All Versions
110
Latest Version
Avg Release Cycle
18 days
Latest Release
-

Changelog History
Page 1

  • v5.0.0-alpha.3 Changes

    2021-11-22

    • Fix: Change Headers.toString() to redact authorization and cookie headers.
    • Fix: Don't do DNS to get the hostname for RecordedRequest.requestUrl. This was doing a DNS lookup for the local hostname, but we really just wanted the Host header.
    • Fix: Don't crash with a InaccessibleObjectException when detecting the platform trust manager on Java 17+.
    • Fix: Don't crash if a cookie's value is a lone double quote character.
    • Fix: Don't crash when canceling an event source created by EventSources.processResponse().
    • New: Cache now has a public constructor that takes an [okio.FileSystem]. This should make it possible to implement decorators for cache encryption or compression.
    • New: Cookie.newBuilder() to build upon an existing cookie.
    • New: Use TLSv1.3 when running on JDK 8u261 or newer.
    • New: QueueDispatcher.clear() may be used to reset a MockWebServer instance.
    • New: FileDescriptor.toRequestBody() may be particularly useful for users of Android's Storage Access Framework.
    • Upgrade: [Kotlin 1.5.31][kotlin_1_5_31].
    • Upgrade: [Okio 3.0.0][okio_3_0_0].
  • v5.0.0-alpha.2 Changes

    2021-01-30

    πŸš€ In this release MockWebServer has a new Maven coordinate and package name. A longstanding 🀑 problem with MockWebServer has been its API dependency on JUnit 4. We've reorganized things to βœ‚ remove that dependency while preserving backwards compatibility.

    πŸ“¦ | Maven Coordinate | Package Name | Description | | :------------------------------------------------------- | :-------------------- | :-------------------------------- | 🀑 | com.squareup.okhttp3:mockwebserver3:5.0.0-alpha.2 | mockwebserver3 | Core module. No JUnit dependency! | 🀑 | com.squareup.okhttp3:mockwebserver3-junit4:5.0.0-alpha.2 | mockwebserver3.junit4 | Optional JUnit 4 integration. | 🀑 | com.squareup.okhttp3:mockwebserver3-junit5:5.0.0-alpha.2 | mockwebserver3.junit5 | Optional JUnit 5 integration. | 🀑 | com.squareup.okhttp3:mockwebserver:5.0.0-alpha.2 | okhttp3.mockwebserver | Obsolete. Depends on JUnit 4. |

    πŸ“¦ The new APIs use mockwebserver3 in both the Maven coordinate and package name. This new API is not stable and will likely change before the final 5.0.0 release.

    ⚑️ If you have code that subclasses okhttp3.mockwebserver.QueueDispatcher, this update is not source πŸ“¦ or binary compatible. Migrating to the new mockwebserver3 package will fix this problem.

    • New: DNS over HTTPS is now a stable feature of OkHttp. We introduced this as an experimental module in 2018. We are confident in its stable API and solid implementation.
    • Fix: Work around a crash in Android 10 and 11 that may be triggered when two threads concurrently close an SSL socket. This would have appeared in crash logs as NullPointerException: bio == null.
    • Fix: Use plus + instead of %20 to encode space characters in FormBody. This was a longstanding bug in OkHttp. The fix makes OkHttp consistent with major web browsers.
    • Fix: Don't crash if Conscrypt returns a null version.
    • Fix: Include the public suffix data as a resource in GraalVM native images.
    • Fix: Fail fast when the cache is corrupted.
    • Fix: Fail fast when a private key cannot be encoded.
    • Fix: Fail fast when attempting to verify a non-ASCII hostname.
    • Upgrade: [GraalVM 21][graalvm_21].
    • Upgrade: [Kotlin 1.4.20][kotlin_1_4_20].
  • v5.0.0-alpha.1 Changes

    2021-01-30

    πŸš€ This release adds initial support for [GraalVM][graalvm].

    GraalVM is an exciting new platform and we're eager to adopt it. The startup time improvements over the JVM are particularly impressive. Try it with okcurl:

    $ ./gradlew okcurl:nativeImage
    $ ./okcurl/build/graal/okcurl https://cash.app/robots.txt
    

    πŸš€ This is our first release that supports GraalVM. Our code on this platform is less mature than JVM and Android! Please report any issues you encounter: we'll fix them urgently.

