v3.14.8April 29, 2020
v3.14.7February 25, 2020
v3.14.6January 12, 2020
v3.14.5January 03, 2020
v3.14.4September 29, 2019
v3.14.3September 10, 2019
Fix: Lock in a route when recovering from an HTTP/2 connection error. We had a bug where two calls that failed at the same time could cause OkHttp to crash with a
NoSuchElementExceptioninstead of the expected
Fix: Don't crash with a
NullPointerExceptionwhen formatting an error message describing a truncated response from an HTTPS proxy.
Fix: Don't crash when an interceptor retries when there are no more routes. This was an edge-case regression introduced with the events cleanup in 3.14.0.
Fix: Provide actionable advice when the exchange is non-null. Prior to 3.14, OkHttp would silently leak connections when an interceptor retries without closing the response body. With 3.14 we detect this problem but the exception was not helpful.
This release deletes the long-deprecated
OkApacheClientAPIs. These facades hide OkHttp's implementation behind another client's API. If you still need this please copy and paste [ObsoleteUrlFactory.java][obsolete_url_factory] or [ObsoleteApacheClient.java][obsolete_apache_client] into your project.
OkHttp now supports duplex calls over HTTP/2. With normal HTTP calls the request must finish before the response starts. With duplex, request and response bodies are transmitted simultaneously. This can be used to implement interactive conversations within a single HTTP call.
Create duplex calls by overriding the new
RequestBody.isDuplex()method to return true. This simple option dramatically changes the behavior of the request body and of the entire call.
RequestBody.writeTo()method may now retain a reference to the provided sink and hand it off to another thread to write to it after
EventListenermay now see requests and responses interleaved in ways not previously permitted. For example, a listener may receive
requestBodyEnd(), both on the same call. Such events may be triggered by different threads even for a single call.
Interceptors that rewrite or replace the request body may now inadvertently interfere with duplex request bodies. Such interceptors should check
RequestBody.isDuplex()and avoid accessing the request body when it is.
Duplex calls require HTTP/2. If HTTP/1 is established instead the duplex call will fail. The most common use of duplex calls is [gRPC][grpc_http2].
New: Prevent OkHttp from retransmitting a request body by overriding
RequestBody.isOneShot(). This is most useful when writing the request body is destructive.
New: We've added
EventListener. These are called instead of
responseBodyEnd()in some failure situations. They may also be fired in cases where no event was published previously. In this release we did an internal rewrite of our event code to fix problems where events were lost or unbalanced.
Fix: Don't leak a connection when a call is canceled immediately preceding the
Fix: Apply call timeouts when connecting duplex calls, web sockets, and server-sent events. Once the streams are established no further timeout is enforced.
Fix: Retain the
Routewhen a connection is reused on a redirect or other follow-up. This was causing some
Authenticatorcalls to see a null route when non-null was expected.
Fix: Use the correct key size in the name of
TLS_AES_128_CCM_8_SHA256which is a TLS 1.3 cipher suite. We accidentally specified a key size of 256, preventing that cipher suite from being selected for any TLS handshakes. We didn't notice because this cipher suite isn't supported on Android, Java, or Conscrypt.
We removed this cipher suite and
TLS_AES_128_CCM_SHA256from the restricted, modern, and compatible sets of cipher suites. These two cipher suites aren't enabled by default in either Firefox or Chrome.
See our [TLS Configuration History][tls_configuration_history] tracker for a log of all changes to OkHttp's default TLS options.
New: Upgrade to Conscrypt 2.0.0. OkHttp works with other versions of Conscrypt but this is the version we're testing against.
New: Update the embedded public suffixes list.
- Fix: Don't crash when using a custom
SSLSocketon Android. When we removed obsolete code for Android 4.4 we inadvertently also removed support for custom subclasses. We've restored that support!
- Fix: Don't crash when using a custom