RELEASE_NOTES.txt

Release 5.3 ALPHA1
------------------

This is the first release in the 5.3 release series that introduces support for the Bearer
authentication scheme (RFC 6750) and deprecates NTLM and GSS based experimental authentication
schemes in favor of Basic / Bearer authentication with TLS.

Notable changes and features included in the 5.3 series:

* Introduction of the Bearer authentication scheme.

* Deprecation of the NTLM authentication scheme.

* Deprecation of the GSS based experimental authentication schemes.

* Support for load distribution across multiple proxies.


Change Log
-------------------

* GSS based experimental authentication schemes deprecated and disabled by default.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* NTLM scheme deprecated and disabled by default.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Added linear and exponential BackoffManager implementations.
  Contributed by Arturo Bernal <arturobernalg at gmail.com>

* Improved AIMDBackoffManager.
  Contributed by Arturo Bernal <arturobernalg at gmail.com>

* Added DistributedProxySelector with support for load distribution across multiple
  proxies.
  Contributed by Arturo Bernal <arturobernalg at gmail.com>

* Support for preamble and epilogue in multipart entities.
  Contributed by Arturo Bernal <arturobernalg at gmail.com>

* HttpResponseException to include response message content (up to 256 bytes).
  Contributed by Arturo Bernal <arturobernalg at gmail.com>

* Workaround for URL quoting issue with LLv6 host literals.
  Contributed by Arturo Bernal <arturobernalg at gmail.com>

* Bearer auth scheme support (RFC 6750)
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Credentials interface should be able to represent different types of user credentials
  including token based with no password.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Connection settings `timeToLive` and `validateAfterInactivity` set to zero to always
  close or validate connections being leased.
  Contributed by Christoph Kaser <berlin at caser.de>

* Digest authentication scheme to omit the algorithm in the authentication response
  if it has not been explicitly set in the authentication challenge, as per RFC 7616.
  Contributed by John Vasileff <john at vasileff.com>

* HTTPCLIENT-2271: Do not optimize the path component of the resolved URI by default.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Pass HttpContext to SSLConnectionSocketFactory#prepareSocket method (#404)
  Contributed by Alen Turkovic <alturkovic at gmail.com>


Release 5.2.1
------------------

This is a maintenance release that fixes several regressions found in release 5.2.

Change Log
-------------------

* Regression: Async execution runtimes set the negotiated protocol version in the execution
  context at the wrong point of request execution.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Cancel connection request on exception.
  Contributed by Bryan Keller <bryanck at gmail.com>

* Replace deprecated use of LangUtils#equals() with Objects.equals().
  Contributed by Gary Gregory <ggregory at apache.org>

* Regression: Multipart body builder and multipart formatters fail to escape special characters
  such as backslash and quote mark.
  Contributed by Oleg Kalnichevski <olegk at apache.org>


Release 5.2
------------------

This is the first GA release in the 5.2 release series. This release finalizes the 5.2 APIs
and corrects a number of defects discovered since the previous release.

Please note that 5.2 upgrades the minimal JRE level to version 8 (8u251 is required).

Please note this is likely to be the last release series with support for SPNEGO and NTLM
authentication. As of version 5.3 GSS-API-based authentication schemes (Kerberos, SPNEGO)
and NTLM authentication schemes are going to be deprecated and disabled by default.


Notable changes and features included in the 5.2 series:

* Upgrade to Java 8.

* Improved support for TLS upgrade and HTTP protocol upgrade (async).

* Support for H2 tunneling via HTTP/1.1 proxy.

* Conformance to RFC 7617 (The 'Basic' HTTP Authentication Scheme).

* Migration to Java 8 Time primitives in State Management and Cache APIs.

* Connection and TLS configuration on a per route basis.

* Base64 codec based on Commons Codec replaced with JRE Base64 codec.
  Dependency on Commons Codec dropped.

* Optional support for BR (Brotli) decompression.


Change Log
-------------------

* HTTPCLIENT-2242: RoutingSupport fails to copy InetAddress when normalizing HttpHost.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2240: Fixed incorrect CONNECT method initialization in ProxyClient.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2236: MultihomeIOSessionRequester fails to enhance the cause exception in case
  of connect failure if the remoteAddress argument has been given.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Use Objects.toString() instead of String type cast
  Contributed by Gary Gregory <garydgregory at gmail.com>

* HTTPCLIENT-2232: Last protocol interceptors moved at the end of the H2 protocol processing
  pipeline.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* H2 async runtime to proactively set HTTP/2 protocol version in the execution context.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2231: Fixed a race condition in the main async executor when the request execution
  on an I/O thread is faster than execution pipeline management on the client thread.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Avoid duplicate redundant objects and use Singleton instead.
  Contributed by Arturo Bernal <arturobernalg at gmail.com>

* HTTPCLIENT-2225: Connection route calculation does not take the default RequestConfig into
  account.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Avoid unnecessary use of Instant.toEpochMilli by using Instant#compareTo to compare
  Instants directly.
  Contributed by jkmcl

* HTTPCLIENT-2221 Closing a classic response/entity allows connection reuse.
  Contributed by Carter Kozak <ckozak at apache.org>



Release 5.2 BETA1
------------------

This is the first BETA release in the 5.2 release series that upgrades minimal JRE
level to version 8 (8u251 is required) and includes several protocol level and
API improvements. It also includes all bug fixes from the 5.1 branch.

Change Log
-------------------

* Upgraded HttpCore to version 5.2-beta2.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2218: Use Java 8 Base64 utility (#370).
  Contributed by j3graham <j3graham@gmail.com>

* Added support for BR (Brotli) decompression (#363).
  Contributed by 殷成涛 <yinwoods@163.com>

* HTTPCLIENT-2212: MinimalHttpAsyncClient fails to release client endpoints in case of
  a connect error (such as TLS handshake failure).
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* InternalAbstractHttpAsyncClient to create daemin threads.
  Contributed by Richard Hernandez <riher at amazon.com>

* HTTPCLIENT-2080: Added #getRetryInterval method to HttpRequestRetryStrategy for use
  on retriable IOExceptions (#356).
  Contributed by Anthony Baldocchi <489445+ajbaldocchi at users.noreply.github.com>

* Fixed infinite recursion in SSLConnectionSocketFactory.
  Contributed by Ryan Schmitt <rschmitt at apache.org>

* HTTPCLIENT-2200: Protocol interceptors are executed before the connection route has
  been fully established.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2209: Pass HttpContext to AsyncClientConnectionOperator (#353).
  Contributed by Andriy Redko <drreta at gmail.com>

* HTTPCLIENT-2206: Corrected resource de-allocation by fluent response objects.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* ExecSupport#getNextExchangeId() optimization (#352)
  Contributed by David Schlosnagle <schlosna at gmail.com>

* HTTPCLIENT-2203: Corrected target host normalization by the request execution interceptors;
  added ContextBuilder with support for preemptive authentication initialization.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2202: MemcachedHttpCacheStorage to support MemcachedClientIF interface.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Bug fix: ByteArrayBuilder incorrectly handles empty strings.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2198: Fixed AbstractClientTlsStrategy to respect HttpVersionPolicy.
  Contributed by Andrei Vasilev <59628447+AndreiSVasilev at users.noreply.github.com>

* Updated AbstractClientTlsStrategy to pass only the HttpVersionPolicy set by TlsConfig
  instead of the entire TlsConfig to H2TlsSupport#selectApplicationProtocols() method.
  Contributed by Andrei Vasilev <59628447+AndreiSVasilev at users.noreply.github.com>

* HTTPCLIENT-2195, regression: Classic ConnectExec incorrectly discards the proxy response
  body even if the request cannot be executed and the response is final.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2194: Async retry request interceptor fails to correct include request body
  on retry (#343).
  Contributed by JasonMathison <JasonMathison at users.noreply.github.com>

* Deprecated execute methods that return an open response object in favor of execute
  methods with a response handler and automatic resource deallocation.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2189: Cookie and Cache APIs to use Java time primitives.
  Contributed by Arturo Bernal <arturobernalg at gmail.com>

* Apply English locale to all date header formatters.
  Contributed by Michael Osipov <michaelo at apache.org>

* HTTPCLIENT-2184: Fixed an issue in which connections were not returned to the pool
  when requests contained non-repeatable bodies AND responses were streamed.
  Contributed by Carter Kozak <ckozak at apache.org>



Release 5.2 ALPHA1
------------------

This is the first ALPHA release in the 5.2 release series that upgrades minimal JRE
level to version 1.8 (8u251 is required) and includes several protocol level and
API improvements. It also includes all bug fixes from the 5.1 branch.

Notable changes and features included in the 5.2 series:

* Upgrade to Java 8.

* Improved support for TLS upgrade and HTTP protocol upgrade (async).

* Support for H2 tunneling via HTTP/1.1 proxy.

* Conformance to RFC 7617 (The 'Basic' HTTP Authentication Scheme).


Change Log
-------------------

* Replaced SimpleDateFormat and Calendar with Java 8 Time APIs; removed thread-local
  from DateUtils.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Support for connection 'total time to live' setting on a per-route basis.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Configurable IOReactor IO session decorator configurable.
  Contributed by Arturo Bernal <arturobernalg at gmail.com>

* HTTPCLIENT-2182: access to SSLSession attributes via reflection disallowed as of Java 16.
  Core TLS functions now use new Java 1.8 API introduced by 8u251 update.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2135: TLS configuration on a per-host basis.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* RFC 7230: treat presence of userinfo in authority component in request URI as an HTTP
  protocol violation.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* AuthCache conformance to RFC 7617.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Added immutable CredentialsProvider implementations and a CredentialsProvider builder.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2045: BASIC auth scheme conformance to RFC 7617.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2120: support for H2 via HTTP/1.1 proxy.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Moved connection management related settings from RequestConfig to new class ConnectionConfig.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2139: Cookie Header HttpOnly attribute.
  Contributed by Arturo Bernal <arturobernalg at gmail.com>



Release 5.1.1
-----------

This release upgrades HttpCore to the latest 5.1 version and fixes a number of issues found
since release 5.1.


Change Log
-------------------

* Don't initialize AtomicReference to its default value.
  Contributed by Gary Gregory <ggregory at apache.org>

* Corrected resolution of the target host in DefaultUserTokenHandler.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2177: automatically force HTTP/1.1 protocol policy when executing requests
  via a proxy tunnel.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2177: fixed incorrect route state tracking by the async connect executor
  when negotiating a tunnel via a proxy.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2177: keep successful tunnel connections alive regardless of `Connection: close`.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2173: async pooling connection manager to close half-open connection gracefully.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Don't retry a request for NoRouteToHostException.
  Contributed by Jaikiran Pai <jaikiran.pai at gmail.com>

* HTTPCLIENT-2170: Classic protocol layer no longer releases the underlying connection back
  to the pool prematurely while the NTLM handshake is still ongoing.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Fixed connection lease request cancellation race in both classic and asyc pooling connection
  managers.
  Contributed by Oleg Kalnichevski <olegk at apache.org>


Release 5.1
-----------

This is the first GA release in the 5.1 release series.

