All Versions
Latest Version
Avg Release Cycle
18 days
Latest Release

Changelog History
Page 9

  • v3.1.2 Changes


    • Fix: Don’t crash when finding the trust manager on Robolectric. We attempted to detect the host platform and got confused because Robolectric looks like Android but isn’t!
    • Fix: Change CertificatePinner to skip sanitizing the certificate chain when no certificates were pinned. This avoids an SSL failure in insecure “trust everyone” configurations, such as when talking to a development HTTPS server that has a self-signed certificate.
  • v3.1.1 Changes


    • Fix: Don't crash when finding the trust manager if the Play Services (GMS) security provider is installed.
    • Fix: The previous release introduced a performance regression on Android, caused by looking up CA certificates. This is now fixed.
  • v3.1.0 Changes


    • New: WebSockets now defer some writes. This should improve performance for some applications.
    • New: Override equals() and hashCode() in our new cookie class. This class now defines equality by value rather than by reference.
    • New: Handle 408 responses by retrying the request. This allows servers to direct clients to retry rather than failing permanently.
    • New: Expose the framed protocol in Connection. Previously this would return the application-layer protocol (HTTP/1.1 or HTTP/1.0); now it always returns the wire-layer protocol (HTTP/2, SPDY/3.1, or HTTP/1.1).
    • Fix: Permit the trusted CA root to be pinned by CertificatePinner.
    • Fix: Silently ignore unknown HTTP/2 settings. Previously this would cause the entire connection to fail.
    • Fix: Don’t crash on unexpected charsets in the logging interceptor.
    • Fix: OkHttpClient is now non-final for the benefit of mocking frameworks. Mocking sophisticated classes like OkHttpClient is fragile and you shouldn’t do it. But if that’s how you want to live your life we won’t stand in your way!
  • v3.0.1 Changes


    • Rollback OSGi support. This was causing library jars to include more classes than expected, which interfered with Gradle builds.
  • v3.0.0 Changes


    🚀 This release commits to a stable 3.0 API. Read the 3.0.0-RC1 changes for advice ⬆️ on upgrading from 2.x to 3.x.

    • The Callback interface now takes a Call. This makes it easier to check if the call was canceled from within the callback. When migrating async calls to this new API, Call is now the first parameter for both onResponse() and onFailure().
    • Fix: handle multiple cookies in JavaNetCookieJar on Android.
    • Fix: improve the default HTTP message in MockWebServer responses.
    • Fix: don't leak file handles when a conditional GET throws.
    • Fix: Use charset specified by the request body content type in OkHttp's logging interceptor.
    • Fix: Don't eagerly release pools on cache hits.
    • New: Make OkHttp OSGi ready.
    • New: Add already-implemented interfaces Closeable and Flushable to the cache.
  • v3.0.0-RC1 Changes


    🚀 OkHttp 3 is a major release focused on API simplicity and consistency. The API 💄 changes are numerous but most are cosmetic. Applications should be able to ⬆️ upgrade from the 2.x API to the 3.x API mechanically and without risk.

    🚀 Because the release includes breaking API changes, we're changing the project's 📦 package name from com.squareup.okhttp to okhttp3. This should make it possible for large applications to migrate incrementally. The Maven group ID 👀 is now com.squareup.okhttp3. For an explanation of this strategy, see Jake Wharton's post, [Java Interoperability Policy for Major Version ⚡️ Updates][major_versions].

    🚀 This release obsoletes OkHttp 2.x, and all code that uses OkHttp's ⬆️ com.squareup.okhttp package should upgrade to the okhttp3 package. Libraries ⬆️ that depend on OkHttp should upgrade quickly to prevent applications from being stuck on the old version.

    • There is no longer a global singleton connection pool. In OkHttp 2.x, all OkHttpClient instances shared a common connection pool by default. In OkHttp 3.x, each new OkHttpClient gets its own private connection pool. Applications should avoid creating many connection pools as doing so prevents connection reuse. Each connection pool holds its own set of connections alive so applications that have many pools also risk exhausting memory!

