1Change Log
2==========
3
4## Version 2.7.5
5
6_2016-02-25_
7
8 *  Fix: Change the certificate pinner to always build full chains. This
9    prevents a potential crash when using certificate pinning with the Google
10    Play Services security provider.
11
12
13## Version 2.7.4
14
15_2016-02-07_
16
17 *  Fix: Don't crash when finding the trust manager if the Play Services (GMS)
18    security provider is installed.
19 *  Fix: The previous release introduced a performance regression on Android,
20    caused by looking up CA certificates. This is now fixed.
21
22
23## Version 2.7.3
24
25_2016-02-06_
26
27 *  Fix: Permit the trusted CA root to be pinned by `CertificatePinner`.
28
29
30## Version 2.7.2
31
32_2016-01-07_
33
34 *  Fix: Don't eagerly release stream allocations on cache hits. We might still
35    need them to handle redirects.
36
37
38## Version 2.7.1
39
40_2016-01-01_
41
42 *  Fix: Don't do a health check on newly-created connections. This is
43    unnecessary work that could put the client in an inconsistent state if the
44    health check fails.
45
46
47## Version 2.7.0
48
49_2015-12-12_
50
51 *  **Rewritten connection management.** Previously OkHttp's connection pool
52    managed both idle and active connections for HTTP/2, but only idle
53    connections for HTTP/1.x. Wth this update the connection pool manages both
54    idle and active connections for everything. OkHttp now detects and warns on
55    connections that were allocated but never released, and will enforce HTTP/2
56    stream limits. This update also fixes `Call.cancel()` to not do I/O on the
57    calling thread.
58 *  Fix: Don't log gzipped data in the logging interceptor.
59 *  Fix: Don't resolve DNS addresses when connecting through a SOCKS proxy.
60 *  Fix: Drop the synthetic `OkHttp-Selected-Protocol` response header.
61 *  Fix: Support 204 and 205 'No Content' replies in the logging interceptor.
62 *  New: Add `Call.isExecuted()`.
63
64
65## Version 2.6.0
66
67_2015-11-22_
68
69 *  **New Logging Interceptor.** The `logging-interceptor` subproject offers
70    simple request and response logging. It may be configured to log headers and
71    bodies for debugging. It requires this Maven dependency:
72
73     ```xml
74     <dependency>
75       <groupId>com.squareup.okhttp</groupId>
76       <artifactId>logging-interceptor</artifactId>
77       <version>2.6.0</version>
78     </dependency>
79     ```
80
81    Configure basic logging like this:
82
83    ```java
84    HttpLoggingInterceptor loggingInterceptor = new HttpLoggingInterceptor();
85    loggingInterceptor.setLevel(HttpLoggingInterceptor.Level.BASIC);
86    client.networkInterceptors().add(loggingInterceptor);
87    ```
88
89    **Warning:** Avoid `Level.HEADERS` and `Level.BODY` in production because
90    they could leak passwords and other authentication credentials to insecure
91    logs.
92
93 *  **WebSocket API now uses `RequestBody` and `ResponseBody` for messages.**
94    This is a backwards-incompatible API change.
95
96 *  **The DNS service is now pluggable.** In some situations this may be useful
97    to manually prioritize specific IP addresses.
98
99 *  Fix: Don't throw when converting an `HttpUrl` to a `java.net.URI`.
100    Previously URLs with special characters like `|` and `[` would break when
101    subjected to URI’s overly-strict validation.
102 *  Fix: Don't re-encode `+` as `%20` in encoded URL query strings. OkHttp
103    prefers `%20` when doing its own encoding, but will retain `+` when that is
104    provided.
105 *  Fix: Enforce that callers call `WebSocket.close()` on IO errors. Error
106    handling in WebSockets is significantly improved.
107 *  Fix: Don't use SPDY/3 style header concatenation for HTTP/2 request headers.
108    This could have corrupted requests where multiple headers had the same name,
109    as in cookies.
110 *  Fix: Reject bad characters in the URL hostname. Previously characters like
111    `\0` would cause a late crash when building the request.
112 *  Fix: Allow interceptors to change the request method.
113 *  Fix: Don’t use the request's `User-Agent` or `Proxy-Authorization` when
114    connecting to an HTTPS server via an HTTP tunnel. The `Proxy-Authorization`
115    header was being leaked to the origin server.
116 *  Fix: Digits may be used in a URL scheme.
117 *  Fix: Improve connection timeout recovery.
118 *  Fix: Recover from `getsockname` crashes impacting Android releases prior to
119    4.2.2.
