0% found this document useful (0 votes)

21 views

RELEASE_NOTES

Uploaded by

najwagr12

Available Formats

Download as TXT, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

21 views

RELEASE_NOTES

Uploaded by

najwagr12

Available Formats

Download as TXT, PDF, TXT or read online on Scribd

You are on page 1/ 64

Release 5.2.

1
------------------

This is a maintenance release that fixes several regressions found in release 5.2.

Change Log
-------------------

* Regression: Async execution runtimes set the negotiated protocol version in the
execution
context at the wrong point of request execution.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* Cancel connection request on exception.

Contributed by Bryan Keller <bryanck at gmail.com>

* Replace deprecated use of LangUtils#equals() with Objects.equals().

Contributed by Gary Gregory <ggregory at apache.org>

* Regression: Multipart body builder and multipart formatters fail to escape

special characters
such as backslash and quote mark.
Contributed by Oleg Kalnichevski <olegk at apache.org>

Release 5.2
------------------

This is the first GA release in the 5.2 release series. This release finalizes the
5.2 APIs
and corrects a number of defects discovered since the previous release.

Please note that 5.2 upgrades the minimal JRE level to version 8 (8u251 is
required).

Please note this is likely to be the last release series with support for SPNEGO
and NTLM
authentication. As of version 5.3 GSS-API-based authentication schemes (Kerberos,
SPNEGO)
and NTLM authentication schemes are going to be deprecated and disabled by default.

Notable changes and features included in the 5.2 series:

* Upgrade to Java 8.

* Improved support for TLS upgrade and HTTP protocol upgrade (async).

* Support for H2 tunneling via HTTP/1.1 proxy.

* Conformance to RFC 7617 (The 'Basic' HTTP Authentication Scheme).

* Migration to Java 8 Time primitives in State Management and Cache APIs.

* Connection and TLS configuration on a per route basis.

* Base64 codec based on Commons Codec replaced with JRE Base64 codec.
Dependency on Commons Codec dropped.
* Optional support for BR (Brotli) decompression.

Change Log
-------------------

* HTTPCLIENT-2242: RoutingSupport fails to copy InetAddress when normalizing

HttpHost.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2240: Fixed incorrect CONNECT method initialization in ProxyClient.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2236: MultihomeIOSessionRequester fails to enhance the cause exception

in case
of connect failure if the remoteAddress argument has been given.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* Use Objects.toString() instead of String type cast

Contributed by Gary Gregory <garydgregory at gmail.com>

* HTTPCLIENT-2232: Last protocol interceptors moved at the end of the H2 protocol

processing
pipeline.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* H2 async runtime to proactively set HTTP/2 protocol version in the execution

context.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2231: Fixed a race condition in the main async executor when the
request execution
on an I/O thread is faster than execution pipeline management on the client
thread.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* Avoid duplicate redundant objects and use Singleton instead.

Contributed by Arturo Bernal <arturobernalg at gmail.com>

* HTTPCLIENT-2225: Connection route calculation does not take the default

RequestConfig into
account.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* Avoid unnecessary use of Instant.toEpochMilli by using Instant#compareTo to

compare
Instants directly.
Contributed by jkmcl

* HTTPCLIENT-2221 Closing a classic response/entity allows connection reuse.

Contributed by Carter Kozak <ckozak at apache.org>

Release 5.2 BETA1

------------------

This is the first BETA release in the 5.2 release series that upgrades minimal JRE
level to version 8 (8u251 is required) and includes several protocol level and
API improvements. It also includes all bug fixes from the 5.1 branch.

Change Log
-------------------

* Upgraded HttpCore to version 5.2-beta2.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2218: Use Java 8 Base64 utility (#370).

Contributed by j3graham <j3graham@gmail.com>

* Added support for BR (Brotli) decompression (#363).

Contributed by 殷成涛 <yinwoods@163.com>

* HTTPCLIENT-2212: MinimalHttpAsyncClient fails to release client endpoints in case

of
a connect error (such as TLS handshake failure).
Contributed by Oleg Kalnichevski <olegk at apache.org>

* InternalAbstractHttpAsyncClient to create daemin threads.

Contributed by Richard Hernandez <riher at amazon.com>

* HTTPCLIENT-2080: Added #getRetryInterval method to HttpRequestRetryStrategy for

use
on retriable IOExceptions (#356).
Contributed by Anthony Baldocchi <489445+ajbaldocchi at users.noreply.github.com>

* Fixed infinite recursion in SSLConnectionSocketFactory.

Contributed by Ryan Schmitt <rschmitt at apache.org>

* HTTPCLIENT-2200: Protocol interceptors are executed before the connection route

has
been fully established.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2209: Pass HttpContext to AsyncClientConnectionOperator (#353).

Contributed by Andriy Redko <drreta at gmail.com>

* HTTPCLIENT-2206: Corrected resource de-allocation by fluent response objects.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* ExecSupport#getNextExchangeId() optimization (#352)

Contributed by David Schlosnagle <schlosna at gmail.com>

* HTTPCLIENT-2203: Corrected target host normalization by the request execution

interceptors;
added ContextBuilder with support for preemptive authentication initialization.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2202: MemcachedHttpCacheStorage to support MemcachedClientIF

interface.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* Bug fix: ByteArrayBuilder incorrectly handles empty strings.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2198: Fixed AbstractClientTlsStrategy to respect HttpVersionPolicy.

Contributed by Andrei Vasilev <59628447+AndreiSVasilev at
users.noreply.github.com>
* Updated AbstractClientTlsStrategy to pass only the HttpVersionPolicy set by
TlsConfig
instead of the entire TlsConfig to H2TlsSupport#selectApplicationProtocols()
method.
Contributed by Andrei Vasilev <59628447+AndreiSVasilev at
users.noreply.github.com>

* HTTPCLIENT-2195, regression: Classic ConnectExec incorrectly discards the proxy

response
body even if the request cannot be executed and the response is final.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2194: Async retry request interceptor fails to correct include request

body
on retry (#343).
Contributed by JasonMathison <JasonMathison at users.noreply.github.com>

* Deprecated execute methods that return an open response object in favor of

execute
methods with a response handler and automatic resource deallocation.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2189: Cookie and Cache APIs to use Java time primitives.

Contributed by Arturo Bernal <arturobernalg at gmail.com>

* Apply English locale to all date header formatters.

Contributed by Michael Osipov <michaelo at apache.org>

* HTTPCLIENT-2184: Fixed an issue in which connections were not returned to the

pool
when requests contained non-repeatable bodies AND responses were streamed.
Contributed by Carter Kozak <ckozak at apache.org>

Release 5.2 ALPHA1

------------------

This is the first ALPHA release in the 5.2 release series that upgrades minimal JRE
level to version 1.8 (8u251 is required) and includes several protocol level and
API improvements. It also includes all bug fixes from the 5.1 branch.

Notable changes and features included in the 5.2 series:

* Upgrade to Java 8.

* Improved support for TLS upgrade and HTTP protocol upgrade (async).

* Support for H2 tunneling via HTTP/1.1 proxy.

* Conformance to RFC 7617 (The 'Basic' HTTP Authentication Scheme).

Change Log
-------------------

* Replaced SimpleDateFormat and Calendar with Java 8 Time APIs; removed thread-
local
from DateUtils.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* Support for connection 'total time to live' setting on a per-route basis.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* Configurable IOReactor IO session decorator configurable.

Contributed by Arturo Bernal <arturobernalg at gmail.com>

* HTTPCLIENT-2182: access to SSLSession attributes via reflection disallowed as of

Java 16.
Core TLS functions now use new Java 1.8 API introduced by 8u251 update.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2135: TLS configuration on a per-host basis.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* RFC 7230: treat presence of userinfo in authority component in request URI as an

HTTP
protocol violation.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* AuthCache conformance to RFC 7617.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* Added immutable CredentialsProvider implementations and a CredentialsProvider

builder.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2045: BASIC auth scheme conformance to RFC 7617.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2120: support for H2 via HTTP/1.1 proxy.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* Moved connection management related settings from RequestConfig to new class

ConnectionConfig.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2139: Cookie Header HttpOnly attribute.

Contributed by Arturo Bernal <arturobernalg at gmail.com>

Release 5.1.1
-----------

This release upgrades HttpCore to the latest 5.1 version and fixes a number of
issues found
since release 5.1.

Change Log
-------------------

* Don't initialize AtomicReference to its default value.

Contributed by Gary Gregory <ggregory at apache.org>

* Corrected resolution of the target host in DefaultUserTokenHandler.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2177: automatically force HTTP/1.1 protocol policy when executing

requests
via a proxy tunnel.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2177: fixed incorrect route state tracking by the async connect

executor
when negotiating a tunnel via a proxy.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2177: keep successful tunnel connections alive regardless of

`Connection: close`.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2173: async pooling connection manager to close half-open connection

gracefully.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* Don't retry a request for NoRouteToHostException.

Contributed by Jaikiran Pai <jaikiran.pai at gmail.com>

* HTTPCLIENT-2170: Classic protocol layer no longer releases the underlying

connection back
to the pool prematurely while the NTLM handshake is still ongoing.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* Fixed connection lease request cancellation race in both classic and asyc pooling
connection
managers.
Contributed by Oleg Kalnichevski <olegk at apache.org>

Release 5.1
-----------

This is the first GA release in the 5.1 release series.

Notable changes and features included in the 5.1 series:

* Conditional conformance with RFC 3986 (Uniform Resource Identifier (URI): Generic
Syntax).

* Improved support for out of sequence response message handing by the the classic
(blocking)
HTTP transport.

* Improved message builders.

Please note that 5.1 is going to be the last release series compatible with Java
1.7.
HttpClient will require Java 1.8 as of 5.2.

Change Log
-------------------
* HTTPCLIENT-2157: Response object generated by the classic caching backend is
missing
the original content encoding.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2152: Fixed handling of unexpected unchecked exception by the async

request
retry exec interceptor.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* Async clients to support scheduled (delayed) re-execution of requests.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2148: fluent Executor volatile access thread safety (#301).

Contributed by Carter Kozak <ckozak at apache.org>

* HTTPCLIENT-2149: When no dNSName, match against CN.

Contributed by Peter Dettman <peter.dettman at bouncycastle.org>

* HTTPCLIENT-2147: fixed broken preemptive auth in HC Fluent.

Contributed by Robert Rodewald <robert.rodewald at kopsis.com>

* HTTPCORE-672: cleanup of H2 connection validation code.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* HttpAsyncClientBuilder: Make IOReactor exception callback configurable

Contributed by Ryan Schmitt <ryansch at amazon.com>

* HTTPCLIENT-2141: HttpClient to not retry requests if the retry interval exceeds

the response
timeout.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* Fixed NPE during dispose in Response if entity is null

Contributed by Sandeep Kulkarni <sandeep at snk.local>

* Blocking connection managers to validate connections after inactivity of more

than 2s
by default.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* Deprecated request factory classes in favor of request builders.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2140: Upgraded Commons Codec to version 1.15.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* Deprecated message copiers in favor of generic message builders.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* Kerberos/SPNego fixes
Contributed by Carey Lin <careylin1111 at gmail.com>

Release 5.1 BETA1

------------------

This is the first BETA release in the 5.1 release series that includes a number of
new features as well performance optimizations in the classic HTTP transport.

Notable changes and features included in the 5.1 series:

* Conditional conformance with RFC 3986 (Uniform Resource Identifier (URI): Generic
Syntax).

* Improved support for out of sequence response message handing by the the classic
(blocking)
HTTP transport.

Changelog:
-------------------

* RFC 3986 conformance: URIUtils to re-use URIBuilder functionality.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* Improved I/O session and wire logging.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* Add interceptors before MAIN_TRANSPORT so they won't be ignored (#272)

Contributed by Rob Spoor <robtimus at users.noreply.github.com>

* HTTPCLIENT-2104: ManagedHttpClientConnectionFactory to support

ResponseOutOfOrderStrategy configuration.
Contributed by Carter Kozak <ckozak at apache.org>

* Fixed NPE when H2/Async client interceptors are added using first/last (#268).
Contributed by Koji Lin <koji.lin at gmail.com>

* HTTPCLIENT-2126: `InternalAbstractHttpAsyncClient` incorrectly handles response

messages with no enclosed
entity.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2124: Fixed NOE in MinimalHttpClient#doExecute (#261).

Contributed by Gary Gregory <ggregory at apache.org>

* HTTPCLIENT-2122: async client to throw `HTTP/2 tunneling not supported` protocol

exception in case of
`force HTTP/2` version policy used along with request proxy routing.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2123: H2AsyncClientBuilder incorrectly adds last request interceptors

to the head of
the interceptor list.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* Use decimal numbers for endpoint/execution IDs (#249).

Contributed by Michael Osipov <michaelo@apache.org>

* HTTPCLIENT-2106: Added charset parameter for DigestScheme.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2103: ManagedHttpClientConnectionFactory provides a fluent builder

Contributed by Carter Kozak <ckozak at apache.org>
Release 5.0.3
-----------------

This release upgrades HttpCore to the latest version, improves conformance to RFC
7235
(Hypertext Transfer Protocol (HTTP/1.1): Authentication) and addresses a number of
issues found since 5.0.2 release.

Changelog:
-------------------

* PR #270: Master try w res and more.

- Use try-with-resources.
- Use Arrays.fill().
- Add missing @override.
- Simplify if/else.
- Remove redundant modifiers. …
- Remove redundant returns.
Contributed by Gary Gregory <ggregory at apache.org>

Release 5.0.2
-----------------

Changelog:
-------------------

* HTTPCLIENT-2116: Incorrect request message composition when routing requests

via a proxy.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* PoolingAsyncClientConnectionManager incorrectly emits Ping commands to HTTP/1.1

endpoints (#255).
Contributed by 滕杰 1 <tengjie1 at xdf.cn>

* HTTPCLIENT-2115: HttpAsyncClientBuilder and H2AsyncClientBuilder fail to take

`replaceExecInterceptor()` into account.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2112: AbstractMultipartFormat respects ByteBuffer.arrayOffset (#253).

Contributed by Carter Kozak <ckozak at apache.org>

* Avoid updating Content-Length header in a 304 response.

Contributed by Dirk Henselin <dirk.henselin at vwgis.de>

* HTTPCLIENT-2105: Async clients incorrectly handle redirects of requests with

enclosed
entity.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2100: Incorrect handling of EXTENDED mode by MultipartEntityBuilder

Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPCLIENT-2099, HTTPCLIENT-2091: SSLConnectionSocketFactory connect timeout fix
(#241).
Contributed by Carter Kozak <ckozak at apache.org>

* Bug fix: BasicExpiresHandler is annotated as immutable but is not (#240).

Contributed by Gary Gregory <ggregory at apache.org>

* HTTPCLIENT-2096: Migrate instance loggers to static fields

Contributed by Carter Kozak <ckozak at apache.org>

* Added Automatic-Module-Name to the artefact manifests.

Contributed by Niels Basjes <niels at basjes.nl>

* MultipartEntityBuilder#generateBoundary optimization (#233)

Contributed by slisaasquatch <slisaasquatch at users.noreply.github.com>

* HTTPCLIENT-2094: ConnectionManager validateAfterInactivity zero duration

agreement
Contributed by Carter Kozak <ckozak at apache.org>

* RFC 7235 compliance, HTTPCLIENT-2086: Fixed parsing of token68 based (base64-

encoded)
auth schemes.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2091: Connect timeout is used instead of socket timeout after a tls

upgrade
Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2084: Client builders incorrectly add message interceptors with LAST

position
to the head of the list.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2083: Fix NPE when classic client interceptors are added.

