <olegk@apache.org>
Date: Mon, 25 Mar 2019 15:50:42 +0100
Subject: [PATCH 2/2] TLS_KRB5_EXPORT_WITH_RC4_40_SHA cipher and TLSv1.2 cause
 a deadlock during TLS handshake on Java 1.6. Newer JREs do not seem to be
 affected.

---
 .../java/org/apache/http/conn/ssl/TestSSLSocketFactory.java     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/httpclient/src/test/java/org/apache/http/conn/ssl/TestSSLSocketFactory.java b/httpclient/src/test/java/org/apache/http/conn/ssl/TestSSLSocketFactory.java
index a583a9f37..3865f16fc 100644
--- a/httpclient/src/test/java/org/apache/http/conn/ssl/TestSSLSocketFactory.java
+++ b/httpclient/src/test/java/org/apache/http/conn/ssl/TestSSLSocketFactory.java
@@ -408,7 +408,7 @@ public class TestSSLSocketFactory {
                 "TLS_RSA_WITH_NULL_SHA256",
                 "SSL_RSA_EXPORT_WITH_RC4_40_MD5",
                 "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",
-                "TLS_KRB5_EXPORT_WITH_RC4_40_SHA",
+//                "TLS_KRB5_EXPORT_WITH_RC4_40_SHA",
                 "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5"
         };
         for (final String cipherSuite : weakCiphersSuites) {