Release 4.0.3 ------------------- This is an emergency release fixing a critical regression in the SSL connection management code. HttpClient 4.0.2 release included an improved support for multihome hosts, which unfortunately had a bug causing the default SSL hostname verification logic to fail. An attempt to establish an SSL connection with HttpClient 4.0.2 can result in javax.net.ssl.SSLException: "hostname in certificate didn't match ..." error. Changelog ------------------- * [HTTPCLIENT-996] An emergency fix for javax.net.ssl.SSLException: "hostname in certificate didn't match ..." error. Contributed by Oleg Kalnichevski Release 4.0.2 ------------------- This is a maintenance release that fixes a number of bugs discovered since the previous stable release. This is likely to be the last release from the 4.0.x branch. Changelog ------------------- * [HTTPCLIENT-951] Non-repeatable entity enclosing requests are not correctly retried when 'expect-continue' handshake is active. Contributed by Oleg Kalnichevski * [HTTPCLIENT-953] IllegalStateException thrown by RouteSpecificPool. Contributed by Guillaume * Work-around for HTTPCLIENT-948 (idle connection handling code can leave closed connection in a inconsistent state) Contributed by Oleg Kalnichevski Release 4.0.1 ------------------- This is a bug fix release that addresses a number of issues discovered since the previous stable release. None of the fixed bugs is considered critical. Most notably this release eliminates eliminates dependency on JCIP annotations. This release is also expected to improve performance by 5 to 10% due to elimination of unnecessary Log object lookups by short-lived components. Changelog ------------------- * [HTTPCLIENT-895] Eliminated Log object lookups by short-lived components impairing performance. Contributed by Oleg Kalnichevski * [HTTPCLIENT-885] URLEncodedUtils now correctly parses form-url-encoded entities that specify a charset. Contributed by Oleg Kalnichevski * [HTTPCLIENT-884] UrlEncodedFormEntity now sets charset on the Content-Type header. Contributed by Jared Jacobs * [HTTPCLIENT-883] SO_TIMEOUT is not reset on persistent (re-used) connections. Contributed by Oleg Kalnichevski * [HTTPCLIENT-882] Auth state is now correctly updated if a successful NTLM authentication results in a redirect. This is a minor bug as HttpClient manages to recover from the problem automatically. Contributed by Oleg Kalnichevski * [HTTPCLIENT-881] Fixed race condition in AbstractClientConnAdapter that makes it possible for an aborted connection to be returned to the pool. Contributed by Tim Boemker and Oleg Kalnichevski * [HTTPCLIENT-866] Removed dependency on jcip-annotations.jar. Contributed by Oleg Kalnichevski and Sebastian Bazley Release 4.0 ------------------- HttpClient 4.0 represents a complete, ground-up redesign and almost a complete rewrite of the HttpClient 3.x codeline. This release finally addresses several design flaws that existed since the 1.0 release and could not be fixed without a major code overhaul and breaking API compatibility. Architectural changes --------------------- * Redesign of the HttpClient internals addressing all known major architectural shortcomings of the 3.x codeline. * Cleaner, more flexible and expressive API. * More modular structure. * Better performance and smaller memory footprint due to a more efficient HTTP transport based on HttpCore. * Implementation of cross-cutting HTTP protocol aspects through protocol interceptors. * Improved connection management, better handling of persistent connections, support for stateful connections * Pluggable redirect and authentication handlers. * Improved support for sending requests via a proxy or a chain of proxies * More flexible SSL context customization * Reduced intermediate garbage in the process of generating HTTP requests and parsing HTTP responses Important notes ------------------- * Future releases of HttpMime module may be binary incompatible with this release due to possible API changes in Apache Mime4J. Apache Mime4J is still being actively developed and its API is considered unstable. * HttpClient 4.0 is not fully binary compatible with 4.0 BETA1 release. Some protected variables in connection management class have been made final in order to help ensure their thread safety: org.apache.http.conn.BasicEofSensorWatcher#attemptReuse