Release 5.0-BETA8 ----------------- * GitHub #204: Build requests from method names in ClassicHttpRequests: ClassicHttpRequests.create(String, String) ClassicHttpRequests.create(String, URI) Contributed by Gary Gregory * GitHub #205: Update request factory classes with matching APIs for Method and String method name inputs: BasicHttpRequests.create(String, URI) BasicHttpRequests.create(String, String) ClassicHttpRequests.create(Method, String) ClassicHttpRequests.create(Method, URI) SimpleHttpRequests.create(String, URI) SimpleHttpRequests.create(String, String) Contributed by Gary Gregory * GitHub #208: Do not use input type names in method names: SimpleHttpRequest: Deprecate setBodyBytes(byte[], ContentType) in favor of setBody(byte[], ContentType) SimpleHttpRequest: Deprecate setBodyText(String, ContentType) in favor of setBody(String, ContentType) SimpleHttpResponse: Deprecate setBodyBytes(byte[], ContentType) in favor of setBody(byte[], ContentType) SimpleHttpResponse: Deprecate setBodyText(String, ContentType) in favor of setBody(String, ContentType) Contributed by Gary Gregory Release 5.0-BETA7 ----------------- This BETA release upgrades HttpCore to the latest version and addresses a number of issues found since the previous BETA release. IMPORTANT: This release is expected to be the last BETA version. If no major design flaws are found the actual 5.0 API will be frozen and the next version will be promoted to GA. Notable changes and features included in the 5.0 series are: * Support for the HTTP/2 protocol and conformance to requirements and recommendations of the latest HTTP/2 protocol specification documents (RFC 7540, RFC 7541.) Supported features: ** HPACK header compression ** Stream multiplexing (client and server) ** Flow control ** Response push ** Message trailers ** Expect-continue handshake ** Connection validation (ping) ** Application-layer protocol negotiation (ALPN) ** TLS 1.2 security features * Improved conformance to requirements and recommendations of the latest HTTP/1.1 protocol specification documents (RFC 7230, RFC 7231.) * New connection pool implementation with lax connection limit guarantees and better performance under higher concurrency due to absence of a global pool lock. * Package name space changed to 'org.apache.hc.client5'. * Maven group id changed to 'org.apache.httpcomponents.client5'. HttpClient 5.0 releases can be co-located with earlier major versions on the same classpath due to the change in package names and Maven module coordinates. Changelog: ------------------- * Improved domain name normalization by DefaultHostnameVerifier. Contributed by Oleg Kalnichevski * DefaultHostnameVerifier: Match DNS and CN names against ICANN domains. Contributed by Ryan Schmitt * HTTPCORE-615: Implement HTTP-based cache serializer-deserializer. Contributed by Scott Gifford * HTTPCLIENT-2040: Copy headers from the original request to the redirect request. Contributed by Oleg Kalnichevski * Removed RFC 2965 specific requirements deprecated and superseded by RFC 6265. Contributed by Oleg Kalnichevski * HTTPCLIENT-2035: Remove HttpRequestRetryHandler in favor of HttpRequestRetryStrategy. Contributed by Michael Osipov * HTTPCLIENT-2019: Remove ServiceUnavailableRetryStrategy in favor of HttpRequestRetryStrategy. Contributed by Michael Osipov * HTTPCLIENT-2034: Introduce HttpRequestRetryStrategy. Contributed by Michael Osipov * CloseableHttpAsyncClient to support explicit HttpHost execution parameter. Contributed by Oleg Kalnichevski * HTTPCLIENT-2020: DefaultBackoffStrategy to support TOO_MANY_REQUESTS (429). Contributed by Michael Osipov * HTTPCLIENT-2030: Fixed PublicSuffixMatcher#getDomainRoot behavior with invalid hostnames. Contributed by Niels Basjes * HTTPCLIENT-2028: Connection managers to allow 0 for `validateAfterInactivity` time value. Contributed by Peter Frank * HTTPCLIENT-2023: Allow nested arrays and all primitive types in DefaultHttpCacheEntrySerializer. Contributed by Olof Larsson Release 5.0-BETA6 ------------------- This BETA release picks up the latest fixes and performance improvements from HttpCore and addresses a number of issues found since the previous BETA release. Changelog: ------------------- * Fixed fallback PublicSuffixMatcher. Contributed by Ryan Schmitt * Enforce h2 TLS rules after negotiating TLS, not before. Contributed by Ryan Schmitt * HTTPCLIENT-2013: Revised handling of connect exceptions; improved consistency in behavior of the classic and async clients; ConnectTimeoutException now extends SocketTimeoutException. Contributed by Oleg Kalnichevski * Improved handling of request cancellation (classic API). Contributed by Oleg Kalnichevski * Fixed concurrent use of threading unsafe ClassicHttpRequest messages. Contributed by Oleg Kalnichevski * Execute Socket#connect under doPrivileged. Contributed by Simon Willnauer * HTTPCLIENT-2009: Fixed StringIndexOutOfBoundsException in AuthSupport#extractFromAuthority. Contributed by itonyli <429284840 at qq.com> * Make Accept-Encoding header handling thread-safe. Contributed by Linton Miller Release 5.0-BETA5 ------------------- This BETA release picks up the latest fixes and performance improvements from HttpCore and addresses a number of issues found since the previous BETA release. IMPORTANT: This release is expected to be the last BETA version. If no major design flaws are found the actual 5.0 API will be frozen and the next version will be promoted to GA. Changelog: ------------------- * Information response (1xx) processing support. Contributed by Kirill Usov * HTTPCLIENT-1968: Preserve escaped PATHSAFE characters when normalizing URI path segments. Contributed by Oleg Kalnichevski * HTTPCLIENT-1992: Impossible to access trailer-headers available in chunked transfer-encoding with classic API. Contributed by Serkan Turgut * HTTPCLIENT-1991: incorrect handling of non-standard DNS entries by PublicSuffixMatcher. Contributed by Oleg Kalnichevski * Refactor to enable support for non-form based multipart requests Contributed by Adam Retter * HTTPCLIENT-1981: disallow TRACE requests with an enclosed entity Contributed by Jay Modi Release 5.0-BETA4 ------------------- This BETA release picks up the latest fixes and performance improvements from HttpCore and addresses a number of issues found since the previous BETA release. Notable features in this release: * Security improvements. * URI handling improvements. Changelog: ------------------- * HTTPCLIENT-1976: Unsafe deserialization in DefaultHttpCacheEntrySerializer. Contributed by Artem Smotrakov * HTTPCLIENT-1969: Filter out weak cipher suites. Contributed by Artem Smotrakov * HttpClient should not retry requests in case of ConnectionClosedException Contributed by Oleg Kalnichevski * Bug fix: Simple response consumer to discard stored content when releasing resources. Contributed by Oleg Kalnichevski * Bug fix: main async request execution handlers to release the associated response consumer upon exception. Contributed by Oleg Kalnichevski * Update Apache Commons Codec from 1.11 to 1.12. Contributed by Gary Gregory * Update RxJava from 2.2.2 to 2.2.7. Contributed by Gary Gregory * Update JNA from 5.0.0 to 5.2.0. Contributed by Gary Gregory * Some well known proxies respond with Content-Length=0, when returning 304. For robustness, always use the cached entity's content length, as modern browsers do. Contributed by Jayson Raymond * HTTPCLIENT-1960: URIBuilder incorrect handling of multiple leading slashes in path component. Contributed by Oleg Kalnichevski * HTTPCLIENT-1958: PoolingHttpClientConnectionManager to throw ExecutionException in case of a lease operation cancellation instead of InterruptedException. Contributed by Oleg Kalnichevski * Shutdown executorService on AbstractHttpAsyncClientBase shutdown. Contributed by 吴雪山 * [HTTPCLIENT-1952: Allow default User Agent to be disabled Contributed by Michael Osipov * Improve HttpResponseException#getMessage. Contributed by Michael Osipov * Better handling of http(s).proxyUser and http(s).proxyPassword Contributed by Jens Borgland * Wrong argument name in PoolingAsyncClientConnectionManagerBuilder#setConnPoolPolicy results with self assignment of variable. Contributed by Eryk Szymanski Release 5.0-BETA3 ------------------- This BETA release adds support for advanced TLS functions (such as ALPN protocol negotiation) on Java 1.7 and Java 1.8 through Conscrypt TLS library and picks up the latest fixes and performance improvements from HttpCore. Notable features in this release: * TLS ALPN protocol negotiation support on older JREs through Conscrypt TLS library. Changelog: ------------------- * Added optional dependency on conscrypt-openjdk-uber 1.4.1; support for advanced TLS functions (such as ALPN extension) on Java 1.7 and Java 1.8 through Conscrypt TLS library Contributed by Oleg Kalnichevski * Removed OSGi module Contributed by Oleg Kalnichevski * Removed experimental CredSsp auth scheme Contributed by Oleg Kalnichevski * HTTPCLIENT-1949: DigestScheme to use HttpRequest#getRequestUri instead of HttpRequest#getPath Contributed by Oleg Kalnichevski Release 5.0-BETA2 ------------------- This BETA release resolves compatibility issues with Java 11 new TLS engine as well as a number of defects found since the previous release. Notable new features in this release: * JDK 11 compatibility * Support for request specific push consumers * Support for Reactive Streams API [http://www.reactive-streams.org/] Changelog: ------------------- * Hack to make hostname verification work with TLSv1.3 resumed sessions. For details see https://markmail.org/message/mxf5v2d2gh6ws2j3 Contributed by Oleg Kalnichevski * Added builders for SSLConnectionSocketFactory and client TlsStrategy. Contributed by Oleg Kalnichevski * Added enum for supported TLS versions & TLS version parser. Contributed by Oleg Kalnichevski * HTTPCLIENT-1946: handling of 308 status as per RFC 7538. Contributed by Oleg Kalnichevski * Upgraded HttpCore to version 5.0-beta5. Contributed by Oleg Kalnichevski * Async clients to support request specific push consumers. Contributed by Oleg Kalnichevski * HTTPCLIENT-1944: Add hardCancellationEnabled option to RequestConfig. Contributed by Ryan Schmitt * Overload Request's execute method to allow custom CloseableHttpClient. Contributed by Nicolas Gomez * Fix HttpClient 4.5.4 regression in BasicCookieStore serialization. Contributed by Mark Mielke * HTTPCLIENT-1934: Default client TLS strategy passes wrong hostname to the hostname verifier. Contributed by Oleg Kalnichevski * HTTPCLIENT-1882: reset authentication state on I/O or runtime error for connection based authentication schemes (such as NTLM). Contributed by Oleg Kalnichevski * HTTPCLIENT-1924: HttpClient to shut down the connection manager if a fatal error occurs in the course of a request execution. Contributed by Oleg Kalnichevski * Pooling connection managers to implement graceful and immediate shut down. Contributed by Oleg Kalnichevski * HTTPCLIENT-1906: certificates containing alternative subject names other than DNS and IP (such as RFC822) get rejected as invalid. Contributed by Oleg Kalnichevski * HTTPCLIENT-1904: check cookie domain for null Contributed by Hans-Peter Keck * HTTPCLIENT-1900: proxy protocol processor in the CONNECT exec interceptor does not post-process CONNECT response messages. Contributed by Oleg Kalnichevski * HTTPCLIENT-1898: Incorrect comment in example class ClientMultiThreadedExecution.java Contributed by Ulrich Romahn * HTTPCLIENT-1931: Add factory enum org.apache.hc.client5.http.classic.methods.ClassicHttpRequests Contributed by Gary Gregory * HTTPCLIENT-1932: Add factory enum org.apache.hc.client5.http.async.methods.HttpRequests Contributed by Gary Gregory * HTTPCLIENT-1939: Update Apache Commons Codec from 1.10 to 1.11 Contributed by Gary Gregory * HTTPCLIENT-1947: Update JNA from 4.5.2 to 5.0.0 Contributed by Gary Gregory Release 5.0-BETA1 ------------------- This is the first BETA release of HttpClient 5.0. The 5.0 release serices introduces support for the HTTP/2 protocol and event driven messaging APIs consistent for all supported HTTP protocol versions. Changelog: ------------------- * DefaultHostnameVerifier to use a custom distinguished name (DN) parser instead of LdapName. Removed dependency on Java