Notable changes and features included in the 5.1 series:

* Conditional conformance with RFC 3986 (Uniform Resource Identifier (URI): Generic Syntax).

* Improved support for out of sequence response message handing by the the classic (blocking)
  HTTP transport.

* Improved message builders.


Please note that 5.1 is going to be the last release series compatible with Java 1.7. 
HttpClient will require Java 1.8 as of 5.2.


Change Log
-------------------

* HTTPCLIENT-2157: Response object generated by the classic caching backend is missing
  the original content encoding.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2152: Fixed handling of unexpected unchecked exception by the async request
  retry exec interceptor.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Async clients to support scheduled (delayed) re-execution of requests.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2148: fluent Executor volatile access thread safety (#301).
  Contributed by Carter Kozak <ckozak at apache.org>

* HTTPCLIENT-2149: When no dNSName, match against CN.
  Contributed by Peter Dettman <peter.dettman at bouncycastle.org>

* HTTPCLIENT-2147: fixed broken preemptive auth in HC Fluent.
  Contributed by Robert Rodewald <robert.rodewald at kopsis.com>

* HTTPCORE-672: cleanup of H2 connection validation code.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HttpAsyncClientBuilder: Make IOReactor exception callback configurable
  Contributed by Ryan Schmitt <ryansch at amazon.com>

* HTTPCLIENT-2141: HttpClient to not retry requests if the retry interval exceeds the response
  timeout.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Fixed NPE during dispose in Response if entity is null
  Contributed by Sandeep Kulkarni <sandeep at snk.local>

* Blocking connection managers to validate connections after inactivity of more than 2s
  by default.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Deprecated request factory classes in favor of request builders.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2140: Upgraded Commons Codec to version 1.15.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Deprecated message copiers in favor of generic message builders.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Kerberos/SPNego fixes
  Contributed by Carey Lin <careylin1111 at gmail.com>



Release 5.1 BETA1
------------------

This is the first BETA release in the 5.1 release series that includes a number of
new features as well performance optimizations in the classic HTTP transport.

Notable changes and features included in the 5.1 series:

* Conditional conformance with RFC 3986 (Uniform Resource Identifier (URI): Generic Syntax).

* Improved support for out of sequence response message handing by the the classic (blocking)
  HTTP transport.


Changelog:
-------------------

* RFC 3986 conformance: URIUtils to re-use URIBuilder functionality.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Improved I/O session and wire logging.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Add interceptors before MAIN_TRANSPORT so they won't be ignored (#272)
  Contributed by Rob Spoor <robtimus at users.noreply.github.com>

* HTTPCLIENT-2104: ManagedHttpClientConnectionFactory to support ResponseOutOfOrderStrategy configuration.
  Contributed by Carter Kozak <ckozak at apache.org>

* Fixed NPE when H2/Async client interceptors are added using first/last (#268).
  Contributed by Koji Lin <koji.lin at gmail.com>

* HTTPCLIENT-2126: `InternalAbstractHttpAsyncClient` incorrectly handles response messages with no enclosed
  entity.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2124: Fixed NOE  in MinimalHttpClient#doExecute (#261).
  Contributed by Gary Gregory <ggregory at apache.org>

* HTTPCLIENT-2122: async client to throw `HTTP/2 tunneling not supported` protocol exception in case of
  `force HTTP/2` version policy used along with request proxy routing.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2123: H2AsyncClientBuilder incorrectly adds last request interceptors to the head of
  the interceptor list.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Use decimal numbers for endpoint/execution IDs (#249).
  Contributed by Michael Osipov <michaelo@apache.org>

* HTTPCLIENT-2106: Added charset parameter for DigestScheme.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2103: ManagedHttpClientConnectionFactory provides a fluent builder
  Contributed by Carter Kozak <ckozak at apache.org>



Release 5.0.3
-----------------

This release upgrades HttpCore to the latest version, improves conformance to RFC 7235
(Hypertext Transfer Protocol (HTTP/1.1): Authentication) and addresses a number of
issues found since 5.0.2 release.

Changelog:
-------------------

* PR #270: Master try w res and more.
  - Use try-with-resources.
  - Use Arrays.fill().
  - Add missing @override.
  - Simplify if/else.
  - Remove redundant modifiers. …
  - Remove redundant returns.
  Contributed by Gary Gregory <ggregory at apache.org>



Release 5.0.2
-----------------

This release upgrades HttpCore to the latest version, improves conformance to RFC 7235
(Hypertext Transfer Protocol (HTTP/1.1): Authentication) and addresses a number of
issues found since 5.0.1 release.

Changelog:
-------------------

* HTTPCLIENT-2116: Incorrect request message composition when routing requests
  via a proxy.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* PoolingAsyncClientConnectionManager incorrectly emits Ping commands to HTTP/1.1
  endpoints (#255).
  Contributed by 滕杰1 <tengjie1 at xdf.cn>

* HTTPCLIENT-2115: HttpAsyncClientBuilder and H2AsyncClientBuilder fail to take
  `replaceExecInterceptor()` into account.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2112: AbstractMultipartFormat respects ByteBuffer.arrayOffset (#253).
  Contributed by Carter Kozak <ckozak at apache.org>

* Avoid updating Content-Length header in a 304 response.
  Contributed by Dirk Henselin <dirk.henselin at vwgis.de>

* HTTPCLIENT-2105: Async clients incorrectly handle redirects of requests with enclosed
  entity.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2100: Incorrect handling of EXTENDED mode by MultipartEntityBuilder
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2099, HTTPCLIENT-2091: SSLConnectionSocketFactory connect timeout fix (#241).
  Contributed by Carter Kozak <ckozak at apache.org>

* Bug fix: BasicExpiresHandler is annotated as immutable but is not (#240).
  Contributed by Gary Gregory <ggregory at apache.org>

* HTTPCLIENT-2096: Migrate instance loggers to static fields
  Contributed by Carter Kozak <ckozak at apache.org>

* Added Automatic-Module-Name to the artefact manifests.
  Contributed by Niels Basjes <niels at basjes.nl>

* MultipartEntityBuilder#generateBoundary optimization (#233)
  Contributed by slisaasquatch <slisaasquatch at users.noreply.github.com>

* HTTPCLIENT-2094: ConnectionManager validateAfterInactivity zero duration agreement
  Contributed by Carter Kozak <ckozak at apache.org>

* RFC 7235 compliance, HTTPCLIENT-2086: Fixed parsing of token68 based (base64-encoded)
  auth schemes.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2091: Connect timeout is used instead of socket timeout after a tls upgrade
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2084: Client builders incorrectly add message interceptors with LAST position
  to the head of the list.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2083: Fix NPE when classic client interceptors are added.
  Contributed by Carter Kozak <ckozak at apache.org>


Release 5.0.1
-----------------

This release upgrades HttpCore to the latest version and addresses a number of issues found
since 5.0 release.

Changelog:
-------------------

* Bug fix: Classic connection managers fail to take #isConsistent() flag into account when
  re-using persistent connections.
7  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2077: Authentication failure due to incorrect NTLM auth value check.
  Contributed by vonahok <64310078+vonahok at users.noreply.github.com>

* HTTPCLIENT-2051: Corrected handling of 303 redirects.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPASYNC-160: HttpAsyncClient in INACTIVE or STOPPED state throws a IllegalStateException
  causing the current thread to terminate.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2076: Fixed NPE in LaxExpiresHandler.
  Contributed by heejeongkim <aprilhjk at gmail.com>

* HTTPCLIENT-2074: Disallow direct execution of CONNECT methods by standard client implementations.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2075: New method Request.responseTimeout(Timeout) in Fluent HC.
  Contributed by Ralph <ralph.geerkens at rwth-aachen.de>

* HTTPCLIENT-2073: (regression) WindowsNegotiateScheme incorrectly rejects empty NTLM challenge.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2069: RequestConfig#copy does not copy #responseTimeout.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2061: Corrected sequence of request execution interceptors in classic HttpClient.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Fixed NPE for null HttpContext in minimal async clients.
  Contributed by slisaasquatch <sli at saasquat.ch>



Release 5.0
-----------------

This is the first stable (GA) release of HttpClient 5.0.

Notable changes and features included in the 5.0 series are:

* Support for the HTTP/2 protocol and conformance to requirements and
  recommendations of the latest HTTP/2 protocol specification documents
  (RFC 7540, RFC 7541.)

  Supported features:

    ** HPACK header compression
    ** Stream multiplexing (client and server)
    ** Flow control
    ** Response push
    ** Message trailers
    ** Expect-continue handshake
    ** Connection validation (ping)
    ** Application-layer protocol negotiation (ALPN)
    ** TLS 1.2 security features

* Improved conformance to requirements and recommendations of the latest HTTP/1.1 protocol
  specification documents (RFC 7230, RFC 7231.)

* New connection pool implementation with lax connection limit guarantees and better
  performance under higher concurrency due to absence of a global pool lock.

* Support for Reactive Streams API [http://www.reactive-streams.org/]

* Package name space changed to 'org.apache.hc.client5'.

* Maven group id changed to 'org.apache.httpcomponents.client5'.

HttpClient 5.0 releases can be co-located with earlier major versions on the same classpath
due to the change in package names and Maven module coordinates.


Changelog:
-------------------

* Removed work-around for resumed TLS sessions given that JDK-8212885 fix has been ported to Java 11
  and released in Oracle JDK 11.0.3.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Upgraded HttpCore dependency to version 5.0
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* DefaultHttpRequestRetryStrategy: Allow zero retry interval
  Contributed by Ryan Schmitt <rschmitt at apache.org>

* HTTPCLIENT-2047: fixed regression in DefaultHostnameVerifier causing rejection of certs with non-standard domains.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* GitHub #204: Build requests from method names in ClassicHttpRequests:
  ClassicHttpRequests.create(String, String)
  ClassicHttpRequests.create(String, URI)
  Contributed by Gary Gregory <ggregory at apache.org>

* GitHub #205: Update request factory classes with matching APIs for Method and String method name inputs:
  BasicHttpRequests.create(String, URI)
  BasicHttpRequests.create(String, String)
  ClassicHttpRequests.create(Method, String)
  ClassicHttpRequests.create(Method, URI)
  SimpleHttpRequests.create(String, URI)
  SimpleHttpRequests.create(String, String)
  Contributed by Gary Gregory <ggregory at apache.org>

* GitHub #208: Do not use input type names in method names: 
  SimpleHttpRequest: Delete setBodyBytes(byte[], ContentType) in favor of setBody(byte[], ContentType)
  SimpleHttpRequest: Delete setBodyText(String, ContentType) in favor of setBody(String, ContentType)
  SimpleHttpResponse: Delete setBodyBytes(byte[], ContentType) in favor of setBody(byte[], ContentType)
  SimpleHttpResponse: Delete setBodyText(String, ContentType) in favor of setBody(String, ContentType)
  Contributed by Gary Gregory <ggregory at apache.org>


Release 5.0-BETA7
-----------------

This BETA release upgrades HttpCore to the latest version  and addresses a number of issues found
since the previous BETA release.