Contributed by Carter Kozak <ckozak at apache.org>

Release 5.0.1
-----------------

This release upgrades HttpCore to the latest version and addresses a number of
issues found
since 5.0 release.

Changelog:
-------------------

* Bug fix: Classic connection managers fail to take #isConsistent() flag into
account when
re-using persistent connections.
7 Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2077: Authentication failure due to incorrect NTLM auth value check.

Contributed by vonahok <64310078+vonahok at users.noreply.github.com>

* HTTPCLIENT-2051: Corrected handling of 303 redirects.

Contributed by Oleg Kalnichevski <olegk at apache.org>
* HTTPASYNC-160: HttpAsyncClient in INACTIVE or STOPPED state throws a
IllegalStateException
causing the current thread to terminate.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2076: Fixed NPE in LaxExpiresHandler.

Contributed by heejeongkim <aprilhjk at gmail.com>

* HTTPCLIENT-2074: Disallow direct execution of CONNECT methods by standard client

implementations.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2075: New method Request.responseTimeout(Timeout) in Fluent HC.

Contributed by Ralph <ralph.geerkens at rwth-aachen.de>

* HTTPCLIENT-2073: (regression) WindowsNegotiateScheme incorrectly rejects empty

NTLM challenge.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2069: RequestConfig#copy does not copy #responseTimeout.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2061: Corrected sequence of request execution interceptors in classic

HttpClient.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* Fixed NPE for null HttpContext in minimal async clients.

Contributed by slisaasquatch <sli at saasquat.ch>

Release 5.0
-----------------

This is the first stable (GA) release of HttpClient 5.0.

Notable changes and features included in the 5.0 series are:

* Support for the HTTP/2 protocol and conformance to requirements and

recommendations of the latest HTTP/2 protocol specification documents
(RFC 7540, RFC 7541.)

Supported features:

** HPACK header compression

** Stream multiplexing (client and server)
** Flow control
** Response push
** Message trailers
** Expect-continue handshake
** Connection validation (ping)
** Application-layer protocol negotiation (ALPN)
** TLS 1.2 security features

* Improved conformance to requirements and recommendations of the latest HTTP/1.1

protocol
specification documents (RFC 7230, RFC 7231.)
* New connection pool implementation with lax connection limit guarantees and
better
performance under higher concurrency due to absence of a global pool lock.

* Support for Reactive Streams API [http://www.reactive-streams.org/]

* Package name space changed to 'org.apache.hc.client5'.

* Maven group id changed to 'org.apache.httpcomponents.client5'.

HttpClient 5.0 releases can be co-located with earlier major versions on the same
classpath
due to the change in package names and Maven module coordinates.

Changelog:
-------------------

* Removed work-around for resumed TLS sessions given that JDK-8212885 fix has been
ported to Java 11
and released in Oracle JDK 11.0.3.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* Upgraded HttpCore dependency to version 5.0

Contributed by Oleg Kalnichevski <olegk at apache.org>

* DefaultHttpRequestRetryStrategy: Allow zero retry interval

Contributed by Ryan Schmitt <rschmitt at apache.org>

* HTTPCLIENT-2047: fixed regression in DefaultHostnameVerifier causing rejection of

certs with non-standard domains.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* GitHub #204: Build requests from method names in ClassicHttpRequests:

ClassicHttpRequests.create(String, String)
ClassicHttpRequests.create(String, URI)
Contributed by Gary Gregory <ggregory at apache.org>

* GitHub #205: Update request factory classes with matching APIs for Method and
String method name inputs:
BasicHttpRequests.create(String, URI)
BasicHttpRequests.create(String, String)
ClassicHttpRequests.create(Method, String)
ClassicHttpRequests.create(Method, URI)
SimpleHttpRequests.create(String, URI)
SimpleHttpRequests.create(String, String)
Contributed by Gary Gregory <ggregory at apache.org>

* GitHub #208: Do not use input type names in method names:

SimpleHttpRequest: Delete setBodyBytes(byte[], ContentType) in favor of
setBody(byte[], ContentType)
SimpleHttpRequest: Delete setBodyText(String, ContentType) in favor of
setBody(String, ContentType)
SimpleHttpResponse: Delete setBodyBytes(byte[], ContentType) in favor of
setBody(byte[], ContentType)
SimpleHttpResponse: Delete setBodyText(String, ContentType) in favor of
setBody(String, ContentType)
Contributed by Gary Gregory <ggregory at apache.org>
Release 5.0-BETA7
-----------------

This BETA release upgrades HttpCore to the latest version and addresses a number
of issues found
since the previous BETA release.

IMPORTANT: This release is expected to be the last BETA version. If no major

design flaws are found the actual 5.0 API will be frozen and the next version will
be
promoted to GA.

Changelog:
-------------------

* Improved domain name normalization by DefaultHostnameVerifier.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* DefaultHostnameVerifier: Match DNS and CN names against ICANN domains.

Contributed by Ryan Schmitt <rschmitt at apache.org>

* HTTPCORE-615: Implement HTTP-based cache serializer-deserializer.

Contributed by Scott Gifford <sgifford at suspectclass.com>

* HTTPCLIENT-2040: Copy headers from the original request to the redirect request.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* Removed RFC 2965 specific requirements deprecated and superseded by RFC 6265.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2035: Remove HttpRequestRetryHandler in favor of

HttpRequestRetryStrategy.
Contributed by Michael Osipov <michaelo at apache.org>

* HTTPCLIENT-2019: Remove ServiceUnavailableRetryStrategy in favor of

HttpRequestRetryStrategy.
Contributed by Michael Osipov <michaelo at apache.org>

* HTTPCLIENT-2034: Introduce HttpRequestRetryStrategy.

Contributed by Michael Osipov <michaelo at apache.org>

* CloseableHttpAsyncClient to support explicit HttpHost execution parameter.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2020: DefaultBackoffStrategy to support TOO_MANY_REQUESTS (429).

Contributed by Michael Osipov <michaelo at apache.org>

* HTTPCLIENT-2030: Fixed PublicSuffixMatcher#getDomainRoot behavior with invalid

hostnames.
Contributed by Niels Basjes <niels at basjes.nl>

* HTTPCLIENT-2028: Connection managers to allow 0 for `validateAfterInactivity`

time value.
Contributed by Peter Frank <pfrank at fandango.com>

* HTTPCLIENT-2023: Allow nested arrays and all primitive types in

DefaultHttpCacheEntrySerializer.
Contributed by Olof Larsson <olof at sylt.nu>
Release 5.0-BETA6
-------------------

This BETA release picks up the latest fixes and performance improvements from
HttpCore
and addresses a number of issues found since the previous BETA release.

Changelog:
-------------------

* Fixed fallback PublicSuffixMatcher.

Contributed by Ryan Schmitt <rschmitt at apache.org>

* Enforce h2 TLS rules after negotiating TLS, not before.

Contributed by Ryan Schmitt <rschmitt at apache.org>

* HTTPCLIENT-2013: Revised handling of connect exceptions; improved consistency in

behavior
of the classic and async clients; ConnectTimeoutException now extends
SocketTimeoutException.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* Improved handling of request cancellation (classic API).

Contributed by Oleg Kalnichevski <olegk at apache.org>

* Fixed concurrent use of threading unsafe ClassicHttpRequest messages.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* Execute Socket#connect under doPrivileged.

Contributed by Simon Willnauer <simonw at apache.org>

* HTTPCLIENT-2009: Fixed StringIndexOutOfBoundsException in

AuthSupport#extractFromAuthority.
Contributed by itonyli <429284840 at qq.com>

* Make Accept-Encoding header handling thread-safe.

Contributed by Linton Miller <linton.miller at coxautoinc.com>

Release 5.0-BETA5
-------------------

This BETA release picks up the latest fixes and performance improvements from
HttpCore
and addresses a number of issues found since the previous BETA release.

IMPORTANT: This release is expected to be the last BETA version. If no major

design flaws are found the actual 5.0 API will be frozen and the next version will
be
promoted to GA.

Changelog:
-------------------

* Information response (1xx) processing support.

Contributed by Kirill Usov <kirill.usov at gmail.com>

* HTTPCLIENT-1968: Preserve escaped PATHSAFE characters when normalizing URI path

segments.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-1992: Impossible to access trailer-headers available in chunked

transfer-encoding
with classic API.
Contributed by Serkan Turgut <sturgut at amazon.com>

* HTTPCLIENT-1991: incorrect handling of non-standard DNS entries by

PublicSuffixMatcher.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* Refactor to enable support for non-form based multipart requests

Contributed by Adam Retter <adam.retter at googlemail.com>

* HTTPCLIENT-1981: disallow TRACE requests with an enclosed entity

Contributed by Jay Modi <jay at elastic dot com>

Release 5.0-BETA4
-------------------

This BETA release picks up the latest fixes and performance improvements from
HttpCore
and addresses a number of issues found since the previous BETA release.

Notable features in this release:

* Security improvements.

* URI handling improvements.

Changelog:
-------------------

* HTTPCLIENT-1976: Unsafe deserialization in DefaultHttpCacheEntrySerializer.

Contributed by Artem Smotrakov <artem.smotrakov at gmail.com>

* HTTPCLIENT-1969: Filter out weak cipher suites.

Contributed by Artem Smotrakov <artem.smotrakov at gmail.com>

* HttpClient should not retry requests in case of ConnectionClosedException

Contributed by Oleg Kalnichevski <olegk at apache.org>

* Bug fix: Simple response consumer to discard stored content when releasing
resources.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* Bug fix: main async request execution handlers to release the associated response
consumer
upon exception.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* Update Apache Commons Codec from 1.11 to 1.12.

Contributed by Gary Gregory <ggregory at apache.org>

* Update RxJava from 2.2.2 to 2.2.7.

Contributed by Gary Gregory <ggregory at apache.org>

* Update JNA from 5.0.0 to 5.2.0.

Contributed by Gary Gregory <ggregory at apache.org>

* Some well known proxies respond with Content-Length=0, when returning 304. For
robustness,
always use the cached entity's content length, as modern browsers do.
Contributed by Jayson Raymond <Jayson.Raymond15 at T-Mobile.com>

* HTTPCLIENT-1960: URIBuilder incorrect handling of multiple leading slashes in

path component.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-1958: PoolingHttpClientConnectionManager to throw ExecutionException

in case of a lease operation cancellation instead of InterruptedException.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* Shutdown executorService on AbstractHttpAsyncClientBase shutdown.

Contributed by 吴雪山 <xueshan.wu at ndkey.com.cn>

* [HTTPCLIENT-1952: Allow default User Agent to be disabled

Contributed by Michael Osipov <michaelo at apache.org>

* Improve HttpResponseException#getMessage.
Contributed by Michael Osipov <michaelo at apache.org>

* Better handling of http(s).proxyUser and http(s).proxyPassword

Contributed by Jens Borgland <jborglan at tibco.com>

* Wrong argument name in

PoolingAsyncClientConnectionManagerBuilder#setConnPoolPolicy results
with self assignment of variable.
Contributed by Eryk Szymanski <eszymanski at collab.net>

Release 5.0-BETA3
-------------------

This BETA release adds support for advanced TLS functions (such as ALPN protocol
negotiation)
on Java 1.7 and Java 1.8 through Conscrypt TLS library and picks up the latest
fixes
and performance improvements from HttpCore.

Notable features in this release:

* TLS ALPN protocol negotiation support on older JREs through Conscrypt TLS
library.

Changelog:
-------------------

* Added optional dependency on conscrypt-openjdk-uber 1.4.1; support for advanced

TLS functions
(such as ALPN extension) on Java 1.7 and Java 1.8 through Conscrypt TLS library
Contributed by Oleg Kalnichevski <olegk at apache.org>

* Removed OSGi module

Contributed by Oleg Kalnichevski <olegk at apache.org>

* Removed experimental CredSsp auth scheme

Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-1949: DigestScheme to use HttpRequest#getRequestUri instead of

HttpRequest#getPath
Contributed by Oleg Kalnichevski <olegk at apache.org>

Release 5.0-BETA2
-------------------

This BETA release resolves compatibility issues with Java 11 new TLS engine as well
as
a number of defects found since the previous release.

Notable new features in this release:

* JDK 11 compatibility

* Support for request specific push consumers

* Support for Reactive Streams API [http://www.reactive-streams.org/]

Changelog:
-------------------

* Hack to make hostname verification work with TLSv1.3 resumed sessions.

For details see https://markmail.org/message/mxf5v2d2gh6ws2j3
Contributed by Oleg Kalnichevski <olegk at apache.org>

* Added builders for SSLConnectionSocketFactory and client TlsStrategy.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* Added enum for supported TLS versions & TLS version parser.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-1946: handling of 308 status as per RFC 7538.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* Upgraded HttpCore to version 5.0-beta5.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* Async clients to support request specific push consumers.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-1944: Add hardCancellationEnabled option to RequestConfig.

Contributed by Ryan Schmitt <ryansch at amazon.com>

* Overload Request's execute method to allow custom CloseableHttpClient.

Contributed by Nicolas Gomez <nicolas at imogene.fr>
* Fix HttpClient 4.5.4 regression in BasicCookieStore serialization.
Contributed by Mark Mielke <mmielke at ciena.com>

* HTTPCLIENT-1934: Default client TLS strategy passes wrong hostname to the

hostname verifier.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-1882: reset authentication state on I/O or runtime error for

connection based
authentication schemes (such as NTLM).
Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-1924: HttpClient to shut down the connection manager if a fatal error

occurs
in the course of a request execution.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* Pooling connection managers to implement graceful and immediate shut down.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-1906: certificates containing alternative subject names other than DNS

and IP
(such as RFC822) get rejected as invalid.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-1904: check cookie domain for null

Contributed by Hans-Peter Keck <hans-peter.keck at haufe-lexware.com>

* HTTPCLIENT-1900: proxy protocol processor in the CONNECT exec interceptor does

not
post-process CONNECT response messages.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-1898: Incorrect comment in example class

ClientMultiThreadedExecution.java
Contributed by Ulrich Romahn <ulrich at ulrichromahn dot net>

* HTTPCLIENT-1931: Add factory enum

org.apache.hc.client5.http.classic.methods.ClassicHttpRequests
Contributed by Gary Gregory <ggregory at apache.org>

* HTTPCLIENT-1932: Add factory enum

org.apache.hc.client5.http.async.methods.HttpRequests
Contributed by Gary Gregory <ggregory at apache.org>

* HTTPCLIENT-1939: Update Apache Commons Codec from 1.10 to 1.11

Contributed by Gary Gregory <ggregory at apache.org>

* HTTPCLIENT-1947: Update JNA from 4.5.2 to 5.0.0

Contributed by Gary Gregory <ggregory at apache.org>

Release 5.0-BETA1
-------------------

This is the first BETA release of HttpClient 5.0. The 5.0 release serices
introduces
support for the HTTP/2 protocol and event driven messaging APIs consistent for all
supported HTTP protocol versions.
Changelog:
-------------------

* DefaultHostnameVerifier to use a custom distinguished name (DN) parser instead of

LdapName.
Removed dependency on Java Naming extensions.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTP/2 client implementations to support cancellation of ongoing message

exchanges without
terminating the underlying connections.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-1395: added config parameter to skip an extra cache entry freshness

check upon
cache update in case of a cache miss.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-1824, HTTPCLIENT-1384: asynchronous HTTP cache invalidator.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* Redesign of CacheKeyGenerator and HttpCacheInvalidator APIs.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* New APIs for cache entry bulk retrieval; bulk retrieval support by Memcached
storage
implementation.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-1824, HTTPCLIENT-1868: Asynchronous HTTP cache storage API. Memcached

backend
implementation of async HTTP cache storage.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-1885: Content compression exec interceptor generates incorrect

'Accept-Encoding' header value.
Contributed by Oleg Kalnichevski <olegk at apache.org>

Release 5.0-ALPHA3
-------------------

This is a major release that introduces support for the HTTP/2 protocol and event
driven
messaging APIs consistent for all supported HTTP protocol versions.