120 *  Fix: Drop partial support for HTTP/1.0. Previously OkHttp would send
121    `HTTP/1.0` on connections after seeing a response with `HTTP/1.0`. The fixed
122    behavior is consistent with Firefox and Chrome.
123 *  Fix: Allow a body in `OPTIONS` requests.
124 *  Fix: Don't percent-encode non-ASCII characters in URL fragments.
125 *  Fix: Handle null fragments.
126 *  Fix: Don’t crash on interceptors that throw `IOException` before a
127    connection is attempted.
128 *  New: Support [WebDAV][webdav] HTTP methods.
129 *  New: Buffer WebSocket frames for better performance.
130 *  New: Drop support for `TLS_DHE_DSS_WITH_AES_128_CBC_SHA`, our only remaining
131    DSS cipher suite. This is consistent with Firefox and Chrome which have also
132    dropped these cipher suite.
133
134## Version 2.5.0
135
136_2015-08-25_
137
138 *  **Timeouts now default to 10 seconds.** Previously we defaulted to never
139    timing out, and that was a lousy policy. If establishing a connection,
140    reading the next byte from a connection, or writing the next byte to a
141    connection takes more than 10 seconds to complete, you’ll need to adjust
142    the timeouts manually.
143
144 *  **OkHttp now rejects request headers that contain invalid characters.** This
145    includes potential security problems (newline characters) as well as simple
146    non-ASCII characters (including international characters and emoji).
147
148 *  **Call canceling is more reliable.**  We had a bug where a socket being
149     connected wasn't being closed when the application used `Call.cancel()`.
150
151 *  **Changing a HttpUrl’s scheme now tracks the default port.** We had a bug
152    where changing a URL from `http` to `https` would leave it on port 80.
153
154 *  **Okio has been updated to 1.6.0.**
155     ```xml
156     <dependency>
157       <groupId>com.squareup.okio</groupId>
158       <artifactId>okio</artifactId>
159       <version>1.6.0</version>
160     </dependency>
161     ```
162
163 *  New: `Cache.initialize()`. Call this on a background thread to eagerly
164    initialize the response cache.
165 *  New: Fold `MockWebServerRule` into `MockWebServer`. This makes it easier to
166    write JUnit tests with `MockWebServer`. The `MockWebServer` library now
167    depends on JUnit, though it continues to work with all testing frameworks.
168 *  Fix: `FormEncodingBuilder` is now consistent with browsers in which
169    characters it escapes. Previously we weren’t percent-encoding commas,
170    parens, and other characters.
171 *  Fix: Relax `FormEncodingBuilder` to support building empty forms.
172 *  Fix: Timeouts throw `SocketTimeoutException`, not `InterruptedIOException`.
173 *  Fix: Change `MockWebServer` to use the same logic as OkHttp when determining
174    whether an HTTP request permits a body.
175 *  Fix: `HttpUrl` now uses the canonical form for IPv6 addresses.
176 *  Fix: Use `HttpUrl` internally.
177 *  Fix: Recover from Android 4.2.2 EBADF crashes.
178 *  Fix: Don't crash with an `IllegalStateException` if an HTTP/2 or SPDY
179    write fails, leaving the connection in an inconsistent state.
180 *  Fix: Make sure the default user agent is ASCII.
181
182
183## Version 2.4.0
184
185_2015-05-22_
186
187 *  **Forbid response bodies on HTTP 204 and 205 responses.** Webservers that
188    return such malformed responses will now trigger a `ProtocolException` in
189    the client.
190
191 *  **WebSocketListener has incompatible changes.** The `onOpen()` method is now
192    called on the reader thread, so implementations must return before further
193    websocket messages will be delivered. The `onFailure()` method now includes
194    an HTTP response if one was returned.
195
196## Version 2.4.0-RC1
197
198_2015-05-16_
199
200 *  **New HttpUrl API.** It's like `java.net.URL` but good. Note that
201    `Request.Builder.url()` now throws `IllegalArgumentException` on malformed
202    URLs. (Previous releases would throw a `MalformedURLException` when calling
203    a malformed URL.)
204
205 *  **We've improved connect failure recovery.** We now differentiate between
206    setup, connecting, and connected and implement appropriate recovery rules
207    for each. This changes `Address` to no longer use `ConnectionSpec`. (This is
208    an incompatible API change).
