All Versions
117
Latest Version
Avg Release Cycle
18 days
Latest Release
-

Changelog History
Page 3

  • v4.6.0 Changes

    April 29, 2020

    2020-04-28

    • Fix: Follow HTTP 307 and 308 redirects on methods other than GET and POST. We're reluctant to change OkHttp's behavior in handling common HTTP status codes, but this fix is overdue! The new behavior is now consistent with [RFC 7231][rfc_7231_647], which is newer than OkHttp itself. If you want this update with the old behavior use [this interceptor][legacy_interceptor].

    • Fix: Don't crash decompressing web sockets messages. We had a bug where we assumed deflated bytes in would always yield deflated bytes out and this isn't always the case!

    • Fix: Reliably update and invalidate the disk cache on windows. As originally designed our internal DiskLruCache assumes an inode-like file system, where it's fine to delete files that are currently being read or written. On Windows the file system forbids this so we must be more careful when deleting and renaming files.

    • Fix: Don't crash on Java 8u252 which introduces an API previously found only on Java 9 and above. See [Jetty's overview][jetty_8_252] of the API change and its consequences.

    • New: MultipartReader is a streaming decoder for [MIME multipart (RFC 2045)][rfc_2045] messages. It complements MultipartBody which is our streaming encoder.

      val response: Response = call.execute()
val multipartReader = MultipartReader(response.body!!)

multipartReader.use {
  while (true) {
    val part = multipartReader.nextPart() ?: break
    process(part.headers, part.body)
  }
}

    • New: MediaType.parameter() gets a parameter like boundary from a media type like multipart/mixed; boundary="abc".

    • New: Authenticator.JAVA_NET_AUTHENTICATOR forwards authentication requests to java.net.Authenticator. This obsoletes JavaNetAuthenticator in the okhttp-urlconnection module.

    • New: CertificatePinner now offers an API for inspecting the configured pins.

    • Upgrade: [Okio 2.6.0][okio_2_6_0].

      implementation("com.squareup.okio:okio:2.6.0")

    • Upgrade: [publicsuffix.org data][public_suffix]. This powers HttpUrl.topPrivateDomain(). It's also how OkHttp knows which domains can share cookies with one another.

    • Upgrade: [Bouncy Castle 1.65][bouncy_castle_releases]. This dependency is required by the okhttp-tls module.

    • Upgrade: [Kotlin 1.3.71][kotlin_1_3_71].

  • v4.5.0 Changes

    April 06, 2020

    2020-04-06

    πŸš€ This release fixes a severe bug where OkHttp incorrectly detected and recovered from unhealthy connections. Stale or canceled connections were incorrectly attempted when they shouldn't have πŸš€ been, leading to rare cases of infinite retries. Please upgrade to this release!

    • Fix: don't return stale DNS entries in DnsOverHttps. We were caching DNS results indefinitely rather than the duration specified in the response's cache-control header.
    • Fix: Verify certificate IP addresses in canonical form. When a server presents a TLS certificate containing an IP address we must match that address against the URL's IP address, even when the two addresses are encoded differently, such as 192.168.1.1 and 0::0:0:FFFF:C0A8:101. Note that OkHttp incorrectly rejected valid certificates resulting in a failure to connect; at no point were invalid certificates accepted.
    • New: OkHttpClient.Builder.minWebSocketMessageToCompress() configures a threshold for compressing outbound web socket messages. Configure this with 0L to always compress outbound messages and Long.MAX_VALUE to never compress outbound messages. The default is 1024L which compresses messages of size 1 KiB and larger. (Inbound messages are compressed or not based on the web socket server's configuration.)
    • New: Defer constructing Inflater and Deflater instances until they are needed. This saves memory if web socket compression is negotiated but not used.

  • v4.5.0-RC1 Changes

    March 18, 2020

    2020-03-17

    πŸš€ This release candidate turns on web socket compression.

    The [spec][rfc_7692] includes a sophisticated mechanism for client and server to negotiate 🐎 compression features. We strive to offer great performance in our default configuration and so we're πŸš€ making compression the default for everyone starting with this release candidate.

    πŸš€ Please be considerate of your servers and their operators as you roll out this release. Compression πŸ’Ύ saves bandwidth but it costs CPU and memory! If you run into a problem you may need to adjust or disable the permessage-deflate compression settings on your server.