HttpClient ships with two client implementations:

* HttpClient Classic is based on the classic (blocking) I/O model; largely

compatible
with the 4.x APIs; supports HTTP/1.1 only.

* HttpClient Async is based on NIO model; new event driven APIs consistent for all
supported
HTTP protocol versions; supports both HTTP/1.1 and HTTP/2.
Notable new features in this release:

* Asynchronous HttpClient implementations optimized for HTTP/2 multiplexed request

execution.

* Full support for HTTP caching by asynchronous HttpClient implementations

including
streaming message exchanages.

Notable changes and features included in the 5.0 series are:

* Support for the HTTP/2 protocol and conformance to requirements and

recommendations of the latest HTTP/2 protocol specification documents
(RFC 7540, RFC 7541.)

Supported features:

** HPACK header compression

* Improved conformance to requirements and recommendations of the latest HTTP/1.1

protocol
specification documents (RFC 7230, RFC 7231.)

* Redesigned connection pool implementation with reduced pool lock contention.

* Package name space changed to 'org.apache.hc.client5'.

* Maven group id changed to 'org.apache.httpcomponents.client5'.

* Apache Log4j2 logging APIs used for internal logging instead of Commons Logging
APIs.

HttpClient 5.0 releases can be co-located with earlier major versions on the same
classpath
due to the change in package names and Maven module coordinates.

Please note that as of 5.0, HttpClient requires Java 1.7 or newer.

Changelog:
-------------------

* HttpAsyncClient implementations optimized for HTTP/2 multiplexed

request execution.
Contributed by Oleg Kalnichevski <olegk@apache.org>

* Improved Ehcache and Memcached storage backends.

Contributed by Oleg Kalnichevski <olegk@apache.org>

* [HTTPCLIENT-1827] Full support for HTTP caching by asynchronous HTTP clients.

Contributed by Oleg Kalnichevski <olegk@apache.org>

* Redesign of HTTP cache resource APIs.

Contributed by Oleg Kalnichevski <olegk@apache.org>

* Deprecated Content-Transfer-Encoding field in MIME body parts per RFC 7578,

section 4.7.
Contributed by Oleg Kalnichevski <olegk@apache.org>

* [HTTPCLIENT-293] Implemented the percent encoding of the filename parameter of

the Content-Disposition header.
Contributed by Ioannis Sermetziadis <sermojohn@gmail.com>

* [HTTPCLIENT-1845]: Extract InputStreamFactory classes out of

GzipDecompressingEntity and
DeflateDecompressingEntity for reuse and to create less garbage.
Contributed by Gary Gregory <ggregory at apache.org>

* [HTTPCLIENT-1858] Alleviate GC pressure due to wire logging.

Contributed by Gary Gregory <ggregory at apache.org>

* Avoid fetching the cached entity twice on cache hit.

Contributed by Leandro Nunes <a-lnunes@hotels.com>

* [HTTPASYNC-124] Add doPrivileged blocks to async client and connection manager

builders
Contributed by Jay Modi <jay at elastic dot co>

Release 5.0-ALPHA2
-------------------

This is a major release that introduces support for the HTTP/2 protocol and event
driven
messaging APIs consistent for all supported HTTP protocol versions.

HttpClient ships with two client implementations:

* HttpClient Classic is based on the classic (blocking) I/O model; largely

compatible
with the 4.x APIs; supports HTTP/1.1 only.

* HttpClient Async is based on NIO model; new event driven APIs consistent for all
supported
HTTP protocol versions; supports both HTTP/1.1 and HTTP/2.

Notable changes and features included in the 5.0 series are:

* Partial support for the HTTP/2 protocol and conformance to requirements and
recommendations of the latest HTTP/2 protocol specification documents
(RFC 7540, RFC 7541.)

Supported features:

** HPACK header compression

* Improved conformance to requirements and recommendations of the latest HTTP/1.1

protocol
specification documents (RFC 7230, RFC 7231.)

* Redesigned connection pool implementation with reduced pool lock contention.

* Package name space changed to 'org.apache.hc.client5'.

* Maven group id changed to 'org.apache.httpcomponents.client5'.

* Apache Log4j2 logging APIs used for internal logging instead of Commons Logging
APIs.

Features that are presently NOT supported:

* HTTP/2 transport (classic)

* HTTP tunneling (async)

* Automatic response content decompression (async)

* Caching (async)

HttpClient 5.0 releases can be co-located with earlier major versions on the same
classpath
due to the change in package names and Maven module coordinates.

Please note that as of 5.0, HttpClient requires Java 1.7 or newer.

Please note that at this point 5.0 APIs are considered experimental and unstable
and are
expected to change in the coming releases without providing a migration path.

Changelog:
-------------------

* [HTTPCLIENT-1714] Add HttpClientBuilder.setDnsResolver(DnsResolver).

Contributed by Alexis Thaveau <alexis.thaveau at gmail.com>

* [HTTPCLIENT-1715] NTLMEngineImpl.Type1Message not thread safe but declared as a

constant.
Contributed by Olivier Lafontaine <olafontaine at gmail.com>, Gary Gregory
<ggregory at apache.org>

* [HTTPCLIENT-1716] redirect handling of unsafe methods defined by RFC 7231.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1717] Make fluent API .Content.Content(byte[], ContentType) public.

Contributed by Cash Costello <cash.costello at gmail.com>
* [HTTPCLIENT-1730] added #setValidateAfterInactivity to HttpClientBuilder.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1752] Allow to configure the OSGI clients with relaxed SSL checks.
Contributed by Simone Tripodi <simonetripodi at apache.org>

* [HTTPCLIENT-1748] Improved compatibility with system authentication API in

applets.
Contributed by Sebastien Caille <sebastien.caille at gmail.com>

* [HTTPCLIENT-1786] Port from Apache Commons Logging to Apache Log4j 2.

Contributed by Gary Gregory <ggregory at apache.org>

* [HTTPCLIENT-1817] Add a "Trust All" TrustStrategy implementation.

Contributed by Gary Gregory <ggregory at apache.org>

* [HTTPCLIENT-1836] DefaultHostnameVerifier#getSubjectAltNames(X509Certificate)
throws
java.lang.ClassCastException.
Contributed by Gary Gregory <ggregory at apache.org>, Ilian Iliev <ilian_iliev at
yahoo.com>

* [HTTPCLIENT-1691] HttpClient instance used internally by HC Fluent to take system

properties into
account by default.
Contributed by Oleg Kalnichevski <olegk at apache.org>

Release 5.0-ALPHA1
-------------------

This major release renders HttpClient API incompatible with the stable 4.x branch
and upgrades HTTP/1.1 protocol conformance to the requirements and recommendations
of the latest
protocol specification. This release lays the foundation for transition to HTTP/2
as the primary
transport protocol in the future releases.

Notable changes and features included in the 5.0 series are:

* Improved conformance to requirements and recommendations of the latest HTTP/1.1

protocol
specification (RFC 7230, RFC 7231, RFC 7235)

* Package name space changed to 'org.apache.hc.client5'

* Maven group id changed to 'org.apache.httpcomponents.client5'

* By default the maximum connections per route limit is set to 5

* By default connection request timeout and connect timeout are set to 3 minutes.

HttpClient 5.0 releases can be co-located with earlier versions, meaning you can
have both 5.x and
4.x on the classpath without experiencing jar hell.

Please note that as of 5.0 HttpClient requires Java 1.7 or newer.

Please note that at this point we consider 5.0 APIs experimental and unstable and
expect them to
change in the coming releases without providing a migration path.

Changelog:
-------------------

* [HTTPCLIENT-1575] route target port must be non negative

Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1106] Use character arrays for passwords in Credentials objects

Contributed by Oleg Kalnichevski <olegk at apache.org>

* RFC 7235: redesign of HTTP authenticator and related classes

Contributed by Oleg Kalnichevski <olegk at apache.org>

* RFC 7231: parse capable of parsing multiple auth challenges

Contributed by Oleg Kalnichevski <olegk at apache.org>

* RFC 7231: DefaultServiceUnavailableRetryStrategy to take Retry-After header value

into account if specified
Contributed by Oleg Kalnichevski <olegk at apache.org>

* RFC 7231: removed restriction on the use of relative URIs in Location header
Contributed by Oleg Kalnichevski <olegk at apache.org>

* RFC 7231: revised redirect handling

Contributed by Oleg Kalnichevski <olegk at apache.org>

* RFC 7231: do not generate header fields in TRACE requests containing sensitive
data such as cookie and user
credentials
Contributed by Oleg Kalnichevski <olegk at apache.org>

* RFC 7231: automatic retrial of idempotent methods

Contributed by Oleg Kalnichevski <olegk at apache.org>

* RFC 7230: increased the default max number of concurrent connection for the same
route from 2 to 5
Contributed by Oleg Kalnichevski <olegk at apache.org>

* Cache request line in HttpRequestWrapper

Contributed by Dmitry Potapov <dpotapov at yandex-team.ru>

* [HTTPCLIENT-1651] Add ability to disable content compression on a request basis

Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1696]: Add convenience methods to fluent API class Request.

Contributed by Gary Gregory <ggregory @ apache.org>

Release 4.5.1
-------------------

HttpClient 4.5.1 (GA) is a maintenance release that fixes a number of minor defects
found since 4.5.

Please note that as of 4.4 HttpClient requires Java 1.6 or newer.

Changelog:
-------------------

* [HTTPCLIENT-1680] redirect of a POST request causes ClientProtocolException.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1673] org.apache.http.entity.mime.content.* missing from OSGi

exports.
Contributed by Benson Margulies <benson at basistech.com>

* [HTTPCLIENT-1668] Fluent request incorrectly handles connect timeout setting.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1667] RequestBuilder does not take charset into account when creating
UrlEncodedFormEntity.
Contributed by Sergey Smith <smithsv at bk.ru>

* [HTTPCLIENT-1655] HttpClient sends RST instead of FIN ACK sequence when using
non-persistant
connections.
Contributed by Oleg Kalnichevski <olegk at apache.org>

Release 4.5
-------------------

HttpClient 4.5 (GA) is a minor feature release that includes several incremental
enhancements
to the exisitng functionality such as support for private domains in the Mozilla
Public Suffix List.

Changelog:
-------------------

* Reduced default validate after inactivity setting from 5 sec to 2 sec.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1649] Fixed serialization of auth schemes.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1645]: Fluent requests to inherit config parameters of the executor.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1640]: RFC6265 lax cookie policy fails to parse 'max-age' attribute.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1633]: RFC6265CookieSpecProvider compatibility level setting has no

effect.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1613]: Support for private domains in Mozilla Public Suffix List.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1651]: Add ability to disable content compression on a request basis.

Contributed by Michael Osipov <michaelo at apache.org>
* [HTTPCLIENT-1654]: Deprecate/remove RequestConfig#decompressionEnabled in favor
of #contentCompressionEnabled.
Contributed by Michael Osipov <michaelo at apache.org>

Release 4.4.1
-------------------

HttpClient 4.4.1 (GA) is a maintenance release that fixes a number of defects in

new functionality
introduced in version 4.4.

Users of HttpClient 4.4 are encouraged to upgrade.

Please note that as of 4.4 HttpClient requires Java 1.6 or newer.

Changelog:
-------------------

* Marked RFC 2109, RFC 2965, Netscape draft cookie specs as obsolete.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1633] RFC6265CookieSpecProvider compatibility level setting has no

effect.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1628]: Auth cache can fail when domain name contains uppercase
characters.
Contributed by Dennis Ju <dejuknow at gmail.com>

* [HTTPCLIENT-1609] Stale connection check in PoolingHttpClientConnectionManager

has no effect.
Internal connection pool does not correctly implement connection validation.
Contributed by Charles Lip <rene1 at singnet.com.sg>

Release 4.4 Final

-------------------

This is the first stable (GA) release of HttpClient 4.4. Notable features and
enhancements included
in 4.4 series are:

* Support for the latest HTTP state management specification (RFC 6265). Please
note that the old
cookie policy is still used by default for compatibility reasons. RFC 6265
compliant cookie
policies need to be explicitly configured by the user. Please also note that as of
next feature
release support for Netscape draft, RFC 2109 and RFC 2965 cookie policies will be
deprecated
and disabled by default. It is recommended to use RFC 6265 compliant policies for
new applications
unless compatibility with RFC 2109 and RFC 2965 is required and to migrate existing
applications
to the default cookie policy.
* Enhanced, redesigned and rewritten default SSL hostname verifier with improved
RFC 2818
compliance.

* Default SSL hostname verifier and default cookie policy now validate certificate
identity
and cookie domain of origin against the public suffix list maintained by
Mozilla.org
<https://publicsuffix.org/list>

* More efficient stale connection checking: indiscriminate connection checking

which results
in approximately 20 to 50 ms overhead per request has been deprecated in favor of
conditional
connection state validation (persistent connections are to be re-validated only if
a specified
period inactivity has elapsed.)

* Authentication cache thread-safety: authentication cache used by HttpClient is

now thread-safe
and can be shared by multiple threads in order to re-use authentication state for
subsequent
requests.

* Native Windows Negotiate and NTLM via SSPI through JNA: when running on Windows
OS HttpClient
configured to use native NTLM or SPNEGO authentication schemes can make use of
platform specific
functionality via JNA and current user credentials. This functionality is still
considered
experimental, known to have compatibility issues and subject to change without
prior notice.
Use at your discretion.

This release also includes all fixes from the stable 4.3.x release branch.

Please note that as of 4.4 HttpClient requires Java 1.6 or newer.

Changelog:
-------------------

* Support for the latest HTTP state management specification (RFC 6265).
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1515] Caching of responses to HEAD requests

Contributed by Tyrone Cutajar <tj.cutajar at gmail.com> and
Francois-Xavier Bonnet <fx at apache.org>

* [HTTPCLIENT-1560] Native Windows auth improvements.

Contributed by Michael Osipov <michaelo at apache.org>

* Update Apache Commons Logging version from 1.1.3 to 1.2.

Contributed by Gary Gregory <ggregory at apache.org>

* Update Apache Commons Codec version from 1.6 to 1.9.

Contributed by Gary Gregory <ggregory at apache.org>

* Update Ehcache version from 2.2.0 to 2.6.9.

Contributed by Gary Gregory <ggregory at apache.org>

* Update Ehcache version from 2.2.0 to 2.6.9.

Contributed by Gary Gregory <ggregory at apache.org>

* Update Spymemcached version from 2.6 to 2.11.4.

Contributed by Gary Gregory <ggregory at apache.org>

* Update SLF4J version from 1.5.11 to 1.7.7.

Contributed by Gary Gregory <ggregory at apache.org>

Release 4.4 BETA1

-------------------

This is the first BETA release of HttpClient 4.4. Notable features and enhancements
included
in 4.4 series are:

* Enhanced redesigned and rewritten default SSL hostname verifier with improved RFC
2818
compliance

* Native windows Negotiate/NTLM via JNA: when running on Windows OS HttpClient

configured to use
native NTLM or SPNEGO authentication schemes can make use of platform specific
functionality
via JNA and current user system credentials

* More efficient stale connection checking: indiscriminate connection checking

* Authentication cache thread-safety: authentication caches used by HttpClient is

now thread-safe
and can be shared by multiple threads in order to re-use authentication state for
subsequent
requests

This release also includes all fixes from the stable 4.3.x release branch.