      The best practice in OkHttp 3 is to create a single OkHttpClient instance and share it throughout the application. Requests that needs a customized client should call OkHttpClient.newBuilder() on that shared instance. This allows customization without the drawbacks of separate connection pools.

    • OkHttpClient is now stateless. In the 2.x API OkHttpClient had getters and setters. Internally each request was forced to make its own complete snapshot of the OkHttpClient instance to defend against racy configuration changes. In 3.x, OkHttpClient is now stateless and has a builder. Note that this class is not strictly immutable as it has stateful members like the connection pool and cache.

    • Get and Set prefixes are now avoided. With ubiquitous builders throughout OkHttp these accessor prefixes aren't necessary. Previously OkHttp used get and set prefixes sporadically which make the API inconsistent and awkward to explore.

    • OkHttpClient now implements the new Call.Factory interface. This interface will make your code easier to test. When you test code that makes HTTP requests, you can use this interface to replace the real OkHttpClient with your own mocks or fakes.

      The interface will also let you use OkHttp's API with another HTTP client's implementation. This is useful in sandboxed environments like Google App Engine.

    • OkHttp now does cookies. We've replaced with a new interface, CookieJar and added our own Cookie model class. This new cookie follows the latest RFC and supports the same cookie attributes as modern web browsers.

    • Form and Multipart bodies are now modeled. We've replaced the opaque FormEncodingBuilder with the more powerful FormBody and FormBody.Builder combo. Similarly we've upgraded MultipartBuilder into MultipartBody, MultipartBody.Part, and MultipartBody.Builder.

    • The Apache HTTP client and HttpURLConnection APIs are deprecated. They continue to work as they always have, but we're moving everything to the new OkHttp 3 API. The okhttp-apache and okhttp-urlconnection modules should be only be used to accelerate a transition to OkHttp's request/response API. These deprecated modules will be dropped in an upcoming OkHttp 3.x release.

    • Canceling batches of calls is now the application's responsibility. The API to cancel calls by tag has been removed and replaced with a more general mechanism. The dispatcher now exposes all in-flight calls via its runningCalls() and queuedCalls() methods. You can write code that selects calls by tag, host, or whatever, and invokes Call.cancel() on the ones that are no longer necessary.

    • OkHttp no longer uses the global by default. We've changed our Authenticator interface to authenticate web and proxy authentication failures through a single method. An adapter for the old authenticator is available in the okhttp-urlconnection module.

    • Fix: Don't throw IOException on ResponseBody.contentLength() or close().

    • Fix: Never throw converting an HttpUrl to a This changes the uri() method to handle malformed percent-escapes and characters forbidden by URI.

    • Fix: When a connect times out, attempt an alternate route. Previously route selection was less efficient when differentiating failures.

    • New: Response.peekBody() lets you access the response body without consuming it. This may be handy for interceptors!

    • New: HttpUrl.newBuilder() resolves a link to a builder.

    • New: Add the TLS version to the Handshake.

    • New: Drop Request.uri() and Request#urlString(). Just use Request.url().uri() and Request.url().toString().

    • New: Add URL to HTTP response logging.

    • New: Make HttpUrl the blessed URL method of Request.

  • v2.7.5 Changes


    • Fix: Change the certificate pinner to always build full chains. This prevents a potential crash when using certificate pinning with the Google Play Services security provider.
  • v2.7.4 Changes


    • Fix: Don't crash when finding the trust manager if the Play Services (GMS) security provider is installed.
    • Fix: The previous release introduced a performance regression on Android, caused by looking up CA certificates. This is now fixed.
  • v2.7.3 Changes


    • Fix: Permit the trusted CA root to be pinned by CertificatePinner.
  • v2.7.2 Changes


    • Fix: Don't eagerly release stream allocations on cache hits. We might still need them to handle redirects.