    Note that OkHttp won't use compression when sending messages smaller than 1 KiB.

    • Fix: Don't crash when the URL hostname contains an underscore on Android.
    • Fix: Change HTTP/2 to use a daemon thread for its socket reader. If you've ever seen a command line application hang after all of the work is done, it may be due to a non-daemon thread like this one.
    • New: Include suppressed exceptions when all routes to a target service fail.

  • v4.4.1 Changes

    March 08, 2020

    2020-03-08

    • Fix: Don't reuse a connection on redirect if certs match but DNS does not. For better locality and performance OkHttp attempts to use the same pooled connection across redirects and follow-ups. It independently shares connections when the IP addresses and certificates match, even if the host names do not. In 4.4.0 we introduced a regression where we shared a connection when certificates matched but the DNS addresses did not. This would only occur when following a redirect from one hostname to another, and where both hosts had common certificates.

    • Fix: Don't fail on a redirect when a client has configured a 'trust everything' trust manager. Typically this would cause certain redirects to fail in debug and development configurations.

  • v4.4.0 Changes

    February 17, 2020

    2020-02-17

    • New: Support canceled() as an event that can be observed by EventListener. This should be useful for splitting out canceled calls in metrics.

    • New: Publish a [bill of materials (BOM)][bom] for OkHttp. Depend on this from Gradle or Maven to keep all of your OkHttp artifacts on the same version, even if they're declared via transitive dependencies. You can even omit versions when declaring other OkHttp dependencies.

      dependencies {
   api(platform("com.squareup.okhttp3:okhttp-bom:4.4.0"))
   api("com.squareup.okhttp3:okhttp")              // No version!
   api("com.squareup.okhttp3:logging-interceptor") // No version!
}

    • New: Upgrade to Okio 2.4.3.

      implementation("com.squareup.okio:okio:2.4.3")

    • Fix: Limit retry attempts for HTTP/2 REFUSED_STREAM and CANCEL failures.

    • Fix: Retry automatically when incorrectly sharing a connection among multiple hostnames. OkHttp shares connections when hosts share both IP addresses and certificates, such as squareup.com and www.squareup.com. If a server refuses such sharing it will return HTTP 421 and OkHttp will automatically retry on an unshared connection.

    • Fix: Don't crash if a TLS tunnel's response body is truncated.

    • Fix: Don't track unusable routes beyond their usefulness. We had a bug where we could track certain bad routes indefinitely; now we only track the ones that could be necessary.

    • Fix: Defer proxy selection until a proxy is required. This saves calls to ProxySelector on calls that use a pooled connection.

  • v4.3.1 Changes

    January 07, 2020

    2019-01-07

    • Fix: Don't crash with a NullPointerException when a web socket is closed before it connects. This regression was introduced in OkHttp 4.3.0.
    • Fix: Don't crash with an IllegalArgumentException when using custom trust managers on Android 10. Android uses reflection to look up a magic checkServerTrusted() method and we didn't have it.
    • Fix: Explicitly specify the remote server name when making HTTPS connections on Android 5. In 4.3.0 we introduced a regression where server name indication (SNI) was broken on Android 5.

  • v4.3.0 Changes

    December 31, 2019

    2019-12-31

    • Fix: Degrade HTTP/2 connections after a timeout. When an HTTP/2 stream times out it may impact the stream only or the entire connection. With this fix OkHttp will now send HTTP/2 pings after a stream timeout to determine whether the connection should remain eligible for pooling.

    • Fix: Don't call EventListener.responseHeadersStart() or responseBodyStart() until bytes have been received. Previously these events were incorrectly sent too early, when OkHttp was ready to read the response headers or body, which mislead tracing tools. Note that the responseFailed() event always used to follow one of these events; now it may be sent without them.

    • New: Upgrade to Kotlin 1.3.61.

    • New: Match any number of subdomains with two asterisks in CertificatePinner. For example, **.squareup.com matches us-west.www.squareup.com, www.squareup.com and squareup.com.

    • New: Share threads more aggressively between OkHttp's HTTP/2 connections, connection pool, web sockets, and cache. OkHttp has a new internal task runner abstraction for managed task scheduling. In your debugger you will see new thread names and more use of daemon threads.