IMPORTANT: This release is expected to be the last BETA version. If no major
design flaws are found the actual 5.0 API will be frozen and the next version will be
promoted to GA.

Changelog:
-------------------

* Improved domain name normalization by DefaultHostnameVerifier.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* DefaultHostnameVerifier: Match DNS and CN names against ICANN domains.
  Contributed by Ryan Schmitt <rschmitt at apache.org>

* HTTPCORE-615: Implement HTTP-based cache serializer-deserializer.
  Contributed by Scott Gifford <sgifford at suspectclass.com>

* HTTPCLIENT-2040: Copy headers from the original request to the redirect request.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Removed RFC 2965 specific requirements deprecated and superseded by RFC 6265.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2035: Remove HttpRequestRetryHandler in favor of HttpRequestRetryStrategy.
  Contributed by Michael Osipov <michaelo at apache.org>

* HTTPCLIENT-2019: Remove ServiceUnavailableRetryStrategy in favor of HttpRequestRetryStrategy.
  Contributed by Michael Osipov <michaelo at apache.org>

* HTTPCLIENT-2034: Introduce HttpRequestRetryStrategy.
  Contributed by Michael Osipov <michaelo at apache.org>

* CloseableHttpAsyncClient to support explicit HttpHost execution parameter.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2020: DefaultBackoffStrategy to support TOO_MANY_REQUESTS (429).
  Contributed by Michael Osipov <michaelo at apache.org>

* HTTPCLIENT-2030: Fixed PublicSuffixMatcher#getDomainRoot behavior with invalid hostnames.
  Contributed by Niels Basjes <niels at basjes.nl>

* HTTPCLIENT-2028: Connection managers to allow 0 for `validateAfterInactivity` time value.
  Contributed by Peter Frank <pfrank at fandango.com>

* HTTPCLIENT-2023: Allow nested arrays and all primitive types in DefaultHttpCacheEntrySerializer.
  Contributed by Olof Larsson <olof at sylt.nu>



Release 5.0-BETA6
-------------------

This BETA release picks up the latest fixes and performance improvements from HttpCore
and addresses a number of issues found since the previous BETA release.

Changelog:
-------------------

* Fixed fallback PublicSuffixMatcher.
  Contributed by Ryan Schmitt <rschmitt at apache.org>

* Enforce h2 TLS rules after negotiating TLS, not before.
  Contributed by Ryan Schmitt <rschmitt at apache.org>

* HTTPCLIENT-2013: Revised handling of connect exceptions; improved consistency in behavior
  of the classic and async clients; ConnectTimeoutException now extends SocketTimeoutException.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Improved handling of request cancellation (classic API).
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Fixed concurrent use of threading unsafe ClassicHttpRequest messages.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Execute Socket#connect under doPrivileged.
  Contributed by Simon Willnauer <simonw at apache.org>

* HTTPCLIENT-2009: Fixed StringIndexOutOfBoundsException in AuthSupport#extractFromAuthority.
  Contributed by itonyli <429284840 at qq.com>

* Make Accept-Encoding header handling thread-safe.
  Contributed by Linton Miller <linton.miller at coxautoinc.com>



Release 5.0-BETA5
-------------------

This BETA release picks up the latest fixes and performance improvements from HttpCore
and addresses a number of issues found since the previous BETA release.

IMPORTANT: This release is expected to be the last BETA version. If no major
design flaws are found the actual 5.0 API will be frozen and the next version will be
promoted to GA.

Changelog:
-------------------

* Information response (1xx) processing support.
  Contributed by Kirill Usov <kirill.usov at gmail.com>

* HTTPCLIENT-1968: Preserve escaped PATHSAFE characters when normalizing URI path segments.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-1992: Impossible to access trailer-headers available in chunked transfer-encoding
  with classic API.
  Contributed by Serkan Turgut <sturgut at amazon.com>

* HTTPCLIENT-1991: incorrect handling of non-standard DNS entries by PublicSuffixMatcher.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Refactor to enable support for non-form based multipart requests
  Contributed by Adam Retter <adam.retter at googlemail.com>

* HTTPCLIENT-1981: disallow TRACE requests with an enclosed entity
  Contributed by Jay Modi <jay at elastic dot com>



Release 5.0-BETA4
-------------------

This BETA release picks up the latest fixes and performance improvements from HttpCore
and addresses a number of issues found since the previous BETA release.

Notable features in this release:

* Security improvements.

* URI handling improvements.


Changelog:
-------------------

* HTTPCLIENT-1976: Unsafe deserialization in DefaultHttpCacheEntrySerializer.
  Contributed by Artem Smotrakov <artem.smotrakov at gmail.com>

* HTTPCLIENT-1969: Filter out weak cipher suites.
  Contributed by Artem Smotrakov <artem.smotrakov at gmail.com>

* HttpClient should not retry requests in case of ConnectionClosedException
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Bug fix: Simple response consumer to discard stored content when releasing resources.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Bug fix: main async request execution handlers to release the associated response consumer
  upon exception.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Update Apache Commons Codec from 1.11 to 1.12.
  Contributed by Gary Gregory <ggregory at apache.org>

* Update RxJava from 2.2.2 to 2.2.7.
  Contributed by Gary Gregory <ggregory at apache.org>

* Update JNA from 5.0.0 to 5.2.0.
  Contributed by Gary Gregory <ggregory at apache.org>

* Some well known proxies respond with Content-Length=0, when returning 304. For robustness,
  always use the cached entity's content length, as modern browsers do.
  Contributed by Jayson Raymond <Jayson.Raymond15 at T-Mobile.com>

* HTTPCLIENT-1960: URIBuilder incorrect handling of multiple leading slashes in path component.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-1958: PoolingHttpClientConnectionManager to throw ExecutionException
  in case of a lease operation cancellation instead of InterruptedException.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Shutdown executorService on AbstractHttpAsyncClientBase shutdown.
  Contributed by 吴雪山 <xueshan.wu at ndkey.com.cn>

* [HTTPCLIENT-1952: Allow default User Agent to be disabled
  Contributed by Michael Osipov <michaelo at apache.org>

* Improve HttpResponseException#getMessage.
  Contributed by Michael Osipov <michaelo at apache.org>

* Better handling of http(s).proxyUser and http(s).proxyPassword
  Contributed by Jens Borgland <jborglan at tibco.com>

* Wrong argument name in PoolingAsyncClientConnectionManagerBuilder#setConnPoolPolicy results
  with self assignment of variable.
  Contributed by Eryk Szymanski <eszymanski at collab.net>



Release 5.0-BETA3
-------------------

This BETA release adds support for advanced TLS functions (such as ALPN protocol negotiation)
on Java 1.7 and Java 1.8 through Conscrypt TLS library and picks up the latest fixes
and performance improvements from HttpCore.

Notable features in this release:

* TLS ALPN protocol negotiation support on older JREs through Conscrypt TLS library.


Changelog:
-------------------

* Added optional dependency on conscrypt-openjdk-uber 1.4.1; support for advanced TLS functions
  (such as ALPN extension) on Java 1.7 and Java 1.8 through Conscrypt TLS library
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Removed OSGi module
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Removed experimental CredSsp auth scheme
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-1949: DigestScheme to use HttpRequest#getRequestUri instead of HttpRequest#getPath
  Contributed by Oleg Kalnichevski <olegk at apache.org>



Release 5.0-BETA2
-------------------

This BETA release resolves compatibility issues with Java 11 new TLS engine as well as
a number of defects found since the previous release.

Notable new features in this release:

* JDK 11 compatibility

* Support for request specific push consumers

* Support for Reactive Streams API [http://www.reactive-streams.org/]


Changelog:
-------------------

* Hack to make hostname verification work with TLSv1.3 resumed sessions.
  For details see https://markmail.org/message/mxf5v2d2gh6ws2j3
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Added builders for SSLConnectionSocketFactory and client TlsStrategy.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Added enum for supported TLS versions & TLS version parser.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-1946: handling of 308 status as per RFC 7538.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Upgraded HttpCore to version 5.0-beta5.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Async clients to support request specific push consumers.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-1944: Add hardCancellationEnabled option to RequestConfig.
  Contributed by Ryan Schmitt <ryansch at amazon.com>

* Overload Request's execute method to allow custom CloseableHttpClient.
  Contributed by Nicolas Gomez <nicolas at imogene.fr>

* Fix HttpClient 4.5.4 regression in BasicCookieStore serialization.
  Contributed by Mark Mielke <mmielke at ciena.com>

* HTTPCLIENT-1934: Default client TLS strategy passes wrong hostname to the hostname verifier.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-1882: reset authentication state on I/O or runtime error for connection based
  authentication schemes (such as NTLM).
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-1924: HttpClient to shut down the connection manager if a fatal error occurs
  in the course of a request execution.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Pooling connection managers to implement graceful and immediate shut down.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-1906: certificates containing alternative subject names other than DNS and IP
  (such as RFC822) get rejected as invalid.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-1904: check cookie domain for null
  Contributed by Hans-Peter Keck <hans-peter.keck at haufe-lexware.com>

* HTTPCLIENT-1900: proxy protocol processor in the CONNECT exec interceptor does not
  post-process CONNECT response messages.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-1898: Incorrect comment in example class ClientMultiThreadedExecution.java
  Contributed by Ulrich Romahn <ulrich at ulrichromahn dot net>
   
* HTTPCLIENT-1931: Add factory enum org.apache.hc.client5.http.classic.methods.ClassicHttpRequests
  Contributed by Gary Gregory <ggregory at apache.org>
  
* HTTPCLIENT-1932: Add factory enum org.apache.hc.client5.http.async.methods.HttpRequests
  Contributed by Gary Gregory <ggregory at apache.org>
  
* HTTPCLIENT-1939: Update Apache Commons Codec from 1.10 to 1.11
  Contributed by Gary Gregory <ggregory at apache.org>

* HTTPCLIENT-1947: Update JNA from 4.5.2 to 5.0.0
  Contributed by Gary Gregory <ggregory at apache.org>
  
Release 5.0-BETA1
-------------------

This is the first BETA release of HttpClient 5.0. The 5.0 release serices introduces
support for the HTTP/2 protocol and event driven messaging APIs consistent for all
supported HTTP protocol versions.