Please note that as of 4.4 HttpClient requires Java 1.6 or newer.

Changelog:
-------------------
* [HTTPCLIENT-1547] HttpClient OSGi bundle doesn't import the package
"javax.naming".
Contributed by Willem Jiang <ningjiang at apache.org>

* [HTTPCLIENT-1541] Use correct (HTTP/hostname) service principal name for Windows

native
Negotiate/NTLM auth schemes.
Contributed by Ka-Lok Fung <ka-lok.fung at sap.com>

* Improved compliance with RFC 2818: default hostname verifier to ignore the common
name of the
certificate subject if alternative subject names (dNSName or iPAddress) are
present.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1540] Support delegated credentials (ISC_REQ_DELEGATE) by Native

windows
native Negotiate/NTLM auth schemes.
Contributed by Ka-Lok Fung <ka-lok.fung at sap.com>

Release 4.4 ALPHA1

-------------------

This is the first ALPHA release of HttpClient 4.4. Notable features and
enhancements included
in the 4.4 branch are:

* More efficient stale connection checking: indiscriminate connection checking

* Native windows Negotiate/NTLM via JNA: when running on Windows OS HttpClient

configured to use
native NTLM or SPNEGO authentication schemes can make use of platform specific
functionality
via JNA and current user system credentials

* Authentication cache thread-safety: authentication caches used by HttpClient is

now thread-safe
and can be shared by multiple threads in order to re-use authentication state for
subsequent
requests

This release also includes all fixes from the stable 4.3.x release branch.

Please note that as of 4.4 HttpClient requires Java 1.6 or newer.

Please note that new features included in this release are still considered
experimental and
their API may change in the future 4.4 alpha and beta releases.
Changelog:
-------------------

* [HTTPCLIENT-1493] Indiscriminate connection checking has been deprecated in favor

of conditional
connection state validation. Persistent connections are to be re-validated only
after a defined
period inactivity prior to being leased to the consumer.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1519] Use the original HttpHost instance passed as a parameter to

HttpClient#execute when generating 'Host' request header.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1491] Enable provision of Service Principal Name in Windows native

auth scheme.
Contributed by Malcolm Smith <malcolmfsmith at gmail.com>

* [HTTPCLIENT-1403] Pluggable content decoders.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1466] FileBodyPart#generateContentType() ignores custom ContentType

values.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1461] fixed performance degradation in gzip encoded content

processing
introduced by HTTPCLIENT-1432.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1457] Incorrect handling of Windows (NT) credentials by

SystemDefaultCredentialsProvider.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1456] Request retrial after status 503 causes

ClientProtocolException.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1454] Make connection operator APIs public.

Contributed by Tamas Cservenak <tamas at cservenak.net>

* Update JUnit to version 4.11 from 4.9

Contributed by Gary Gregory <ggregory at apache.org>

Release 4.3.4
-------------------

HttpClient 4.3.4 (GA) is a maintenance release that improves performance in high

concurrency
scenarios. This version replaces dynamic proxies with custom proxy classes and
eliminates thread
contention in java.reflect.Proxy.newInstance() when leasing connections from the
connection pool
and processing response messages.

Changelog:
-------------------

* Replaced dynamic proxies with custom proxy classes to reduce thread contention.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1484] GzipCompressingEntity should not close the underlying output

stream
if the entity has not been fully written out due to an exception.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1474] Fixed broken entity enclosing requests in HC Fluent.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1470] CachingExec(ClientExecChain, HttpCache, CacheConfig,

AsynchronousValidator)
throws NPE if config is null

Release 4.3.3
-------------------

HttpClient 4.3.3 (GA) is a bug fix release that fixes a regression introduced by
the previous
release causing a significant performance degradation in compressed content
processing.

Users of HttpClient 4.3 are encouraged to upgrade.

Changelog:
-------------------

* [HTTPCLIENT-1466] FileBodyPart#generateContentType() ignores custom ContentType

values.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1453] Thread safety regression in PoolingHttpClientConnectionManager

#closeExpiredConnections that can lead to ConcurrentModificationException.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1461] fixed performance degradation in compressed content processing

introduced by HTTPCLIENT-1432.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1457] Incorrect handling of Windows (NT) credentials by

SystemDefaultCredentialsProvider.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1456] Request retrial after status 503 causes

ClientProtocolException.
Contributed by Oleg Kalnichevski <olegk at apache.org>

Release 4.3.2
-------------------

HttpClient 4.3.2 (GA) is a maintenance release that delivers a number of

improvements
as well as bug fixes for issues reported since 4.3.1 release. SNI support for
Oracle JRE 1.7+ is being among the most notable improvements.

Users of HttpClient 4.3 are encouraged to upgrade.

Changelog:
-------------------

* [HTTPCLIENT-1447] Clients created with HttpClients.createMinimal do not work with

absolute URIs
Contributed by Joseph Walton <joe at kafsemo dot org>

* [HTTPCLIENT-1446] NTLM proxy + BASIC target auth fails with 'Unexpected state:
MSG_TYPE3_GENERATED'.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1443] HttpCache uses the physical host instead of the virtual host as
a cache key.
Contributed by Francois-Xavier Bonnet <fx at apache.org>

* [HTTPCLIENT-1442] Authentication header set by the user gets removed in case

of proxy authentication (affects plan HTTP requests only).
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1441] Caching AsynchronousValidationRequest leaks connections.

Contributed by Dominic Tootell <dominic.tootell at gmail.com>

* [HTTPCLIENT-1440] 'file' scheme in redirect location URI causes NPE.

Contributed by James Leigh <james at 3roundstones dot com>

* [HTTPCLIENT-1437] Made Executor#execute thread safe.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1119] SNI support (Oracle Java 1.7+ only).

Contributed by Bruno Harbulot <bruno at distributedmatter.net>

* [HTTPCLIENT-1435] Fluent Executor ignores custom request properties.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1432] Lazy decompressing of HttpEntity#getContent() to avoid

EOFException
in case of an empty response with 'Content-Encoding: gzip' header.
Contributed by Yihua Huang <code4crafter at gmail.com>

* [HTTPCLIENT-1431] (Regression) deprecated connection manager cannot be used with

a custom LayeredSchemeSocketFactory.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1425] Fixed socket closed exception thrown by caching HttpClient when

the origin
server sends a long chunked response.
Contributed by James Leigh <james at 3roundstones dot com>

* [HTTPCLIENT-1417] Fixed NPE in BrowserCompatSpec#formatCookies caused by version

1
cookies with null cookie value.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1416] Fixed NPE in CachingHttpClientBuilder#build().

Contributed by Oleg Kalnichevski <olegk at apache.org>

Release 4.3.1
-------------------

HttpClient 4.3.1 (GA) is a bug fix release that addresses a number of issues
reported since
release 4.3.

Users of HttpClient 4.3 are strongly encouraged to upgrade.

Changelog
-------------------

* [HTTPCLIENT-1410] Browser compatible hostname verifier no longer rejects

*.co.<countrycode>, *.gov.<countrycode>, *.info.<countrycode>, etc as invalid.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* Ensure X509HostnameVerifier is never null.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1405] CONNECT HTTP/1.1 requests lack mandatory 'Host' header.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1402] Cache default User-Agent value.

Contributed by yuexiaojun <junedo at qq.com>

* [HTTPCLIENT-1398] Fixed invalid OSGi metadata caused by corrupted Maven bundle

plugin metadata.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1399] Fixed NPE in RequestBuilder.

Contributed by Oleg Kalnichevski <olegk at apache.org>

Release 4.3 Final

-------------------

This is the first stable (GA) release of HttpClient 4.3. The most notable
enhancements included
in this release are:

* Support for Java 7 try-with-resources for resource management (connection

release.)

* Added fluent Builder classes for HttpEntity, HttpRequest, HttpClient and

SSLContext instances.

* Deprecation of preference and configuration API based on HttpParams interface in

favor of
constructor injection and plain configuration objects.

* Reliance on object immutability instead of access synchronization for thread

safety.
Several old classes whose instances can be shared by multiple request exchanges
have
been replaced by immutable equivalents.

* DefaultHttpClient, DecompressingHttpClient, CachingHttpClient and similar

classes are
deprecated in favor of builder classes that produce immutable HttpClient instances.

* HttpClient builders now dynamically construct a request execution pipeline

tailored
specifically to the user configuration by physically excluding unnecessary protocol
components.

* There is now an option to construct a minimal HttpClient implementation that can

only execute
basic HTTP message exchanges without redirects, authentication, state management or
proxy support.
This feature might be of particular use in web crawler development.

* There is now option to avoid strict URI syntax for request URIs by executing HTTP
requests
with an explicitly specified target host. HttpClient will no longer attempt to
parse the request
URI if it does not need to extract the target host from it.

This release also includes all fixes from the stable 4.2.x release branch.

Changelog
-------------------
* [HTTPCLIENT-1371] Weak ETag Validation is Useful On PUT With If-Match
Contributed by James Leigh <james at 3roundstones dot com>

* [HTTPCLIENT-1394] Support for Native windows Negotiate/NTLM via JNA

Contributed by Ryan McKinley <ryan at apache.org>

* [HTTPCLIENT-1384] Expose CacheInvalidator interface.

Contributed by Nicolas Richeton <nicolas.richeton at free.fr>

* [HTTPCLIENT-1385] Fixed path normalization in CacheKeyGenerator

Contributed by James Leigh <james at 3roundstones dot com>

* [HTTPCLIENT-1370] Response to non-GET requests should never be cached with the

default
ResponseCachingPolicy
Contributed by James Leigh <james at 3roundstones dot com>

* [HTTPCLIENT-1373] OPTIONS and TRACE should not invalidate cache

Contributed by James Leigh <james at 3roundstones dot com>

* [HTTPCLIENT-1383] HttpClient enters an infinite loop during NTLM authentication

if the opposite
endpoint keeps responding with a type 2 NTLM response after type 3 MTLM message
has already been
sent by the client.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1372] Refactor HttpMultipart, and add RFC6532 mode, so that headers

in post
are no longer constrained to ASCII values.
Contributed by Karl Wright <kwright at apache.org>

* [HTTPCLIENT-1377] User principal for non-NTLM authentication is incorrectly

generated when using
user credentials are specified as NTCredentials
Contributed by Gary Gregory <ggregory at apache.org>

Release 4.3 BETA2

-------------------

This is the second BETA release of HttpClient 4.3. The most notable features and
improvements
in the 4.3 branch are: Support for Java 7 try-with-resources for resource
management (connection
release); fluent Builder classes for HttpEntity, HttpRequest and HttpClient
instances, deprecation
of preference and configuration API based on HttpParams interface in favor of
constructor injection
and plain configuration objects, reliance on object immutability instead of access
synchronization
for thread safety.

This release also includes all fixes from the stable 4.2.x release branch.

Changelog
-------------------

* [HTTPCLIENT-1366] org.apache.http.client.utils.URLEncodedUtils should parse the

semicolon as a query parameter separator.
Contributed by Gary Gregory <ggregory at apache.org>

* [HTTPCLIENT-1365] NPE when

ManagedHttpClientConnectionFactory.create(ConnectionConfig) is called with null.
Contributed by Gary Gregory <ggregory at apache.org>

* [HTTPCLIENT-1362] Better error messages for connect timed out and connection
refused
exceptions.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1360] separate out DeflateInputStream as an independent class,

so it can be used by others.
Contributed by Karl Wright <kwright at apache.org>

* [HTTPCLIENT-1359] repeated requests using the same context fail if they redirect.
Contributed by James Leigh <james at 3roundstones.com>

* [HTTPCLIENT-1354] do not quote algorithm parameter in DIGEST auth response.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1351] Added utility method to resolve final location from original

request,
target host and a list of redirects.
Contributed by James Leigh <james at 3roundstones.com>

* [HTTPCLIENT-1344] Userinfo credentials in URI should not default to preemptive

BASIC
authentication.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1345] Useinfo credentials ignored in redirect location header.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1294] HttpClient to rewrite host name of the redirect location URI in

order
to avoid circular redirect exception due to host name case mismatch.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1264] Add support for multiple levels of browser compatibility

to BrowserCompatSpec and BrowserCompatSpecFactory. Include constructor
argument for IE medium-security compatibility.
Contributed by Karl Wright (kwright at apache.org)

* [HTTPCLIENT-1349] SSLSocketFactory incorrectly identifies key passed with

keystore as
the keystore password.
Contributed by David Graff <djgraff209 at gmail.com>

* [HTTPCLIENT-1346] Ensure propagation of SSL handshake exceptions.

Contributed by Pasi Eronen <pe at iki.fi>

* [HTTPCLIENT-1343] SSLSocketFactory optional parameters for supported SSL

protocols and cipher
suites.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1238] Contribute Bundle Activator And Central Proxy Configuration.

Contributed by Simone Tripodi <simonetripodi at apache.org>

* [HTTPCLIENT-1299] (regression) cache incorrectly disposes of the underlying cache

resource
when storing variant entry.
Contributed by James Leigh <james at 3roundstones.com>

* [HTTPCLIENT-1342] Redirects with underscore character in the location hostname

cause
"java.lang.IllegalArgumentException: Host name may not be null".
Contributed by Oleg Kalnichevski <olegk at apache.org>

Release 4.3 BETA1

-------------------

This is the first BETA release of HttpClient 4.3. The 4.3 branch enhances
HttpClient in several
key areas and includes several notable features and improvements: Support for Java
7
try-with-resources for resource management (connection release); fluent Builder
classes for
HttpEntity, HttpRequest and HttpClient instances, deprecation of preference and
configuration API
based on HttpParams interface in favor of constructor injection and plain
configuration objects,
reliance on object immutability instead of access synchronization for thread
safety.

This release also includes all fixes from the stable 4.2.x release branch.

Changelog
-------------------

* [HTTPCLIENT-1317] InetAddressUtils should handle IPv6 Addresses with Embedded

IPv4 Addresses
Contributed Sebastian Bazley <sebb at apache.org>.

* [HTTPCLIENT-1320] Leverage javax.net.ssl.SSLSocketFactory#getDefault() to

initialize SSL context
based on system defaults instead of using an internal custom routine.
Contributed by Abe Backus <abraham at backus.com> and Oleg Kalnichevski <olegk at
apache.org>

* [HTTPCLIENT-1316] Certificate verification rejects IPv6 addresses which are not

String-equal.
Contributed Sebastian Bazley <sebb at apache.org>.

* [HTTPCLIENT-1307] Future based asynchronous request execution.

Contributed by Jilles van Gurp <jilles at jillesvangurp.com>

* [HTTPCLIENT-1313] Fixed IllegalStateException in deprecated

ThreadSafeClientConnManager.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1298] Add AsynchronousValidator in HttpClientBuilder's list of

closeable objects.
Contributed by Martin Meinhold <mmeinhold at atlassian.com>

Release 4.3 ALPHA1

-------------------

This is the first ALPHA release of HttpClient 4.3. The 4.3 branch enhances
HttpClient in several
key areas and includes several notable features and improvements: Support for Java
7
try-with-resources for resource management (connection release); fluent Builder
classes for
HttpEntity, HttpRequest and HttpClient instances, deprecation of preference and
configuration API
based on HttpParams interface in favor of constructor injection and plain
configuration objects,
reliance on object immutability instead of access synchronization for thread
safety.