Naming extensions. Contributed by Oleg Kalnichevski * HTTP/2 client implementations to support cancellation of ongoing message exchanges without terminating the underlying connections. Contributed by Oleg Kalnichevski * HTTPCLIENT-1395: added config parameter to skip an extra cache entry freshness check upon cache update in case of a cache miss. Contributed by Oleg Kalnichevski * HTTPCLIENT-1824, HTTPCLIENT-1384: asynchronous HTTP cache invalidator. Contributed by Oleg Kalnichevski * Redesign of CacheKeyGenerator and HttpCacheInvalidator APIs. Contributed by Oleg Kalnichevski * New APIs for cache entry bulk retrieval; bulk retrieval support by Memcached storage implementation. Contributed by Oleg Kalnichevski * HTTPCLIENT-1824, HTTPCLIENT-1868: Asynchronous HTTP cache storage API. Memcached backend implementation of async HTTP cache storage. Contributed by Oleg Kalnichevski * HTTPCLIENT-1885: Content compression exec interceptor generates incorrect 'Accept-Encoding' header value. Contributed by Oleg Kalnichevski Release 5.0-ALPHA3 ------------------- This is a major release that introduces support for the HTTP/2 protocol and event driven messaging APIs consistent for all supported HTTP protocol versions. HttpClient ships with two client implementations: * HttpClient Classic is based on the classic (blocking) I/O model; largely compatible with the 4.x APIs; supports HTTP/1.1 only. * HttpClient Async is based on NIO model; new event driven APIs consistent for all supported HTTP protocol versions; supports both HTTP/1.1 and HTTP/2. Notable new features in this release: * Asynchronous HttpClient implementations optimized for HTTP/2 multiplexed request execution. * Full support for HTTP caching by asynchronous HttpClient implementations including streaming message exchanages. Notable changes and features included in the 5.0 series are: * Support for the HTTP/2 protocol and conformance to requirements and recommendations of the latest HTTP/2 protocol specification documents (RFC 7540, RFC 7541.) Supported features: ** HPACK header compression ** Stream multiplexing (client and server) ** Flow control ** Response push ** Message trailers ** Expect-continue handshake ** Connection validation (ping) ** Application-layer protocol negotiation (ALPN) on Java 9.0.1+ ** TLS 1.2 security features * Improved conformance to requirements and recommendations of the latest HTTP/1.1 protocol specification documents (RFC 7230, RFC 7231.) * Redesigned connection pool implementation with reduced pool lock contention. * Package name space changed to 'org.apache.hc.client5'. * Maven group id changed to 'org.apache.httpcomponents.client5'. * Apache Log4j2 logging APIs used for internal logging instead of Commons Logging APIs. HttpClient 5.0 releases can be co-located with earlier major versions on the same classpath due to the change in package names and Maven module coordinates. Please note that as of 5.0, HttpClient requires Java 1.7 or newer. Changelog: ------------------- * HttpAsyncClient implementations optimized for HTTP/2 multiplexed request execution. Contributed by Oleg Kalnichevski * Improved Ehcache and Memcached storage backends. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1827] Full support for HTTP caching by asynchronous HTTP clients. Contributed by Oleg Kalnichevski * Redesign of HTTP cache resource APIs. Contributed by Oleg Kalnichevski * Deprecated Content-Transfer-Encoding field in MIME body parts per RFC 7578, section 4.7. Contributed by Oleg Kalnichevski * [HTTPCLIENT-293] Implemented the percent encoding of the filename parameter of the Content-Disposition header. Contributed by Ioannis Sermetziadis * [HTTPCLIENT-1845]: Extract InputStreamFactory classes out of GzipDecompressingEntity and DeflateDecompressingEntity for reuse and to create less garbage. Contributed by Gary Gregory * [HTTPCLIENT-1858] Alleviate GC pressure due to wire logging. Contributed by Gary Gregory * Avoid fetching the cached entity twice on cache hit. Contributed by Leandro Nunes * [HTTPASYNC-124] Add doPrivileged blocks to async client and connection manager builders Contributed by Jay Modi Release 5.0-ALPHA2 ------------------- This is a major release that introduces support for the HTTP/2 protocol and event driven messaging APIs consistent for all supported HTTP protocol versions. HttpClient ships with two client implementations: * HttpClient Classic is based on the classic (blocking) I/O model; largely compatible with the 4.x APIs; supports HTTP/1.1 only. * HttpClient Async is based on NIO model; new event driven APIs consistent for all supported HTTP protocol versions; supports both HTTP/1.1 and HTTP/2. Notable changes and features included in the 5.0 series are: * Partial support for the HTTP/2 protocol and conformance to requirements and recommendations of the latest HTTP/2 protocol specification documents (RFC 7540, RFC 7541.) Supported features: ** HPACK header compression ** Stream multiplexing (client and server) ** Flow control ** Response push ** Message trailers ** Expect-continue handshake ** Connection validation (ping) ** Application-layer protocol negotiation (ALPN) on Java 1.9+ ** TLS 1.2 security features * Improved conformance to requirements and recommendations of the latest HTTP/1.1 protocol specification documents (RFC 7230, RFC 7231.) * Redesigned connection pool implementation with reduced pool lock contention. * Package name space changed to 'org.apache.hc.client5'. * Maven group id changed to 'org.apache.httpcomponents.client5'. * Apache Log4j2 logging APIs used for internal logging instead of Commons Logging APIs. Features that are presently NOT supported: * HTTP/2 transport (classic) * HTTP tunneling (async) * Automatic response content decompression (async) * Caching (async) HttpClient 5.0 releases can be co-located with earlier major versions on the same classpath due to the change in package names and Maven module coordinates. Please note that as of 5.0, HttpClient requires Java 1.7 or newer. Please note that at this point 5.0 APIs are considered experimental and unstable and are expected to change in the coming releases without providing a migration path. Changelog: ------------------- * [HTTPCLIENT-1714] Add HttpClientBuilder.setDnsResolver(DnsResolver). Contributed by Alexis Thaveau * [HTTPCLIENT-1715] NTLMEngineImpl.Type1Message not thread safe but declared as a constant. Contributed by Olivier Lafontaine , Gary Gregory * [HTTPCLIENT-1716] redirect handling of unsafe methods defined by RFC 7231. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1717] Make fluent API .Content.Content(byte[], ContentType) public. Contributed by Cash Costello * [HTTPCLIENT-1730] added #setValidateAfterInactivity to HttpClientBuilder. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1752] Allow to configure the OSGI clients with relaxed SSL checks. Contributed by Simone Tripodi * [HTTPCLIENT-1748] Improved compatibility with system authentication API in applets. Contributed by Sebastien Caille * [HTTPCLIENT-1786] Port from Apache Commons Logging to Apache Log4j 2. Contributed by Gary Gregory * [HTTPCLIENT-1817] Add a "Trust All" TrustStrategy implementation. Contributed by Gary Gregory * [HTTPCLIENT-1836] DefaultHostnameVerifier#getSubjectAltNames(X509Certificate) throws java.lang.ClassCastException. Contributed by Gary Gregory , Ilian Iliev * [HTTPCLIENT-1691] HttpClient instance used internally by HC Fluent to take system properties into account by default. Contributed by Oleg Kalnichevski Release 5.0-ALPHA1 ------------------- This major release renders HttpClient API incompatible with the stable 4.x branch and upgrades HTTP/1.1 protocol conformance to the requirements and recommendations of the latest protocol specification. This release lays the foundation for transition to HTTP/2 as the primary transport protocol in the future releases. Notable changes and features included in the 5.0 series are: * Improved conformance to requirements and recommendations of the latest HTTP/1.1 protocol specification (RFC 7230, RFC 7231, RFC 7235) * Package name space changed to 'org.apache.hc.client5' * Maven group id changed to 'org.apache.httpcomponents.client5' * By default the maximum connections per route limit is set to 5 * By default connection request timeout and connect timeout are set to 3 minutes. HttpClient 5.0 releases can be co-located with earlier versions, meaning you can have both 5.x and 4.x on the classpath without experiencing jar hell. Please note that as of 5.0 HttpClient requires Java 1.7 or newer. Please note that at this point we consider 5.0 APIs experimental and unstable and expect them to change in the coming releases without providing a migration path. Changelog: ------------------- * [HTTPCLIENT-1575] route target port must be non negative Contributed by Oleg Kalnichevski * [HTTPCLIENT-1106] Use character arrays for passwords in Credentials objects Contributed by Oleg Kalnichevski * RFC 7235: redesign of HTTP authenticator and related classes Contributed by Oleg Kalnichevski * RFC 7231: parse capable of parsing multiple auth challenges Contributed by Oleg Kalnichevski * RFC 7231: DefaultServiceUnavailableRetryStrategy to take Retry-After header value into account if specified Contributed by Oleg Kalnichevski * RFC 7231: removed restriction on the use of relative URIs in Location header Contributed by Oleg Kalnichevski * RFC 7231: revised redirect handling Contributed by Oleg Kalnichevski * RFC 7231: do not generate header fields in TRACE requests containing sensitive data such as cookie and user credentials Contributed by Oleg Kalnichevski * RFC 7231: automatic retrial of idempotent methods Contributed by Oleg Kalnichevski * RFC 7230: increased the default max number of concurrent connection for the same route from 2 to 5 Contributed by Oleg Kalnichevski * Cache request line in HttpRequestWrapper Contributed by Dmitry Potapov * [HTTPCLIENT-1651] Add ability to disable content compression on a request basis Contributed by Oleg Kalnichevski * [HTTPCLIENT-1696]: Add convenience methods to fluent API class Request. Contributed by Gary Gregory Release 4.5.1 ------------------- HttpClient 4.5.1 (GA) is a maintenance release that fixes a number of minor defects found since 4.5. Please note that as of 4.4 HttpClient requires Java 1.6 or newer. Changelog: ------------------- * [HTTPCLIENT-1680] redirect of a POST request causes ClientProtocolException. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1673] org.apache.http.entity.mime.content.* missing from OSGi exports. Contributed by Benson Margulies * [HTTPCLIENT-1668] Fluent request incorrectly handles connect timeout setting. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1667] RequestBuilder does not take charset into account when creating UrlEncodedFormEntity. Contributed by Sergey Smith * [HTTPCLIENT-1655] HttpClient sends RST instead of FIN ACK sequence when using non-persistant connections. Contributed by Oleg Kalnichevski Release 4.5 ------------------- HttpClient 4.5 (GA) is a minor feature release that includes several incremental enhancements to the exisitng functionality such as support for private domains in the Mozilla Public Suffix List. Changelog: ------------------- * Reduced default validate after inactivity setting from 5 sec to 2 sec. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1649] Fixed serialization of auth schemes. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1645]: Fluent requests to inherit config parameters of the executor. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1640]: RFC6265 lax cookie policy fails to parse 'max-age' attribute. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1633]: RFC6265CookieSpecProvider compatibility level setting has no effect. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1613]: Support for private domains in Mozilla Public Suffix List. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1651]: Add ability to disable content compression on a request basis. Contributed by Michael Osipov * [HTTPCLIENT-1654]: Deprecate/remove RequestConfig#decompressionEnabled in favor of #contentCompressionEnabled. Contributed by Michael Osipov Release 4.4.1 ------------------- HttpClient 4.4.1 (GA) is a maintenance release that fixes a number of defects in new functionality introduced in version 4.4. Users of HttpClient 4.4 are encouraged to upgrade. Please note that as of 4.4 HttpClient requires Java 1.6 or newer. Changelog: ------------------- * Marked RFC 2109, RFC 2965, Netscape draft cookie specs as obsolete. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1633] RFC6265CookieSpecProvider compatibility level setting has no effect. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1628]: Auth cache can fail when domain name contains uppercase characters. Contributed by Dennis Ju * [HTTPCLIENT-1609] Stale connection check in PoolingHttpClientConnectionManager has no effect. Internal connection pool does not correctly implement connection validation. Contributed by Charles Lip Release 4.4 Final ------------------- This is the first stable (GA) release of HttpClient 4.4. Notable features and enhancements included in 4.4 series are: * Support for the latest HTTP state management specification (RFC 6265). Please note that the old cookie policy is still used by default for compatibility reasons. RFC 6265 compliant cookie policies need to be explicitly configured by the user. Please also note that as of next feature release support for Netscape draft, RFC 2109 and RFC 2965 cookie policies will be deprecated and disabled by default. It is recommended to use RFC 6265 compliant policies for new applications unless compatibility with RFC 2109 and RFC 2965 is required and to migrate existing applications to the default cookie policy. * Enhanced, redesigned and rewritten default SSL hostname verifier with improved RFC 2818 compliance. * Default SSL hostname verifier and default cookie policy now validate certificate identity and cookie domain of origin against the public suffix list maintained by Mozilla.org * More efficient stale connection checking: indiscriminate connection checking which results in approximately 20 to 50 ms overhead per request has been deprecated in favor of conditional connection state validation (persistent connections are to be re-validated only if a specified period inactivity has elapsed.) * Authentication cache thread-safety: authentication cache used by HttpClient is now thread-safe and can be shared by multiple threads in order to re-use authentication state for subsequent requests. * Native Windows Negotiate and NTLM via SSPI through JNA: when running on Windows OS HttpClient configured to use native NTLM or SPNEGO authentication schemes can make use of platform specific functionality via JNA and current user credentials. This functionality is still considered experimental, known to have compatibility issues and subject to change without prior notice. Use at your discretion. This release also includes all fixes from the stable 4.3.x release branch. Please note that as of 4.4 HttpClient requires Java 1.6 or newer. Changelog: ------------------- * Support for the latest HTTP state management specification (RFC 6265). Contributed by Oleg Kalnichevski * [HTTPCLIENT-1515] Caching of responses to HEAD requests Contributed by Tyrone Cutajar and Francois-Xavier Bonnet * [HTTPCLIENT-1560] Native Windows auth improvements. Contributed by Michael Osipov * Update Apache Commons Logging version from 1.1.3 to 1.2. Contributed by Gary Gregory * Update Apache Commons Codec version from 1.6 to 1.9. Contributed by Gary Gregory * Update Ehcache version from 2.2.0 to 2.6.9. Contributed by Gary Gregory * Update Ehcache version from 2.2.0 to 2.6.9. Contributed by Gary Gregory * Update Spymemcached version from 2.6 to 2.11.4. Contributed by Gary Gregory * Update SLF4J version from 1.5.11 to 1.7.7. Contributed by Gary Gregory Release 4.4 BETA1 ------------------- This is the first BETA release of HttpClient 4.4. Notable features and enhancements included in 4.4 series are: * Enhanced redesigned and rewritten default SSL hostname verifier with improved RFC 2818 compliance * Default SSL hostname verifier and default cookie policy now validate certificate identity and cookie domain of origin against the public suffix list maintained by Mozilla.org * Native windows Negotiate/NTLM via JNA: when running on Windows OS HttpClient configured to use native NTLM or SPNEGO authentication schemes can make use of platform specific functionality via JNA and current user system credentials * More efficient stale connection checking: indiscriminate connection checking which results in approximately 20 to 50 ms overhead per request has been deprecated in favor of conditional connection state validation (persistent connections are to be re-validated only if a specified period inactivity has elapsed) * Authentication cache thread-safety: authentication caches used by HttpClient is now thread-safe and can be shared by multiple threads in order to re-use authentication state for subsequent requests This release also includes all fixes from the stable 4.3.x release branch. Please note that as of 4.4 HttpClient requires Java 1.6 or newer. Changelog: ------------------- * [HTTPCLIENT-1547] HttpClient OSGi bundle doesn't import the package "javax.naming". Contributed by Willem Jiang * [HTTPCLIENT-1541] Use correct (HTTP/hostname) service principal name for Windows native Negotiate/NTLM auth schemes. Contributed by Ka-Lok Fung * Improved compliance with RFC 2818: default hostname verifier to ignore the common name of the certificate subject if alternative subject names (dNSName or iPAddress) are present. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1540] Support delegated credentials (ISC_REQ_DELEGATE) by Native windows native Negotiate/NTLM auth schemes. Contributed by Ka-Lok Fung Release 4.4 ALPHA1 ------------------- This is the first ALPHA release of HttpClient 4.4. Notable features and enhancements included in the 4.4 branch are: * More efficient stale connection checking: indiscriminate connection checking which results in approximately 20 to 50 ms overhead per request has been deprecated in favor of conditional connection state validation (persistent connections are to be re-validated only if a specified period inactivity has elapsed) * Native windows Negotiate/NTLM via JNA: when running on Windows OS HttpClient configured to use native NTLM or SPNEGO authentication schemes can make use of platform specific functionality via JNA and current user system credentials * Authentication cache thread-safety: authentication caches used by HttpClient is now thread-safe and can be shared by multiple threads in order to re-use authentication state for subsequent requests This release also includes all fixes from the stable 4.3.x release branch. Please note that as of 4.4 HttpClient requires Java 1.6 or newer. Please note that new features included in this release are still considered experimental and their API may change in the future 4.4 alpha and beta releases. Changelog: ------------------- * [HTTPCLIENT-1493] Indiscriminate connection checking has been deprecated in favor of conditional connection state validation. Persistent connections are to be re-validated only after a defined period inactivity prior to being leased to the consumer. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1519] Use the original HttpHost instance passed as a parameter to HttpClient#execute when generating 'Host' request header. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1491] Enable provision of Service Principal Name in Windows native auth scheme. Contributed by Malcolm Smith * [HTTPCLIENT-1403] Pluggable content decoders. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1466] FileBodyPart#generateContentType() ignores custom ContentType values. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1461] fixed performance degradation in gzip encoded content processing introduced by HTTPCLIENT-1432. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1457] Incorrect handling of Windows (NT) credentials by SystemDefaultCredentialsProvider. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1456] Request retrial after status 503 causes ClientProtocolException. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1454] Make connection operator APIs public. Contributed by Tamas Cservenak * Update JUnit to version 4.11 from 4.9 Contributed by Gary Gregory Release 4.3.4 ------------------- HttpClient 4.3.4 (GA) is a maintenance release that improves performance in high concurrency scenarios. This version replaces dynamic proxies with custom proxy classes and eliminates thread contention in java.reflect.Proxy.newInstance() when leasing connections from the connection pool and processing response messages. Changelog: ------------------- * Replaced dynamic proxies with custom proxy classes to reduce thread contention. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1484] GzipCompressingEntity should not close the underlying output stream if the entity has not been fully written out due to an exception. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1474] Fixed broken entity enclosing requests in HC Fluent. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1470] CachingExec(ClientExecChain, HttpCache, CacheConfig, AsynchronousValidator) throws NPE if config is null Release 4.3.3 ------------------- HttpClient 4.3.3 (GA) is a bug fix release that fixes a regression introduced by the previous release causing a significant performance degradation in compressed content processing. Users of HttpClient 4.3 are encouraged to upgrade. Changelog: ------------------- * [HTTPCLIENT-1466] FileBodyPart#generateContentType() ignores custom ContentType values. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1453] Thread safety regression in PoolingHttpClientConnectionManager #closeExpiredConnections that can lead to ConcurrentModificationException. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1461] fixed performance degradation in compressed content processing introduced by HTTPCLIENT-1432. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1457] Incorrect handling of Windows (NT) credentials by SystemDefaultCredentialsProvider. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1456] Request retrial after status 503 causes ClientProtocolException. Contributed by Oleg Kalnichevski Release 4.3.2 ------------------- HttpClient 4.3.2 (GA) is a maintenance release that delivers a number of improvements as well as bug fixes for issues reported since 4.3.1 release. SNI support for Oracle JRE 1.7+ is being among the most notable improvements. Users of HttpClient 4.3 are encouraged to upgrade. Changelog: ------------------- * [HTTPCLIENT-1447] Clients created with HttpClients.createMinimal do not work with absolute URIs Contributed by Joseph Walton * [HTTPCLIENT-1446] NTLM proxy + BASIC target auth fails with 'Unexpected state: MSG_TYPE3_GENERATED'. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1443] HttpCache uses the physical host instead of the virtual host as a cache key. Contributed by Francois-Xavier Bonnet * [HTTPCLIENT-1442] Authentication header set by the user gets removed in case of proxy authentication (affects plan HTTP requests only). Contributed by Oleg Kalnichevski * [HTTPCLIENT-1441] Caching AsynchronousValidationRequest leaks connections. Contributed by Dominic Tootell * [HTTPCLIENT-1440] 'file' scheme in redirect location URI causes NPE. Contributed by James Leigh * [HTTPCLIENT-1437] Made Executor#execute thread safe. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1119] SNI support (Oracle Java 1.7+ only). Contributed by Bruno Harbulot * [HTTPCLIENT-1435] Fluent Executor ignores custom request properties. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1432] Lazy decompressing of HttpEntity#getContent() to avoid EOFException in case of an empty response with 'Content-Encoding: gzip' header. Contributed by Yihua Huang * [HTTPCLIENT-1431] (Regression) deprecated connection manager cannot be used with a custom LayeredSchemeSocketFactory. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1425] Fixed socket closed exception thrown by caching HttpClient when the origin server sends a long chunked response. Contributed by James Leigh * [HTTPCLIENT-1417] Fixed NPE in BrowserCompatSpec#formatCookies caused by version 1 cookies with null cookie value. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1416] Fixed NPE in CachingHttpClientBuilder#build(). Contributed by Oleg Kalnichevski Release 4.3.1 ------------------- HttpClient 4.3.1 (GA) is a bug fix release that addresses a number of issues reported since release 4.3. Users of HttpClient 4.3 are strongly encouraged to upgrade. Changelog ------------------- * [HTTPCLIENT-1410] Browser compatible hostname verifier no longer rejects *.co., *.gov., *.info., etc as invalid. Contributed by Oleg Kalnichevski * Ensure X509HostnameVerifier is never null. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1405] CONNECT HTTP/1.1 requests lack mandatory 'Host' header. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1402] Cache default User-Agent value. Contributed by yuexiaojun * [HTTPCLIENT-1398] Fixed invalid OSGi metadata caused by corrupted Maven bundle plugin metadata. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1399] Fixed NPE in RequestBuilder. Contributed by Oleg Kalnichevski Release 4.3 Final ------------------- This is the first stable (GA) release of HttpClient 4.3. The most notable enhancements included in this release are: * Support for Java 7 try-with-resources for resource management (connection release.) * Added fluent Builder classes for HttpEntity, HttpRequest, HttpClient and SSLContext instances. * Deprecation of preference and configuration API based on HttpParams interface in favor of constructor injection and plain configuration objects. * Reliance on object immutability instead of access synchronization for thread safety. Several old classes whose instances can be shared by multiple request exchanges have been replaced by immutable equivalents. * DefaultHttpClient, DecompressingHttpClient, CachingHttpClient and similar classes are deprecated in favor of builder classes that produce immutable HttpClient instances. * HttpClient builders now dynamically construct a request execution pipeline tailored specifically to the user configuration by physically excluding unnecessary protocol components. * There is now an option to construct a minimal HttpClient implementation that can only execute basic HTTP message exchanges without redirects, authentication, state management or proxy support. This feature might be of particular use in web crawler development. * There is now option to avoid strict URI syntax for request URIs by executing HTTP requests with an explicitly specified target host. HttpClient will no longer attempt to parse the request URI if it does not need to extract the target host from it. This release also includes all fixes from the stable 4.2.x release branch. Changelog ------------------- * [HTTPCLIENT-1371] Weak ETag Validation is Useful On PUT With If-Match Contributed by James Leigh * [HTTPCLIENT-1394] Support for Native windows Negotiate/NTLM via JNA Contributed by Ryan McKinley * [HTTPCLIENT-1384] Expose CacheInvalidator interface. Contributed by Nicolas Richeton * [HTTPCLIENT-1385] Fixed path normalization in CacheKeyGenerator Contributed by James Leigh * [HTTPCLIENT-1370] Response to non-GET requests should never be cached with the default ResponseCachingPolicy Contributed by James Leigh * [HTTPCLIENT-1373] OPTIONS and TRACE should not invalidate cache Contributed by James Leigh * [HTTPCLIENT-1383] HttpClient enters an infinite loop during NTLM authentication if the opposite endpoint keeps responding with a type 2 NTLM response after type 3 MTLM message has already been sent by the client. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1372] Refactor HttpMultipart, and add RFC6532 mode, so that headers in post are no longer constrained to ASCII values. Contributed by Karl Wright * [HTTPCLIENT-1377] User principal for non-NTLM authentication is incorrectly generated when using user credentials are specified as NTCredentials Contributed by Gary Gregory Release 4.3 BETA2 ------------------- This is the second BETA release of HttpClient 4.3. The most notable features and improvements in the 4.3 branch are: Support for Java 7 try-with-resources for resource management (connection release); fluent Builder classes for HttpEntity, HttpRequest and HttpClient instances, deprecation of preference and configuration API based on HttpParams interface in favor of constructor injection and plain configuration objects, reliance on object immutability instead of access synchronization for thread safety. This release also includes all fixes from the stable 4.2.x release branch. Changelog ------------------- * [HTTPCLIENT-1366] org.apache.http.client.utils.URLEncodedUtils should parse the semicolon as a query parameter separator. Contributed by Gary Gregory * [HTTPCLIENT-1365] NPE when ManagedHttpClientConnectionFactory.create(ConnectionConfig) is called with null. Contributed by Gary Gregory * [HTTPCLIENT-1362] Better error messages for connect timed out and connection refused exceptions. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1360] separate out DeflateInputStream as an independent class, so it can be used by others. Contributed by Karl Wright * [HTTPCLIENT-1359] repeated requests using the same context fail if they redirect. Contributed by James Leigh * [HTTPCLIENT-1354] do not quote algorithm parameter in DIGEST auth response. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1351] Added utility method to resolve final location from original request, target host and a list of redirects. Contributed by James Leigh * [HTTPCLIENT-1344] Userinfo credentials in URI should not default to preemptive BASIC authentication. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1345] Useinfo credentials ignored in redirect location header. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1294] HttpClient to rewrite host name of the redirect location URI in order to avoid circular redirect exception due to host name case mismatch. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1264] Add support for multiple levels of browser compatibility to BrowserCompatSpec and BrowserCompatSpecFactory. Include constructor argument for IE medium-security compatibility. Contributed by Karl Wright (kwright at apache.org) * [HTTPCLIENT-1349] SSLSocketFactory incorrectly identifies key passed with keystore as the keystore password. Contributed by David Graff * [HTTPCLIENT-1346] Ensure propagation of SSL handshake exceptions. Contributed by Pasi Eronen * [HTTPCLIENT-1343] SSLSocketFactory optional parameters for supported SSL protocols and cipher suites. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1238] Contribute Bundle Activator And Central Proxy Configuration. Contributed by Simone Tripodi * [HTTPCLIENT-1299] (regression) cache incorrectly disposes of the underlying cache resource when storing variant entry. Contributed by James Leigh * [HTTPCLIENT-1342] Redirects with underscore character in the location hostname cause "java.lang.IllegalArgumentException: Host name may not be null". Contributed by Oleg Kalnichevski Release 4.3 BETA1 ------------------- This is the first BETA release of HttpClient 4.3. The 4.3 branch enhances HttpClient in several key areas and includes several notable features and improvements: Support for Java 7 try-with-resources for resource management (connection release); fluent Builder classes for HttpEntity, HttpRequest and HttpClient instances, deprecation of preference and configuration API based on HttpParams interface in favor of constructor injection and plain configuration objects, reliance on object immutability instead of access synchronization for thread safety. This release also includes all fixes from the stable 4.2.x release branch. Changelog ------------------- * [HTTPCLIENT-1317] InetAddressUtils should handle IPv6 Addresses with Embedded IPv4 Addresses Contributed Sebastian Bazley . * [HTTPCLIENT-1320] Leverage javax.net.ssl.SSLSocketFactory#getDefault() to initialize SSL context based on system defaults instead of using an internal custom routine. Contributed by Abe Backus and Oleg Kalnichevski * [HTTPCLIENT-1316] Certificate verification rejects IPv6 addresses which are not String-equal. Contributed Sebastian Bazley . * [HTTPCLIENT-1307] Future based asynchronous request execution. Contributed by Jilles van Gurp * [HTTPCLIENT-1313] Fixed IllegalStateException in deprecated ThreadSafeClientConnManager. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1298] Add AsynchronousValidator in HttpClientBuilder's list of closeable objects. Contributed by Martin Meinhold Release 4.3 ALPHA1 ------------------- This is the first ALPHA release of HttpClient 4.3. The 4.3 branch enhances HttpClient in several key areas and includes several notable features and improvements: Support for Java 7 try-with-resources for resource management (connection release); fluent Builder classes for HttpEntity, HttpRequest and HttpClient instances, deprecation of preference and configuration API based on HttpParams interface in favor of constructor injection and plain configuration objects, reliance on object immutability instead of access synchronization for thread safety. We are kindly asking all upstream projects to review API changes and help us improve the APIs by providing feedback and sharing ideas on dev@hc.apache.org. This release also includes all fixes from the stable 4.2.x release branch. Please note that new features included in this release are still considered experimental and their API may change in the future 4.3 alpha and beta releases. Changelog ------------------- * [HTTPCLIENT-1250] Allow query string to be ignored when determining cacheability for HTTP 1.0 responses. Contributed by Don Brown * [HTTPCLIENT-1261] Make SystemDefaultHttpClient honor http.agent system property. Contributed by Oleg Kalnichevski * [HTTPCLIENT-900] Don't enforce URI syntax for messages with an explicit target host. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1190] HttpClient cache does not support "Vary: Cookie" Contributed by Oleg Kalnichevski * [HTTPCLIENT-1259] Calling #abort() on requests executed with DecompressingHttpClient has no effect. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1253] URIBuilder setParameter() method could exceed the HTTP header size. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1216] Added method to force clean thread-local used by DateUtils. Contributed by Oleg Kalnichevski Release 4.2.3 ------------------- HttpClient 4.2.3 (GA) is a bug fix release that addresses a number of issues reported since release 4.2.2. This release also includes a thoroughly reworked NTLM authentication engine which should result in a better compatibility with the newest Microsoft products. Users of HttpClient 4.x are advised to upgrade. Changelog ------------------- * [HTTPCLIENT-1296] NPE gets thrown if you combine a default host with a virtual host that has a -1 value for the port. Contributed by Karl Wright * [HTTPCLIENT-1290] 304 cached response never reused with If-modified-since conditional requests. Contributed by Francois-Xavier Bonnet * [HTTPCLIENT-1291] Absolute request URIs without an explicitly specified path are rewritten to have "/" path). Contributed by Oleg Kalnichevski * [HTTPCLIENT-1286] Request URI rewriting is inconsistent - URI fragments are not removed from absolute request URIs. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1284] HttpClient incorrectly generates Host header when physical connection route differs from the host name specified in the request URI. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1293] Kerberos and SPNego auth schemes use incorrect authorization header name when authenticating with a proxy. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1283] NTLM needs to use Locale-independent form of toUpperCase(). Contributed by Karl Wright * [HTTPCLIENT-1279] Target host responding with status 407 (proxy authentication required) causes an NPE. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1281] GzipDecompressingEntity does not release InputStream when an IOException occurs while reading the Gzip header Contributed by Francois-Xavier Bonnet * [HTTPCLIENT-1277] Caching client sends a 304 to an unconditional request. Contributed by Francois-Xavier Bonnet * [HTTPCLIENT-1278] Update NTLM documentation. Contributed by Karl Wright * SystemDefaultHttpClient misinterprets 'http.keepAlive' default value and disables connection persistence if the system property is not set. This causes connection based authentication schemes such as NTLM to fail. * [HTTPCLIENT-1276] cache update on a 304 response causes NPE. Contributed by Francois-Xavier Bonnet * [HTTPCLIENT-1273] DecompressingHttpClient does not automatically consume response content in case of an i/o, HTTP or runtime exception thrown by the decompressing protocol interceptor leading to a potential connection leak. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1268] NTLM engine refactor fix, to correct a buffer overrun, and get NTLMv2 flags right. Contributed by Karl Wright * [HTTPCLIENT-1266] NTLM engine refactoring and compatibility improvements. Contributed by Karl Wright * [HTTPCLIENT-1263] BrowserCompatSpec: attribute values containing spaces or special characters should be enclosed with quotes marks for version 1 cookies. Contributed by Francois-Xavier Bonnet * [HTTPCLIENT-1263] CachingHttpClient fails to release connections back to the connection manager for some type of HTTP response messages when used together with DecompressingHttpClient. Contributed by Francois-Xavier Bonnet * [HTTPCLIENT-1258] Fixed NullPointerException in NTLMEngineImpl caused by null NT domain attribute. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1254] Redirect with underscore in hostname causes ProtocolException. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1255] AbstractVerifier incorrectly parses certificate CN containing wildcard. Contributed by Oleg Kalnichevski Release 4.2.2 ------------------- HttpClient 4.2.2 (GA) is a bug fix release that addresses a number of issues reported since release 4.2.1. Users of HttpClient 4.2 are advised to upgrade. Changelog ------------------- * [HTTPCLIENT-1248] Default and lax redirect strategies should not convert requests redirected with 307 status to GET method. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1215] BasicAuthCache does not take default ports into consideration when looking up cached authentication details by HttpHost key. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1241] (regression) Preemptive BASIC authentication failure should be considered final and no further attempts to re-authenticate using the same credentials should be made. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1229] Fixed NPE in BasicClientConnectionManager that can be triggered by releasing connection after the connection manager has already been shut down. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1227] Date parsing in DateUtils made more efficient. Contributed by Patrick Linskey * [HTTPCLIENT-1224] (regression) NTLM auth not retried after a redirect over a non-persistent connection. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1223] Cache could be more aggressive on cache invalidations from Content-Location. Contributed by Jon Moore . Contributed by Jon Moore * [HTTPCLIENT-1217] AutoRetryHttpClient does not release connection used by the previous response when request is retried Contributed by Oleg Kalnichevski Release 4.2.1 ------------------- HttpClient 4.2.1 (GA) is a bug fix release that addresses a number of issues reported since release 4.2. Users of HttpClient 4.2 are advised to upgrade. Changelog ------------------- * [HTTPCLIENT-1209] Redirect URIs are now normalized. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1202] ResponseCachingPolicy should honor explicit cache-control directives for other status codes Contributed by Jon Moore * [HTTPCLIENT-1199] DecompressingHttpClient strips content from entity enclosing requests Contributed by Oleg Kalnichevski * [HTTPCLIENT-1198] HttpHost is not set in HttpContext in CachingHttpClient. Contributed by Jon Moore * [HTTPCLIENT-1200] DecompressingHttpClient fails to generate correct HttpHost context attribute. Contributed by Guillaume Castagnino * [HTTPCLIENT-1192] URIBuilder encodes query parameters twice. Contributed by Oleg Kalnichevski and Sebastian Bazley . * [HTTPCLIENT-1196] Fixed NPE in UrlEncodedFormEntity constructor thrown if charset is null. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1193] Fixed regression in the route tracking logic of the default connection manager causing cross-site redirect failures. Contributed by Oleg Kalnichevski Release 4.2 ------------------- This is the first stable (GA) release of HttpClient 4.2. The most notable enhancements included in this release are: * New facade API for HttpClient based on the concept of a fluent interface. The fluent API exposes only the most fundamental functions of HttpClient and is intended for relatively simple use cases that do not require the full flexibility of HttpClient. However, the fluent API almost fully relieves the users from having to deal with connection management and resource deallocation. * Redesigned and rewritten connection management code. * Enhanced HTTP authentication API that enables HttpClient to handle more complex authentication scenarios. HttpClient 4.2 is now capable of making use of multiple authentication challenges and retry authentication with a fall-back scheme in case the primary one fails. This can be important for compatibility with Microsoft products that are often configured to use SPNEGO/Kerberos as the preferred authentication scheme. Changelog ------------------- * [HTTPCLIENT-1187] If a revalidation response is deemed too old CachingHttpClient fails to consume its content resulting in a connection leak. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1186] State of newly created connections in the connection pool is not always correctly updated potentially allowing those connections to be leased to users with a different security context. Contributed by Ralf Poehlmann * [HTTPCLIENT-1179] Upgraded Commons Codec dependency to version 1.6 Contributed by Oleg Kalnichevski * [HTTPCLIENT-1177] always remove fragments from request URIs Contributed by Oleg Kalnichevski Incompatible changes -------------------- [Compared to release version 4.1.3] The following fields have been deprecated for some time now and have been deleted: org.apache.http.client.params.ClientPNames#CONNECTION_MANAGER_FACTORY org.apache.http.impl.cookie.BrowserCompatSpec#DATE_PATTERNS The following methods have been deprecated for some time now and have been deleted: org.apache.http.client.params.ClientParamBean#setConnectionManagerFactory(org.apache.http.conn.ClientConnectionManagerFactory) org.apache.http.client.protocol.ClientContextConfigurer#setAuthSchemePref(java.util.List) org.apache.http.entity.mime.content.FileBody#writeTo(java.io.OutputStream, int) org.apache.http.entity.mime.content.InputStreamBody#writeTo(java.io.OutputStream, int) org.apache.http.entity.mime.content.StringBody#writeTo(java.io.OutputStream, int) The following classes have been deprecated for some while now and have been deleted: org.apache.http.impl.conn.tsccm.RefQueueHandler org.apache.http.impl.conn.tsccm.AbstractConnPool no longer implements interface org.apache.http.impl.conn.tsccm.RefQueueHandler org.apache.http.impl.conn.tsccm.ConnPoolByRoute no longer implements interface org.apache.http.impl.conn.tsccm.RefQueueHandler org.apache.http.impl.conn.tsccm.RefQueueWorker Release 4.2 BETA1 ------------------- This is the first BETA release of HttpClient 4.2. This release completes development of several notable enhancements in HttpClient: * New facade API for HttpClient based on the concept of a fluent interface. The fluent API exposes only the most fundamental functions of HttpClient and is intended for relatively simple use cases that do not require the full flexibility of HttpClient. However, the fluent API almost fully relieves the users from having to deal with connection management and resource deallocation. * Redesigned and rewritten connection management code. As of release 4.2 HttpClient will be using pooling connection manager per default. * Enhanced HTTP authentication API that enables HttpClient to handle more complex authentication scenarios. HttpClient 4.2 is now capable of making use of multiple authentication challenges and retry authentication with a fall-back scheme in case the primary one fails. This can be important for compatibility with Microsoft products that are often configured to use SPNEGO/Kerberos as the preferred authentication scheme. Changelog ------------------- * [HTTPCLIENT-1164] Compressed entities are not being cached properly. Contributed by Jon Moore . * [HTTPCLIENT-1154] MemcachedHttpCacheStorage should allow client to specify custom prefix string for keys. Contributed by Jon Moore . * [HTTPCLIENT-1153] MemcachedHttpCacheStorage uses URL as cache key; shouldn't due to fixed maximum-length memcached keys. Contributed by Jon Moore . * [HTTPCLIENT-1157] MemcachedHttpCacheStroage should throw IOExceptions instead of RuntimeExceptions. Contributed by James Miller . * [HTTPCLIENT-1152] MemcachedHttpCacheStorage should verify class of returned object before casting. Contributed by Rajika Kumarasiri . * [HTTPCLIENT-1155] CachingHttpClient fails to ensure that the response content gets fully consumed when using a ResponseHandler, which can potentially lead to connection leaks. Contributed by James Miller * [HTTPCLIENT-1147] When HttpClient-Cache cannot open cache file, should act like miss. Contributed by Joe Campbell * [HTTPCLIENT-1137] Values for the Via header are cached and reused by httpclient-cache. Contributed by Alin Vasile * [HTTPCLIENT-1142] Infinite loop on NTLM authentication failure. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1143] CachingHttpClient leaks connections with stale-if-error. Contributed by James Miller Release 4.2 ALPHA1 ------------------- This is the first ALPHA release of HttpClient 4.2. The 4.2 branch enhances HttpClient in several key areas and includes several notable features and improvements: * New facade API for HttpClient based on the concept of a fluent interface. The fluent API exposes only the most fundamental functions of HttpClient and is intended for relatively simple use cases that do not require the full flexibility of HttpClient. However, the fluent API almost fully relieves the users from having to deal with connection management and resource deallocation. * Redesigned and rewritten connection management code. As of release 4.2 HttpClient will be using pooling connection manager per default. * Enhanced HTTP authentication API that enables HttpClient to handle more complex authentication scenarios. HttpClient 4.2 is now capable of making use of multiple authentication challenges and retry authentication with a fall-back scheme in case the primary one fails. This can be important for compatibility with Microsoft products that are often configured to use SPNEGO/Kerberos as the preferred authentication scheme. Please note that new features included in this release are still considered experimental and their API may change in the future ALPHA releases. Changelog ------------------- * [HTTPCLIENT-1128] SystemDefaultHttpClient (HttpClient implementation initialized using system properties). Contributed by Oleg Kalnichevski * [HTTPCLIENT-1135] RandomAccessFile mode 'w' used by HttpClientCache is not valid. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1131] HttpClient to authenticate preemptively using BASIC scheme if a userinfo attribute is specified in the request URI. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1134] make BasicResponseHandler consume response content in case of an unsuccessful result (status code >= 300). Contributed by Oleg Kalnichevski * [HTTPCLIENT-1132] ProxyClient implementation. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1127] fixed dead-lock between SingleClientConnManager and AbstractPooledConnAdapter. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1107] Auth framework redesign. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1116] ResponseCachingPolicy uses integers for sizes Contributed by Greg Bowyer * [HTTPCLIENT-1123] Support for pluggable DNS resolvers. Contributed by Alin Vasile * [HTTPCLIENT-1120] DefaultHttpRequestRetryHandler#retryRequest should not retry aborted requests. Contributed by Alin Vasile * Support for auth-int qop (quality of protection) option in Digest auth scheme. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1076] Fluent facade API (Google summer of code 2011 project). Contributed by Xu Lilu * UriBuilder implementation. Contributed by Xu Lilu * Redesign of connection management classes based on new pooling components from HttpCore. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1111] Added #prepareSocket method to SSLSocketFactory. Contributed by Pasi Eronen * Added #reset() and #releaseConnection() methods to HttpRequestBase. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1105] AutoRetryHttpClient: built-in way to do auto-retry for certain status codes. Contributed by Dan Checkoway * [HTTPCLIENT-1094] Digest auth scheme refactoring. Contributed by Oleg Kalnichevski * Lax implementation of RedirectStrategy. Contributed by Bartosz Firyn * [HTTPCLIENT-1044] HttpRequestRetryHandler implementation compliant with the definition of idempotent methods given in the RFC 2616. Contributed by Oleg Kalnichevski Release 4.1.2 ------------------- The HttpClient 4.1.2 is a bug fix release that addresses a number of non-critical issues reported since release 4.1.1. * [HTTPCLIENT-1100] Missing Content-Length header makes cached entry invalid Contributed by Bart Robeyns * [HTTPCLIENT-1098] Avoid expensive reverse DNS lookup on connect timeout exception. Contributed by Thomas Boettcher * [HTTPCLIENT-1097] BrowserCompatHostnameVerifier and StrictHostnameVerifier should handle wildcards in SSL certificates better. Contributed by Sebastian Bazley * [HTTPCLIENT-1092] If ClientPNames.VIRTUAL_HOST does not provide the port, derive it from the current request. Contributed by Sebastian Bazley * [HTTPCLIENT-1087] NTLM proxy authentication fails on retry if the underlying connection is closed as a result of a target authentication failure. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1079] Fixed Kerberos cross-realm support Contributed by Michael Osipov <1983-01-06 at gmx.net> * [HTTPCLIENT-1078] Decompressing entities (DeflateDecompressingEntity, GzipDecompressingEntity) do not close content stream in #writeTo() method. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1075] Decompressing entities (DeflateDecompressingEntity, GzipDecompressingEntity) do not correctly handle content streaming. Contributed by James Abley * [HTTPCLIENT-1051] Avoid reverse DNS lookups when opening SSL connections by IP address. Contributed by Oleg Kalnichevski Release 4.1.1 ------------------- HttpClient v4.1.1 is a bug fix release that addresses a number of issues reported since release 4.1, including one critical security issue (HTTPCLIENT-1061). All users of HttpClient 4.0.x and 4.1 are strongly encouraged to upgrade. * [HTTPCLIENT-1069] HttpHostConnectException not correctly retried for direct and non-tunnelled proxy connections. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1066] Changed the way URIUtils#rewriteURI handles multiple consecutive slashes in the URI path component: multiple leading slashes will be replaced by one slash in order to avoid confusion with the authority component. The remaining content of the path will not be modified. (also see HTTPCLIENT-929). Contributed by Oleg Kalnichevski * [HTTPCLIENT-1061] Fixed critical bug causing Proxy-Authorization header to be sent to the target host when tunneling requests through a proxy server that requires authentication. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1056] Fixed bug causing the RequestAuthCache protocol interceptor to generate an invalid AuthScope instance when looking up user credentials for preemptive authentication. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1053] Fixed the way DigestScheme generates nonce-count values. Contributed by Oleg Kalnichevski Release 4.1 ------------------- The HttpClient 4.1 release builds upon the stable foundation laid by HttpClient 4.0 and adds several functional improvements and popular features. * Response caching conditionally compliant with HTTP/1.1 specification (full compliance with MUST requirements, partial compliance with SHOULD requirements) * Full support for NTLMv1, NTLMv2, and NTLM2 Session authentication. The NTLM protocol code was kindly contributed by the Lucene Connector Framework project. * Support for SPNEGO/Kerberos authentication. * Persistence of authentication data between request executions within the same execution context. * Support for preemptive authentication for BASIC and DIGEST schemes. * Support for transparent content encoding. Please note transparent content encoding is not enabled per default in order to avoid conflicts with already existing custom content encoding solutions. * Mechanism to bypass the standard certificate trust verification (useful when dealing with self-signed certificates). * Simplified configuration for connection managers. * Transparent support for host multihoming. IMPORTANT: please note that the HttpClient 3.x branch is now officially END OF LIFE and is no longer maintained and supported by the Apache HttpComponents project. Changelog ------------------- * The public API for the caching module had a minor change between 4.1-beta and 4.1-GA to the HttpCacheEntry class - the deprecated public Set getVariantURIs() method and constructor public HttpCacheEntry(Date requestDate, Date responseDate, StatusLine statusLine, Header[] responseHeaders, Resource resource, Set variants) were both removed. This will not affect you unless you are implementing new storage backends that use the deprecated code and/or are implementing custom serializers for cache entries. * Changed Browser-Compatibility and Best-Match cookie policies to emulate the behaviour of FireFox more closely when parsing Netscape style cookies. Comma will no longer be treated as a header element separator if Set-Cookie does not contain a Version attribute mandated by the RFC2109 / RFC 2965 cookie specifications. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1036] StringBody has incorrect default for characterset. (Default changed to US-ASCII) Contributed by Sebastian Bazley * [HTTPCLIENT-975] Support stale-if-error and stale-while-revalidate extension directive (RFC5861). Contributed by Mohammed Azeem Uddin , Michajlo Matijkiw , and Matthew Hawthorne . * [HTTPCLIENT-1033] HttpRoute.equals(Object o) is quite inefficient, as it does not take full advantage of shortcut logic. Contributed by Sebastian Bazley * [HTTPCLIENT-1030] Implement "ignoreCookies" CookieSpec Contributed by Sebastian Bazley Release 4.1 BETA1 ------------------- HttpClient 4.1 BETA1 finalizes the 4.1 API and brings a number of major improvements to the HTTP caching module. This release also adds full support for NTLMv1, NTLMv2, and NTLM2 Session authentication. The NTLM protocol code was kindly contributed by the Lucene Connector Framework project. Changelog ------------------- * [HTTPCLIENT-1015] Support only-if-cached directive. Contributed by Michajlo Matijkiw * [HTTPCLIENT-990] Allow heuristic freshness caching. Contributed by Michajlo Matijkiw * [HTTPCLIENT-919] Support for NTLMv1, NTLMv2, and NTLM2 Session authentication. Contributed by Karl Wright * [HTTPCLIENT-1008] Send all variants' ETags on "variant miss". Contributed by Michajlo Matijkiw and Mohammed Azeem Uddin * [HTTPCLIENT-1011] Handling of IOExceptions thrown by cache components. Contributed by Jonathan Moore * [HTTPCLIENT-1003] Handle conditional requests in cache. Contributed by Michajlo Matijkiw and Mohammed Azeem Uddin * [HTTPCLIENT-1002] Stale connection check fails if wire logging is on. Contributed by Oleg Kalnichevski * [HTTPCLIENT-1000] Maximum connection lifetimes settings for ThreadSafeClientConnManager. Contributed by Michajlo Matijkiw * [HTTPCLIENT-960] HttpMultipart doesn't generate Content-Type header for binary parts in BROWSER_COMPATIBLE mode. Contributed by Oleg Kalnichevski * [HTTPCLIENT-998] Cache should use both Last-Modified and ETag for validations when available. Contributed by Jonathan Moore * [HTTPCLIENT-997] Cache module should handle out-of-order validations properly and unconditionally refresh. Contributed by Jonathan Moore * [HTTPCLIENT-994] Cache does not allow client to override origin-specified freshness using max-stale. Contributed by Jonathan Moore * [HTTPCLIENT-995] Cache returns cached responses even if validators not consistent with all conditional headers. Contributed by Jonathan Moore * [HTTPCLIENT-977] Memcached implementation for HttpCache. Contributed by Mohammed Azeem Uddin * [HTTPCLIENT-992] cache should not generate stale responses to requests explicitly requesting first-hand or fresh ones. Contributed by Jonathan Moore * [HTTPCLIENT-991] cache module produces improperly formatted Warning header when revalidation fails. Contributed by Jonathan Moore * [HTTPCLIENT-989] DefaultHttpRequestRetryHandler no longer retries non-idempotent http methods if NoHttpResponseException is thrown. Contributed by Oleg Kalnichevski * [HTTPCLIENT-988] Cache module should strip 'Content-Encoding: identity' from responses Contributed by Jonathan Moore * [HTTPCLIENT-987] cache module does not recognize equivalent URIs. Contributed by Jonathan Moore * [HTTPCLIENT-986] cache module does not completely handle upstream Warning headers correctly Contributed by Jonathan Moore * [HTTPCLIENT-985] cache module should populate Via header to capture upstream and downstream protocols Contributed by Jonathan Moore * [HTTPCLIENT-984] Additional conditional compliance tests for the caching module for Content-Encoding, Content-Location, Date, Expires, Server, Transfer-Encoding, and Vary headers. Contributed by Jonathan Moore * [HTTPCLIENT-978] HTTP cache update exception handling Contributed by Michajlo Matijkiw * [HTTPCLIENT-981] CachingHttpClient returns a 411 respones when executing a POST (HttpPost) request. Contributed by Joe Campbell * [HTTPCLIENT-980] CachingHttpClient returns a 503 response when the backend HttpClient produces an IOException. Contributed by Jonathan Moore * [HTTPCLIENT-978] Ehcache based HTTP cache implementation Contributed by Michajlo Matijkiw * [HTTPCLIENT-967] support for non-shared (private) caches Contributed by Jonathan Moore * [HTTPCLIENT-969] BasicCookieStore#getCookies() to return a copy of Cookie list Contributed by David Smiley * [HTTPCLIENT-965] Fixed problem with cache not honoring must-revalidate or proxy-revalidate Cache-Control directives. Contributed by Jonathan Moore * [HTTPCLIENT-964] 'no-cache' directives with field names are no longer transmitted downstream. Contributed by Jonathan Moore * [HTTPCLIENT-963] Fixed handling of 'Cache-Control: no-store' on requests. Contributed by Jonathan Moore * [HTTPCLIENT-962] Fixed handling of Authorization headers in shared cache mode. Contributed by Jonathan Moore * [HTTPCLIENT-961] Not all applicable URIs are invalidated on PUT/POST/DELETEs that pass through client cache. Contributed by Jonathan Moore * [HTTPCLIENT-958] Client cache no longer allows incomplete responses to be passed on to the client. Contributed by Jonathan Moore * [HTTPCLIENT-951] Non-repeatable entity enclosing requests are not correctly retried when 'expect-continue' handshake is active. Contributed by Oleg Kalnichevski * [HTTPCLIENT-948] In rare circumstances the idle connection handling code can leave closed connections in a inconsistent state. Contributed by Oleg Kalnichevski * [HTTPCLIENT-953] IllegalStateException thrown by RouteSpecificPool. Contributed by Guillaume * [HTTPCLIENT-952] Trust store parameter is ignored by SSLSocketFactory (affects version 4.1-alpha2 only) Contributed by Oleg Kalnichevski * [HTTPCLIENT-937] CacheEntry made immutable; now uses immutable HttpEntity to store cached content. Contributed by David Mays and Oleg Kalnichevski Release 4.1 ALPHA2 ------------------- HttpClient 4.1 ALPHA2 fixes a number of non-severe bugs discovered since the last release and introduces support for two frequently requested features: * HTTP/1.1 response caching * transparent support for host multihoming * a mechanism to bypass the standard certificate trust verification (useful when dealing with self-signed certificates) Compatibility notes ------------------- (1) Please note the HTTP caching module is still considered experimental and its API may change significantly in the future releases. (2) This release eliminates Mime4J as a dependency for the HttpMime module. HttpMime is no longer binary compatible with the previous