square/okhttp
### [`v4.5.0`](https://togithub.com/square/okhttp/blob/master/CHANGELOG.md#Version-450)
_2020-04-06_
**This release fixes a severe bug where OkHttp incorrectly detected and recovered from unhealthy
connections.** Stale or canceled connections were incorrectly attempted when they shouldn't have
been, leading to rare cases of infinite retries. Please upgrade to this release!
- Fix: don't return stale DNS entries in `DnsOverHttps`. We were caching DNS results indefinitely
rather than the duration specified in the response's cache-control header.
- Fix: Verify certificate IP addresses in canonical form. When a server presents a TLS certificate
containing an IP address we must match that address against the URL's IP address, even when the
two addresses are encoded differently, such as `192.168.1.1` and `0::0:0:FFFF:C0A8:101`. Note
that OkHttp incorrectly rejected valid certificates resulting in a failure to connect; at no
point were invalid certificates accepted.
- New: `OkHttpClient.Builder.minWebSocketMessageToCompress()` configures a threshold for
compressing outbound web socket messages. Configure this with 0L to always compress outbound
messages and `Long.MAX_VALUE` to never compress outbound messages. The default is 1024L which
compresses messages of size 1 KiB and larger. (Inbound messages are compressed or not based on
the web socket server's configuration.)
- New: Defer constructing `Inflater` and `Deflater` instances until they are needed. This saves
memory if web socket compression is negotiated but not used.
### [`v4.4.1`](https://togithub.com/square/okhttp/blob/master/CHANGELOG.md#Version-441)
_2020-03-08_
- Fix: Don't reuse a connection on redirect if certs match but DNS does not. For better
locality and performance OkHttp attempts to use the same pooled connection across redirects and
follow-ups. It independently shares connections when the IP addresses and certificates match,
even if the host names do not. In 4.4.0 we introduced a regression where we shared a connection
when certificates matched but the DNS addresses did not. This would only occur when following a
redirect from one hostname to another, and where both hosts had common certificates.
- Fix: Don't fail on a redirect when a client has configured a 'trust everything' trust manager.
Typically this would cause certain redirects to fail in debug and development configurations.
Renovate configuration
:date: Schedule: At any time (no schedule defined).
:vertical_traffic_light: Automerge: Disabled by config. Please merge this manually once you are satisfied.
:recycle: Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
:no_bell: Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
4.4.0
->4.5.0
Release Notes
square/okhttp
### [`v4.5.0`](https://togithub.com/square/okhttp/blob/master/CHANGELOG.md#Version-450) _2020-04-06_ **This release fixes a severe bug where OkHttp incorrectly detected and recovered from unhealthy connections.** Stale or canceled connections were incorrectly attempted when they shouldn't have been, leading to rare cases of infinite retries. Please upgrade to this release! - Fix: don't return stale DNS entries in `DnsOverHttps`. We were caching DNS results indefinitely rather than the duration specified in the response's cache-control header. - Fix: Verify certificate IP addresses in canonical form. When a server presents a TLS certificate containing an IP address we must match that address against the URL's IP address, even when the two addresses are encoded differently, such as `192.168.1.1` and `0::0:0:FFFF:C0A8:101`. Note that OkHttp incorrectly rejected valid certificates resulting in a failure to connect; at no point were invalid certificates accepted. - New: `OkHttpClient.Builder.minWebSocketMessageToCompress()` configures a threshold for compressing outbound web socket messages. Configure this with 0L to always compress outbound messages and `Long.MAX_VALUE` to never compress outbound messages. The default is 1024L which compresses messages of size 1 KiB and larger. (Inbound messages are compressed or not based on the web socket server's configuration.) - New: Defer constructing `Inflater` and `Deflater` instances until they are needed. This saves memory if web socket compression is negotiated but not used. ### [`v4.4.1`](https://togithub.com/square/okhttp/blob/master/CHANGELOG.md#Version-441) _2020-03-08_ - Fix: Don't reuse a connection on redirect if certs match but DNS does not. For better locality and performance OkHttp attempts to use the same pooled connection across redirects and follow-ups. It independently shares connections when the IP addresses and certificates match, even if the host names do not. In 4.4.0 we introduced a regression where we shared a connection when certificates matched but the DNS addresses did not. This would only occur when following a redirect from one hostname to another, and where both hosts had common certificates. - Fix: Don't fail on a redirect when a client has configured a 'trust everything' trust manager. Typically this would cause certain redirects to fail in debug and development configurations.Renovate configuration
:date: Schedule: At any time (no schedule defined).
:vertical_traffic_light: Automerge: Disabled by config. Please merge this manually once you are satisfied.
:recycle: Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
:no_bell: Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.