209
210 *  **`FormEncodingBuilder` now uses `%20` instead of `+` for encoded spaces.**
211    Both are permitted-by-spec, but `%20` requires fewer special cases.
212
213 *  **Okio has been updated to 1.4.0.**
214     ```xml
215     <dependency>
216       <groupId>com.squareup.okio</groupId>
217       <artifactId>okio</artifactId>
218       <version>1.4.0</version>
219     </dependency>
220     ```
221
222 *  **`Request.Builder` no longer accepts null if a request body is required.**
223    Passing null will now fail for request methods that require a body. Instead
224    use an empty body such as this one:
225
226    ```java
227        RequestBody.create(null, new byte[0]);
228    ```
229
230 * **`CertificatePinner` now supports wildcard hostnames.** As always with
231   certificate pinning, you must be very careful to avoid [bricking][brick]
232   your app. You'll need to pin both the top-level domain and the `*.` domain
233   for full coverage.
234
235    ```java
236     client.setCertificatePinner(new CertificatePinner.Builder()
237         .add("publicobject.com",   "sha1/DmxUShsZuNiqPQsX2Oi9uv2sCnw=")
238         .add("*.publicobject.com", "sha1/DmxUShsZuNiqPQsX2Oi9uv2sCnw=")
239         .add("publicobject.com",   "sha1/SXxoaOSEzPC6BgGmxAt/EAcsajw=")
240         .add("*.publicobject.com", "sha1/SXxoaOSEzPC6BgGmxAt/EAcsajw=")
241         .add("publicobject.com",   "sha1/blhOM3W9V/bVQhsWAcLYwPU6n24=")
242         .add("*.publicobject.com", "sha1/blhOM3W9V/bVQhsWAcLYwPU6n24=")
243         .add("publicobject.com",   "sha1/T5x9IXmcrQ7YuQxXnxoCmeeQ84c=")
244         .add("*.publicobject.com", "sha1/T5x9IXmcrQ7YuQxXnxoCmeeQ84c=")
245         .build());
246    ```
247
248 *  **Interceptors lists are now deep-copied by `OkHttpClient.clone()`.**
249    Previously clones shared interceptors, which made it difficult to customize
250    the interceptors on a request-by-request basis.
251
252 *  New: `Headers.toMultimap()`.
253 *  New: `RequestBody.create(MediaType, ByteString)`.
254 *  New: `ConnectionSpec.isCompatible(SSLSocket)`.
255 *  New: `Dispatcher.getQueuedCallCount()` and
256    `Dispatcher.getRunningCallCount()`. These can be useful in diagnostics.
257 *  Fix: OkHttp no longer shares timeouts between pooled connections. This was
258    causing some applications to crash when connections were reused.
259 *  Fix: `OkApacheClient` now allows an empty `PUT` and `POST`.
260 *  Fix: Websockets no longer rebuffer socket streams.
261 *  Fix: Websockets are now better at handling close frames.
262 *  Fix: Content type matching is now case insensitive.
263 *  Fix: `Vary` headers are not lost with `android.net.http.HttpResponseCache`.
264 *  Fix: HTTP/2 wasn't enforcing stream timeouts when writing the underlying
265    connection. Now it is.
266 *  Fix: Never return null on `call.proceed()`. This was a bug in call
267    cancelation.
268 *  Fix: When a network interceptor mutates a request, that change is now
269    reflected in `Response.networkResponse()`.
270 *  Fix: Badly-behaving caches now throw a checked exception instead of a
271    `NullPointerException`.
272 *  Fix: Better handling of uncaught exceptions in MockWebServer with HTTP/2.
273
274## Version 2.3.0
275
276_2015-03-16_
277
278 *  **HTTP/2 support.** We've done interop testing and haven't seen any
279    problems. HTTP/2 support has been a big effort and we're particularly
280    thankful to Adrian Cole who has helped us to reach this milestone.
281
282 *  **RC4 cipher suites are no longer supported by default.** To connect to
283    old, obsolete servers relying on these cipher suites, you must create a
284    custom `ConnectionSpec`.
285
286 *  **Beta WebSockets support.**. The `okhttp-ws` subproject offers a new
287    websockets client. Please try it out! When it's ready we intend to include
288    it with the core OkHttp library.
289
290 *  **Okio updated to 1.3.0.**
291
292    ```xml
293    <dependency>
294      <groupId>com.squareup.okio</groupId>
295      <artifactId>okio</artifactId>
296      <version>1.3.0</version>
297    </dependency>
298    ```
299
300 *  **Fix: improve parallelism of async requests.** OkHttp's Dispatcher had a
301    misconfigured `ExecutorService` that limited the number of worker threads.
302    If you're using `Call.enqueue()` this update should significantly improve
303    request concurrency.
304
305 *  **Fix: Lazily initialize the response cache.** This avoids strict mode
306    warnings when initializing OkHttp on Android‘s main thread.
307
308 *  **Fix: Disable ALPN on Android 4.4.** That release of the feature was
309    unstable and prone to native crashes in the underlying OpenSSL code.
310 *  Fix: Don't send both `If-None-Match` and `If-Modified-Since` cache headers
311    when both are applicable.