releases. Full API and binary compatibility between minor versions of HttpMime will be maintained as of 4.1 GA release. Changelog ------------------- * [HTTPCLIENT-936] Fixed bug causing NPE or an infinite loop in the authentication code in case of a SPNEGO authentication failure. Contributed by Oleg Kalnichevski * [HTTPCLIENT-427] HTTP caching support Contributed by Joe Campbell, David Cleaver, David Mays, Jon Moore, Brad Spenla * Dropped dependency on Mime4j for HttpMime. Contributed by Oleg Kalnichevski * Extended SSLSocketFactory with a mechanism to bypass the standard certificate trust verification (primarily to simplify dealing with self-signed certificates) Contributed by Oleg Kalnichevski * [HTTPCLIENT-898] Improved support for host multihoming Contributed by Oleg Kalnichevski * [HTTPCLIENT-916] UsernamePasswordCredentials, NTUserPrincipal, BasicClientCookie, BasicClientCookie2 and BasicCookieStore made Serializable. Contributed by Oleg Kalnichevski * [HTTPCLIENT-914] Upgraded Commons Codec dependency to version 1.4 Contributed by Oleg Kalnichevski * [HTTPCLIENT-903] Use ConcurrentHashMap instead of [Linked]HashMap for thread-safety. Improve performance of AuthSchemeRegistry, CookieSpecRegistry and SchemeRegistry classes. Contributed by Sebastian Bazley * [HTTPCLIENT-902] HttpRequestRetryHandler not called on I/O exceptions thrown when opening a new connection. Contributed by Olivier Lamy and Oleg Kalnichevski Release 4.1 ALPHA1 ------------------- HttpClient 4.1 ALPHA1 builds on the stable 4.0 release and adds several functionality improvements and new features. * Simplified configuration of connection managers. * Persistence of authentication data between request executions within the same execution context. * Support for SPNEGO/Kerberos authentication scheme * Support for transparent content encoding. Please note transparent content encoding is not enabled per default in order to avoid conflicts with already existing custom content encoding solutions. * 5 to 10% performance increase due to elimination of unnecessary Log object lookups by short-lived components. Please note all methods and classes added in this release and marked as 4.1 are API unstable and can change in the future 4.1 ALPHA releases. Changelog ------------------- * [HTTPCLIENT-889] 'expect: continue' handshake disabled per default. Contributed by Oleg Kalnichevski * [HTTPCLIENT-862] Extended client's redirect handling interface to allow control of the content of the redirect. Contributed by Oleg Kalnichevski * [HTTPCLIENT-872] HttpClient can now persist authentication data between request executions as long as they share the same execution context. It has also become much easier to make HttpClient authenticate preemptively by pre-populating authentication data cache. Contributed by Oleg Kalnichevski * [HTTPCLIENT-883] SO_TIMEOUT is not reset on persistent (re-used) connections. Contributed by Oleg Kalnichevski * [HTTPCLIENT-832] Distinguish cookie format errors from violations of restrictions imposed by a cookie specification. In the latter case CookieRestrictionViolationException will be thrown. Contributed by Oleg Kalnichevski * [HTTPCLIENT-523] Support for SPNEGO authentication scheme. Contributed by Matthew Stevenson * Simplified configuration of connection managers. Total connection maximum and maximum connection per route limits can be set using methods of the class instead of HTTP parameters. Contributed by Oleg Kalnichevski * Added parameters to define the order of preference for supported auth schemes for target host and proxy authentication. Contributed by Oleg Kalnichevski * [HTTPCLIENT-875] DefaultClientConnectionOperator#openConnection doesn't update the connection state if the connection socket changed after the call to SocketFactory#connectSocket(). Contributed by Oleg Kalnichevski * [HTTPCLIENT-834] Transparent content encoding support. Contributed by James Abley Release 4.0.1 ------------------- This is a bug fix release that addresses a number of issues discovered since the previous stable release. None of the fixed bugs is considered critical. Most notably this release eliminates eliminates dependency on JCIP annotations. This release is also expected to improve performance by 5 to 10% due to elimination of unnecessary Log object lookups by short-lived components. Changelog ------------------- * [HTTPCLIENT-895] Eliminated Log lookups in short lived objects impairing performance. Contributed by Oleg Kalnichevski * [HTTPCLIENT-885] URLEncodedUtils now correctly parses form-url-encoded entities that specify a charset. Contributed by Oleg Kalnichevski * [HTTPCLIENT-884] UrlEncodedFormEntity now sets charset on the Content-Type header. Contributed by Jared Jacobs * [HTTPCLIENT-883] SO_TIMEOUT is not reset on persistent (re-used) connections. Contributed by Oleg Kalnichevski * [HTTPCLIENT-882] Auth state is now correctly updated if a successful NTLM authentication results in a redirect. This is a minor bug as HttpClient manages to recover from the problem automatically. Contributed by Oleg Kalnichevski * [HTTPCLIENT-881] Fixed race condition in AbstractClientConnAdapter that makes it possible for an aborted connection to be returned to the pool. Contributed by Tim Boemker and Oleg Kalnichevski * [HTTPCLIENT-866] Removed dependency on jcip-annotations.jar. Contributed by Oleg Kalnichevski and Sebastian Bazley Release 4.0 ------------------- HttpClient 4.0 represents a complete, ground-up redesign and almost a complete rewrite of the HttpClient 3.x codeline. This release finally addresses several design flaws that existed since the 1.0 release and could not be fixed without a major code overhaul and breaking API compatibility. Architectural changes --------------------- * Redesign of the HttpClient internals addressing all known major architectural shortcomings of the 3.x codeline. * Cleaner, more flexible and expressive API. * More modular structure. * Better performance and smaller memory footprint due to a more efficient HTTP transport based on HttpCore. * Implementation of cross-cutting HTTP protocol aspects through protocol interceptors. * Improved connection management, better handling of persistent connections, support for stateful connections * Pluggable redirect and authentication handlers. * Improved support for sending requests via a proxy or a chain of proxies * More flexible SSL context customization * Reduced intermediate garbage in the process of generating HTTP requests and parsing HTTP responses Important notes ------------------- * Future releases of HttpMime module may be binary incompatible with this release due to possible API changes in Apache Mime4J. Apache Mime4J is still being actively developed and its API is considered unstable. * HttpClient 4.0 is not fully binary compatible with 4.0 BETA1 release. Some protected variables in connection management class have been made final in order to help ensure their thread safety: org.apache.http.conn.BasicEofSensorWatcher#attemptReuse org.apache.http.conn.BasicEofSensorWatcher#managedConn org.apache.http.impl.conn.DefaultClientConnectionOperator#schemeRegistry org.apache.http.impl.conn.DefaultHttpRoutePlanner#schemeRegistry org.apache.http.impl.conn.ProxySelectorRoutePlanner#schemeRegistry org.apache.http.impl.conn.SingleClientConnManager#alwaysShutDown org.apache.http.impl.conn.SingleClientConnManager#connOperator org.apache.http.impl.conn.SingleClientConnManager#schemeRegistry org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager#connOperator org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager#schemeRegistry Bug fixes since 4.0 BETA2 release ------------------- * [HTTPCLIENT-861] URIUtils#resolve is now compatible with all examples given in RFC 3986. Contributed by Johannes Koch * [HTTPCLIENT-860] HttpClient no longer converts redirects of PUT/POST to GET for status codes 301, 302, 307, as required by the HTTP spec. Contributed by Oleg Kalnichevski * [HTTPCLIENT-859] CookieIdentityComparator now takes path attribute into consideration when comparing cookies. Contributed by Oleg Kalnichevski * HttpClient will no longer send expired cookies back to the origin server. Contributed by Oleg Kalnichevski * [HTTPCLIENT-856] Proxy NTLM authentication no longer fails on a redirect to a different host. Contributed by Oleg Kalnichevski * [HTTPCLIENT-841] Removed automatic connection release using garbage collection due to a memory leak. Contributed by Oleg Kalnichevski * [HTTPCLIENT-853] Fixed bug causing invalid cookie origin port to be selected when the target is accessed on the default port and the connection is established via a proxy. Contributed by Oleg Kalnichevski * [HTTPCLIENT-852] Fixed bug causing automatically retried redirects fail with CircularRedirectException. Contributed by Oleg Kalnichevski * Fixed problem with the default HTTP response parser failing to handle garbage preceding a valid HTTP response. Contributed by Oleg Kalnichevski * NonRepeatableRequestExceptions now include the cause that the original request failed. Contributed by Sam Berlin * [HTTPCLIENT-837] Fixed problem with the wire log skipping zero byte values if read one byte at a time. Contributed by Kirill Safonov * [HTTPCLIENT-823] 'http.conn-manager.max-total' parameter can be adjusted dynamically. However, the size of existing connection pools per route, once allocated, will not be adjusted. Contributed by Oleg Kalnichevski * [HTTPCLIENT-822] Default socket factories to rethrow SocketTimeoutException as ConnectTimeoutException in case of connect failure due to a time out. Contributed by Oleg Kalnichevski * [HTTPCLIENT-813] Fixed default port resolution. Invalid ports no longer get replaced with the default port value. Contributed by Oleg Kalnichevski Release 4.0 beta 2 ------------------- BETA2 is a maintenance release, which addresses a number of issues discovered since the previous release. The only significant new feature is an addition of an OSGi compliant bundle combining HttpClient and HttpMime jars. All upstream projects are strongly encouraged to upgrade. * Fixed NPE in DefaultRequestDirector thrown when retrying a failed request over a proxied connection. Contributed by Oleg Kalnichevski * [HTTPCLIENT-803] Fixed bug in SSL host verifier implementations causing the SSL certificate to be rejected as invalid if the connection is established using an IP address. Contributed by Oleg Kalnichevski * [HTTPCLIENT-806] DefaultHttpMethodRetryHandler will no longer retry on ConnectExceptions. Contributed by Oleg Kalnichevski * DigestScheme can use an arbitrary digest algorithm requested by the target server (such as SHA) as long as this algorithm is supported by the Java runtime. Contributed by Oleg Kalnichevski * Fixed parsing and validation of RFC2109 compliant Set-Cookie headers by the Best-Match cookie spec. Contributed by Oleg Kalnichevski * Fixed bug that can cause a managed connection to be returned from the pool in an inconsistent state. Contributed by Oleg Kalnichevski 4.0 Beta 1 ------------------- BETA1 release brings yet another round of API enhancements and improvements in the area of connection management. Among the most notable ones is the capability to handle stateful connections such as persistent NTLM connections and private key authenticated SSL connections. This is the first API stable release of HttpClient 4.0. All further releases in the 4.0 code line will maintain API compatibility with this release. There has been a number of important bug fixes since ALPHA4. All upstream projects are encouraged to upgrade to the latest release. Please note HttpClient currently provides only limited support for NTLM authentication. For details please see NTLM_SUPPORT.txt. ------------------- Changelog: ------------------- * [HTTPCLIENT-790] Protocol interceptors are now correctly invoked when executing CONNECT methods. Contributed by Oleg Kalnichevski * [HTTPCLIENT-668] Do not use static loggers. Contributed by Oleg Kalnichevski * [HTTPCLIENT-781] Respect Keep-Alive header's timeout value. Contributed by Sam Berlin * [HTTPCLIENT-779] Top-level classes (HttpClient, and HttpGet, HttpPut and similar HttpMethods) throw fewer checked exceptions. Contributed by Sam Berlin * HttpClient will throw an exception if an attempt is made to retry a request