Changelog:
-------------------

* DefaultHostnameVerifier to use a custom distinguished name (DN) parser instead of LdapName.
  Removed dependency on Java Naming extensions.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTP/2 client implementations to support cancellation of ongoing message exchanges without
  terminating the underlying connections.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-1395: added config parameter to skip an extra cache entry freshness check upon
  cache update in case of a cache miss.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-1824, HTTPCLIENT-1384: asynchronous HTTP cache invalidator.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Redesign of CacheKeyGenerator and HttpCacheInvalidator APIs.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* New APIs for cache entry bulk retrieval; bulk retrieval support by Memcached storage
  implementation.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-1824, HTTPCLIENT-1868: Asynchronous HTTP cache storage API. Memcached backend
  implementation of async HTTP cache storage.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-1885: Content compression exec interceptor generates incorrect
  'Accept-Encoding' header value.
  Contributed by Oleg Kalnichevski <olegk at apache.org>



Release 5.0-ALPHA3
-------------------

This is a major release that introduces support for the HTTP/2 protocol and event driven
messaging APIs consistent for all supported HTTP protocol versions.

HttpClient ships with two client implementations:

* HttpClient Classic is based on the classic (blocking) I/O model; largely compatible
  with the 4.x APIs; supports HTTP/1.1 only.

* HttpClient Async is based on NIO model; new event driven APIs consistent for all supported
  HTTP protocol versions; supports both HTTP/1.1 and HTTP/2.


Notable new features in this release:

* Asynchronous HttpClient implementations optimized for HTTP/2 multiplexed request execution.

* Full support for HTTP caching by asynchronous HttpClient implementations including
  streaming message exchanages.


Notable changes and features included in the 5.0 series are:

* Support for the HTTP/2 protocol and conformance to requirements and
  recommendations of the latest HTTP/2 protocol specification documents
  (RFC 7540, RFC 7541.)

  Supported features:

    ** HPACK header compression
    ** Stream multiplexing (client and server)
    ** Flow control
    ** Response push
    ** Message trailers
    ** Expect-continue handshake
    ** Connection validation (ping)
    ** Application-layer protocol negotiation (ALPN) on Java 9.0.1+
    ** TLS 1.2 security features

* Improved conformance to requirements and recommendations of the latest HTTP/1.1 protocol
  specification documents (RFC 7230, RFC 7231.)

* Redesigned connection pool implementation with reduced pool lock contention.

* Package name space changed to 'org.apache.hc.client5'.

* Maven group id changed to 'org.apache.httpcomponents.client5'.

* Apache Log4j2 logging APIs used for internal logging instead of Commons Logging APIs.

HttpClient 5.0 releases can be co-located with earlier major versions on the same classpath
due to the change in package names and Maven module coordinates.

Please note that as of 5.0, HttpClient requires Java 1.7 or newer.


Changelog:
-------------------

* HttpAsyncClient implementations optimized for HTTP/2 multiplexed
  request execution.
  Contributed by Oleg Kalnichevski <olegk@apache.org>

* Improved Ehcache and Memcached storage backends.
  Contributed by Oleg Kalnichevski <olegk@apache.org>

* [HTTPCLIENT-1827] Full support for HTTP caching by asynchronous HTTP clients.
  Contributed by Oleg Kalnichevski <olegk@apache.org>

* Redesign of HTTP cache resource APIs.
  Contributed by Oleg Kalnichevski <olegk@apache.org>

* Deprecated Content-Transfer-Encoding field in MIME body parts per RFC 7578, section 4.7.
  Contributed by Oleg Kalnichevski <olegk@apache.org>

* [HTTPCLIENT-293] Implemented the percent encoding of the filename parameter of the Content-Disposition header.
  Contributed by Ioannis Sermetziadis <sermojohn@gmail.com>

* [HTTPCLIENT-1845]: Extract InputStreamFactory classes out of GzipDecompressingEntity and
  DeflateDecompressingEntity for reuse and to create less garbage.
  Contributed by Gary Gregory <ggregory at apache.org>

* [HTTPCLIENT-1858] Alleviate GC pressure due to wire logging.
  Contributed by Gary Gregory <ggregory at apache.org>

* Avoid fetching the cached entity twice on cache hit.
  Contributed by Leandro Nunes <a-lnunes@hotels.com>

* [HTTPASYNC-124] Add doPrivileged blocks to async client and connection manager builders
  Contributed by Jay Modi <jay at elastic dot co>



Release 5.0-ALPHA2
-------------------

This is a major release that introduces support for the HTTP/2 protocol and event driven
messaging APIs consistent for all supported HTTP protocol versions.

HttpClient ships with two client implementations:

* HttpClient Classic is based on the classic (blocking) I/O model; largely compatible
  with the 4.x APIs; supports HTTP/1.1 only.

* HttpClient Async is based on NIO model; new event driven APIs consistent for all supported
  HTTP protocol versions; supports both HTTP/1.1 and HTTP/2.


Notable changes and features included in the 5.0 series are:

* Partial support for the HTTP/2 protocol and conformance to requirements and
  recommendations of the latest HTTP/2 protocol specification documents 
  (RFC 7540, RFC 7541.)

  Supported features:

    ** HPACK header compression
    ** Stream multiplexing (client and server)
    ** Flow control
    ** Response push
    ** Message trailers
    ** Expect-continue handshake
    ** Connection validation (ping)
    ** Application-layer protocol negotiation (ALPN) on Java 1.9+
    ** TLS 1.2 security features

* Improved conformance to requirements and recommendations of the latest HTTP/1.1 protocol
  specification documents (RFC 7230, RFC 7231.)

* Redesigned connection pool implementation with reduced pool lock contention.

* Package name space changed to 'org.apache.hc.client5'.

* Maven group id changed to 'org.apache.httpcomponents.client5'.

* Apache Log4j2 logging APIs used for internal logging instead of Commons Logging APIs.


Features that are presently NOT supported:

* HTTP/2 transport (classic)

* HTTP tunneling (async)

* Automatic response content decompression (async)

* Caching (async)


HttpClient 5.0 releases can be co-located with earlier major versions on the same classpath
due to the change in package names and Maven module coordinates.

Please note that as of 5.0, HttpClient requires Java 1.7 or newer.

Please note that at this point 5.0 APIs are considered experimental and unstable and are
expected to change in the coming releases without providing a migration path.


Changelog:
-------------------

* [HTTPCLIENT-1714] Add HttpClientBuilder.setDnsResolver(DnsResolver).
  Contributed by Alexis Thaveau <alexis.thaveau at gmail.com>

* [HTTPCLIENT-1715] NTLMEngineImpl.Type1Message not thread safe but declared as a constant.
  Contributed by Olivier Lafontaine <olafontaine at gmail.com>, Gary Gregory <ggregory at apache.org>

* [HTTPCLIENT-1716] redirect handling of unsafe methods defined by RFC 7231.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1717] Make fluent API .Content.Content(byte[], ContentType) public.
  Contributed by Cash Costello <cash.costello at gmail.com>

* [HTTPCLIENT-1730] added #setValidateAfterInactivity to HttpClientBuilder.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1752] Allow to configure the OSGI clients with relaxed SSL checks.
  Contributed by Simone Tripodi <simonetripodi at apache.org>

* [HTTPCLIENT-1748] Improved compatibility with system authentication API in applets.
  Contributed by Sebastien Caille <sebastien.caille at gmail.com>

* [HTTPCLIENT-1786] Port from Apache Commons Logging to Apache Log4j 2.
  Contributed by Gary Gregory <ggregory at apache.org>

* [HTTPCLIENT-1817] Add a "Trust All" TrustStrategy implementation.
  Contributed by Gary Gregory <ggregory at apache.org>

* [HTTPCLIENT-1836] DefaultHostnameVerifier#getSubjectAltNames(X509Certificate) throws
  java.lang.ClassCastException.
  Contributed by Gary Gregory <ggregory at apache.org>, Ilian Iliev <ilian_iliev at yahoo.com>

* [HTTPCLIENT-1691] HttpClient instance used internally by HC Fluent to take system properties into
  account by default.
  Contributed by Oleg Kalnichevski <olegk at apache.org>



Release 5.0-ALPHA1
-------------------

This major release renders HttpClient API incompatible with the stable 4.x branch
and upgrades HTTP/1.1 protocol conformance to the requirements and recommendations of the latest
protocol specification. This release lays the foundation for transition to HTTP/2 as the primary
transport protocol in the future releases.

Notable changes and features included in the 5.0 series are:

* Improved conformance to requirements and recommendations of the latest HTTP/1.1 protocol
  specification (RFC 7230, RFC 7231, RFC 7235)

* Package name space changed to 'org.apache.hc.client5'

* Maven group id changed to 'org.apache.httpcomponents.client5'

* By default the maximum connections per route limit is set to 5

* By default connection request timeout and connect timeout are set to 3 minutes.

HttpClient 5.0 releases can be co-located with earlier versions, meaning you can have both 5.x and 
4.x on the classpath without experiencing jar hell.

Please note that as of 5.0 HttpClient requires Java 1.7 or newer.

Please note that at this point we consider 5.0 APIs experimental and unstable and expect them to 
change in the coming releases without providing a migration path.



Changelog:
-------------------

* [HTTPCLIENT-1575] route target port must be non negative
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1106] Use character arrays for passwords in Credentials objects
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* RFC 7235: redesign of HTTP authenticator and related classes
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* RFC 7231: parse capable of parsing multiple auth challenges
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* RFC 7231: DefaultServiceUnavailableRetryStrategy to take Retry-After header value into account if specified
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* RFC 7231: removed restriction on the use of relative URIs in Location header
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* RFC 7231: revised redirect handling
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* RFC 7231: do not generate header fields in TRACE requests containing sensitive data such as cookie and user
  credentials
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* RFC 7231: automatic retrial of idempotent methods
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* RFC 7230: increased the default max number of concurrent connection for the same route from 2 to 5
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Cache request line in HttpRequestWrapper
  Contributed by Dmitry Potapov <dpotapov at yandex-team.ru>

* [HTTPCLIENT-1651] Add ability to disable content compression on a request basis
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1696]: Add convenience methods to fluent API class Request.
  Contributed by Gary Gregory <ggregory @ apache.org>



Release 4.5.1
-------------------

HttpClient 4.5.1 (GA) is a maintenance release that fixes a number of minor defects found since 4.5.

Please note that as of 4.4 HttpClient requires Java 1.6 or newer.