312 *  Fix: Fail early when a port is out of range.
313 *  Fix: Offer `Content-Length` headers for multipart request bodies.
314 *  Fix: Throw `UnknownServiceException` if a cleartext connection is attempted
315    when explicitly forbidden.
316 *  Fix: Throw a `SSLPeerUnverifiedException` when host verification fails.
317 *  Fix: MockWebServer explicitly closes sockets. (On some Android releases,
318    closing the input stream and output stream of a socket is not sufficient.
319 *  Fix: Buffer outgoing HTTP/2 frames to limit how many outgoing frames are
320    created.
321 *  Fix: Avoid crashing when cache writing fails due to a full disk.
322 *  Fix: Improve caching of private responses.
323 *  Fix: Update cache-by-default response codes.
324 *  Fix: Reused `Request.Builder` instances no longer hold stale URL fields.
325 *  New: ConnectionSpec can now be configured to use the SSL socket's default
326    cipher suites. To use, set the cipher suites to `null`.
327 *  New: Support `DELETE` with a request body.
328 *  New: `Headers.of(Map)` creates headers from a Map.
329
330
331## Version 2.2.0
332
333_2014-12-30_
334
335 *  **`RequestBody.contentLength()` now throws `IOException`.**
336    This is a source-incompatible change. If you have code that calls
337    `RequestBody.contentLength()`, your compile will break with this
338    update. The change is binary-compatible, however: code compiled
339    for OkHttp 2.0 and 2.1 will continue to work with this update.
340
341 *  **`COMPATIBLE_TLS` no longer supports SSLv3.** In response to the
342    [POODLE](http://googleonlinesecurity.blogspot.ca/2014/10/this-poodle-bites-exploiting-ssl-30.html)
343    vulnerability, OkHttp no longer offers SSLv3 when negotiation an
344    HTTPS connection. If you continue to need to connect to webservers
345    running SSLv3, you must manually configure your own `ConnectionSpec`.
346
347 *  **OkHttp now offers interceptors.** Interceptors are a powerful mechanism
348    that can monitor, rewrite, and retry calls. The [project
349    wiki](https://github.com/square/okhttp/wiki/Interceptors) has a full
350    introduction to this new API.
351
352 *  New: APIs to iterate and selectively clear the response cache.
353 *  New: Support for SOCKS proxies.
354 *  New: Support for `TLS_FALLBACK_SCSV`.
355 *  New: Update HTTP/2 support to to `h2-16` and `hpack-10`.
356 *  New: APIs to prevent retrying non-idempotent requests.
357 *  Fix: Drop NPN support. Going forward we support ALPN only.
358 *  Fix: The hostname verifier is now strict. This is consistent with the hostname
359    verifier in modern browsers.
360 *  Fix: Improve `CONNECT` handling for misbehaving HTTP proxies.
361 *  Fix: Don't retry requests that failed due to timeouts.
362 *  Fix: Cache 302s and 308s that include appropriate response headers.
363 *  Fix: Improve pooling of connections that use proxy selectors.
364 *  Fix: Don't leak connections when using ALPN on the desktop.
365 *  Fix: Update Jetty ALPN to `7.1.2.v20141202` (Java 7) and `8.1.2.v20141202` (Java 8).
366    This fixes a bug in resumed TLS sessions where the wrong protocol could be
367    selected.
368 *  Fix: Don't crash in SPDY and HTTP/2 when disconnecting before connecting.
369 *  Fix: Avoid a reverse DNS-lookup for a numeric proxy address
370 *  Fix: Resurrect http/2 frame logging.
371 *  Fix: Limit to 20 authorization attempts.
372
373## Version 2.1.0
374
375_2014-11-11_
376
377 *  New: Typesafe APIs for interacting with cipher suites and TLS versions.
378 *  Fix: Don't crash when mixing authorization challenges with upload retries.
379
380
381## Version 2.1.0-RC1
382
383_2014-11-04_
384
385 *  **OkHttp now caches private responses**. We've changed from a shared cache
386    to a private cache, and will now store responses that use an `Authorization`
387    header. This means OkHttp's cache shouldn't be used on middleboxes that sit
388    between user agents and the origin server.
389
390 *  **TLS configuration updated.** OkHttp now explicitly enables TLSv1.2,
391    TLSv1.1 and TLSv1.0 where they are supported. It will continue to perform
392    only one fallback, to SSLv3. Applications can now configure this with the
393    `ConnectionSpec` class.