org.apache.http.conn.BasicEofSensorWatcher#managedConn org.apache.http.impl.conn.DefaultClientConnectionOperator#schemeRegistry org.apache.http.impl.conn.DefaultHttpRoutePlanner#schemeRegistry org.apache.http.impl.conn.ProxySelectorRoutePlanner#schemeRegistry org.apache.http.impl.conn.SingleClientConnManager#alwaysShutDown org.apache.http.impl.conn.SingleClientConnManager#connOperator org.apache.http.impl.conn.SingleClientConnManager#schemeRegistry org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager#connOperator org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager#schemeRegistry Bug fixes since 4.0 BETA2 release ------------------- * [HTTPCLIENT-861] URIUtils#resolve is now compatible with all examples given in RFC 3986. Contributed by Johannes Koch * [HTTPCLIENT-860] HttpClient no longer converts redirects of PUT/POST to GET for status codes 301, 302, 307, as required by the HTTP spec. Contributed by Oleg Kalnichevski * [HTTPCLIENT-859] CookieIdentityComparator now takes path attribute into consideration when comparing cookies. Contributed by Oleg Kalnichevski * HttpClient will no longer send expired cookies back to the origin server. Contributed by Oleg Kalnichevski * [HTTPCLIENT-856] Proxy NTLM authentication no longer fails on a redirect to a different host. Contributed by Oleg Kalnichevski * [HTTPCLIENT-841] Removed automatic connection release using garbage collection due to a memory leak. Contributed by Oleg Kalnichevski * [HTTPCLIENT-853] Fixed bug causing invalid cookie origin port to be selected when the target is accessed on the default port and the connection is established via a proxy. Contributed by Oleg Kalnichevski * [HTTPCLIENT-852] Fixed bug causing automatically retried redirects fail with CircularRedirectException. Contributed by Oleg Kalnichevski * Fixed problem with the default HTTP response parser failing to handle garbage preceding a valid HTTP response. Contributed by Oleg Kalnichevski * NonRepeatableRequestExceptions now include the cause that the original request failed. Contributed by Sam Berlin * [HTTPCLIENT-837] Fixed problem with the wire log skipping zero byte values if read one byte at a time. Contributed by Kirill Safonov * [HTTPCLIENT-823] 'http.conn-manager.max-total' parameter can be adjusted dynamically. However, the size of existing connection pools per route, once allocated, will not be adjusted. Contributed by Oleg Kalnichevski * [HTTPCLIENT-822] Default socket factories to rethrow SocketTimeoutException as ConnectTimeoutException in case of connect failure due to a time out. Contributed by Oleg Kalnichevski * [HTTPCLIENT-813] Fixed default port resolution. Invalid ports no longer get replaced with the default port value. Contributed by Oleg Kalnichevski Release 4.0 beta 2 ------------------- BETA2 is a maintenance release, which addresses a number of issues discovered since the previous release. The only significant new feature is an addition of an OSGi compliant bundle combining HttpClient and HttpMime jars. All upstream projects are strongly encouraged to upgrade. * Fixed NPE in DefaultRequestDirector thrown when retrying a failed request over a proxied connection. Contributed by Oleg Kalnichevski * [HTTPCLIENT-803] Fixed bug in SSL host verifier implementations causing the SSL certificate to be rejected as invalid if the connection is established using an IP address. Contributed by Oleg Kalnichevski * [HTTPCLIENT-806] DefaultHttpMethodRetryHandler will no longer retry on ConnectExceptions. Contributed by Oleg Kalnichevski * DigestScheme can use an arbitrary digest algorithm requested by the target server (such as SHA) as long as this algorithm is supported by the Java runtime. Contributed by Oleg Kalnichevski * Fixed parsing and validation of RFC2109 compliant Set-Cookie headers by the Best-Match cookie spec. Contributed by Oleg Kalnichevski * Fixed bug that can cause a managed connection to be returned from the pool in an inconsistent state. Contributed by Oleg Kalnichevski 4.0 Beta 1 ------------------- BETA1 release brings yet another round of API enhancements and improvements in the area of connection management. Among the most notable ones is the capability to handle stateful connections such as persistent NTLM connections and private key authenticated SSL connections. This is the first API stable release of HttpClient 4.0. All further releases in the 4.0 code line will maintain