    • Fix: Attempt to read the response body even if the server canceled the request. This will cause some calls to return nice error codes like HTTP/1.1 429 Too Many Requests instead of transport errors like SocketException: Connection reset and StreamResetException: stream was reset: CANCEL.
    • New: Support OSGi metadata.
    • Upgrade: [Okio 2.9.0][okio_2_9_0].

      implementation("com.squareup.okio:okio:2.9.0")
      

    πŸš€ Note that this was originally released on 2020-10-06 as 4.10.0-RC1. The only change from that πŸš€ release is the version name.

  • v4.10.0-RC1 Changes

    2020-10-06

    πŸš€ This release candidate adds support for [GraalVM][graalvm].

    GraalVM is an exciting new platform and we're eager to adopt it. The startup time improvements over the JVM are particularly impressive. Try it with okcurl:

    $ ./gradlew okcurl:nativeImage
    $ ./okcurl/build/graal/okcurl https://cash.app/robots.txt
    

    πŸš€ This is our first release that supports GraalVM. Our code on this platform is less mature than JVM and Android! Please report any issues you encounter: we'll fix them urgently.

    • Fix: Attempt to read the response body even if the server canceled the request. This will cause some calls to return nice error codes like HTTP/1.1 429 Too Many Requests instead of transport errors like SocketException: Connection reset and StreamResetException: stream was reset: CANCEL.
    • New: Support OSGi metadata.
    • Upgrade: [Okio 2.9.0][okio_2_9_0].

      implementation("com.squareup.okio:okio:2.9.0")
      
  • v4.9.3 Changes

    2021-11-21

    • Fix: Don't fail HTTP/2 responses if they complete before a RST_STREAM is sent.
  • v4.9.2 Changes

    2021-09-30

    • Fix: Don't include potentially-sensitive header values in Headers.toString() or exceptions. This applies to Authorization, Cookie, Proxy-Authorization, and Set-Cookie headers.
    • Fix: Don't crash with an InaccessibleObjectException when running on JDK17+ with strong encapsulation enabled.
    • Fix: Strictly verify hostnames used with OkHttp's HostnameVerifier. Programs that make direct manual calls to HostnameVerifier could be defeated if the hostnames they pass in are not strictly ASCII. This issue is tracked as [CVE-2021-0341].
  • v4.9.1 Changes

    2021-01-30

    • Fix: Work around a crash in Android 10 and 11 that may be triggered when two threads concurrently close an SSL socket. This would have appeared in crash logs as NullPointerException: bio == null.
  • v4.9.0 Changes

    2020-09-11

    πŸš€ With this release, okhttp-tls no longer depends on Bouncy Castle and doesn't install the πŸ”’ Bouncy Castle security provider. If you still need it, you can do it yourself:

    Security.addProvider(BouncyCastleProvider())
    

    πŸ”§ You will also need to configure this dependency:

    dependencies {
      implementation "org.bouncycastle:bcprov-jdk15on:1.65"
    }
    
    • Upgrade: [Kotlin 1.4.10][kotlin_1_4_10]. We now use Kotlin 1.4.x [functional interfaces][fun_interface] for Authenticator, Interceptor, and others.
    • Upgrade: Build with Conscrypt 2.5.1.
  • v4.8.1 Changes

    2020-08-06

    • Fix: Don't crash in HeldCertificate.Builder when creating certificates on older versions of Android, including Android 6. We were using a feature of SimpleDateFormat that wasn't available in those versions!
  • v4.8.0 Changes

    2020-07-11

    • New: Change HeldCertificate.Builder to use its own ASN.1 certificate encoder. This is part of our effort to remove the okhttp-tls module's dependency on Bouncy Castle. We think Bouncy Castle is great! But it's a large dependency (6.5 MiB) and its security provider feature impacts VM-wide behavior.

    • New: Reduce contention for applications that make a very high number of concurrent requests. Previously OkHttp used its connection pool as a lock when making changes to connections and calls. With this change each connection is locked independently.

    • Upgrade: [Okio 2.7.0][okio_2_7_0].

      implementation("com.squareup.okio:okio:2.7.0")
      
    • Fix: Avoid log messages like "Didn't find class org.conscrypt.ConscryptHostnameVerifier" when detecting the TLS capabilities of the host platform.

    • Fix: Don't crash in HttpUrl.topPrivateDomain() when the hostname is malformed.

    • Fix: Don't attempt Brotli decompression if the response body is empty.