394
395    To disable TLS fallback:
396
397    ```java
398    client.setConnectionSpecs(Arrays.asList(
399        ConnectionSpec.MODERN_TLS, ConnectionSpec.CLEARTEXT));
400    ```
401
402    To disable cleartext connections, permitting `https` URLs only:
403
404    ```java
405    client.setConnectionSpecs(Arrays.asList(
406        ConnectionSpec.MODERN_TLS, ConnectionSpec.COMPATIBLE_TLS));
407    ```
408
409 *  **New cipher suites.** Please confirm that your webservers are reachable
410    with this limited set of cipher suites.
411
412    ```
413                                             Android
414    Name                                     Version
415
416    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256  5.0
417    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256    5.0
418    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256      5.0
419    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA     4.0
420    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA     4.0
421    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA       4.0
422    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA       4.0
423    TLS_ECDHE_ECDSA_WITH_RC4_128_SHA         4.0
424    TLS_ECDHE_RSA_WITH_RC4_128_SHA           4.0
425    TLS_DHE_RSA_WITH_AES_128_CBC_SHA         2.3
426    TLS_DHE_DSS_WITH_AES_128_CBC_SHA         2.3
427    TLS_DHE_RSA_WITH_AES_256_CBC_SHA         2.3
428    TLS_RSA_WITH_AES_128_GCM_SHA256          5.0
429    TLS_RSA_WITH_AES_128_CBC_SHA             2.3
430    TLS_RSA_WITH_AES_256_CBC_SHA             2.3
431    SSL_RSA_WITH_3DES_EDE_CBC_SHA            2.3  (Deprecated in 5.0)
432    SSL_RSA_WITH_RC4_128_SHA                 2.3
433    SSL_RSA_WITH_RC4_128_MD5                 2.3  (Deprecated in 5.0)
434    ```
435
436 *  **Okio updated to 1.0.1.**
437
438    ```xml
439    <dependency>
440      <groupId>com.squareup.okio</groupId>
441      <artifactId>okio</artifactId>
442      <version>1.0.1</version>
443    </dependency>
444    ```
445
446 *  **New APIs to permit easy certificate pinning.** Be warned, certificate
447    pinning is dangerous and could prevent your application from trusting your
448    server!
449
450 *  **Cache improvements.** This release fixes some severe cache problems
451    including a bug where the cache could be corrupted upon certain access
452    patterns. We also fixed a bug where the cache was being cleared due to a
453    corrupted journal. We've added APIs to configure a request's `Cache-Control`
454    headers, and to manually clear the cache.
455
456 *  **Request cancellation fixes.** This update fixes a bug where synchronous
457    requests couldn't be canceled by tag. This update avoids crashing when
458    `onResponse()` throws an `IOException`. That failure will now be logged
459    instead of notifying the thread's uncaught exception handler. We've added a
460    new API, `Call.isCanceled()` to check if a call has been canceled.
461
462 *  New: Update `MultipartBuilder` to support content length.
463 *  New: Make it possible to mock `OkHttpClient` and `Call`.
464 *  New: Update to h2-14 and hpack-9.
465 *  New: OkHttp includes a user-agent by default, like `okhttp/2.1.0-RC1`.
466 *  Fix: Handle response code `308 Permanent Redirect`.
467 *  Fix: Don't skip the callback if a call is canceled.
468 *  Fix: Permit hostnames with underscores.
469 *  Fix: Permit overriding the content-type in `OkApacheClient`.
470 *  Fix: Use the socket factory for direct connections.
471 *  Fix: Honor `OkUrlFactory` APIs that disable redirects.
472 *  Fix: Don't crash on concurrent modification of `SPDY` SPDY settings.
473
474## Version 2.0.0
475
476This release commits to a stable 2.0 API. Read the 2.0.0-RC1 changes for advice
477on upgrading from 1.x to 2.x.
478
479_2014-06-21_
480
481 *  **API Change**: Use `IOException` in `Callback.onFailure()`. This is
482    a source-incompatible change, and is different from OkHttp 2.0.0-RC2 which
483    used `Throwable`.
484 *  Fix: Fixed a caching bug where we weren't storing rewritten request headers
485    like `Accept-Encoding`.
486 *  Fix: Fixed bugs in handling the SPDY window size. This was stalling certain
487    large downloads
488 *  Update the language level to Java 7. (OkHttp requires Android 2.3+ or Java 7+.)
489
490## Version 2.0.0-RC2
491
492_2014-06-11_
493
494This update fixes problems in 2.0.0-RC1. Read the 2.0.0-RC1 changes for
495advice on upgrading from 1.x to 2.x.
496
497 *  Fix: Don't leak connections! There was a regression in 2.0.0-RC1 where
498    connections were neither closed nor pooled.
499 *  Fix: Revert builder-style return types from OkHttpClient's timeout methods
500    for binary compatibility with OkHttp 1.x.