API compatibility with this release. There has been a number of important bug fixes since ALPHA4. All upstream projects are encouraged to upgrade to the latest release. Please note HttpClient currently provides only limited support for NTLM authentication. For details please see NTLM_SUPPORT.txt. ------------------- Changelog: ------------------- * [HTTPCLIENT-790] Protocol interceptors are now correctly invoked when executing CONNECT methods. Contributed by Oleg Kalnichevski * [HTTPCLIENT-668] Do not use static loggers. Contributed by Oleg Kalnichevski * [HTTPCLIENT-781] Respect Keep-Alive header's timeout value. Contributed by Sam Berlin * [HTTPCLIENT-779] Top-level classes (HttpClient, and HttpGet, HttpPut and similar HttpMethods) throw fewer checked exceptions. Contributed by Sam Berlin * HttpClient will throw an exception if an attempt is made to retry a request with a non-repeatable request entity. Contributed by Oleg Kalnichevski * Fixed request re-generation logic when retrying a failed request. Auto-generated headers will no accumulate. Contributed by Oleg Kalnichevski * [HTTPCLIENT-424] Preemptive authentication no longer limited to BASIC scheme only. HttpClient can be customized to authenticate preemptively with DIGEST scheme. Contributed by Oleg Kalnichevski * [HTTPCLIENT-670] Pluggable hostname resolver. Contributed by Oleg Kalnichevski * [HTTPCLIENT-719] Clone support for HTTP request and cookie objects. Contributed by Oleg Kalnichevski * [HTTPCLIENT-776] Fixed concurrency issues with AbstractPoolEntry. Contributed by Sam Berlin * Resolved a long standing problem with HttpClient not taking into account the user context when pooling / re-using connections. HttpClient now correctly handles stateful / user specific connections such as persistent NTLM connections and SSL connections with client side authentication. Contributed by Oleg Kalnichevski * [HTTPCLIENT-773] Improved handling of the 'expires' attribute by the 'Best Match' cookie spec. Contributed by Oleg Kalnichevski * Partial NTLM support (requires an external NTLM engine). For details see NTLM_SUPPORT.txt Contributed by Oleg Kalnichevski * Redesigned local execution context management. Contributed by Oleg Kalnichevski -------------------------------------- Release 4.0 Alpha 4 ------------------- ALPHA4 marks the completion of the overhaul of the connection management code in HttpClient. All known shortcomings of the old HttpClient 3.x connection management API have been addressed. NTLM authentication remains the only missing major feature in the new codeline that prevents us from moving awards the API freeze. There has been a number of important bug fixes since ALPHA3. All upstream projects are encouraged to upgrade to the latest release. ------------------- HttpClient 3.x features that have NOT yet been ported: ------------------- * NTLM authentication scheme ------------------- Changelog: ------------------- * [HTTPCLIENT-765] String.toLowerCase() / toUpperCase() should specify Locale.ENGLISH Contributed by Sebastian Bazley * [HTTPCLIENT-769] Do not pool connection marked non-reusable. Contributed by Oleg Kalnichevski * [HTTPCLIENT-763] Fixed problem with AbstractClientConnAdapter#abortConnection() not releasing the connection if called from the main execution thread while there is no blocking I/O operation. Contributed by Oleg Kalnichevski * [HTTPCLIENT-652] Added optional state attribute to managed client connections. This enables connection managers to correctly handle stateful connections. Contributed by Oleg Kalnichevski * [HTTPCLIENT-673] Revised max connections per route configuration Contributed by Oleg Kalnichevski * [HTTPCLIENT-753] Class Scheme and related classes moved to a separate package Contributed by Oleg Kalnichevski * [HTTPCLIENT-757] Improved request wrapping in the DefaultClientRequestDirector. This also fixed the problem with the default proxy set at the client level having no effect. Contributed by Oleg Kalnichevski * [HTTPCLIENT-734] Request abort will unblock the thread waiting for a connection Contributed by Sam Berlin * [HTTPCLIENT-759] Ensure release of connections back to the connection manager on exceptions. Contributed by Sam Berlin * [HTTPCLIENT-758] Fixed the use of generics in AbstractHttpClient #removeRequestInterceptorByClass and #removeResponseInterceptorByClass Contributed by Johannes Koch * [HTTPCLIENT-749] HttpParams