Changelog:
-------------------

* [HTTPCLIENT-1680] redirect of a POST request causes ClientProtocolException.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1673] org.apache.http.entity.mime.content.* missing from OSGi exports.
  Contributed by Benson Margulies <benson at basistech.com>

* [HTTPCLIENT-1668] Fluent request incorrectly handles connect timeout setting.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1667] RequestBuilder does not take charset into account when creating
  UrlEncodedFormEntity.
  Contributed by Sergey Smith <smithsv at bk.ru>

* [HTTPCLIENT-1655] HttpClient sends RST instead of FIN ACK sequence when using non-persistant
  connections.
  Contributed by Oleg Kalnichevski <olegk at apache.org>


Release 4.5
-------------------

HttpClient 4.5 (GA) is a minor feature release that includes several incremental enhancements
to the exisitng functionality such as support for private domains in the Mozilla Public Suffix List.

Changelog:
-------------------

* Reduced default validate after inactivity setting from 5 sec to 2 sec.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1649] Fixed serialization of auth schemes.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1645]: Fluent requests to inherit config parameters of the executor.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1640]: RFC6265 lax cookie policy fails to parse 'max-age' attribute.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1633]: RFC6265CookieSpecProvider compatibility level setting has no effect.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1613]: Support for private domains in Mozilla Public Suffix List.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1651]: Add ability to disable content compression on a request basis.
  Contributed by Michael Osipov <michaelo at apache.org>

* [HTTPCLIENT-1654]: Deprecate/remove RequestConfig#decompressionEnabled in favor of #contentCompressionEnabled.
  Contributed by Michael Osipov <michaelo at apache.org>


Release 4.4.1
-------------------

HttpClient 4.4.1 (GA) is a maintenance release that fixes a number of defects in new functionality
introduced in version 4.4.

Users of HttpClient 4.4 are encouraged to upgrade.

Please note that as of 4.4 HttpClient requires Java 1.6 or newer.

Changelog:
-------------------

* Marked RFC 2109, RFC 2965, Netscape draft cookie specs as obsolete.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1633] RFC6265CookieSpecProvider compatibility level setting has no effect.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1628]: Auth cache can fail when domain name contains uppercase characters.
  Contributed by Dennis Ju <dejuknow at gmail.com>

* [HTTPCLIENT-1609] Stale connection check in PoolingHttpClientConnectionManager has no effect.
  Internal connection pool does not correctly implement connection validation.
  Contributed by Charles Lip <rene1 at singnet.com.sg>



Release 4.4 Final
-------------------

This is the first stable (GA) release of HttpClient 4.4. Notable features and enhancements included
in 4.4 series are:

* Support for the latest HTTP state management specification (RFC 6265). Please note that the old
cookie policy is still used by default for compatibility reasons. RFC 6265 compliant cookie
policies need to be explicitly configured by the user. Please also note that as of next feature
release support for Netscape draft, RFC 2109 and RFC 2965 cookie policies will be deprecated
and disabled by default. It is recommended to use RFC 6265 compliant policies for new applications
unless compatibility with RFC 2109 and RFC 2965 is required and to migrate existing applications
to the default cookie policy.

* Enhanced, redesigned and rewritten default SSL hostname verifier with improved RFC 2818
compliance.

* Default SSL hostname verifier and default cookie policy now validate certificate identity
and cookie domain of origin against the public suffix list maintained by Mozilla.org
<https://publicsuffix.org/list>

* More efficient stale connection checking: indiscriminate connection checking which results
in approximately 20 to 50 ms overhead per request has been deprecated in favor of conditional
connection state validation (persistent connections are to be re-validated only if a specified
period inactivity has elapsed.)

* Authentication cache thread-safety: authentication cache used by HttpClient is now thread-safe
and can be shared by multiple threads in order to re-use authentication state for subsequent
requests.

* Native Windows Negotiate and NTLM via SSPI through JNA: when running on Windows OS HttpClient
configured to use native NTLM or SPNEGO authentication schemes can make use of platform specific
functionality via JNA and current user credentials. This functionality is still considered
experimental, known to have compatibility issues and subject to change without prior notice.
Use at your discretion.

This release also includes all fixes from the stable 4.3.x release branch.

Please note that as of 4.4 HttpClient requires Java 1.6 or newer.


Changelog:
-------------------

* Support for the latest HTTP state management specification (RFC 6265).
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1515] Caching of responses to HEAD requests
  Contributed by Tyrone Cutajar <tj.cutajar at gmail.com> and
  Francois-Xavier Bonnet <fx at apache.org>

* [HTTPCLIENT-1560] Native Windows auth improvements.
  Contributed by Michael Osipov <michaelo at apache.org>

* Update Apache Commons Logging version from 1.1.3 to 1.2.
  Contributed by Gary Gregory <ggregory at apache.org>

* Update Apache Commons Codec version from 1.6 to 1.9.
  Contributed by Gary Gregory <ggregory at apache.org>

* Update Ehcache version from 2.2.0 to 2.6.9.
  Contributed by Gary Gregory <ggregory at apache.org>

* Update Ehcache version from 2.2.0 to 2.6.9.
  Contributed by Gary Gregory <ggregory at apache.org>

* Update Spymemcached version from 2.6 to 2.11.4.
  Contributed by Gary Gregory <ggregory at apache.org>

* Update SLF4J version from 1.5.11 to 1.7.7.
  Contributed by Gary Gregory <ggregory at apache.org>





Release 4.4 BETA1
-------------------

This is the first BETA release of HttpClient 4.4. Notable features and enhancements included
in 4.4 series are:

* Enhanced redesigned and rewritten default SSL hostname verifier with improved RFC 2818
compliance

* Default SSL hostname verifier and default cookie policy now validate certificate identity
and cookie domain of origin against the public suffix list maintained by Mozilla.org
<https://publicsuffix.org/list>

* Native windows Negotiate/NTLM via JNA: when running on Windows OS HttpClient configured to use
native NTLM or SPNEGO authentication schemes can make use of platform specific functionality
via JNA and current user system credentials

* More efficient stale connection checking: indiscriminate connection checking which results
in approximately 20 to 50 ms overhead per request has been deprecated in favor of conditional
connection state validation (persistent connections are to be re-validated only if a specified
period inactivity has elapsed)

* Authentication cache thread-safety: authentication caches used by HttpClient is now thread-safe
and can be shared by multiple threads in order to re-use authentication state for subsequent
requests

This release also includes all fixes from the stable 4.3.x release branch.

Please note that as of 4.4 HttpClient requires Java 1.6 or newer.


Changelog:
-------------------

* [HTTPCLIENT-1547] HttpClient OSGi bundle doesn't import the package "javax.naming".
  Contributed by Willem Jiang <ningjiang at apache.org>

* [HTTPCLIENT-1541] Use correct (HTTP/hostname) service principal name for Windows native
  Negotiate/NTLM auth schemes.
  Contributed by Ka-Lok Fung <ka-lok.fung at sap.com>

* Improved compliance with RFC 2818: default hostname verifier to ignore the common name of the
  certificate subject if alternative subject names (dNSName or iPAddress) are present.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1540] Support delegated credentials (ISC_REQ_DELEGATE) by Native windows
  native Negotiate/NTLM auth schemes.
  Contributed by Ka-Lok Fung <ka-lok.fung at sap.com>



Release 4.4 ALPHA1
-------------------

This is the first ALPHA release of HttpClient 4.4. Notable features and enhancements included
in the 4.4 branch are:

* More efficient stale connection checking: indiscriminate connection checking which results
in approximately 20 to 50 ms overhead per request has been deprecated in favor of conditional
connection state validation (persistent connections are to be re-validated only if a specified
period inactivity has elapsed)

* Native windows Negotiate/NTLM via JNA: when running on Windows OS HttpClient configured to use
native NTLM or SPNEGO authentication schemes can make use of platform specific functionality
via JNA and current user system credentials

* Authentication cache thread-safety: authentication caches used by HttpClient is now thread-safe
and can be shared by multiple threads in order to re-use authentication state for subsequent
requests

This release also includes all fixes from the stable 4.3.x release branch.

Please note that as of 4.4 HttpClient requires Java 1.6 or newer.

Please note that new features included in this release are still considered experimental and
their API may change in the future 4.4 alpha and beta releases.


Changelog:
-------------------

* [HTTPCLIENT-1493] Indiscriminate connection checking has been deprecated in favor of conditional
  connection state validation. Persistent connections are to be re-validated only after a defined
  period inactivity prior to being leased to the consumer.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1519] Use the original HttpHost instance passed as a parameter to
  HttpClient#execute when generating 'Host' request header.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1491] Enable provision of Service Principal Name in Windows native
  auth scheme.
  Contributed by Malcolm Smith <malcolmfsmith at gmail.com>

* [HTTPCLIENT-1403] Pluggable content decoders.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1466] FileBodyPart#generateContentType() ignores custom ContentType values.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1461] fixed performance degradation in gzip encoded content processing
  introduced by HTTPCLIENT-1432.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1457] Incorrect handling of Windows (NT) credentials by
  SystemDefaultCredentialsProvider.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1456] Request retrial after status 503 causes ClientProtocolException.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1454] Make connection operator APIs public.
  Contributed by Tamas Cservenak <tamas at cservenak.net>

* Update JUnit to version 4.11 from 4.9
  Contributed by Gary Gregory <ggregory at apache.org>



Release 4.3.4
-------------------

HttpClient 4.3.4 (GA) is a maintenance release that improves performance in high concurrency
scenarios. This version replaces dynamic proxies with custom proxy classes and eliminates thread
contention in java.reflect.Proxy.newInstance() when leasing connections from the connection pool
and processing response messages.


Changelog:
-------------------

* Replaced dynamic proxies with custom proxy classes to reduce thread contention.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1484] GzipCompressingEntity should not close the underlying output stream
  if the entity has not been fully written out due to an exception.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1474] Fixed broken entity enclosing requests in HC Fluent.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1470] CachingExec(ClientExecChain, HttpCache, CacheConfig, AsynchronousValidator)
  throws NPE if config is null




Release 4.3.3
-------------------

HttpClient 4.3.3 (GA) is a bug fix release that fixes a regression introduced by the previous
release causing a significant performance degradation in compressed content processing.

Users of HttpClient 4.3 are encouraged to upgrade.

Changelog:
-------------------

* [HTTPCLIENT-1466] FileBodyPart#generateContentType() ignores custom ContentType values.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1453] Thread safety regression in PoolingHttpClientConnectionManager
  #closeExpiredConnections that can lead to ConcurrentModificationException.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1461] fixed performance degradation in compressed content processing
  introduced by HTTPCLIENT-1432.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1457] Incorrect handling of Windows (NT) credentials by
  SystemDefaultCredentialsProvider.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1456] Request retrial after status 503 causes ClientProtocolException.
  Contributed by Oleg Kalnichevski <olegk at apache.org>


Release 4.3.2
-------------------

HttpClient 4.3.2 (GA) is a maintenance release that delivers a number of improvements
as well as bug fixes for issues reported since 4.3.1 release. SNI support for
Oracle JRE 1.7+ is being among the most notable improvements.