501 *  Fix: Don't skip client stream 1 on SPDY/3.1. This fixes SPDY connectivity to
502    `https://google.com`, which doesn't follow the SPDY/3.1 spec!
503 *  Fix: Always configure NPN headers. This fixes connectivity to
504    `https://facebook.com` when SPDY and HTTP/2 are both disabled. Otherwise an
505    unexpected NPN response is received and OkHttp crashes.
506 *  Fix: Write continuation frames when HPACK data is larger than 16383 bytes.
507 *  Fix: Don't drop uncaught exceptions thrown in async calls.
508 *  Fix: Throw an exception eagerly when a request body is not legal. Previously
509    we ignored the problem at request-building time, only to crash later with a
510    `NullPointerException`.
511 *  Fix: Include a backwards-compatible `OkHttp-Response-Source` header with
512    `OkUrlFactory `responses.
513 *  Fix: Don't include a default User-Agent header in requests made with the Call
514    API. Requests made with OkUrlFactory will continue to have a default user
515    agent.
516 *  New: Guava-like API to create headers:
517
518    ```java
519    Headers headers = Headers.of(name1, value1, name2, value2, ...).
520    ```
521
522 *  New: Make the content-type header optional for request bodies.
523 *  New: `Response.isSuccessful()` is a convenient API to check response codes.
524 *  New: The response body can now be read outside of the callback. Response
525    bodies must always be closed, otherwise they will leak connections!
526 *  New: APIs to create multipart request bodies (`MultipartBuilder`) and form
527    encoding bodies (`FormEncodingBuilder`).
528
529## Version 2.0.0-RC1
530
531_2014-05-23_
532
533OkHttp 2 is designed around a new API that is true to HTTP, with classes for
534requests, responses, headers, and calls. It uses modern Java patterns like
535immutability and chained builders. The API now offers asynchronous callbacks
536in addition to synchronous blocking calls.
537
538#### API Changes
539
540 *  **New Request and Response types,** each with their own builder. There's also
541    a `RequestBody` class to write the request body to the network and a
542    `ResponseBody` to read the response body from the network. The standalone
543    `Headers` class offers full access to the HTTP headers.
544
545 *  **Okio dependency added.** OkHttp now depends on
546    [Okio](https://github.com/square/okio), an I/O library that makes it easier
547    to access, store and process data. Using this library internally makes OkHttp
548    faster while consuming less memory. You can write a `RequestBody` as an Okio
549    `BufferedSink` and a `ResponseBody` as an Okio `BufferedSource`. Standard
550    `InputStream` and `OutputStream` access is also available.
551
552 *  **New Call and Callback types** execute requests and receive their
553    responses. Both types of calls can be canceled via the `Call` or the
554    `OkHttpClient`.
555
556 *  **URLConnection support has moved to the okhttp-urlconnection module.**
557    If you're upgrading from 1.x, this change will impact you. You will need to
558    add the `okhttp-urlconnection` module to your project and use the
559    `OkUrlFactory` to create new instances of `HttpURLConnection`:
560
561    ```java
562    // OkHttp 1.x:
563    HttpURLConnection connection = client.open(url);
564
565    // OkHttp 2.x:
566    HttpURLConnection connection = new OkUrlFactory(client).open(url);
567    ```
568
569 *  **Custom caches are no longer supported.** In OkHttp 1.x it was possible to
570    define your own response cache with the `java.net.ResponseCache` and OkHttp's
571    `OkResponseCache` interfaces. Both of these APIs have been dropped. In
572    OkHttp 2 the built-in disk cache is the only supported response cache.
573
574 *  **HttpResponseCache has been renamed to Cache.** Install it with
575    `OkHttpClient.setCache(...)` instead of `OkHttpClient.setResponseCache(...)`.
576
577 *  **OkAuthenticator has been replaced with Authenticator.** This new
578    authenticator has access to the full incoming response and can respond with
579    whichever followup request is appropriate. The `Challenge` class is now a
580    top-level class and `Credential` is replaced with a utility class called
581    `Credentials`.
582
583 *  **OkHttpClient.getFollowProtocolRedirects() renamed to
584    getFollowSslRedirects()**. We reserve the word _protocol_ for the HTTP
585    version being used (HTTP/1.1, HTTP/2). The old name of this method was
586    misleading; it was always used to configure redirects between `https://` and
587    `http://` schemes.
588
589 *  **RouteDatabase is no longer public API.** OkHttp continues to track which
590    routes have failed but this is no exposed in the API.
591
592 *  **ResponseSource is gone.** This enum exposed whether a response came from
593    the cache, network, or both. OkHttp 2 offers more detail with raw access to
594    the cache and network responses in the new `Response` class.