beans Contributed by Stojce Dimski * [HTTPCLIENT-755] Workaround for known bugs in java.net.URI.resolve() Bug ID: 4708535 Contributed by Johannes Koch -------------------------------------- Release 4.0 Alpha 3 ------------------- ALPHA3 release brings another round of API refinements and improvements in functionality. As of this release HttpClient requires Java 5 compatible runtime environment and takes full advantage of generics and new concurrency primitives. This release also introduces new default cookie policy that selects a cookie specification depending on the format of cookies sent by the target host. It is no longer necessary to know beforehand what kind of HTTP cookie support the target host provides. HttpClient is now able to pick up either a lenient or a strict cookie policy depending on the compliance level of the target host. Another notable improvement is a completely reworked support for multipart entities based on Apache mime4j library. ------------------- HttpClient 3.x features that have NOT yet been ported: ------------------- * NTLM authentication scheme ------------------- Changelog: ------------------- * [HTTPCLIENT-742] common interface for HttpRoute and RouteTracker Contributed by Roland Weber * [HTTPCLIENT-741] Fixed concurrency issues in AbstractClientConnAdapter. Contributed by Oleg Kalnichevski * [HTTPCLIENT-726] testcase for spurious wakeups in ThreadSafeClientConnManager Contributed by Roland Weber * [HTTPCLIENT-643] Automatic connect fail-over for multi-home remote servers. Contributed by Oleg Kalnichevski * [HTTPCLIENT-735] unsetting of DEFAULT_PROXY and FORCED_ROUTE in hierarchies Contributed by Roland Weber * [HTTPCLIENT-723] route planner based on java.net.ProxySelector Contributed by Roland Weber * [HTTPCLIENT-740] don't start connection GC thread in pool constructor Contributed by Roland Weber * [HTTPCLIENT-736] route planners use SchemeRegistry instead of ConnManager Contributed by Roland Weber * [HTTPCLIENT-730] Fixed rewriting of URIs containing escaped characters Contributed by Sam Berlin and Oleg Kalnichevski * [HTTPCLIENT-667] Added 'Meta' cookie policy that selects a cookie specification depending on the format of the cookie(s). Contributed by Oleg Kalnichevski * [HTTPCLIENT-729] Move HttpRoute and related classes to routing package. Contributed by Roland Weber * [HTTPCLIENT-725] Use TimeUnit arguments for timeouts in connection manager. Contributed by Roland Weber * [HTTPCLIENT-677] Connection manager no longer uses Thread.interrupt(). Contributed by Roland Weber * [HTTPCLIENT-716] Allow application-defined routes. Contributed by Roland Weber * [HTTPCLIENT-712] Improve HttpRoute API Contributed by Roland Weber * [HTTPCLIENT-711] Bad route computed for redirected requests Contributed by Oleg Kalnichevski * [HTTPCLIENT-715] Remove RoutedRequest from API Contributed by Roland Weber * [HTTPCLIENT-705] Fixed incorrect handling of URIs with null path component. Contributed by Oleg Kalnichevski * [HTTPCLIENT-688] HttpOptions#getAllowedMethods can now handle multiple Allow headers. Contributed by Andrea Selva -------------------------------------- Release 4.0 Alpha 2 ------------------- ALPHA2 release is another milestone in the redesign of HttpClient. It includes a number of improvements since ALPHA1, among which are improved connection pooling, support for proxy chains, redesigned HTTP state and authentication credentials management API, improved RFC 2965 cookie specification. ------------------- HttpClient 3.x features that have NOT yet been ported ------------------- * NTLM authentication scheme * Support for multipart MIME coded entities ------------------- Changelog ------------------- * [HTTPCLIENT-698] Resolve non-absolute redirect URIs relative to the request URI Contributed by Johannes Koch * [HTTPCLIENT-697] Throw a more intelligible exception when connection to a remote host cannot be established. Contributed by Oleg Kalnichevski * [HTTPCLIENT-689] Caching of SimpleDateFormat in DateUtils Contributed by Daniel Müller * [HTTPCLIENT-689] stackable parameters in AbstractHttpClient Contributed by Roland Weber * [HTTPCLIENT-477] Use distinct instances of the authentication handler interface for authentication with target and proxy hosts Contributed by Oleg Kalnichevski * [HTTPCLIENT-690] ManagedClientConnection provides access to SSLSession Contributed by Roland Weber * [HTTPCLIENT-692] ClientConnectionManager throws InterruptedException Contributed by Roland Weber * [HTTPCORE-116] moved parameter names to interfaces Contributed by Roland Weber * [HTTPCLIENT-649] support for proxy chains in HttpConn Contributed by Roland Weber * [HTTPCLIENT-636] refactor ThreadSafeClientConnManager in separate package Contributed by Roland Weber * [HTTPCLIENT-669] new HttpRoutePlanner interface and implementation Contributed by Andrea Selva * [HTTPCLIENT-653] detached connection wrapper no longer prevents garbage collection of ThreadSafeClientConnManager Contributed by Roland Weber * [HTTPCLIENT-674] use org.apache.http.util.VersionInfo instead of a local one Contributed by Roland Weber * [HTTPCLIENT-666] Replaced HttpState with CredentialsProvier and CookieStore interfaces Contributed by Oleg Kalnichevski * [HTTPCORE-100] revised HttpContext hierarchy Contributed by Roland Weber * [HTTPCLIENT-618] eliminate class HostConfiguration Contributed by Roland Weber * [HTTPCLIENT-672] re-sync with API changes in core alpha6-SNAPSHOT Contributed by Roland Weber -------------------------------------- Release 4.0 Alpha 1 ------------------- HttpClient 4.0 represents a complete, ground-up redesign and almost a complete rewrite of the HttpClient 3.x codeline. This release finally addresses several design flaws that existed since the 1.0 release and could not be fixed without a major code overhaul and breaking API compatibility. The HttpClient 4.0 API is still very experimental and is bound to change during the course of the ALPHA development phase. Several important features have not yet been ported to the new API. Architectural changes --------------------- * Redesign of the HttpClient internals addressing all known major architectural shortcomings of the 3.x codeline * Cleaner, more flexible and expressive API * Better performance and smaller memory footprint due to a more efficient HTTP transport based on HttpCore. HttpClient 4.0 is expected to be 10% to 25% faster than HttpClient 3.x codeline * More modular structure * Pluggable redirect and authentication handlers * Support for protocol incerceptors * Improved connection management * Improved support for sending requests via a proxy or a chain of proxies * Improved handling redirects of entity enclosing requests * More flexible SSL context customization * Reduced intermediate garbage in the process of generating HTTP requests and parsing HTTP responses ------------------- HttpClient 3.x features that have NOT yet been ported ------------------- * NTLM authentication scheme * RFC2965 cookie policy (Cookie2) * Support for multipart MIME coded entities ------------------- Changelog ------------------- The following is a list of contributions tracked in JIRA. Note that this is not a complete list of contributions or changes. Since the API was redesigned completely, tracking everything outside of the source code repository would have been too burdensome. * [HTTPCLIENT-655] User-Agent string no longer violates RFC Contributed by Oleg Kalnichevski * [HTTPCLIENT-541] Virtual host API redesign Contributed by Oleg Kalnichevski * [HTTPCLIENT-614] Allow for different strategies when checking CN of x509 certificates Contributed by Julius Davies * [HTTPCLIENT-136] Fixed inadequate proxy support Long standing architectural problem. Issue opened on 19/Dec/2002. Contributed by Oleg Kalnichevski * [HTTPCLIENT-63] Support for pluggable redirect and authentication handlers Long standing architectural problem. Issue opened on 15/Jul/2002. Contributed by Oleg Kalnichevski * [HTTPCLIENT-245] Fixed redirect handling. HttpClient can now automatically handle redirects of entity enclosing requests. Long standing architectural problem. Issue opened on 14/Jul/2003. Contributed by Oleg Kalnichevski * [HTTPCLIENT-613] HTTPS connections now verify CN of x509 certificates Contributed by Julius Davies * [HTTPCLIENT-497] Wire/header logger names consistent with class loggers Contributed by Oleg Kalnichevski * [HTTPCLIENT-484] AuthSSLProtocolSocketFactory in the main distribution Contributed by Oleg Kalnichevski * [HTTPCLIENT-589] Do not consume the remaining response content if the connection is to be closed Contributed by Roland Weber * [HTTPCLIENT-475] Support for unconnected sockets. HTTP requests can now be aborted while network socket is still being connected. Contributed by Roland Weber