Users of HttpClient 4.3 are encouraged to upgrade.

Changelog:
-------------------

* [HTTPCLIENT-1447] Clients created with HttpClients.createMinimal do not work with absolute URIs
  Contributed by Joseph Walton <joe at kafsemo dot org>

* [HTTPCLIENT-1446] NTLM proxy + BASIC target auth fails with 'Unexpected state:
  MSG_TYPE3_GENERATED'.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1443] HttpCache uses the physical host instead of the virtual host as a cache key.
  Contributed by Francois-Xavier Bonnet <fx at apache.org>

* [HTTPCLIENT-1442] Authentication header set by the user gets removed in case
  of proxy authentication (affects plan HTTP requests only).
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1441] Caching AsynchronousValidationRequest leaks connections.
  Contributed by Dominic Tootell <dominic.tootell at gmail.com>

* [HTTPCLIENT-1440] 'file' scheme in redirect location URI causes NPE.
  Contributed by James Leigh <james at 3roundstones dot com>

* [HTTPCLIENT-1437] Made Executor#execute thread safe.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1119] SNI support (Oracle Java 1.7+ only).
  Contributed by Bruno Harbulot <bruno at distributedmatter.net>

* [HTTPCLIENT-1435] Fluent Executor ignores custom request properties.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1432] Lazy decompressing of HttpEntity#getContent() to avoid EOFException
  in case of an empty response with 'Content-Encoding: gzip' header.
  Contributed by Yihua Huang <code4crafter at gmail.com>

* [HTTPCLIENT-1431] (Regression) deprecated connection manager cannot be used with
  a custom LayeredSchemeSocketFactory.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1425] Fixed socket closed exception thrown by caching HttpClient when the origin
  server sends a long chunked response.
  Contributed by James Leigh <james at 3roundstones dot com>

* [HTTPCLIENT-1417] Fixed NPE in BrowserCompatSpec#formatCookies caused by version 1
  cookies with null cookie value.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1416] Fixed NPE in CachingHttpClientBuilder#build().
  Contributed by Oleg Kalnichevski <olegk at apache.org>



Release 4.3.1
-------------------

HttpClient 4.3.1 (GA) is a bug fix release that addresses a number of issues reported since
release 4.3.

Users of HttpClient 4.3 are strongly encouraged to upgrade.

Changelog
-------------------

* [HTTPCLIENT-1410] Browser compatible hostname verifier no longer rejects
  *.co.<countrycode>, *.gov.<countrycode>, *.info.<countrycode>, etc as invalid.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Ensure X509HostnameVerifier is never null.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1405] CONNECT HTTP/1.1 requests lack mandatory 'Host' header.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1402] Cache default User-Agent value.
  Contributed by yuexiaojun <junedo at qq.com>

* [HTTPCLIENT-1398] Fixed invalid OSGi metadata caused by corrupted Maven bundle plugin metadata.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1399] Fixed NPE in RequestBuilder.
  Contributed by Oleg Kalnichevski <olegk at apache.org>




Release 4.3 Final
-------------------

This is the first stable (GA) release of HttpClient 4.3. The most notable enhancements included
in this release are:

* Support for Java 7 try-with-resources for resource management (connection release.)

* Added fluent Builder classes for HttpEntity, HttpRequest, HttpClient and SSLContext instances.

* Deprecation of preference and configuration API based on HttpParams interface in favor of
constructor injection and plain configuration objects.

* Reliance on object immutability instead of access synchronization for thread safety.
Several old classes whose instances can be shared by multiple request exchanges have
been replaced by immutable equivalents.

* DefaultHttpClient,  DecompressingHttpClient, CachingHttpClient and similar classes are
deprecated in favor of builder classes that produce immutable HttpClient instances.

* HttpClient builders now dynamically construct a request execution pipeline tailored
specifically to the user configuration by physically excluding unnecessary protocol components.

* There is now an option to construct a minimal HttpClient implementation that can only execute
basic HTTP message exchanges without redirects, authentication, state management or proxy support.
This feature might be of particular use in web crawler development.

* There is now option to avoid strict URI syntax for request URIs by executing HTTP requests
with an explicitly specified target host. HttpClient will no longer attempt to parse the request
URI if it does not need to extract the target host from it.

This release also includes all fixes from the stable 4.2.x release branch.


Changelog
-------------------
* [HTTPCLIENT-1371] Weak ETag Validation is Useful On PUT With If-Match
  Contributed by James Leigh <james at 3roundstones dot com>

* [HTTPCLIENT-1394] Support for Native windows Negotiate/NTLM via JNA
  Contributed by Ryan McKinley <ryan at apache.org>

* [HTTPCLIENT-1384] Expose CacheInvalidator interface.
  Contributed by Nicolas Richeton <nicolas.richeton at free.fr>

* [HTTPCLIENT-1385] Fixed path normalization in CacheKeyGenerator
  Contributed by James Leigh <james at 3roundstones dot com>

* [HTTPCLIENT-1370] Response to non-GET requests should never be cached with the default
  ResponseCachingPolicy
  Contributed by James Leigh <james at 3roundstones dot com>

* [HTTPCLIENT-1373] OPTIONS and TRACE should not invalidate cache
  Contributed by James Leigh <james at 3roundstones dot com>

* [HTTPCLIENT-1383] HttpClient enters an infinite loop during NTLM authentication if the opposite
  endpoint keeps responding with a type 2 NTLM response after type 3 MTLM message has already been
  sent by the client.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1372] Refactor HttpMultipart, and add RFC6532 mode, so that headers in post
  are no longer constrained to ASCII values.
  Contributed by Karl Wright <kwright at apache.org>

* [HTTPCLIENT-1377] User principal for non-NTLM authentication is incorrectly generated when using
  user credentials are specified as NTCredentials
  Contributed by Gary Gregory <ggregory at apache.org>



Release 4.3 BETA2
-------------------

This is the second BETA release of HttpClient 4.3. The most notable features and improvements
in the 4.3 branch are: Support for Java 7  try-with-resources for resource management (connection
release); fluent Builder classes for HttpEntity, HttpRequest and HttpClient instances, deprecation
of preference and configuration API based on HttpParams interface in favor of constructor injection
and plain configuration objects, reliance on object immutability instead of access synchronization
for thread safety.

This release also includes all fixes from the stable 4.2.x release branch.

Changelog
-------------------


* [HTTPCLIENT-1366] org.apache.http.client.utils.URLEncodedUtils should parse the semicolon as a query parameter separator.
  Contributed by Gary Gregory <ggregory at apache.org>

* [HTTPCLIENT-1365] NPE when ManagedHttpClientConnectionFactory.create(ConnectionConfig) is called with null.
  Contributed by Gary Gregory <ggregory at apache.org>

* [HTTPCLIENT-1362] Better error messages for connect timed out and connection refused
  exceptions.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1360] separate out DeflateInputStream as an independent class,
  so it can be used by others.
  Contributed by Karl Wright <kwright at apache.org>

* [HTTPCLIENT-1359] repeated requests using the same context fail if they redirect.
  Contributed by James Leigh <james at 3roundstones.com>

* [HTTPCLIENT-1354] do not quote algorithm parameter in DIGEST auth response.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1351] Added utility method to resolve final location from original request,
  target host and a list of redirects.
  Contributed by James Leigh <james at 3roundstones.com>

* [HTTPCLIENT-1344] Userinfo credentials in URI should not default to preemptive BASIC
  authentication.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1345] Useinfo credentials ignored in redirect location header.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1294] HttpClient to rewrite host name of the redirect location URI in order
  to avoid circular redirect exception due to host name case mismatch.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1264] Add support for multiple levels of browser compatibility
  to BrowserCompatSpec and BrowserCompatSpecFactory.  Include constructor
  argument for IE medium-security compatibility.
  Contributed by Karl Wright (kwright at apache.org)

* [HTTPCLIENT-1349] SSLSocketFactory incorrectly identifies key passed with keystore as
  the keystore password.
  Contributed by David Graff <djgraff209 at gmail.com>

* [HTTPCLIENT-1346] Ensure propagation of SSL handshake exceptions.
  Contributed by Pasi Eronen <pe at iki.fi>

* [HTTPCLIENT-1343] SSLSocketFactory optional parameters for supported SSL protocols and cipher
  suites.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1238] Contribute Bundle Activator And Central Proxy Configuration.
  Contributed by Simone Tripodi <simonetripodi at apache.org>

* [HTTPCLIENT-1299] (regression) cache incorrectly disposes of the underlying cache resource
  when storing variant entry.
  Contributed by James Leigh <james at 3roundstones.com>

* [HTTPCLIENT-1342] Redirects with underscore character in the location hostname cause
  "java.lang.IllegalArgumentException: Host name may not be null".
  Contributed by Oleg Kalnichevski <olegk at apache.org>



Release 4.3 BETA1
-------------------

This is the first BETA release of HttpClient 4.3. The 4.3 branch enhances HttpClient in several
key areas and includes several notable features and improvements: Support for Java 7
try-with-resources for resource management (connection release); fluent Builder classes for
HttpEntity, HttpRequest and HttpClient instances, deprecation of preference and configuration API
based on HttpParams interface in favor of constructor injection and plain configuration objects,
reliance on object immutability instead of access synchronization for thread safety.

This release also includes all fixes from the stable 4.2.x release branch.


Changelog
-------------------

* [HTTPCLIENT-1317] InetAddressUtils should handle IPv6 Addresses with Embedded IPv4 Addresses
  Contributed Sebastian Bazley <sebb at apache.org>.

* [HTTPCLIENT-1320] Leverage javax.net.ssl.SSLSocketFactory#getDefault() to initialize SSL context
  based on system defaults instead of using an internal custom routine.
  Contributed by Abe Backus <abraham at backus.com> and Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1316] Certificate verification rejects IPv6 addresses which are not String-equal.
  Contributed Sebastian Bazley <sebb at apache.org>.

* [HTTPCLIENT-1307] Future based asynchronous request execution.
  Contributed by Jilles van Gurp <jilles at jillesvangurp.com>

* [HTTPCLIENT-1313] Fixed IllegalStateException in deprecated ThreadSafeClientConnManager.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1298] Add AsynchronousValidator in HttpClientBuilder's list of closeable objects.
  Contributed by Martin Meinhold <mmeinhold at atlassian.com>



Release 4.3 ALPHA1
-------------------

This is the first ALPHA release of HttpClient 4.3. The 4.3 branch enhances HttpClient in several
key areas and includes several notable features and improvements: Support for Java 7
try-with-resources for resource management (connection release); fluent Builder classes for
HttpEntity, HttpRequest and HttpClient instances, deprecation of preference and configuration API
based on HttpParams interface in favor of constructor injection and plain configuration objects,
reliance on object immutability instead of access synchronization for thread safety.