We are kindly asking all upstream projects to review API changes and help us
improve
the APIs by providing feedback and sharing ideas on dev@hc.apache.org.

This release also includes all fixes from the stable 4.2.x release branch.

Please note that new features included in this release are still considered
experimental and
their API may change in the future 4.3 alpha and beta releases.

Changelog
-------------------

* [HTTPCLIENT-1250] Allow query string to be ignored when determining cacheability

for
HTTP 1.0 responses.
Contributed by Don Brown <mrdon at twdata.org>

* [HTTPCLIENT-1261] Make SystemDefaultHttpClient honor http.agent system property.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-900] Don't enforce URI syntax for messages with an explicit target
host.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1190] HttpClient cache does not support "Vary: Cookie"

Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1259] Calling #abort() on requests executed with

DecompressingHttpClient has no
effect.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1253] URIBuilder setParameter() method could exceed the HTTP header

size.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1216] Added method to force clean thread-local used by DateUtils.

Contributed by Oleg Kalnichevski <olegk at apache.org>

Release 4.2.3
-------------------

HttpClient 4.2.3 (GA) is a bug fix release that addresses a number of issues
reported since
release 4.2.2. This release also includes a thoroughly reworked NTLM authentication
engine
which should result in a better compatibility with the newest Microsoft products.

Users of HttpClient 4.x are advised to upgrade.

Changelog
-------------------

* [HTTPCLIENT-1296] NPE gets thrown if you combine a default host with a virtual
host
that has a -1 value for the port.
Contributed by Karl Wright <daddywri at gmail.com>

* [HTTPCLIENT-1290] 304 cached response never reused with If-modified-since

conditional
requests.
Contributed by Francois-Xavier Bonnet <francois-xavier.bonnet at centraliens.net>

* [HTTPCLIENT-1291] Absolute request URIs without an explicitly specified path are

rewritten
to have "/" path).
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1286] Request URI rewriting is inconsistent - URI fragments are not

removed
from absolute request URIs.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1284] HttpClient incorrectly generates Host header when physical

connection
route differs from the host name specified in the request URI.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1293] Kerberos and SPNego auth schemes use incorrect authorization

header name
when authenticating with a proxy.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1283] NTLM needs to use Locale-independent form of

toUpperCase().
Contributed by Karl Wright <DaddyWri at gmail.com>

* [HTTPCLIENT-1279] Target host responding with status 407 (proxy authentication

required)
causes an NPE.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1281] GzipDecompressingEntity does not release InputStream when an

IOException
occurs while reading the Gzip header
Contributed by Francois-Xavier Bonnet <francois-xavier.bonnet at centraliens.net>

* [HTTPCLIENT-1277] Caching client sends a 304 to an unconditional request.

Contributed by Francois-Xavier Bonnet <francois-xavier.bonnet at centraliens.net>

* [HTTPCLIENT-1278] Update NTLM documentation.

Contributed by Karl Wright <DaddyWri at gmail.com>

* SystemDefaultHttpClient misinterprets 'http.keepAlive' default value and disables

connection persistence if the system property is not set. This causes connection
based authentication schemes such as NTLM to fail.

* [HTTPCLIENT-1276] cache update on a 304 response causes NPE.

Contributed by Francois-Xavier Bonnet <francois-xavier.bonnet at centraliens.net>

* [HTTPCLIENT-1273] DecompressingHttpClient does not automatically consume response

content in case of an i/o, HTTP or runtime exception thrown by the decompressing
protocol interceptor leading to a potential connection leak.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1268] NTLM engine refactor fix, to correct a buffer overrun, and get
NTLMv2
flags right.
Contributed by Karl Wright <DaddyWri at gmail.com>

* [HTTPCLIENT-1266] NTLM engine refactoring and compatibility improvements.

Contributed by Karl Wright <DaddyWri at gmail.com>
* [HTTPCLIENT-1263] BrowserCompatSpec: attribute values containing spaces or
special characters
should be enclosed with quotes marks for version 1 cookies.
Contributed by Francois-Xavier Bonnet <francois-xavier.bonnet at centraliens.net>

* [HTTPCLIENT-1263] CachingHttpClient fails to release connections back to the

connection
manager for some type of HTTP response messages when used together with
DecompressingHttpClient.
Contributed by Francois-Xavier Bonnet <francois-xavier.bonnet at centraliens.net>

* [HTTPCLIENT-1258] Fixed NullPointerException in NTLMEngineImpl caused by null NT

domain
attribute.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1254] Redirect with underscore in hostname causes ProtocolException.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1255] AbstractVerifier incorrectly parses certificate CN containing

wildcard.
Contributed by Oleg Kalnichevski <olegk at apache.org>

Release 4.2.2
-------------------

HttpClient 4.2.2 (GA) is a bug fix release that addresses a number of issues
reported since
release 4.2.1.

Users of HttpClient 4.2 are advised to upgrade.

Changelog
-------------------

* [HTTPCLIENT-1248] Default and lax redirect strategies should not convert requests
redirected
with 307 status to GET method.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1215] BasicAuthCache does not take default ports into consideration

when
looking up cached authentication details by HttpHost key.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1241] (regression) Preemptive BASIC authentication failure should be

considered
final and no further attempts to re-authenticate using the same credentials
should be made.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1229] Fixed NPE in BasicClientConnectionManager that can be triggered

by releasing
connection after the connection manager has already been shut down.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1227] Date parsing in DateUtils made more efficient.

Contributed by Patrick Linskey <pcl at apache.org>

* [HTTPCLIENT-1224] (regression) NTLM auth not retried after a redirect over a non-
persistent
connection.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1223] Cache could be more aggressive on cache invalidations

from Content-Location. Contributed by Jon Moore <jonm at apache.org>.
Contributed by Jon Moore <jonm at apache.org>

* [HTTPCLIENT-1217] AutoRetryHttpClient does not release connection used by the

previous response
when request is retried
Contributed by Oleg Kalnichevski <olegk at apache.org>

Release 4.2.1
-------------------

HttpClient 4.2.1 (GA) is a bug fix release that addresses a number of issues
reported since
release 4.2.

Users of HttpClient 4.2 are advised to upgrade.

Changelog
-------------------

* [HTTPCLIENT-1209] Redirect URIs are now normalized.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1202] ResponseCachingPolicy should honor explicit cache-control

directives for other status codes
Contributed by Jon Moore <jonm at apache.org>

* [HTTPCLIENT-1199] DecompressingHttpClient strips content from entity enclosing

requests
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1198] HttpHost is not set in HttpContext in CachingHttpClient.

Contributed by Jon Moore <jonm at apache.org>

* [HTTPCLIENT-1200] DecompressingHttpClient fails to generate correct HttpHost

context attribute.
Contributed by Guillaume Castagnino <casta+jira at xwing.info>

* [HTTPCLIENT-1192] URIBuilder encodes query parameters twice.

Contributed by Oleg Kalnichevski <olegk at apache.org> and Sebastian Bazley <sebb
at apache.org>.

* [HTTPCLIENT-1196] Fixed NPE in UrlEncodedFormEntity constructor thrown if charset

is null.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1193] Fixed regression in the route tracking logic of the default

connection manager
causing cross-site redirect failures.
Contributed by Oleg Kalnichevski <olegk at apache.org>

Release 4.2
-------------------

This is the first stable (GA) release of HttpClient 4.2. The most notable
enhancements included
in this release are:

* New facade API for HttpClient based on the concept of a fluent interface. The
fluent API exposes
only the most fundamental functions of HttpClient and is intended for relatively
simple use cases
that do not require the full flexibility of HttpClient. However, the fluent API
almost fully
relieves the users from having to deal with connection management and resource
deallocation.

* Redesigned and rewritten connection management code.

* Enhanced HTTP authentication API that enables HttpClient to handle more complex
authentication
scenarios. HttpClient 4.2 is now capable of making use of multiple authentication
challenges
and retry authentication with a fall-back scheme in case the primary one fails.
This can be
important for compatibility with Microsoft products that are often configured to
use
SPNEGO/Kerberos as the preferred authentication scheme.

Changelog
-------------------

* [HTTPCLIENT-1187] If a revalidation response is deemed too old CachingHttpClient

fails to
consume its content resulting in a connection leak.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1186] State of newly created connections in the connection pool is

not always
correctly updated potentially allowing those connections to be leased to users
with a different
security context.
Contributed by Ralf Poehlmann <rpn at methodpark.de>

* [HTTPCLIENT-1179] Upgraded Commons Codec dependency to version 1.6

Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1177] always remove fragments from request URIs

Contributed by Oleg Kalnichevski <olegk at apache.org>

Incompatible changes
--------------------
[Compared to release version 4.1.3]

The following fields have been deprecated for some time now and have been deleted:

org.apache.http.client.params.ClientPNames#CONNECTION_MANAGER_FACTORY
org.apache.http.impl.cookie.BrowserCompatSpec#DATE_PATTERNS

The following methods have been deprecated for some time now and have been deleted:

org.apache.http.client.params.ClientParamBean#setConnectionManagerFactory(org.apach
e.http.conn.ClientConnectionManagerFactory)
org.apache.http.client.protocol.ClientContextConfigurer#setAuthSchemePref(java.util
.List)
org.apache.http.entity.mime.content.FileBody#writeTo(java.io.OutputStream, int)
org.apache.http.entity.mime.content.InputStreamBody#writeTo(java.io.OutputStream,
int)
org.apache.http.entity.mime.content.StringBody#writeTo(java.io.OutputStream, int)

The following classes have been deprecated for some while now and have been
deleted:

org.apache.http.impl.conn.tsccm.RefQueueHandler
org.apache.http.impl.conn.tsccm.AbstractConnPool no longer implements interface
org.apache.http.impl.conn.tsccm.RefQueueHandler
org.apache.http.impl.conn.tsccm.ConnPoolByRoute no longer implements interface
org.apache.http.impl.conn.tsccm.RefQueueHandler
org.apache.http.impl.conn.tsccm.RefQueueWorker

Release 4.2 BETA1

-------------------

This is the first BETA release of HttpClient 4.2. This release completes
development of several
notable enhancements in HttpClient:

* Redesigned and rewritten connection management code. As of release 4.2 HttpClient

will be using
pooling connection manager per default.

Changelog
-------------------
* [HTTPCLIENT-1164] Compressed entities are not being cached properly.
Contributed by Jon Moore <jonm at apache dot org>.

* [HTTPCLIENT-1154] MemcachedHttpCacheStorage should allow client to

specify custom prefix string for keys.
Contributed by Jon Moore <jonm at apache dot org>.

* [HTTPCLIENT-1153] MemcachedHttpCacheStorage uses URL as cache key;

shouldn't due to fixed maximum-length memcached keys.
Contributed by Jon Moore <jonm at apache dot org>.

* [HTTPCLIENT-1157] MemcachedHttpCacheStroage should throw IOExceptions

instead of RuntimeExceptions.
Contributed by James Miller <jamesmiller01 at gmail dot com>.

* [HTTPCLIENT-1152] MemcachedHttpCacheStorage should verify class of

returned object before casting.
Contributed by Rajika Kumarasiri <rajika at wso2 dot com>.

* [HTTPCLIENT-1155] CachingHttpClient fails to ensure that the response content

gets fully consumed
when using a ResponseHandler, which can potentially lead to connection leaks.
Contributed by James Miller <jamesmiller01 at gmail dot com>

* [HTTPCLIENT-1147] When HttpClient-Cache cannot open cache file, should act like
miss.
Contributed by Joe Campbell <joseph.r.campbell at gmail.com>

* [HTTPCLIENT-1137] Values for the Via header are cached and reused by httpclient-
cache.
Contributed by Alin Vasile <alinachegalati at yahoo dot com>

* [HTTPCLIENT-1142] Infinite loop on NTLM authentication failure.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1143] CachingHttpClient leaks connections with stale-if-error.

Contributed by James Miller <jamesmiller01 at gmail dot com>

Release 4.2 ALPHA1

-------------------

This is the first ALPHA release of HttpClient 4.2. The 4.2 branch enhances
HttpClient in several
key areas and includes several notable features and improvements:

* Redesigned and rewritten connection management code. As of release 4.2 HttpClient

will be using
pooling connection manager per default.

Please note that new features included in this release are still considered
experimental and
their API may change in the future ALPHA releases.

Changelog
-------------------

* [HTTPCLIENT-1128] SystemDefaultHttpClient (HttpClient implementation initialized

using system
properties).
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1135] RandomAccessFile mode 'w' used by HttpClientCache is not valid.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1131] HttpClient to authenticate preemptively using BASIC scheme if a

userinfo
attribute is specified in the request URI.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1134] make BasicResponseHandler consume response content in case of

an unsuccessful
result (status code >= 300).
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1132] ProxyClient implementation.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1127] fixed dead-lock between SingleClientConnManager and

AbstractPooledConnAdapter.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1107] Auth framework redesign.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1116] ResponseCachingPolicy uses integers for sizes

Contributed by Greg Bowyer <gbowyer at fastmail.co.uk >

* [HTTPCLIENT-1123] Support for pluggable DNS resolvers.

Contributed by Alin Vasile <alinachegalati at yahoo dot com>

* [HTTPCLIENT-1120] DefaultHttpRequestRetryHandler#retryRequest should not retry

aborted requests.
Contributed by Alin Vasile <alinachegalati at yahoo dot com>

* Support for auth-int qop (quality of protection) option in Digest auth scheme.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1076] Fluent facade API (Google summer of code 2011 project).

Contributed by Xu Lilu <cookieme at gmail.com>
* UriBuilder implementation.
Contributed by Xu Lilu <cookieme at gmail.com>

* Redesign of connection management classes based on new pooling components from

HttpCore.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1111] Added #prepareSocket method to SSLSocketFactory.

Contributed by Pasi Eronen <pe at iki.fi>

* Added #reset() and #releaseConnection() methods to HttpRequestBase.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1105] AutoRetryHttpClient: built-in way to do auto-retry for certain

status codes.
Contributed by Dan Checkoway <dcheckoway at gmail.com>

* [HTTPCLIENT-1094] Digest auth scheme refactoring.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* Lax implementation of RedirectStrategy.

Contributed by Bartosz Firyn <songo.bercik at interia.pl>

* [HTTPCLIENT-1044] HttpRequestRetryHandler implementation compliant with the

definition of
idempotent methods given in the RFC 2616.
Contributed by Oleg Kalnichevski <olegk at apache.org>

Release 4.1.2
-------------------

The HttpClient 4.1.2 is a bug fix release that addresses a number of non-critical
issues reported
since release 4.1.1.

* [HTTPCLIENT-1100] Missing Content-Length header makes cached entry invalid

Contributed by Bart Robeyns <bart dot robeyns at gmail dot com>

* [HTTPCLIENT-1098] Avoid expensive reverse DNS lookup on connect timeout

exception.
Contributed by Thomas Boettcher <tboett at gmail.com>

* [HTTPCLIENT-1097] BrowserCompatHostnameVerifier and StrictHostnameVerifier should

handle
wildcards in SSL certificates better.
Contributed by Sebastian Bazley <sebb at apache.org>

* [HTTPCLIENT-1092] If ClientPNames.VIRTUAL_HOST does not provide the port, derive

it from the
current request.
Contributed by Sebastian Bazley <sebb at apache.org>

* [HTTPCLIENT-1087] NTLM proxy authentication fails on retry if the underlying

connection is closed
as a result of a target authentication failure.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* [HTTPCLIENT-1079] Fixed Kerberos cross-realm support
Contributed by Michael Osipov <1983-01-06 at gmx.net>

* [HTTPCLIENT-1078] Decompressing entities (DeflateDecompressingEntity,

GzipDecompressingEntity)
do not close content stream in #writeTo() method.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1075] Decompressing entities (DeflateDecompressingEntity,

GzipDecompressingEntity)
do not correctly handle content streaming.
Contributed by James Abley <james.abley at gmail.com>

* [HTTPCLIENT-1051] Avoid reverse DNS lookups when opening SSL connections by IP

address.
Contributed by Oleg Kalnichevski <olegk at apache.org>

Release 4.1.1
-------------------

HttpClient v4.1.1 is a bug fix release that addresses a number of issues reported
since
release 4.1, including one critical security issue (HTTPCLIENT-1061). All users of
HttpClient 4.0.x
and 4.1 are strongly encouraged to upgrade.