    • Fix: Don't drop callbacks on unexpected exceptions. When an interceptor throws an unchecked exception the callback is now notified that the call was canceled. The exception is still sent to the uncaught exception handler for reporting and recovery.

    • Fix: Un-deprecate MockResponse.setHeaders() and other setters. These were deprecated in OkHttp 4.0 but that broke method chaining for Java callers.

    • Fix: Don't crash on HTTP/2 HEAD requests when the Content-Length header is present but is not consistent with the length of the response body.

    • Fix: Don't crash when converting a HttpUrl instance with an unresolvable hostname to a URI. The new behavior strips invalid characters like " and { from the hostname before converting.

    • Fix: Undo a performance regression introduced in OkHttp 4.0 caused by differences in behavior between Kotlin's assert() and Java's assert(). (Kotlin always evaluates the argument; Java only does when assertions are enabled.)

    • Fix: Honor RequestBody.isOneShot() in HttpLoggingInterceptor.

  • v4.2.2 Changes

    October 06, 2019

    2019-10-06

    • Fix: When closing a canceled HTTP/2 stream, don't send the END_STREAM flag. This could cause the server to incorrectly interpret the stream as having completed normally. This is most useful when a request body needs to cancel its own call.

  • v4.2.1 Changes

    October 02, 2019

    2019-10-02

    • Fix: In 4.1.0 we introduced a performance regression that prevented connections from being pooled in certain situations. We have good test coverage for connection pooling but we missed this because it only occurs if you have proxy configured and you share a connection pool among multiple OkHttpClient instances.

      This particularly-subtle bug was caused by us assigning each OkHttpClient instance its own NullProxySelector when an explicit proxy is configured. But we don't share connections when the proxy selectors are different. Ugh!

  • v4.2.0 Changes

    September 10, 2019

    2019-09-10

    • New: API to decode a certificate and private key to create a HeldCertificate. This accepts a string containing both a certificate and PKCS #8-encoded private key.

      val heldCertificate = HeldCertificate.decode("""
    |-----BEGIN CERTIFICATE-----
    |MIIBYTCCAQegAwIBAgIBKjAKBggqhkjOPQQDAjApMRQwEgYDVQQLEwtlbmdpbmVl
    |cmluZzERMA8GA1UEAxMIY2FzaC5hcHAwHhcNNzAwMTAxMDAwMDA1WhcNNzAwMTAx
    |MDAwMDEwWjApMRQwEgYDVQQLEwtlbmdpbmVlcmluZzERMA8GA1UEAxMIY2FzaC5h
    |cHAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASda8ChkQXxGELnrV/oBnIAx3dD
    |ocUOJfdz4pOJTP6dVQB9U3UBiW5uSX/MoOD0LL5zG3bVyL3Y6pDwKuYvfLNhoyAw
    |HjAcBgNVHREBAf8EEjAQhwQBAQEBgghjYXNoLmFwcDAKBggqhkjOPQQDAgNIADBF
    |AiAyHHg1N6YDDQiY920+cnI5XSZwEGhAtb9PYWO8bLmkcQIhAI2CfEZf3V/obmdT
    |yyaoEufLKVXhrTQhRfodTeigi4RX
    |-----END CERTIFICATE-----
    |-----BEGIN PRIVATE KEY-----
    |MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCA7ODT0xhGSNn4ESj6J
    |lu/GJQZoU9lDrCPeUcQ28tzOWw==
    |-----END PRIVATE KEY-----
    """.trimMargin())
val handshakeCertificates = HandshakeCertificates.Builder()
    .heldCertificate(heldCertificate)
    .build()
val server = MockWebServer()
server.useHttps(handshakeCertificates.sslSocketFactory(), false)

      Get these strings with HeldCertificate.certificatePem() and privateKeyPkcs8Pem().

    • Fix: Handshake now returns peer certificates in canonical order: each certificate is signed by the certificate that follows and the last certificate is signed by a trusted root.

    • Fix: Don't lose HTTP/2 flow control bytes when incoming data races with a stream close. If this happened enough then eventually the connection would stall.

    • Fix: Acknowledge and apply inbound HTTP/2 settings atomically. Previously we had a race where we could use new flow control capacity before acknowledging it, causing strict HTTP/2 servers to fail the call.