We are kindly asking all upstream projects to review API changes and help us improve
the APIs by providing feedback and sharing ideas on dev@hc.apache.org.

This release also includes all fixes from the stable 4.2.x release branch.

Please note that new features included in this release are still considered experimental and
their API may change in the future 4.3 alpha and beta releases.


Changelog
-------------------

* [HTTPCLIENT-1250] Allow query string to be ignored when determining cacheability for
  HTTP 1.0 responses.
  Contributed by Don Brown <mrdon at twdata.org>

* [HTTPCLIENT-1261] Make SystemDefaultHttpClient honor http.agent system property.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-900] Don't enforce URI syntax for messages with an explicit target host.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1190] HttpClient cache does not support "Vary: Cookie"
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1259] Calling #abort() on requests executed with DecompressingHttpClient has no
  effect.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1253] URIBuilder setParameter() method could exceed the HTTP header size.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1216] Added method to force clean thread-local used by DateUtils.
  Contributed by Oleg Kalnichevski <olegk at apache.org>


Release 4.2.3
-------------------

HttpClient 4.2.3 (GA) is a bug fix release that addresses a number of issues reported since
release 4.2.2. This release also includes a thoroughly reworked NTLM authentication engine
which should result in a better compatibility with the newest Microsoft products.

Users of HttpClient 4.x are advised to upgrade.

Changelog
-------------------

* [HTTPCLIENT-1296] NPE gets thrown if you combine a default host with a virtual host
  that has a -1 value for the port.
  Contributed by Karl Wright <daddywri at gmail.com>

* [HTTPCLIENT-1290] 304 cached response never reused with If-modified-since conditional
  requests.
  Contributed by Francois-Xavier Bonnet <francois-xavier.bonnet at centraliens.net>

* [HTTPCLIENT-1291] Absolute request URIs without an explicitly specified path are rewritten
  to have "/" path).
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1286] Request URI rewriting is inconsistent - URI fragments are not removed
  from absolute request URIs.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1284] HttpClient incorrectly generates Host header when physical connection
  route differs from the host name specified in the request URI.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1293] Kerberos and SPNego auth schemes use incorrect authorization header name
  when authenticating with a proxy.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1283] NTLM needs to use Locale-independent form of
  toUpperCase().
  Contributed by Karl Wright <DaddyWri at gmail.com>

* [HTTPCLIENT-1279] Target host responding with status 407 (proxy authentication required)
  causes an NPE.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1281] GzipDecompressingEntity does not release InputStream when an IOException
  occurs while reading the Gzip header
  Contributed by Francois-Xavier Bonnet <francois-xavier.bonnet at centraliens.net>

* [HTTPCLIENT-1277] Caching client sends a 304 to an unconditional request.
  Contributed by Francois-Xavier Bonnet <francois-xavier.bonnet at centraliens.net>

* [HTTPCLIENT-1278] Update NTLM documentation.
  Contributed by Karl Wright <DaddyWri at gmail.com>

* SystemDefaultHttpClient misinterprets 'http.keepAlive' default value and disables
  connection persistence if the system property is not set. This causes connection
  based authentication schemes such as NTLM to fail.

* [HTTPCLIENT-1276] cache update on a 304 response causes NPE.
  Contributed by Francois-Xavier Bonnet <francois-xavier.bonnet at centraliens.net>

* [HTTPCLIENT-1273] DecompressingHttpClient does not automatically consume response
  content in case of an i/o, HTTP or runtime exception thrown by the decompressing
  protocol interceptor leading to a potential connection leak.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1268] NTLM engine refactor fix, to correct a buffer overrun, and get NTLMv2
  flags right.
  Contributed by Karl Wright <DaddyWri at gmail.com>

* [HTTPCLIENT-1266] NTLM engine refactoring and compatibility improvements.
  Contributed by Karl Wright <DaddyWri at gmail.com>

* [HTTPCLIENT-1263] BrowserCompatSpec: attribute values containing spaces or special characters
  should be enclosed with quotes marks for version 1 cookies.
  Contributed by Francois-Xavier Bonnet <francois-xavier.bonnet at centraliens.net>

* [HTTPCLIENT-1263] CachingHttpClient fails to release connections back to the connection
  manager for some type of HTTP response messages when used together with DecompressingHttpClient.
  Contributed by Francois-Xavier Bonnet <francois-xavier.bonnet at centraliens.net>

* [HTTPCLIENT-1258] Fixed NullPointerException in NTLMEngineImpl caused by null NT domain
  attribute.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1254] Redirect with underscore in hostname causes ProtocolException.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1255] AbstractVerifier incorrectly parses certificate CN containing wildcard.
  Contributed by Oleg Kalnichevski <olegk at apache.org>



Release 4.2.2
-------------------

HttpClient 4.2.2 (GA) is a bug fix release that addresses a number of issues reported since
release 4.2.1.

Users of HttpClient 4.2 are advised to upgrade.

Changelog
-------------------

* [HTTPCLIENT-1248] Default and lax redirect strategies should not convert requests redirected
  with 307 status to GET method.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1215] BasicAuthCache does not take default ports into consideration when
  looking up cached authentication details by HttpHost key.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1241] (regression) Preemptive BASIC authentication failure should be considered
  final and no further attempts to re-authenticate using the same credentials should be made.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1229] Fixed NPE in BasicClientConnectionManager that can be triggered by releasing
  connection after the connection manager has already been shut down.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1227] Date parsing in DateUtils made more efficient.
  Contributed by Patrick Linskey <pcl at apache.org>

* [HTTPCLIENT-1224] (regression) NTLM auth not retried after a redirect over a non-persistent
  connection.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1223] Cache could be more aggressive on cache invalidations
  from Content-Location. Contributed by Jon Moore <jonm at apache.org>.
  Contributed by Jon Moore <jonm at apache.org>

* [HTTPCLIENT-1217] AutoRetryHttpClient does not release connection used by the previous response
  when request is retried
  Contributed by Oleg Kalnichevski <olegk at apache.org>



Release 4.2.1
-------------------

HttpClient 4.2.1 (GA) is a bug fix release that addresses a number of issues reported since
release 4.2.

Users of HttpClient 4.2 are advised to upgrade.

Changelog
-------------------

* [HTTPCLIENT-1209] Redirect URIs are now normalized.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1202] ResponseCachingPolicy should honor explicit cache-control
  directives for other status codes
  Contributed by Jon Moore <jonm at apache.org>

* [HTTPCLIENT-1199] DecompressingHttpClient strips content from entity enclosing requests
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1198] HttpHost is not set in HttpContext in CachingHttpClient.
  Contributed by Jon Moore <jonm at apache.org>

* [HTTPCLIENT-1200] DecompressingHttpClient fails to generate correct HttpHost context attribute.
  Contributed by Guillaume Castagnino <casta+jira at xwing.info>

* [HTTPCLIENT-1192] URIBuilder encodes query parameters twice.
  Contributed by Oleg Kalnichevski <olegk at apache.org> and Sebastian Bazley <sebb at apache.org>.

* [HTTPCLIENT-1196] Fixed NPE in UrlEncodedFormEntity constructor thrown if charset is null.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1193] Fixed regression in the route tracking logic of the default connection manager
  causing cross-site redirect failures.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

Release 4.2
-------------------

This is the first stable (GA) release of HttpClient 4.2. The most notable enhancements included
in this release are:

* New facade API for HttpClient based on the concept of a fluent interface. The fluent API exposes
  only the most fundamental functions of HttpClient and is intended for relatively simple use cases
  that do not require the full flexibility of HttpClient. However, the fluent API almost fully
  relieves the users from having to deal with connection management and resource deallocation.

* Redesigned and rewritten connection management code.

* Enhanced HTTP authentication API that enables HttpClient to handle more complex authentication
  scenarios. HttpClient 4.2 is now capable of making use of multiple authentication challenges
  and retry authentication with a fall-back scheme in case the primary one fails. This can be
  important for compatibility with Microsoft products that are often configured to use
  SPNEGO/Kerberos as the preferred authentication scheme.


Changelog
-------------------

* [HTTPCLIENT-1187] If a revalidation response is deemed too old CachingHttpClient fails to
  consume its content resulting in a connection leak.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1186] State of newly created connections in the connection pool is not always
  correctly updated potentially allowing those connections to be leased to users with a different
  security context.
  Contributed by Ralf Poehlmann <rpn at methodpark.de>

* [HTTPCLIENT-1179] Upgraded Commons Codec dependency to version 1.6
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1177] always remove fragments from request URIs
  Contributed by Oleg Kalnichevski <olegk at apache.org>

Incompatible changes
--------------------
[Compared to release version 4.1.3]

The following fields have been deprecated for some time now and have been deleted:

org.apache.http.client.params.ClientPNames#CONNECTION_MANAGER_FACTORY
org.apache.http.impl.cookie.BrowserCompatSpec#DATE_PATTERNS

The following methods have been deprecated for some time now and have been deleted:

org.apache.http.client.params.ClientParamBean#setConnectionManagerFactory(org.apache.http.conn.ClientConnectionManagerFactory)
org.apache.http.client.protocol.ClientContextConfigurer#setAuthSchemePref(java.util.List)
org.apache.http.entity.mime.content.FileBody#writeTo(java.io.OutputStream, int)
org.apache.http.entity.mime.content.InputStreamBody#writeTo(java.io.OutputStream, int)
org.apache.http.entity.mime.content.StringBody#writeTo(java.io.OutputStream, int)

The following classes have been deprecated for some while now and have been deleted:

org.apache.http.impl.conn.tsccm.RefQueueHandler
org.apache.http.impl.conn.tsccm.AbstractConnPool no longer implements interface org.apache.http.impl.conn.tsccm.RefQueueHandler
org.apache.http.impl.conn.tsccm.ConnPoolByRoute no longer implements interface org.apache.http.impl.conn.tsccm.RefQueueHandler
org.apache.http.impl.conn.tsccm.RefQueueWorker



Release 4.2 BETA1
-------------------

This is the first BETA release of HttpClient 4.2. This release completes development of several
notable enhancements in HttpClient:

* New facade API for HttpClient based on the concept of a fluent interface. The fluent API exposes
  only the most fundamental functions of HttpClient and is intended for relatively simple use cases
  that do not require the full flexibility of HttpClient. However, the fluent API almost fully
  relieves the users from having to deal with connection management and resource deallocation.

* Redesigned and rewritten connection management code. As of release 4.2 HttpClient will be using
  pooling connection manager per default.

* Enhanced HTTP authentication API that enables HttpClient to handle more complex authentication
  scenarios. HttpClient 4.2 is now capable of making use of multiple authentication challenges
  and retry authentication with a fall-back scheme in case the primary one fails. This can be
  important for compatibility with Microsoft products that are often configured to use
  SPNEGO/Kerberos as the preferred authentication scheme.


