square/okhttp (com.squareup.okhttp3:okhttp)
### [`v5.0.0-alpha.12`](https://togithub.com/square/okhttp/blob/HEAD/CHANGELOG.md#Version-500-alpha12)
*2023-12-17*
We took too long to cut this release and there's a lot of changes in it. We've been busy.
Although this release is labeled *alpha*, the only unstable thing in it is our new APIs. This
release has many critical bug fixes and is safe to run in production. We're eager to stabilize our
new APIs so we can get out of alpha.
- New: Support Java 21's virtual threads (‘OpenJDK Project Loom’). We changed OkHttp's internals
to use `Lock` and `Condition` instead of `synchronized` for best resource utilization.
- New: Switch our Internationalized Domain Name (IDN) implementation to \[UTS [#46](https://togithub.com/square/okhttp/issues/46) Nontransitional
Processing]\[uts46]. With this fix, the `ß` code point no longer maps to `ss`. OkHttp now embeds
its own IDN mapping table in the library.
- New: Prefer the client's configured precedence order for TLS cipher suites. (OkHttp used to
prefer the JDK’s precedence order.) This change may cause your HTTP calls to negotiate a
different cipher suite than before! OkHttp's defaults cipher suites are selected for good
security and performance.
- New: `ConnectionListener` publishes events for connects, disconnects, and use of pooled
connections.
- Fix: Immediately update the connection's flow control window instead of waiting for the
receiving stream to process it.
This change may increase OkHttp's memory use for applications that make many concurrent HTTP
calls and that can receive data faster than they can process it. Previously, OkHttp limited
HTTP/2 to 16 MiB of unacknowledged data per connection. With this fix there is a limit of 16 MiB
of unacknowledged data per stream and no per-connection limit.
- Fix: Don't close a `Deflater` while we're still using it to compress a web socket message. We
had a severe bug where web sockets were closed on the wrong thread, which caused
`NullPointerException` crashes in `Deflater`.
- Fix: Don't crash after a web socket fails its connection upgrade. We incorrectly released
the web socket's connections back to the pool before their resources were cleaned up.
- Fix: Don't infinite loop when a received web socket message has self-terminating compressed
data.
- Fix: Don't fail the call when the response code is ‘HTTP 102 Processing’ or ‘HTTP 103 Early
Hints’.
- Fix: Honor interceptors' changes to connect and read timeouts.
- Fix: Recover gracefully when a cached response is corrupted on disk.
- Fix: Don't leak file handles when a cache disk write fails.
- Fix: Don't hang when the public suffix database cannot be loaded. We had a bug where a failure
reading the public suffix database would cause subsequent reads to hang when they should have
crashed.
- Fix: Avoid `InetAddress.getCanonicalHostName()` in MockWebServer. This avoids problems if the
host machine's IP address has additional DNS registrations.
- New: Create a JPMS-compatible artifact for `JavaNetCookieJar`. Previously, multiple OkHttp
artifacts defined classes in the `okhttp3` package, but this is forbidden by the Java module
system. We've fixed this with a new package (`okhttp3.java.net.cookiejar`) and a new artifact,
`com.squareup.okhttp3:okhttp-java-net-cookiehandler`. (The original artifact now delegates to
this new one.)
```kotlin
implementation("com.squareup.okhttp3:okhttp-java-net-cookiehandler:5.0.0-alpha.12")
```
- New: `Cookie.sameSite` determines whether cookies should be sent on cross-site requests. This
is used by servers to defend against Cross-Site Request Forgery (CSRF) attacks.
- New: Log the total time of the HTTP call in `HttpLoggingInterceptor`.
- New: `OkHttpClient.Builder` now has APIs that use `kotlin.time.Duration`.
- New: `mockwebserver3.SocketPolicy` is now a sealed interface. This is one of several
backwards-incompatible API changes that may impact early adopters of this alpha API.
- New: `mockwebserver3.Stream` for duplex streams.
- New: `mockwebserver3.MockResponseBody` for streamed response bodies.
- New: `mockwebserver3.MockResponse` is now immutable, with a `Builder`.
- New: `mockwebserver3.RecordedRequest.handshakeServerNames` returns the SNI (Server Name
Indication) attribute from the TLS handshake.
- Upgrade: \[Kotlin 1.9.21]\[kotlin\_1\_9\_21].
- Upgrade: \[Okio 3.7.0]\[okio\_3\_7\_0].