* [HTTPCLIENT-1069] HttpHostConnectException not correctly retried for direct and

non-tunnelled
proxy connections.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1066] Changed the way URIUtils#rewriteURI handles multiple

consecutive slashes in the
URI path component: multiple leading slashes will be replaced by one slash in
order to avoid
confusion with the authority component. The remaining content of the path will
not be modified.
(also see HTTPCLIENT-929).
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1061] Fixed critical bug causing Proxy-Authorization header to be

sent to the target
host when tunneling requests through a proxy server that requires authentication.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1056] Fixed bug causing the RequestAuthCache protocol interceptor to

generate
an invalid AuthScope instance when looking up user credentials for preemptive
authentication.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1053] Fixed the way DigestScheme generates nonce-count values.

Contributed by Oleg Kalnichevski <olegk at apache.org>

Release 4.1
-------------------
The HttpClient 4.1 release builds upon the stable foundation laid by HttpClient 4.0
and adds several
functional improvements and popular features.

* Response caching conditionally compliant with HTTP/1.1 specification (full

compliance with
MUST requirements, partial compliance with SHOULD requirements)

* Full support for NTLMv1, NTLMv2, and NTLM2 Session authentication. The NTLM
protocol code
was kindly contributed by the Lucene Connector Framework project.

* Support for SPNEGO/Kerberos authentication.

* Persistence of authentication data between request executions within the same

execution context.

* Support for preemptive authentication for BASIC and DIGEST schemes.

* Support for transparent content encoding. Please note transparent content

encoding is not
enabled per default in order to avoid conflicts with already existing custom
content encoding
solutions.

* Mechanism to bypass the standard certificate trust verification (useful when

dealing with
self-signed certificates).

* Simplified configuration for connection managers.

* Transparent support for host multihoming.

IMPORTANT: please note that the HttpClient 3.x branch is now officially END OF LIFE
and is no longer
maintained and supported by the Apache HttpComponents project.

Changelog
-------------------
* The public API for the caching module had a minor change between 4.1-beta and
4.1-GA to the
HttpCacheEntry class - the deprecated public Set<String> getVariantURIs() method
and constructor
public HttpCacheEntry(Date requestDate, Date responseDate,
StatusLine statusLine, Header[] responseHeaders,
Resource resource, Set<String> variants)
were both removed. This will not affect you unless you are implementing new
storage backends
that use the deprecated code and/or are implementing custom serializers for cache
entries.

* Changed Browser-Compatibility and Best-Match cookie policies to emulate the

behaviour of FireFox
more closely when parsing Netscape style cookies. Comma will no longer be treated
as a header
element separator if Set-Cookie does not contain a Version attribute mandated by
the
RFC2109 / RFC 2965 cookie specifications.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* [HTTPCLIENT-1036] StringBody has incorrect default for characterset. (Default
changed
to US-ASCII)
Contributed by Sebastian Bazley <sebb at apache.org>

* [HTTPCLIENT-975] Support stale-if-error and stale-while-revalidate extension

directive (RFC5861).
Contributed by Mohammed Azeem Uddin <mohammedazeem_uddin at comcast.com>,
Michajlo Matijkiw <michajlo_matijkiw at comcast.com>, and
Matthew Hawthorne <matthew_hawthorne at comcast.com>.

* [HTTPCLIENT-1033] HttpRoute.equals(Object o) is quite inefficient, as it does not

take full
advantage of shortcut logic.
Contributed by Sebastian Bazley <sebb at apache.org>

* [HTTPCLIENT-1030] Implement "ignoreCookies" CookieSpec

Contributed by Sebastian Bazley <sebb at apache.org>

Release 4.1 BETA1

-------------------

HttpClient 4.1 BETA1 finalizes the 4.1 API and brings a number of major
improvements to the HTTP
caching module. This release also adds full support for NTLMv1, NTLMv2, and NTLM2
Session
authentication. The NTLM protocol code was kindly contributed by the Lucene
Connector Framework
project.

Changelog
-------------------
* [HTTPCLIENT-1015] Support only-if-cached directive.
Contributed by Michajlo Matijkiw <michajlo_matijkiw at comcast.com>

* [HTTPCLIENT-990] Allow heuristic freshness caching.

Contributed by Michajlo Matijkiw <michajlo_matijkiw at comcast.com>

* [HTTPCLIENT-919] Support for NTLMv1, NTLMv2, and NTLM2 Session authentication.

Contributed by Karl Wright <karl.wright at nokia.com>

* [HTTPCLIENT-1008] Send all variants' ETags on "variant miss".

Contributed by Michajlo Matijkiw <michajlo_matijkiw at comcast.com> and
Mohammed Azeem Uddin <mohammedazeem_uddin at comcast.com>

* [HTTPCLIENT-1011] Handling of IOExceptions thrown by cache components.

Contributed by Jonathan Moore <jonathan_moore at comcast.com>

* [HTTPCLIENT-1003] Handle conditional requests in cache.

Contributed by Michajlo Matijkiw <michajlo_matijkiw at comcast.com> and
Mohammed Azeem Uddin <mohammedazeem_uddin at comcast.com>

* [HTTPCLIENT-1002] Stale connection check fails if wire logging is on.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1000] Maximum connection lifetimes settings for

ThreadSafeClientConnManager.
Contributed by Michajlo Matijkiw <michajlo_matijkiw at comcast.com>
* [HTTPCLIENT-960] HttpMultipart doesn't generate Content-Type header for binary
parts in
BROWSER_COMPATIBLE mode.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-998] Cache should use both Last-Modified and ETag for validations
when available.
Contributed by Jonathan Moore <jonathan_moore at comcast.com>

* [HTTPCLIENT-997] Cache module should handle out-of-order validations properly and

unconditionally
refresh.
Contributed by Jonathan Moore <jonathan_moore at comcast.com>

* [HTTPCLIENT-994] Cache does not allow client to override origin-specified

freshness using
max-stale.
Contributed by Jonathan Moore <jonathan_moore at comcast.com>

* [HTTPCLIENT-995] Cache returns cached responses even if validators not consistent

with all
conditional headers.
Contributed by Jonathan Moore <jonathan_moore at comcast.com>

* [HTTPCLIENT-977] Memcached implementation for HttpCache.

Contributed by Mohammed Azeem Uddin <mohammedazeem_uddin at comcast.com>

* [HTTPCLIENT-992] cache should not generate stale responses to requests explicitly

requesting
first-hand or fresh ones.
Contributed by Jonathan Moore <jonathan_moore at comcast.com>

* [HTTPCLIENT-991] cache module produces improperly formatted Warning header when

revalidation
fails.
Contributed by Jonathan Moore <jonathan_moore at comcast.com>

* [HTTPCLIENT-989] DefaultHttpRequestRetryHandler no longer retries non-idempotent

http methods
if NoHttpResponseException is thrown.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-988] Cache module should strip 'Content-Encoding: identity' from

responses
Contributed by Jonathan Moore <jonathan_moore at comcast.com>

* [HTTPCLIENT-987] cache module does not recognize equivalent URIs.

Contributed by Jonathan Moore <jonathan_moore at comcast.com>

* [HTTPCLIENT-986] cache module does not completely handle upstream Warning headers
correctly
Contributed by Jonathan Moore <jonathan_moore at comcast.com>

* [HTTPCLIENT-985] cache module should populate Via header to capture upstream and
downstream protocols
Contributed by Jonathan Moore <jonathan_moore at comcast.com>

* [HTTPCLIENT-984] Additional conditional compliance tests for the caching module

for
Content-Encoding, Content-Location, Date, Expires, Server, Transfer-Encoding, and
Vary headers.
Contributed by Jonathan Moore <jonathan_moore at comcast.com>

* [HTTPCLIENT-978] HTTP cache update exception handling

Contributed by Michajlo Matijkiw <michajlo_matijkiw at comcast.com>

* [HTTPCLIENT-981] CachingHttpClient returns a 411 respones when executing a POST

(HttpPost)
request.
Contributed by Joe Campbell <joseph.r.campbell at gmail.com>

* [HTTPCLIENT-980] CachingHttpClient returns a 503 response when the backend

HttpClient produces
an IOException.
Contributed by Jonathan Moore <jonathan_moore at comcast.com>

* [HTTPCLIENT-978] Ehcache based HTTP cache implementation

Contributed by Michajlo Matijkiw <michajlo_matijkiw at comcast.com>

* [HTTPCLIENT-967] support for non-shared (private) caches

Contributed by Jonathan Moore <jonathan_moore at comcast.com>

* [HTTPCLIENT-969] BasicCookieStore#getCookies() to return a copy of Cookie list

Contributed by David Smiley <dsmiley at mitre.org>

* [HTTPCLIENT-965] Fixed problem with cache not honoring must-revalidate or

proxy-revalidate Cache-Control directives.
Contributed by Jonathan Moore <jonathan_moore at comcast.com>

* [HTTPCLIENT-964] 'no-cache' directives with field names are no longer transmitted

downstream.
Contributed by Jonathan Moore <jonathan_moore at comcast.com>

* [HTTPCLIENT-963] Fixed handling of 'Cache-Control: no-store' on requests.

Contributed by Jonathan Moore <jonathan_moore at comcast.com>

* [HTTPCLIENT-962] Fixed handling of Authorization headers in shared cache mode.

Contributed by Jonathan Moore <jonathan_moore at comcast.com>

* [HTTPCLIENT-961] Not all applicable URIs are invalidated on PUT/POST/DELETEs

that pass through client cache.
Contributed by Jonathan Moore <jonathan_moore at comcast.com>

* [HTTPCLIENT-958] Client cache no longer allows incomplete responses to be

passed on to the client.
Contributed by Jonathan Moore <jonathan_moore at comcast.com>

* [HTTPCLIENT-951] Non-repeatable entity enclosing requests are not correctly

retried when 'expect-continue' handshake is active.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-948] In rare circumstances the idle connection handling code

can leave closed connections in a inconsistent state.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-953] IllegalStateException thrown by RouteSpecificPool.

Contributed by Guillaume <gueugaie at gmail.com>
* [HTTPCLIENT-952] Trust store parameter is ignored by SSLSocketFactory
(affects version 4.1-alpha2 only)
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-937] CacheEntry made immutable; now uses immutable HttpEntity

to store cached content.
Contributed by David Mays <david_mays at comcast.com> and
Oleg Kalnichevski <olegk at apache.org>

Release 4.1 ALPHA2

-------------------

HttpClient 4.1 ALPHA2 fixes a number of non-severe bugs discovered since

the last release and introduces support for two frequently requested features:

* HTTP/1.1 response caching

* transparent support for host multihoming

* a mechanism to bypass the standard certificate trust verification

(useful when dealing with self-signed certificates)

Compatibility notes
-------------------
(1) Please note the HTTP caching module is still considered experimental and
its API may change significantly in the future releases.

(2) This release eliminates Mime4J as a dependency for the HttpMime module.
HttpMime is no longer binary compatible with the previous releases.
Full API and binary compatibility between minor versions of HttpMime will be
maintained as of 4.1 GA release.

Changelog
-------------------

* [HTTPCLIENT-936] Fixed bug causing NPE or an infinite loop in

the authentication code in case of a SPNEGO authentication failure.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-427] HTTP caching support

Contributed by Joe Campbell, David Cleaver, David Mays, Jon Moore, Brad Spenla

* Dropped dependency on Mime4j for HttpMime.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* Extended SSLSocketFactory with a mechanism to bypass the standard certificate

trust verification (primarily to simplify dealing with self-signed
certificates)
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-898] Improved support for host multihoming

Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-916] UsernamePasswordCredentials, NTUserPrincipal,

BasicClientCookie, BasicClientCookie2 and BasicCookieStore made Serializable.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-914] Upgraded Commons Codec dependency to version 1.4

Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-903] Use ConcurrentHashMap instead of [Linked]HashMap for

thread-safety. Improve performance of AuthSchemeRegistry, CookieSpecRegistry
and SchemeRegistry classes.
Contributed by Sebastian Bazley <sebb at apache.org>

* [HTTPCLIENT-902] HttpRequestRetryHandler not called on I/O exceptions

thrown when opening a new connection.
Contributed by Olivier Lamy <olamy at apache.org> and
Oleg Kalnichevski <olegk at apache.org>

Release 4.1 ALPHA1

-------------------

HttpClient 4.1 ALPHA1 builds on the stable 4.0 release and adds several
functionality improvements and new features.

* Simplified configuration of connection managers.

* Persistence of authentication data between request executions within

the same execution context.

* Support for SPNEGO/Kerberos authentication scheme

* Support for transparent content encoding. Please note transparent content

encoding is not enabled per default in order to avoid conflicts with
already existing custom content encoding solutions.

* 5 to 10% performance increase due to elimination of unnecessary Log object

lookups by short-lived components.

Please note all methods and classes added in this release and marked as
4.1 are API unstable and can change in the future 4.1 ALPHA releases.

Changelog
-------------------

* [HTTPCLIENT-889] 'expect: continue' handshake disabled per default.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-862] Extended client's redirect handling interface to allow

control of the content of the redirect.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-872] HttpClient can now persist authentication data between request

executions as long as they share the same execution context. It has also become
much easier to make HttpClient authenticate preemptively by pre-populating
authentication data cache.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-883] SO_TIMEOUT is not reset on persistent (re-used) connections.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-832] Distinguish cookie format errors from violations of

restrictions imposed by a cookie specification. In the latter case
CookieRestrictionViolationException will be thrown.
Contributed by Oleg Kalnichevski <olegk at apache.org>
* [HTTPCLIENT-523] Support for SPNEGO authentication scheme.
Contributed by Matthew Stevenson <mavricknzwork at yahoo.com>

* Simplified configuration of connection managers. Total connection maximum

and maximum connection per route limits can be set using methods of
the class instead of HTTP parameters.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* Added parameters to define the order of preference for supported auth

schemes for target host and proxy authentication.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-875] DefaultClientConnectionOperator#openConnection doesn't

update the connection state if the connection socket changed after
the call to SocketFactory#connectSocket().
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-834] Transparent content encoding support.

Contributed by James Abley <james.abley at gmail.com>

Release 4.0.1
-------------------

This is a bug fix release that addresses a number of issues discovered since
the previous stable release. None of the fixed bugs is considered critical.
Most notably this release eliminates eliminates dependency on JCIP annotations.

This release is also expected to improve performance by 5 to 10% due to

elimination of unnecessary Log object lookups by short-lived components.