with a non-repeatable request entity. Contributed by Oleg Kalnichevski * Fixed request re-generation logic when retrying a failed request. Auto-generated headers will no accumulate. Contributed by Oleg Kalnichevski * [HTTPCLIENT-424] Preemptive authentication no longer limited to BASIC scheme only. HttpClient can be customized to authenticate preemptively with DIGEST scheme. Contributed by Oleg Kalnichevski * [HTTPCLIENT-670] Pluggable hostname resolver. Contributed by Oleg Kalnichevski * [HTTPCLIENT-719] Clone support for HTTP request and cookie objects. Contributed by Oleg Kalnichevski * [HTTPCLIENT-776] Fixed concurrency issues with AbstractPoolEntry. Contributed by Sam Berlin * Resolved a long standing problem with HttpClient not taking into account the user context when pooling / re-using connections. HttpClient now correctly handles stateful / user specific connections such as persistent NTLM connections and SSL connections with client side authentication. Contributed by Oleg Kalnichevski * [HTTPCLIENT-773] Improved handling of the 'expires' attribute by the 'Best Match' cookie spec. Contributed by Oleg Kalnichevski * Partial NTLM support (requires an external NTLM engine). For details see NTLM_SUPPORT.txt Contributed by Oleg Kalnichevski * Redesigned local execution context management. Contributed by Oleg Kalnichevski -------------------------------------- Release 4.0 Alpha 4 ------------------- ALPHA4 marks the completion of the overhaul of the connection management code in HttpClient. All known shortcomings of the old HttpClient 3.x connection management API have been addressed. NTLM authentication remains the only missing major feature in the new codeline that prevents us from moving awards the API freeze. There has been a number of important bug fixes since ALPHA3. All upstream projects are encouraged to upgrade to the latest release. ------------------- HttpClient 3.x features that have NOT yet been ported: ------------------- * NTLM authentication scheme ------------------- Changelog: ------------------- * [HTTPCLIENT-765] String.toLowerCase() / toUpperCase() should specify Locale.ENGLISH Contributed by Sebastian Bazley * [HTTPCLIENT-769] Do not pool connection marked non-reusable. Contributed by Oleg Kalnichevski * [HTTPCLIENT-763] Fixed problem with AbstractClientConnAdapter#abortConnection() not releasing the connection if called from the main execution thread while there is no blocking I/O operation. Contributed by Oleg Kalnichevski * [HTTPCLIENT-652] Added optional state attribute to managed client connections. This enables connection managers to correctly handle stateful connections. Contributed by Oleg Kalnichevski * [HTTPCLIENT-673] Revised max connections per route configuration Contributed by Oleg Kalnichevski * [HTTPCLIENT-753] Class Scheme and related classes moved to a separate package Contributed by Oleg Kalnichevski * [HTTPCLIENT-757] Improved request wrapping in the DefaultClientRequestDirector. This also fixed the problem with the default proxy set at the client level having no effect. Contributed by Oleg Kalnichevski * [HTTPCLIENT-734] Request abort will unblock the thread waiting for a connection Contributed by Sam Berlin * [HTTPCLIENT-759] Ensure release of connections back to the connection manager on exceptions. Contributed by Sam Berlin * [HTTPCLIENT-758] Fixed the use of generics in AbstractHttpClient #removeRequestInterceptorByClass and #removeResponseInterceptorByClass Contributed by Johannes Koch * [HTTPCLIENT-749] HttpParams beans Contributed by Stojce Dimski * [HTTPCLIENT-755] Workaround for known bugs in java.net.URI.resolve() Bug ID: 4708535 Contributed by Johannes Koch -------------------------------------- Release 4.0 Alpha 3 ------------------- ALPHA3 release brings another round of API refinements and improvements in functionality. As of this release HttpClient requires Java 5 compatible runtime environment and takes full advantage of generics and new concurrency primitives. This release also introduces new default cookie policy that selects a cookie specification depending on the format of cookies sent by the target host. It is no longer necessary to know beforehand what kind of HTTP cookie support the target host provides. HttpClient is now able to pick up either a lenient or a strict cookie policy depending on the compliance level of the target host. Another notable improvement is a completely reworked support for multipart entities based on Apache mime4j library. ------------------- HttpClient 3.x features that have NOT yet been ported: ------------------- * NTLM authentication scheme ------------------- Changelog: ------------------- * [HTTPCLIENT-742] common interface for HttpRoute and RouteTracker Contributed by Roland Weber * [HTTPCLIENT-741] Fixed concurrency issues in AbstractClientConnAdapter. Contributed by Oleg Kalnichevski * [HTTPCLIENT-726] testcase for spurious wakeups in ThreadSafeClientConnManager Contributed by Roland Weber * [HTTPCLIENT-643] Automatic connect fail-over for multi-home remote servers. Contributed by Oleg Kalnichevski * [HTTPCLIENT-735] unsetting of DEFAULT_PROXY and FORCED_ROUTE in hierarchies Contributed by Roland Weber * [HTTPCLIENT-723] route planner based on java.net.ProxySelector Contributed by Roland Weber * [HTTPCLIENT-740] don't start connection GC thread in pool constructor Contributed by Roland Weber * [HTTPCLIENT-736] route planners use SchemeRegistry instead of ConnManager Contributed by Roland Weber * [HTTPCLIENT-730] Fixed rewriting of URIs containing escaped characters Contributed by Sam Berlin and Oleg Kalnichevski * [HTTPCLIENT-667] Added 'Meta' cookie policy that selects a cookie specification depending on the format of the cookie(s). Contributed by Oleg Kalnichevski * [HTTPCLIENT-729] Move HttpRoute and related classes to routing package. Contributed by Roland Weber * [HTTPCLIENT-725] Use TimeUnit arguments for timeouts in connection manager. Contributed by Roland Weber * [HTTPCLIENT-677] Connection manager no longer uses Thread.interrupt(). Contributed by Roland Weber * [HTTPCLIENT-716] Allow application-defined routes. Contributed by Roland Weber * [HTTPCLIENT-712] Improve HttpRoute API Contributed by Roland Weber * [HTTPCLIENT-711] Bad route computed for redirected requests Contributed by Oleg Kalnichevski * [HTTPCLIENT-715] Remove RoutedRequest from API Contributed by Roland Weber * [HTTPCLIENT-705] Fixed incorrect handling of URIs with null path component. Contributed by Oleg Kalnichevski * [HTTPCLIENT-688] HttpOptions#getAllowedMethods can now handle multiple Allow headers. Contributed by Andrea Selva -------------------------------------- Release 4.0 Alpha 2 ------------------- ALPHA2 release is another milestone in the redesign of HttpClient. It includes a number of improvements since ALPHA1, among which are improved connection pooling, support for proxy chains, redesigned HTTP state and authentication credentials management API, improved RFC 2965 cookie specification. ------------------- HttpClient 3.x features that have NOT yet been ported ------------------- * NTLM authentication scheme * Support for multipart MIME coded entities ------------------- Changelog ------------------- * [HTTPCLIENT-698] Resolve non-absolute redirect URIs relative to the request URI Contributed by Johannes Koch * [HTTPCLIENT-697] Throw a more intelligible exception when connection to a remote host cannot be established. Contributed by Oleg Kalnichevski * [HTTPCLIENT-689] Caching of SimpleDateFormat in DateUtils Contributed by Daniel Müller * [HTTPCLIENT-689] stackable parameters in AbstractHttpClient Contributed by Roland Weber * [HTTPCLIENT-477] Use distinct instances of the authentication handler interface for authentication with target and proxy hosts Contributed by Oleg Kalnichevski * [HTTPCLIENT-690] ManagedClientConnection provides access to SSLSession Contributed by Roland Weber * [HTTPCLIENT-692] ClientConnectionManager throws InterruptedException Contributed by Roland Weber * [HTTPCORE-116] moved parameter names to interfaces Contributed by Roland Weber * [HTTPCLIENT-649] support for proxy chains in HttpConn Contributed by Roland Weber * [HTTPCLIENT-636] refactor ThreadSafeClientConnManager in separate package Contributed by Roland Weber * [HTTPCLIENT-669] new HttpRoutePlanner interface and implementation Contributed by Andrea Selva * [HTTPCLIENT-653] detached connection wrapper no longer prevents garbage collection of ThreadSafeClientConnManager Contributed by Roland Weber * [HTTPCLIENT-674] use org.apache.http.util.VersionInfo instead of a local one Contributed by Roland Weber * [HTTPCLIENT-666] Replaced HttpState with CredentialsProvier and CookieStore interfaces Contributed by Oleg Kalnichevski * [HTTPCORE-100] revised HttpContext hierarchy Contributed by Roland Weber * [HTTPCLIENT-618] eliminate class HostConfiguration Contributed by Roland Weber * [HTTPCLIENT-672] re-sync with API changes in core alpha6-SNAPSHOT Contributed by Roland Weber -------------------------------------- Release 4.0 Alpha 1 ------------------- HttpClient 4.0 represents a complete, ground-up redesign and almost a complete rewrite of the HttpClient 3.x codeline. This release finally addresses several design flaws that existed since the 1.0 release and could not be fixed without a major code overhaul and breaking API compatibility. The HttpClient 4.0 API is still very experimental and is bound to change during the course of the ALPHA development phase. Several important features have not yet been ported to the new API. Architectural changes --------------------- * Redesign of the HttpClient internals addressing all known major architectural shortcomings of the 3.x codeline * Cleaner, more flexible and expressive API * Better performance and smaller memory footprint due to a more efficient HTTP transport based on HttpCore. HttpClient 4.0 is expected to be 10% to 25% faster than HttpClient 3.x codeline * More modular structure * Pluggable redirect and authentication handlers * Support for protocol incerceptors * Improved connection management * Improved support for sending requests via a proxy or a chain of proxies * Improved handling redirects of entity enclosing requests * More flexible SSL context customization * Reduced intermediate garbage in the process of generating HTTP requests and parsing HTTP responses ------------------- HttpClient 3.x features that have NOT yet been ported ------------------- * NTLM authentication scheme * RFC2965 cookie policy (Cookie2) * Support for multipart MIME coded entities ------------------- Changelog ------------------- The following is a list of contributions tracked in JIRA. Note that this is not a complete list of contributions or changes. Since the API was redesigned completely, tracking everything outside of the source code repository would have been too burdensome. * [HTTPCLIENT-655] User-Agent string no longer violates RFC Contributed by Oleg Kalnichevski * [HTTPCLIENT-541] Virtual host API redesign Contributed by Oleg Kalnichevski * [HTTPCLIENT-614] Allow for different strategies when checking CN of x509 certificates Contributed by Julius Davies * [HTTPCLIENT-136] Fixed inadequate proxy support Long standing architectural problem. Issue opened on 19/Dec/2002. Contributed by Oleg Kalnichevski * [HTTPCLIENT-63] Support for pluggable redirect and authentication handlers Long standing architectural problem. Issue opened on 15/Jul/2002. Contributed by Oleg Kalnichevski * [HTTPCLIENT-245] Fixed redirect handling. HttpClient can now automatically handle redirects of entity enclosing requests. Long standing architectural problem. Issue opened on 14/Jul/2003. Contributed by Oleg Kalnichevski * [HTTPCLIENT-613] HTTPS connections now verify CN of x509 certificates Contributed by Julius Davies * [HTTPCLIENT-497] Wire/header logger names consistent with class loggers Contributed by Oleg Kalnichevski * [HTTPCLIENT-484] AuthSSLProtocolSocketFactory in the main distribution Contributed by Oleg Kalnichevski * [HTTPCLIENT-589] Do not consume the remaining response content if the connection is to be closed Contributed by Roland Weber * [HTTPCLIENT-475] Support for unconnected sockets. HTTP requests can now be aborted while network socket is still being connected. Contributed by Roland Weber