595
596 *  **TunnelRequest is gone.** It specified how to connect to an HTTP proxy.
597    OkHttp 2 uses the new `Request` class for this.
598
599 *  **Dispatcher** is a new class that manages the queue of asynchronous calls. It
600    implements limits on total in-flight calls and in-flight calls per host.
601
602#### Implementation changes
603
604 * Support Android `TrafficStats` socket tagging.
605 * Drop authentication headers on redirect.
606 * Added support for compressed data frames.
607 * Process push promise callbacks in order.
608 * Update to http/2 draft 12.
609 * Update to HPACK draft 07.
610 * Add ALPN support. Maven will use ALPN on OpenJDK 8.
611 * Update NPN dependency to target `jdk7u60-b13` and `Oracle jdk7u55-b13`.
612 * Ensure SPDY variants support zero-length DELETE and POST.
613 * Prevent leaking a cache item's InputStreams when metadata read fails.
614 * Use a string to identify TLS versions in routes.
615 * Add frame logger for HTTP/2.
616 * Replacing `httpMinorVersion` with `Protocol`. Expose HTTP/1.0 as a potential protocol.
617 * Use `Protocol` to describe framing.
618 * Implement write timeouts for HTTP/1.1 streams.
619 * Avoid use of SPDY stream ID 1, as that's typically used for UPGRADE.
620 * Support OAuth in `Authenticator`.
621 * Permit a dangling semicolon in media type parsing.
622
623## Version 1.6.0
624
625_2014-05-23_
626
627 * Offer bridges to make it easier to migrate from OkHttp 1.x to OkHttp 2.0.
628   This adds `OkUrlFactory`, `Cache`, and `@Deprecated` annotations for APIs
629   dropped in 2.0.
630
631## Version 1.5.4
632
633_2014-04-14_
634
635 * Drop ALPN support in Android. There's a concurrency bug in all
636   currently-shipping versions.
637 * Support asynchronous disconnects by breaking the socket only. This should
638   prevent flakiness from multiple threads concurrently accessing a stream.
639
640## Version 1.5.3
641
642_2014-03-29_
643
644 * Fix bug where the Content-Length header was not always dropped when
645   following a redirect from a POST to a GET.
646 * Implement basic support for `Thread.interrupt()`. OkHttp now checks
647   for an interruption before doing a blocking call. If it is interrupted,
648   it throws an `InterruptedIOException`.
649
650## Version 1.5.2
651
652_2014-03-17_
653
654 * Fix bug where deleting a file that was absent from the `HttpResponseCache`
655   caused an IOException.
656 * Fix bug in HTTP/2 where our HPACK decoder wasn't emitting entries in
657   certain eviction scenarios, leading to dropped response headers.
658
659## Version 1.5.1
660
661_2014-03-11_
662
663 * Fix 1.5.0 regression where connections should not have been recycled.
664 * Fix 1.5.0 regression where transparent Gzip was broken by attempting to
665   recover from another I/O failure.
666 * Fix problems where spdy/3.1 headers may not have been compressed properly.
667 * Fix problems with spdy/3.1 and http/2 where the wrong window size was being
668   used.
669 * Fix 1.5.0 regression where conditional cache responses could corrupt the
670   connection pool.
671
672
673## Version 1.5.0
674
675_2014-03-07_
676
677
678##### OkHttp no longer uses the default SSL context.
679
680Applications that want to use the global SSL context with OkHttp should configure their
681OkHttpClient instances with the following:
682
683```java
684okHttpClient.setSslSocketFactory(HttpsURLConnection.getDefaultSSLSocketFactory());
685```
686
687A simpler solution is to avoid the shared default SSL socket factory. Instead, if you
688need to customize SSL, do so for your specific OkHttpClient instance only.
689
690##### Synthetic headers have changed
691
692Previously OkHttp added a synthetic response header, `OkHttp-Selected-Transport`. It
693has been replaced with a new synthetic header, `OkHttp-Selected-Protocol`.
694
695##### Changes
696
697 * New: Support for `HTTP-draft-09/2.0`.
698 * New: Support for `spdy/3.1`. Dropped support for `spdy/3`.
699 * New: Use ALPN on Android platforms that support it (4.4+)
700 * New: CacheControl model and parser.
701 * New: Protocol selection in MockWebServer.
702 * Fix: Route selection shouldn't use TLS modes that we know will fail.
703 * Fix: Cache SPDY responses even if the response body is closed prematurely.
704 * Fix: Use strict timeouts when aborting a download.
705 * Fix: Support Shoutcast HTTP responses like `ICY 200 OK`.