Changelog
-------------------

* [HTTPCLIENT-895] Eliminated Log lookups in short lived objects impairing

performance.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-885] URLEncodedUtils now correctly parses form-url-encoded

entities that specify a charset.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-884] UrlEncodedFormEntity now sets charset on the Content-Type

header.
Contributed by Jared Jacobs <jmjacobs at cs.stanford.edu>

* [HTTPCLIENT-883] SO_TIMEOUT is not reset on persistent (re-used) connections.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-882] Auth state is now correctly updated if a successful NTLM

authentication results in a redirect. This is a minor bug as HttpClient
manages to recover from the problem automatically.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-881] Fixed race condition in AbstractClientConnAdapter that makes

it possible for an aborted connection to be returned to the pool.
Contributed by Tim Boemker <tboemker at elynx.com> and
Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-866] Removed dependency on jcip-annotations.jar.

Contributed by Oleg Kalnichevski <olegk at apache.org>
and Sebastian Bazley <sebb at apache.org>

Release 4.0
-------------------

HttpClient 4.0 represents a complete, ground-up redesign and almost a complete

rewrite of the HttpClient 3.x codeline. This release finally addresses several
design flaws that existed since the 1.0 release and could not be fixed without
a major code overhaul and breaking API compatibility.

Architectural changes
---------------------

* Redesign of the HttpClient internals addressing all known major

architectural shortcomings of the 3.x codeline.

* Cleaner, more flexible and expressive API.

* More modular structure.

* Better performance and smaller memory footprint due to a more efficient HTTP
transport based on HttpCore.

* Implementation of cross-cutting HTTP protocol aspects through protocol

interceptors.

* Improved connection management, better handling of persistent connections,

support for stateful connections

* Pluggable redirect and authentication handlers.

* Improved support for sending requests via a proxy or a chain of proxies

* More flexible SSL context customization

* Reduced intermediate garbage in the process of generating HTTP requests

and parsing HTTP responses

Important notes
-------------------

* Future releases of HttpMime module may be binary incompatible with this

release due to possible API changes in Apache Mime4J. Apache Mime4J is
still being actively developed and its API is considered unstable.

* HttpClient 4.0 is not fully binary compatible with 4.0 BETA1 release.
Some protected variables in connection management class have been
made final in order to help ensure their thread safety:

org.apache.http.conn.BasicEofSensorWatcher#attemptReuse
org.apache.http.conn.BasicEofSensorWatcher#managedConn
org.apache.http.impl.conn.DefaultClientConnectionOperator#schemeRegistry
org.apache.http.impl.conn.DefaultHttpRoutePlanner#schemeRegistry
org.apache.http.impl.conn.ProxySelectorRoutePlanner#schemeRegistry
org.apache.http.impl.conn.SingleClientConnManager#alwaysShutDown
org.apache.http.impl.conn.SingleClientConnManager#connOperator
org.apache.http.impl.conn.SingleClientConnManager#schemeRegistry
org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager#connOperator
org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager#schemeRegistry

Bug fixes since 4.0 BETA2 release

-------------------

* [HTTPCLIENT-861] URIUtils#resolve is now compatible with all examples given

in RFC 3986.
Contributed by Johannes Koch <johannes.koch at fit.fraunhofer.de>

* [HTTPCLIENT-860] HttpClient no longer converts redirects of PUT/POST to GET

for status codes 301, 302, 307, as required by the HTTP spec.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-859] CookieIdentityComparator now takes path attribute into

consideration when comparing cookies.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* HttpClient will no longer send expired cookies back to the origin server.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-856] Proxy NTLM authentication no longer fails on a redirect to

a different host.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-841] Removed automatic connection release using garbage collection

due to a memory leak.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-853] Fixed bug causing invalid cookie origin port to be selected

when the target is accessed on the default port and the connection is
established via a proxy.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-852] Fixed bug causing automatically retried redirects fail with

CircularRedirectException.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* Fixed problem with the default HTTP response parser failing to handle garbage
preceding a valid HTTP response.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* NonRepeatableRequestExceptions now include the cause that the original

request failed.
Contributed by Sam Berlin <sberlin at apache.org>

* [HTTPCLIENT-837] Fixed problem with the wire log skipping zero byte values
if read one byte at a time.
Contributed by Kirill Safonov <ksafonov at swiftteams.com>

* [HTTPCLIENT-823] 'http.conn-manager.max-total' parameter can be adjusted

dynamically. However, the size of existing connection pools per route,
once allocated, will not be adjusted.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-822] Default socket factories to rethrow SocketTimeoutException

as ConnectTimeoutException in case of connect failure due to a time out.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-813] Fixed default port resolution. Invalid ports no longer

get replaced with the default port value.
Contributed by Oleg Kalnichevski <olegk at apache.org>

Release 4.0 beta 2

-------------------

BETA2 is a maintenance release, which addresses a number of issues

discovered since the previous release.

The only significant new feature is an addition of an OSGi compliant

bundle combining HttpClient and HttpMime jars.

All upstream projects are strongly encouraged to upgrade.

* Fixed NPE in DefaultRequestDirector thrown when retrying a failed

request over a proxied connection.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-803] Fixed bug in SSL host verifier implementations

causing the SSL certificate to be rejected as invalid if the connection
is established using an IP address.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-806] DefaultHttpMethodRetryHandler will no longer retry

on ConnectExceptions.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* DigestScheme can use an arbitrary digest algorithm requested by the

target server (such as SHA) as long as this algorithm is supported by
the Java runtime.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* Fixed parsing and validation of RFC2109 compliant Set-Cookie headers

by the Best-Match cookie spec.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* Fixed bug that can cause a managed connection to be returned from the
pool in an inconsistent state.
Contributed by Oleg Kalnichevski <olegk at apache.org>

4.0 Beta 1
-------------------

BETA1 release brings yet another round of API enhancements and

improvements in the area of connection management. Among the most notable
ones is the capability to handle stateful connections such as persistent
NTLM connections and private key authenticated SSL connections.

This is the first API stable release of HttpClient 4.0. All further
releases in the 4.0 code line will maintain API compatibility with this
release.

There has been a number of important bug fixes since ALPHA4. All upstream
projects are encouraged to upgrade to the latest release.
Please note HttpClient currently provides only limited support for NTLM
authentication. For details please see NTLM_SUPPORT.txt.

-------------------

Changelog:
-------------------

* [HTTPCLIENT-790] Protocol interceptors are now correctly invoked when

executing CONNECT methods.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-668] Do not use static loggers.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-781] Respect Keep-Alive header's timeout value.

Contributed by Sam Berlin <sberlin at apache.org>

* [HTTPCLIENT-779] Top-level classes (HttpClient, and HttpGet, HttpPut

and similar HttpMethods) throw fewer checked exceptions.
Contributed by Sam Berlin <sberlin at apache.org>

* HttpClient will throw an exception if an attempt is made to retry

a request with a non-repeatable request entity.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* Fixed request re-generation logic when retrying a failed request.

Auto-generated headers will no accumulate.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-424] Preemptive authentication no longer limited to BASIC

scheme only. HttpClient can be customized to authenticate preemptively
with DIGEST scheme.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-670] Pluggable hostname resolver.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-719] Clone support for HTTP request and cookie objects.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-776] Fixed concurrency issues with AbstractPoolEntry.

Contributed by Sam Berlin <sberlin at gmail.com>

* Resolved a long standing problem with HttpClient not taking into account
the user context when pooling / re-using connections. HttpClient now
correctly handles stateful / user specific connections such as persistent
NTLM connections and SSL connections with client side authentication.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-773] Improved handling of the 'expires' attribute by the

'Best Match' cookie spec.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* Partial NTLM support (requires an external NTLM engine). For details see
NTLM_SUPPORT.txt
Contributed by Oleg Kalnichevski <olegk at apache.org>
* Redesigned local execution context management.
Contributed by Oleg Kalnichevski <olegk at apache.org>

--------------------------------------

Release 4.0 Alpha 4

-------------------

ALPHA4 marks the completion of the overhaul of the connection management

code in HttpClient. All known shortcomings of the old HttpClient 3.x
connection management API have been addressed.

NTLM authentication remains the only missing major feature in the new
codeline that prevents us from moving awards the API freeze.

There has been a number of important bug fixes since ALPHA3. All upstream
projects are encouraged to upgrade to the latest release.

-------------------

HttpClient 3.x features that have NOT yet been ported:

-------------------

* NTLM authentication scheme

-------------------

Changelog:
-------------------

* [HTTPCLIENT-765] String.toLowerCase() / toUpperCase() should specify

Locale.ENGLISH
Contributed by Sebastian Bazley <sebb at apache.org>

* [HTTPCLIENT-769] Do not pool connection marked non-reusable.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-763] Fixed problem with AbstractClientConnAdapter#abortConnection()

not releasing the connection if called from the main execution thread while
there is no blocking I/O operation.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-652] Added optional state attribute to managed client connections.

This enables connection managers to correctly handle stateful connections.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-673] Revised max connections per route configuration

Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-753] Class Scheme and related classes moved to a separate package

Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-757] Improved request wrapping in the DefaultClientRequestDirector.

This also fixed the problem with the default proxy set at the client level
having no effect.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-734] Request abort will unblock the thread waiting for a connection
Contributed by Sam Berlin <sberlin at gmail.com>
* [HTTPCLIENT-759] Ensure release of connections back to the connection manager
on exceptions.
Contributed by Sam Berlin <sberlin at gmail.com>

* [HTTPCLIENT-758] Fixed the use of generics in AbstractHttpClient

#removeRequestInterceptorByClass and #removeResponseInterceptorByClass
Contributed by Johannes Koch <johannes.koch at fit.fraunhofer.de>

* [HTTPCLIENT-749] HttpParams beans

Contributed by Stojce Dimski <sdmiski at yahoo.it>

* [HTTPCLIENT-755] Workaround for known bugs in java.net.URI.resolve()

Bug ID: 4708535
Contributed by Johannes Koch <johannes.koch at fit.fraunhofer.de>

--------------------------------------

Release 4.0 Alpha 3

-------------------

ALPHA3 release brings another round of API refinements and improvements in

functionality. As of this release HttpClient requires Java 5 compatible
runtime environment and takes full advantage of generics and new concurrency
primitives.

This release also introduces new default cookie policy that selects a cookie
specification depending on the format of cookies sent by the target host.
It is no longer necessary to know beforehand what kind of HTTP cookie support
the target host provides. HttpClient is now able to pick up either a lenient
or a strict cookie policy depending on the compliance level of the target host.

Another notable improvement is a completely reworked support for multipart

entities based on Apache mime4j library.

-------------------

HttpClient 3.x features that have NOT yet been ported:

-------------------

* NTLM authentication scheme

-------------------

Changelog:
-------------------

* [HTTPCLIENT-742] common interface for HttpRoute and RouteTracker

Contributed by Roland Weber <rolandw at apache.org>

* [HTTPCLIENT-741] Fixed concurrency issues in AbstractClientConnAdapter.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-726] testcase for spurious wakeups in ThreadSafeClientConnManager

Contributed by Roland Weber <rolandw at apache.org>

* [HTTPCLIENT-643] Automatic connect fail-over for multi-home remote servers.

Contributed by Oleg Kalnichevski <olegk at apache.org>
* [HTTPCLIENT-735] unsetting of DEFAULT_PROXY and FORCED_ROUTE in hierarchies
Contributed by Roland Weber <rolandw at apache.org>

* [HTTPCLIENT-723] route planner based on java.net.ProxySelector

Contributed by Roland Weber <rolandw at apache.org>

* [HTTPCLIENT-740] don't start connection GC thread in pool constructor

Contributed by Roland Weber <rolandw at apache.org>

* [HTTPCLIENT-736] route planners use SchemeRegistry instead of ConnManager

Contributed by Roland Weber <rolandw at apache.org>

* [HTTPCLIENT-730] Fixed rewriting of URIs containing escaped characters

Contributed by Sam Berlin <sberlin at gmail.com> and
Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-667] Added 'Meta' cookie policy that selects a cookie

specification depending on the format of the cookie(s).
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-729] Move HttpRoute and related classes to routing package.

Contributed by Roland Weber <rolandw at apache.org>

* [HTTPCLIENT-725] Use TimeUnit arguments for timeouts in connection manager.

Contributed by Roland Weber <rolandw at apache.org>

* [HTTPCLIENT-677] Connection manager no longer uses Thread.interrupt().

Contributed by Roland Weber <rolandw at apache.org>

* [HTTPCLIENT-716] Allow application-defined routes.

Contributed by Roland Weber <rolandw at apache.org>

* [HTTPCLIENT-712] Improve HttpRoute API

Contributed by Roland Weber <rolandw at apache.org>

* [HTTPCLIENT-711] Bad route computed for redirected requests

Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-715] Remove RoutedRequest from API

Contributed by Roland Weber <rolandw at apache.org>

* [HTTPCLIENT-705] Fixed incorrect handling of URIs with null path component.

Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-688] HttpOptions#getAllowedMethods can now handle multiple

Allow headers.
Contributed by Andrea Selva <selva.andre at gmail.com>

--------------------------------------

Release 4.0 Alpha 2

-------------------

ALPHA2 release is another milestone in the redesign of HttpClient. It includes

a number of improvements since ALPHA1, among which are improved connection
pooling, support for proxy chains, redesigned HTTP state and authentication
credentials management API, improved RFC 2965 cookie specification.

-------------------
HttpClient 3.x features that have NOT yet been ported
-------------------
* NTLM authentication scheme

* Support for multipart MIME coded entities

-------------------

Changelog
-------------------

* [HTTPCLIENT-698] Resolve non-absolute redirect URIs relative to

the request URI
Contributed by Johannes Koch <johannes.koch at fit.fraunhofer.de>

* [HTTPCLIENT-697] Throw a more intelligible exception when connection

to a remote host cannot be established.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-689] Caching of SimpleDateFormat in DateUtils

Contributed by Daniel Müller <strider at digitalstrider.com>

* [HTTPCLIENT-689] stackable parameters in AbstractHttpClient

Contributed by Roland Weber <rolandw at apache.org>

* [HTTPCLIENT-477] Use distinct instances of the authentication handler

interface for authentication with target and proxy hosts
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-690] ManagedClientConnection provides access to SSLSession

Contributed by Roland Weber <rolandw at apache.org>

* [HTTPCLIENT-692] ClientConnectionManager throws InterruptedException

Contributed by Roland Weber <rolandw at apache.org>

* [HTTPCORE-116] moved parameter names to interfaces

Contributed by Roland Weber <rolandw at apache.org>

* [HTTPCLIENT-649] support for proxy chains in HttpConn

Contributed by Roland Weber <rolandw at apache.org>

* [HTTPCLIENT-636] refactor ThreadSafeClientConnManager in separate package

Contributed by Roland Weber <rolandw at apache.org>

* [HTTPCLIENT-669] new HttpRoutePlanner interface and implementation

Contributed by Andrea Selva <selva.andre at gmail.com>

* [HTTPCLIENT-653] detached connection wrapper no longer prevents

garbage collection of ThreadSafeClientConnManager
Contributed by Roland Weber <rolandw at apache.org>

* [HTTPCLIENT-674] use org.apache.http.util.VersionInfo instead of a local one

Contributed by Roland Weber <rolandw at apache.org>

* [HTTPCLIENT-666] Replaced HttpState with CredentialsProvier and CookieStore

interfaces
Contributed by Oleg Kalnichevski <olegk at apache.org>
* [HTTPCORE-100] revised HttpContext hierarchy
Contributed by Roland Weber <rolandw at apache.org>

* [HTTPCLIENT-618] eliminate class HostConfiguration

Contributed by Roland Weber <rolandw at apache.org>

* [HTTPCLIENT-672] re-sync with API changes in core alpha6-SNAPSHOT

Contributed by Roland Weber <rolandw at apache.org>

--------------------------------------

Release 4.0 Alpha 1

-------------------

HttpClient 4.0 represents a complete, ground-up redesign and almost a complete

The HttpClient 4.0 API is still very experimental and is bound to change
during the course of the ALPHA development phase. Several important features
have not yet been ported to the new API.

