OkHttp changelog

Changelog History

Page 2

• v4.10.0-RC1 Changes

  2020-10-06

  🚀 This release candidate adds support for [GraalVM][graalvm].

  GraalVM is an exciting new platform and we're eager to adopt it. The startup time improvements over the JVM are particularly impressive. Try it with okcurl:

  $ ./gradlew okcurl:nativeImage
  $ ./okcurl/build/graal/okcurl https://cash.app/robots.txt
  

  🚀 This is our first release that supports GraalVM. Our code on this platform is less mature than JVM and Android! Please report any issues you encounter: we'll fix them urgently.

  • Fix: Attempt to read the response body even if the server canceled the request. This will cause some calls to return nice error codes like HTTP/1.1 429 Too Many Requests instead of transport errors like SocketException: Connection reset and StreamResetException: stream was reset: CANCEL.
  • New: Support OSGi metadata.

  • Upgrade: [Okio 2.9.0][okio_2_9_0].

    implementation("com.squareup.okio:okio:2.9.0")
    

• v4.9.3 Changes

  2021-11-21

  • Fix: Don't fail HTTP/2 responses if they complete before a RST_STREAM is sent.

• v4.9.2 Changes

  2021-09-30

  • Fix: Don't include potentially-sensitive header values in Headers.toString() or exceptions. This applies to Authorization, Cookie, Proxy-Authorization, and Set-Cookie headers.
  • Fix: Don't crash with an InaccessibleObjectException when running on JDK17+ with strong encapsulation enabled.
  • Fix: Strictly verify hostnames used with OkHttp's HostnameVerifier. Programs that make direct manual calls to HostnameVerifier could be defeated if the hostnames they pass in are not strictly ASCII. This issue is tracked as [CVE-2021-0341].

• v4.9.1 Changes

  2021-01-30

  • Fix: Work around a crash in Android 10 and 11 that may be triggered when two threads concurrently close an SSL socket. This would have appeared in crash logs as NullPointerException: bio == null.

• v4.9.0 Changes

  2020-09-11

  🚀 With this release, okhttp-tls no longer depends on Bouncy Castle and doesn't install the 🔒 Bouncy Castle security provider. If you still need it, you can do it yourself:

  Security.addProvider(BouncyCastleProvider())
  

  🔧 You will also need to configure this dependency:

  dependencies {
    implementation "org.bouncycastle:bcprov-jdk15on:1.65"
  }
  

  • Upgrade: [Kotlin 1.4.10][kotlin_1_4_10]. We now use Kotlin 1.4.x [functional interfaces][fun_interface] for Authenticator, Interceptor, and others.
  • Upgrade: Build with Conscrypt 2.5.1.

• v4.8.1 Changes

  2020-08-06

  • Fix: Don't crash in HeldCertificate.Builder when creating certificates on older versions of Android, including Android 6. We were using a feature of SimpleDateFormat that wasn't available in those versions!

• v4.8.0 Changes

  2020-07-11

  • New: Change HeldCertificate.Builder to use its own ASN.1 certificate encoder. This is part of our effort to remove the okhttp-tls module's dependency on Bouncy Castle. We think Bouncy Castle is great! But it's a large dependency (6.5 MiB) and its security provider feature impacts VM-wide behavior.

  • New: Reduce contention for applications that make a very high number of concurrent requests. Previously OkHttp used its connection pool as a lock when making changes to connections and calls. With this change each connection is locked independently.

  • Upgrade: [Okio 2.7.0][okio_2_7_0].

    implementation("com.squareup.okio:okio:2.7.0")
    

  • Fix: Avoid log messages like "Didn't find class org.conscrypt.ConscryptHostnameVerifier" when detecting the TLS capabilities of the host platform.

  • Fix: Don't crash in HttpUrl.topPrivateDomain() when the hostname is malformed.

  • Fix: Don't attempt Brotli decompression if the response body is empty.

• v4.7.2 Changes

  May 20, 2020

  2020-05-20

  • Fix: Don't crash inspecting whether the host platform is JVM or Android. With 4.7.0 and 4.7.1 we had a crash IllegalArgumentException: Not a Conscrypt trust manager because we depended on initialization order of companion objects.

• v4.7.1 Changes

  May 18, 2020

  2020-05-18

  • Fix: Pass the right arguments in the trust manager created for addInsecureHost(). Without the fix insecure hosts crash with an IllegalArgumentException on Android.

• v4.7.0 Changes

  May 17, 2020

  2020-05-17

  • New: HandshakeCertificates.Builder.addInsecureHost() makes it easy to turn off security in private development environments that only carry test data. Prefer this over creating an all-trusting TrustManager because only hosts on the allowlist are insecure. From [our DevServer sample][dev_server]:

    val clientCertificates = HandshakeCertificates.Builder()
        .addPlatformTrustedCertificates()
        .addInsecureHost("localhost")
        .build()
    
    val client = OkHttpClient.Builder()
        .sslSocketFactory(clientCertificates.sslSocketFactory(), clientCertificates.trustManager)
        .build()
    

  • New: Add cacheHit, cacheMiss, and cacheConditionalHit() events to EventListener. Use these in logs, metrics, and even test cases to confirm your cache headers are configured as expected.

  • New: Constant string okhttp3.VERSION. This is a string like "4.5.0-RC1", "4.5.0", or "4.6.0-SNAPSHOT" indicating the version of OkHttp in the current runtime. Use this to include the OkHttp version in custom User-Agent headers.

  • Fix: Don't crash when running as a plugin in Android Studio Canary 4.1. To enable platform-specific TLS features OkHttp must detect whether it's running in a JVM or in Android. The upcoming Android Studio runs in a JVM but has classes from Android and that confused OkHttp!

  • Fix: Include the header Accept: text/event-stream for SSE calls. This header is not added if the request already contains an Accept header.

  • Fix: Don't crash with a NullPointerException if a server sends a close while we're sending a ping. OkHttp had a race condition bug.

• « First
• ‹ Prev
• 1
• 2
• 3
• 4
• 5
• 6
• Next ›
• Last »