Configuration
📅 Schedule: Branch creation - "after 10pm every weekday,before 5am every weekday,every weekend" in timezone Europe/Bratislava, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
5.0.0-alpha.11
->5.0.0-alpha.12
3.2.0
->3.2.1
Release Notes
square/okhttp (com.squareup.okhttp3:okhttp)
### [`v5.0.0-alpha.12`](https://togithub.com/square/okhttp/blob/HEAD/CHANGELOG.md#Version-500-alpha12) *2023-12-17* We took too long to cut this release and there's a lot of changes in it. We've been busy. Although this release is labeled *alpha*, the only unstable thing in it is our new APIs. This release has many critical bug fixes and is safe to run in production. We're eager to stabilize our new APIs so we can get out of alpha. - New: Support Java 21's virtual threads (‘OpenJDK Project Loom’). We changed OkHttp's internals to use `Lock` and `Condition` instead of `synchronized` for best resource utilization. - New: Switch our Internationalized Domain Name (IDN) implementation to \[UTS [#46](https://togithub.com/square/okhttp/issues/46) Nontransitional Processing]\[uts46]. With this fix, the `ß` code point no longer maps to `ss`. OkHttp now embeds its own IDN mapping table in the library. - New: Prefer the client's configured precedence order for TLS cipher suites. (OkHttp used to prefer the JDK’s precedence order.) This change may cause your HTTP calls to negotiate a different cipher suite than before! OkHttp's defaults cipher suites are selected for good security and performance. - New: `ConnectionListener` publishes events for connects, disconnects, and use of pooled connections. - Fix: Immediately update the connection's flow control window instead of waiting for the receiving stream to process it. This change may increase OkHttp's memory use for applications that make many concurrent HTTP calls and that can receive data faster than they can process it. Previously, OkHttp limited HTTP/2 to 16 MiB of unacknowledged data per connection. With this fix there is a limit of 16 MiB of unacknowledged data per stream and no per-connection limit. - Fix: Don't close a `Deflater` while we're still using it to compress a web socket message. We had a severe bug where web sockets were closed on the wrong thread, which caused `NullPointerException` crashes in `Deflater`. - Fix: Don't crash after a web socket fails its connection upgrade. We incorrectly released the web socket's connections back to the pool before their resources were cleaned up. - Fix: Don't infinite loop when a received web socket message has self-terminating compressed data. - Fix: Don't fail the call when the response code is ‘HTTP 102 Processing’ or ‘HTTP 103 Early Hints’. - Fix: Honor interceptors' changes to connect and read timeouts. - Fix: Recover gracefully when a cached response is corrupted on disk. - Fix: Don't leak file handles when a cache disk write fails. - Fix: Don't hang when the public suffix database cannot be loaded. We had a bug where a failure reading the public suffix database would cause subsequent reads to hang when they should have crashed. - Fix: Avoid `InetAddress.getCanonicalHostName()` in MockWebServer. This avoids problems if the host machine's IP address has additional DNS registrations. - New: Create a JPMS-compatible artifact for `JavaNetCookieJar`. Previously, multiple OkHttp artifacts defined classes in the `okhttp3` package, but this is forbidden by the Java module system. We've fixed this with a new package (`okhttp3.java.net.cookiejar`) and a new artifact, `com.squareup.okhttp3:okhttp-java-net-cookiehandler`. (The original artifact now delegates to this new one.) ```kotlin implementation("com.squareup.okhttp3:okhttp-java-net-cookiehandler:5.0.0-alpha.12") ``` - New: `Cookie.sameSite` determines whether cookies should be sent on cross-site requests. This is used by servers to defend against Cross-Site Request Forgery (CSRF) attacks. - New: Log the total time of the HTTP call in `HttpLoggingInterceptor`. - New: `OkHttpClient.Builder` now has APIs that use `kotlin.time.Duration`. - New: `mockwebserver3.SocketPolicy` is now a sealed interface. This is one of several backwards-incompatible API changes that may impact early adopters of this alpha API. - New: `mockwebserver3.Stream` for duplex streams. - New: `mockwebserver3.MockResponseBody` for streamed response bodies. - New: `mockwebserver3.MockResponse` is now immutable, with a `Builder`. - New: `mockwebserver3.RecordedRequest.handshakeServerNames` returns the SNI (Server Name Indication) attribute from the TLS handshake. - Upgrade: \[Kotlin 1.9.21]\[kotlin\_1\_9\_21]. - Upgrade: \[Okio 3.7.0]\[okio\_3\_7\_0].Configuration
📅 Schedule: Branch creation - "after 10pm every weekday,before 5am every weekday,every weekend" in timezone Europe/Bratislava, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate. View repository job log here.