Architectural changes
---------------------

* Redesign of the HttpClient internals addressing all known

major architectural shortcomings of the 3.x codeline

* Cleaner, more flexible and expressive API

* Better performance and smaller memory footprint due to a more

efficient HTTP transport based on HttpCore. HttpClient 4.0 is
expected to be 10% to 25% faster than HttpClient 3.x codeline

* More modular structure

* Pluggable redirect and authentication handlers

* Support for protocol incerceptors

* Improved connection management

* Improved support for sending requests via a proxy or a chain of

proxies

* Improved handling redirects of entity enclosing requests

* More flexible SSL context customization

* Reduced intermediate garbage in the process of

generating HTTP requests and parsing HTTP responses

-------------------

HttpClient 3.x features that have NOT yet been ported

-------------------
* NTLM authentication scheme
* RFC2965 cookie policy (Cookie2)

* Support for multipart MIME coded entities

-------------------

Changelog
-------------------

The following is a list of contributions tracked in JIRA.

Note that this is not a complete list of contributions or changes.
Since the API was redesigned completely, tracking everything outside
of the source code repository would have been too burdensome.

* [HTTPCLIENT-655] User-Agent string no longer violates RFC

Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-541] Virtual host API redesign

Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-614] Allow for different strategies when checking

CN of x509 certificates
Contributed by Julius Davies <juliusdavies at gmail.com>

* [HTTPCLIENT-136] Fixed inadequate proxy support

Long standing architectural problem. Issue opened on 19/Dec/2002.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-63] Support for pluggable redirect and authentication handlers

Long standing architectural problem. Issue opened on 15/Jul/2002.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-245] Fixed redirect handling. HttpClient can now automatically

handle redirects of entity enclosing requests.
Long standing architectural problem. Issue opened on 14/Jul/2003.
Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-613] HTTPS connections now verify CN of x509 certificates

Contributed by Julius Davies <juliusdavies at gmail.com>

* [HTTPCLIENT-497] Wire/header logger names consistent with class loggers

Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-484] AuthSSLProtocolSocketFactory in the main distribution

Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-589] Do not consume the remaining response content if

the connection is to be closed
Contributed by Roland Weber <rolandw at apache.org>

* [HTTPCLIENT-475] Support for unconnected sockets. HTTP requests can now be

aborted while network socket is still being connected.
Contributed by Roland Weber <rolandw at apache.org>

What Men Dont Want Women To Know - The Secrets, The Lies, The Unspoken Truth - Smith and Doe
90% (20)
What Men Dont Want Women To Know - The Secrets, The Lies, The Unspoken Truth - Smith and Doe
157 pages
Free Cash App Money
60% (20)
Free Cash App Money
6 pages
Attached The New Science of Adult Attach PDF
7% (28)
Attached The New Science of Adult Attach PDF
3 pages
RedLotus SS Guide
No ratings yet
RedLotus SS Guide
39 pages
Ultimate Tradeline Guide PDF
46% (13)
Ultimate Tradeline Guide PDF
23 pages
Cell Phone Lock Removal
80% (10)
Cell Phone Lock Removal
32 pages
Latest Sba Method To Get 10K+ Loans (Updated)
83% (6)
Latest Sba Method To Get 10K+ Loans (Updated)
5 pages
Storm Kings Thunder
100% (19)
Storm Kings Thunder
258 pages
Autism Spectrum Ratig Scales
71% (7)
Autism Spectrum Ratig Scales
16 pages
Scores
26% (23)
Scores
12 pages
Money Dropper: Drop Money Like It'S Hot: Leaked by Captaincrunch
75% (4)
Money Dropper: Drop Money Like It'S Hot: Leaked by Captaincrunch
10 pages
Hacking Uber For Profite PDF
100% (6)
Hacking Uber For Profite PDF
5 pages
Gambrel Barn and Shed Plans Construction Blueprints (John Davidson, Specialized Design Systems)
100% (1)
Gambrel Barn and Shed Plans Construction Blueprints (John Davidson, Specialized Design Systems)
85 pages
47 Easy DIY Survival Projects
94% (16)
47 Easy DIY Survival Projects
97 pages
Make Over $500 A Day Now With Secret Crack With Free Money
100% (11)
Make Over $500 A Day Now With Secret Crack With Free Money
13 pages
Rocket Loan Method
90% (10)
Rocket Loan Method
10 pages
Skip Tracing 101
100% (1)
Skip Tracing 101
5 pages
Hacking I Cloud
83% (6)
Hacking I Cloud
34 pages
The Ultimate Drop Shipping Cheat Sheet
100% (1)
The Ultimate Drop Shipping Cheat Sheet
18 pages
Changes
No ratings yet
Changes
60 pages
Httpie-0 9 8
No ratings yet
Httpie-0 9 8
24 pages
SRS - How to build a Pen Test and Hacking Platform
From Everand
SRS - How to build a Pen Test and Hacking Platform
alasdair gilchrist
2/5 (1)
Free Woodworking Plans Projects
100% (5)
Free Woodworking Plans Projects
440 pages
Habit Stacking
100% (41)
Habit Stacking
73 pages
CHANGES
No ratings yet
CHANGES
130 pages
CHANGES
No ratings yet
CHANGES
113 pages
Apache Httpclient Tutorial
100% (1)
Apache Httpclient Tutorial
69 pages
HN v9.3.0 ReleaseNotes
No ratings yet
HN v9.3.0 ReleaseNotes
9 pages
Linux DevOps Tools Engineer (701) Practice Tests: 400 Questions to Ace Your Certification
From Everand
Linux DevOps Tools Engineer (701) Practice Tests: 400 Questions to Ace Your Certification
Steve Brown
No ratings yet
A Comparison of Java - net.URLConnection and HTTPClient
No ratings yet
A Comparison of Java - net.URLConnection and HTTPClient
1 page
Topic 2 - Web Application Technologies
No ratings yet
Topic 2 - Web Application Technologies
47 pages
Changes
No ratings yet
Changes
74 pages
Module Java - Part1
No ratings yet
Module Java - Part1
3 pages
Web Engineering: Anup Majumder Lecturer, CSE, DIU
No ratings yet
Web Engineering: Anup Majumder Lecturer, CSE, DIU
30 pages
Apache Server: The Number One HTTP Server On The Internet
No ratings yet
Apache Server: The Number One HTTP Server On The Internet
3 pages
Aulao-De-Intrusa-Hacker - Data-12-05-2020-Sampa
No ratings yet
Aulao-De-Intrusa-Hacker - Data-12-05-2020-Sampa
21 pages
Changes
No ratings yet
Changes
88 pages
Draft Ietf Httpbis Http2 17
No ratings yet
Draft Ietf Httpbis Http2 17
92 pages
HTTPS
No ratings yet
HTTPS
19 pages
Gabut
No ratings yet
Gabut
100 pages
How to Hack Like a Ghost: Breaching the Cloud
From Everand
How to Hack Like a Ghost: Breaching the Cloud
Sparc Flow
No ratings yet
Changes
No ratings yet
Changes
80 pages
Sfs
No ratings yet
Sfs
102 pages
[CyberSec'24] Lab02 - Student Version
No ratings yet
[CyberSec'24] Lab02 - Student Version
49 pages
DevOps. How to build pipelines with Jenkins, Docker container, AWS ECS, JDK 11, git and maven 3?
From Everand
DevOps. How to build pipelines with Jenkins, Docker container, AWS ECS, JDK 11, git and maven 3?
John Edward Cooper Berg
No ratings yet
requests
No ratings yet
requests
95 pages
HTTP
No ratings yet
HTTP
21 pages
HTTP and Https
No ratings yet
HTTP and Https
24 pages
Lecture 04 Overview of HTTP and Related Technologies
No ratings yet
Lecture 04 Overview of HTTP and Related Technologies
85 pages
Changes
No ratings yet
Changes
31 pages
05 HTTP
No ratings yet
05 HTTP
46 pages
Hyper Text Transfer Protocol (HTTP) : Objective: Understand HTTP (The Protocol That Makes The Internet Possible)
No ratings yet
Hyper Text Transfer Protocol (HTTP) : Objective: Understand HTTP (The Protocol That Makes The Internet Possible)
16 pages
Get The Most Out of HttpClient
No ratings yet
Get The Most Out of HttpClient
39 pages
Application Layer
No ratings yet
Application Layer
33 pages
Changes
No ratings yet
Changes
257 pages
Cloud Native Security
From Everand
Cloud Native Security
Chris Binnie
No ratings yet
IT Chap 4
No ratings yet
IT Chap 4
15 pages
Core Enhancements
No ratings yet
Core Enhancements
6 pages
HTTP Notes
No ratings yet
HTTP Notes
28 pages
Change Log
No ratings yet
Change Log
49 pages
HTTP
No ratings yet
HTTP
21 pages
Hands-On Python Programming With HTTPX
No ratings yet
Hands-On Python Programming With HTTPX
46 pages
httpmessage
No ratings yet
httpmessage
6 pages
Requests
No ratings yet
Requests
125 pages
Hypertext Transfer Protocol
No ratings yet
Hypertext Transfer Protocol
18 pages
NoSQL Injection for Elasticsearch
From Everand
NoSQL Injection for Elasticsearch
Gary Drocella
No ratings yet
Nginx HTTP2
No ratings yet
Nginx HTTP2
16 pages
Unit-II Servlets2
No ratings yet
Unit-II Servlets2
75 pages
Microsoft AZ-400: Designing and Implementing Microsoft DevOps Solutions - Certification Exam Prep
From Everand
Microsoft AZ-400: Designing and Implementing Microsoft DevOps Solutions - Certification Exam Prep
Steve Brown
No ratings yet
Chimanumana
No ratings yet
Chimanumana
74 pages
What Is HTTP?
No ratings yet
What Is HTTP?
5 pages
RFC 9113 - HTTP - 2
No ratings yet
RFC 9113 - HTTP - 2
95 pages
What's New in .NET 8? A Complete Guide to the Latest Features
From Everand
What's New in .NET 8? A Complete Guide to the Latest Features
Nitika
No ratings yet
ASP 02 HTTP
No ratings yet
ASP 02 HTTP
10 pages
HAProxy Version 1.7-Dev1 - Configuration Manual
No ratings yet
HAProxy Version 1.7-Dev1 - Configuration Manual
171 pages
Owasp Webscarab: Uncovering The Hidden Treasures
No ratings yet
Owasp Webscarab: Uncovering The Hidden Treasures
32 pages
STATUS
No ratings yet
STATUS
1 page
FortiGate 7.4 Admin Study Notes: 499 Study Notes for Accelerated Certification Success
From Everand
FortiGate 7.4 Admin Study Notes: 499 Study Notes for Accelerated Certification Success
Steve Brown
No ratings yet
Httpclient Tutorial
No ratings yet
Httpclient Tutorial
49 pages
Mastering Go Network Automation: Automating Networks, Container Orchestration, Kubernetes with Puppet, Vegeta and Apache JMeter
From Everand
Mastering Go Network Automation: Automating Networks, Container Orchestration, Kubernetes with Puppet, Vegeta and Apache JMeter
Ian Taylor
No ratings yet
Mastering Go Network Automation
From Everand
Mastering Go Network Automation
Ian Taylor
No ratings yet
A Photographers Guide To RAW in Photoshop
No ratings yet
A Photographers Guide To RAW in Photoshop
228 pages
100 Fiverr Gigs You Can Sell Right Now PDF
80% (5)
100 Fiverr Gigs You Can Sell Right Now PDF
23 pages
Ten Apples Up On Top! Pages 1 - 50 - Flip PDF Download - FlipHTML5
100% (1)
Ten Apples Up On Top! Pages 1 - 50 - Flip PDF Download - FlipHTML5
65 pages
100 Money Apps and Life Hacks
No ratings yet
100 Money Apps and Life Hacks
8 pages
Fastrack To Free Everything
100% (4)
Fastrack To Free Everything
100 pages
Useful Websites
50% (2)
Useful Websites
18 pages
Adobe Illustrator
No ratings yet
Adobe Illustrator
84 pages
Google Drive Quick Reference Guide
75% (4)
Google Drive Quick Reference Guide
4 pages
Apps For Musicians
100% (1)
Apps For Musicians
2 pages
Discovering Family History
0% (1)
Discovering Family History
56 pages
Hp0-Y13 Procurve Network Management
No ratings yet
Hp0-Y13 Procurve Network Management
32 pages
Tutorial Lab1 (Copy)
No ratings yet
Tutorial Lab1 (Copy)
4 pages
Se Bits Unit Bit 5
No ratings yet
Se Bits Unit Bit 5
5 pages
Free Sap C thr92 2405 Exam Questions by Bruce
No ratings yet
Free Sap C thr92 2405 Exam Questions by Bruce
10 pages
Pads Professional: Quickstart Guide
100% (1)
Pads Professional: Quickstart Guide
33 pages
Notes OS
No ratings yet
Notes OS
11 pages
IPCS Good
No ratings yet
IPCS Good
29 pages
User Manual D-Checker V3631 en
No ratings yet
User Manual D-Checker V3631 en
67 pages
Challenges and Limitations of Conventional Data Processing Approaches in IT (1)
No ratings yet
Challenges and Limitations of Conventional Data Processing Approaches in IT (1)
9 pages
Untitled
No ratings yet
Untitled
69 pages
Kami Export - Report - Ruma
No ratings yet
Kami Export - Report - Ruma
41 pages
Lab 5 Bit Level Instructions: Objective
No ratings yet
Lab 5 Bit Level Instructions: Objective
5 pages
Lab 3 Introduction To Dialux
No ratings yet
Lab 3 Introduction To Dialux
12 pages
Young Medi CT Scanners
No ratings yet
Young Medi CT Scanners
3 pages
PRR MarilynMarks ESS 20190601-20191028
No ratings yet
PRR MarilynMarks ESS 20190601-20191028
417 pages
Daraz
100% (1)
Daraz
24 pages
Computer 12th MCQs 001
No ratings yet
Computer 12th MCQs 001
11 pages
Introduction Android Development with Kotlin
No ratings yet
Introduction Android Development with Kotlin
23 pages
Lectures 6,7 Modular RAG
No ratings yet
Lectures 6,7 Modular RAG
85 pages
Day_7 C-Programming
No ratings yet
Day_7 C-Programming
15 pages
MS-PowerPoint MCQs
No ratings yet
MS-PowerPoint MCQs
19 pages
En DM00226326
No ratings yet
En DM00226326
45 pages
Maximus II Windows 10 (32-Bit) Firmware Instructions: Preparation
No ratings yet
Maximus II Windows 10 (32-Bit) Firmware Instructions: Preparation
9 pages
Top ai tool
100% (1)
Top ai tool
14 pages
Download full The Photoshop Darkroom 2 Creative Digital Transformations 1st Edition Harold Davis ebook all chapters
No ratings yet
Download full The Photoshop Darkroom 2 Creative Digital Transformations 1st Edition Harold Davis ebook all chapters
77 pages
Switch Stack Update: Prerequisites
No ratings yet
Switch Stack Update: Prerequisites
10 pages
Chvsahvc
No ratings yet
Chvsahvc
1 page
UNIT I Introduction to Data mining-converted
No ratings yet
UNIT I Introduction to Data mining-converted
22 pages
FHIR ImplementationGuide 28july
No ratings yet
FHIR ImplementationGuide 28july
62 pages

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.