706 * Fix: Don't unzip if there isn't a response body.
707 * Fix: Don't leak gzip streams on redirects.
708 * Fix: Don't do DNS lookups on invalid hosts.
709 * Fix: Exhaust the underlying stream when reading gzip streams.
710 * Fix: Support the `PATCH` method.
711 * Fix: Support request bodies on `DELETE` method.
712 * Fix: Drop the `okhttp-protocols` module.
713 * Internal: Replaced internal byte array buffers with pooled buffers ("OkBuffer").
714
715
716## Version 1.3.0
717
718_2014-01-11_
719
720 * New: Support for "PATCH" HTTP method in client and MockWebServer.
721 * Fix: Drop `Content-Length` header when redirected from POST to GET.
722 * Fix: Correctly read cached header entries with malformed header names.
723 * Fix: Do not directly support any authentication schemes other than "Basic".
724 * Fix: Respect read timeouts on recycled connections.
725 * Fix: Transmit multiple cookie values as a single header with delimiter.
726 * Fix: Ensure `null` is never returned from a connection's `getHeaderFields()`.
727 * Fix: Persist proper `Content-Encoding` header to cache for GZip responses.
728 * Fix: Eliminate rare race condition in SPDY streams that would prevent connection reuse.
729 * Fix: Change HTTP date formats to UTC to conform to RFC2616 section 3.3.
730 * Fix: Support SPDY header blocks with trailing bytes.
731 * Fix: Allow `;` as separator for `Cache-Control` header.
732 * Fix: Correct bug where HTTPS POST requests were always automatically buffered.
733 * Fix: Honor read timeout when parsing SPDY headers.
734
735
736## Version 1.2.1
737
738_2013-08-23_
739
740 * Resolve issue with 'jar-with-dependencies' artifact creation.
741 * Fix: Support empty SPDY header values.
742
743
744## Version 1.2.0
745
746_2013-08-11_
747
748 *  New APIs on OkHttpClient to set default timeouts for connect and read.
749 *  Fix bug when caching SPDY responses.
750 *  Fix a bug with SPDY plus half-closed streams. (thanks kwuollett)
751 *  Fix a bug in `Content-Length` reporting for gzipped streams in the Apache
752    HTTP client adapter. (thanks kwuollett)
753 *  Work around the Alcatel `getByInetAddress` bug (thanks k.kocel)
754 *  Be more aggressive about testing pooled sockets before reuse. (thanks
755    warpspin)
756 *  Include `Content-Type` and `Content-Encoding` in the Apache HTTP client
757    adapter. (thanks kwuollett)
758 *  Add a media type class to OkHttp.
759 *  Change custom header prefix:
760
761    ```
762    X-Android-Sent-Millis is now OkHttp-Sent-Millis
763    X-Android-Received-Millis is now OkHttp-Received-Millis
764    X-Android-Response-Source is now OkHttp-Response-Source
765    X-Android-Selected-Transport is now OkHttp-Selected-Transport
766    ```
767 *  Improve cache invalidation for POST-like requests.
768 *  Bring MockWebServer into OkHttp and teach it SPDY.
769
770
771## Version 1.1.1
772
773_2013-06-23_
774
775 * Fix: ClassCastException when caching responses that were redirected from
776   HTTP to HTTPS.
777
778
779## Version 1.1.0
780
781_2013-06-15_
782
783 * Fix: Connection reuse was broken for most HTTPS connections due to a bug in
784   the way the hostname verifier was selected.
785 * Fix: Locking bug in SpdyConnection.
786 * Fix: Ignore null header values (for compatibility with HttpURLConnection).
787 * Add URLStreamHandlerFactory support so that `URL.openConnection()` uses
788   OkHttp.
789 * Expose the transport ("http/1.1", "spdy/3", etc.) via magic request headers.
790   Use `X-Android-Transports` to write the preferred transports and
791   `X-Android-Selected-Transport` to read the negotiated transport.
792
793
794## Version 1.0.2
795
796_2013-05-11_
797
798 * Fix: Remove use of Java 6-only APIs.
799 * Fix: Properly handle exceptions from `NetworkInterface` when querying MTU.
800 * Fix: Ensure MTU has a reasonable default and upper-bound.
801
802
803## Version 1.0.1
804
805_2013-05-06_
806
807 * Correct casing of SSL in method names (`getSslSocketFactory`/`setSslSocketFactory`).
808
809
810## Version 1.0.0
811
812_2013-05-06_
813
814Initial release.
815
816 [brick]: https://noncombatant.org/2015/05/01/about-http-public-key-pinning/
817 [webdav]: https://tools.ietf.org/html/rfc4918
818