Changelog
-------------------

* [HTTPCLIENT-1164] Compressed entities are not being cached properly.
  Contributed by Jon Moore <jonm at apache dot org>.

* [HTTPCLIENT-1154] MemcachedHttpCacheStorage should allow client to
  specify custom prefix string for keys.
  Contributed by Jon Moore <jonm at apache dot org>.

* [HTTPCLIENT-1153] MemcachedHttpCacheStorage uses URL as cache key;
  shouldn't due to fixed maximum-length memcached keys.
  Contributed by Jon Moore <jonm at apache dot org>.

* [HTTPCLIENT-1157] MemcachedHttpCacheStroage should throw IOExceptions
  instead of RuntimeExceptions.
  Contributed by James Miller <jamesmiller01 at gmail dot com>.

* [HTTPCLIENT-1152] MemcachedHttpCacheStorage should verify class of
  returned object before casting.
  Contributed by Rajika Kumarasiri <rajika at wso2 dot com>.

* [HTTPCLIENT-1155] CachingHttpClient fails to ensure that the response content gets fully consumed
  when using a ResponseHandler, which can potentially lead to connection leaks.
  Contributed by James Miller <jamesmiller01 at gmail dot com>

* [HTTPCLIENT-1147] When HttpClient-Cache cannot open cache file, should act like miss.
  Contributed by Joe Campbell <joseph.r.campbell at gmail.com>

* [HTTPCLIENT-1137] Values for the Via header are cached and reused by httpclient-cache.
  Contributed by Alin Vasile <alinachegalati at yahoo dot com>

* [HTTPCLIENT-1142] Infinite loop on NTLM authentication failure.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1143] CachingHttpClient leaks connections with stale-if-error.
  Contributed by James Miller <jamesmiller01 at gmail dot com>

Release 4.2 ALPHA1
-------------------

This is the first ALPHA release of HttpClient 4.2. The 4.2 branch enhances HttpClient in several
key areas and includes several notable features and improvements:

* New facade API for HttpClient based on the concept of a fluent interface. The fluent API exposes
  only the most fundamental functions of HttpClient and is intended for relatively simple use cases
  that do not require the full flexibility of HttpClient. However, the fluent API almost fully
  relieves the users from having to deal with connection management and resource deallocation.

* Redesigned and rewritten connection management code. As of release 4.2 HttpClient will be using
  pooling connection manager per default.

* Enhanced HTTP authentication API that enables HttpClient to handle more complex authentication
  scenarios. HttpClient 4.2 is now capable of making use of multiple authentication challenges
  and retry authentication with a fall-back scheme in case the primary one fails. This can be
  important for compatibility with Microsoft products that are often configured to use
  SPNEGO/Kerberos as the preferred authentication scheme.

Please note that new features included in this release are still considered experimental and
their API may change in the future ALPHA releases.

Changelog
-------------------

* [HTTPCLIENT-1128] SystemDefaultHttpClient (HttpClient implementation initialized using system
  properties).
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1135] RandomAccessFile mode 'w' used by HttpClientCache is not valid.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1131] HttpClient to authenticate preemptively using BASIC scheme if a userinfo
  attribute is specified in the request URI.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1134] make BasicResponseHandler consume response content in case of an unsuccessful
  result (status code >= 300).
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1132] ProxyClient implementation.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1127] fixed dead-lock between SingleClientConnManager and AbstractPooledConnAdapter.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1107] Auth framework redesign.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1116] ResponseCachingPolicy uses integers for sizes
  Contributed by Greg Bowyer <gbowyer at fastmail.co.uk >

* [HTTPCLIENT-1123] Support for pluggable DNS resolvers.
  Contributed by Alin Vasile <alinachegalati at yahoo dot com>

* [HTTPCLIENT-1120] DefaultHttpRequestRetryHandler#retryRequest should not retry aborted requests.
  Contributed by Alin Vasile <alinachegalati at yahoo dot com>

* Support for auth-int qop (quality of protection) option in Digest auth scheme.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1076] Fluent facade API (Google summer of code 2011 project).
  Contributed by Xu Lilu <cookieme at gmail.com>

* UriBuilder implementation.
  Contributed by Xu Lilu <cookieme at gmail.com>

* Redesign of connection management classes based on new pooling components from HttpCore.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1111] Added #prepareSocket method to SSLSocketFactory.
  Contributed by Pasi Eronen <pe at iki.fi>

* Added #reset() and #releaseConnection() methods to HttpRequestBase.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1105] AutoRetryHttpClient: built-in way to do auto-retry for certain status codes.
  Contributed by Dan Checkoway <dcheckoway at gmail.com>

* [HTTPCLIENT-1094] Digest auth scheme refactoring.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Lax implementation of RedirectStrategy.
  Contributed by Bartosz Firyn <songo.bercik at interia.pl>

* [HTTPCLIENT-1044] HttpRequestRetryHandler implementation compliant with the definition of
  idempotent methods given in the RFC 2616.
  Contributed by Oleg Kalnichevski <olegk at apache.org>


Release 4.1.2
-------------------

The HttpClient 4.1.2 is a bug fix release that addresses a number of non-critical issues reported
since release 4.1.1.

* [HTTPCLIENT-1100] Missing Content-Length header makes cached entry invalid
  Contributed by Bart Robeyns <bart dot robeyns at gmail dot com>

* [HTTPCLIENT-1098] Avoid expensive reverse DNS lookup on connect timeout exception.
  Contributed by Thomas Boettcher <tboett at gmail.com>

* [HTTPCLIENT-1097] BrowserCompatHostnameVerifier and StrictHostnameVerifier should handle
  wildcards in SSL certificates better.
  Contributed by Sebastian Bazley <sebb at apache.org>

* [HTTPCLIENT-1092] If ClientPNames.VIRTUAL_HOST does not provide the port, derive it from the
  current request.
  Contributed by Sebastian Bazley <sebb at apache.org>

* [HTTPCLIENT-1087] NTLM proxy authentication fails on retry if the underlying connection is closed
  as a result of a target authentication failure.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1079] Fixed Kerberos cross-realm support
  Contributed by Michael Osipov <1983-01-06 at gmx.net>

* [HTTPCLIENT-1078] Decompressing entities (DeflateDecompressingEntity, GzipDecompressingEntity)
  do not close content stream in #writeTo() method.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1075] Decompressing entities (DeflateDecompressingEntity, GzipDecompressingEntity)
  do not correctly handle content streaming.
  Contributed by James Abley <james.abley at gmail.com>

* [HTTPCLIENT-1051] Avoid reverse DNS lookups when opening SSL connections by IP address.
  Contributed by Oleg Kalnichevski <olegk at apache.org>


Release 4.1.1
-------------------

HttpClient v4.1.1 is a bug fix release that addresses a number of issues reported since
release 4.1, including one critical security issue (HTTPCLIENT-1061). All users of HttpClient 4.0.x
and 4.1 are strongly encouraged to upgrade.

* [HTTPCLIENT-1069] HttpHostConnectException not correctly retried for direct and non-tunnelled
  proxy connections.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1066] Changed the way URIUtils#rewriteURI handles multiple consecutive slashes in the
  URI path component: multiple leading slashes will be replaced by one slash in order to avoid
  confusion with the authority component. The remaining content of the path will not be modified.
  (also see HTTPCLIENT-929).
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1061] Fixed critical bug causing Proxy-Authorization header to be sent to the target
  host when tunneling requests through a proxy server that requires authentication.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1056] Fixed bug causing the RequestAuthCache protocol interceptor to generate
  an invalid AuthScope instance when looking up user credentials for preemptive authentication.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1053] Fixed the way DigestScheme generates nonce-count values.
  Contributed by Oleg Kalnichevski <olegk at apache.org>


Release 4.1
-------------------

The HttpClient 4.1 release builds upon the stable foundation laid by HttpClient 4.0 and adds several
functional improvements and popular features.

* Response caching conditionally compliant with HTTP/1.1 specification (full compliance with
  MUST requirements, partial compliance with SHOULD requirements)

* Full support for NTLMv1, NTLMv2, and NTLM2 Session authentication. The NTLM protocol code
  was kindly contributed by the Lucene Connector Framework project.

* Support for SPNEGO/Kerberos authentication.

* Persistence of authentication data between request executions within the same execution context.

* Support for preemptive authentication for BASIC and DIGEST schemes.

* Support for transparent content encoding. Please note transparent content encoding is not
  enabled per default in order to avoid conflicts with already existing custom content encoding
  solutions.

* Mechanism to bypass the standard certificate trust verification (useful when dealing with
  self-signed certificates).

* Simplified configuration for connection managers.

* Transparent support for host multihoming.

IMPORTANT: please note that the HttpClient 3.x branch is now officially END OF LIFE and is no longer
maintained and supported by the Apache HttpComponents project.

Changelog
-------------------
* The public API for the caching module had a minor change between 4.1-beta and 4.1-GA to the
  HttpCacheEntry class - the deprecated public Set<String> getVariantURIs() method and constructor
  public HttpCacheEntry(Date requestDate, Date responseDate,
            StatusLine statusLine, Header[] responseHeaders,
            Resource resource, Set<String> variants)
  were both removed.  This will not affect you unless you are implementing new storage backends
  that use the deprecated code and/or are implementing custom serializers for cache entries.

* Changed Browser-Compatibility and Best-Match cookie policies to emulate the behaviour of FireFox
  more closely when parsing Netscape style cookies. Comma will no longer be treated as a header
  element separator if Set-Cookie does not contain a Version attribute mandated by the
  RFC2109 / RFC 2965 cookie specifications.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1036] StringBody has incorrect default for characterset. (Default changed
  to US-ASCII)
  Contributed by Sebastian Bazley <sebb at apache.org>

* [HTTPCLIENT-975] Support stale-if-error and stale-while-revalidate extension directive (RFC5861).
  Contributed by Mohammed Azeem Uddin <mohammedazeem_uddin at comcast.com>,
  Michajlo Matijkiw <michajlo_matijkiw at comcast.com>, and
  Matthew Hawthorne <matthew_hawthorne at comcast.com>.

* [HTTPCLIENT-1033] HttpRoute.equals(Object o) is quite inefficient, as it does not take full
  advantage of shortcut logic.
  Contributed by Sebastian Bazley <sebb at apache.org>

* [HTTPCLIENT-1030] Implement "ignoreCookies" CookieSpec
  Contributed by Sebastian Bazley <sebb at apache.org>

Release 4.1 BETA1
-------------------

HttpClient 4.1 BETA1 finalizes the 4.1 API and brings a number of major improvements to the HTTP
caching module. This release also adds full support for NTLMv1, NTLMv2, and NTLM2 Session
authentication. The NTLM protocol code was kindly contributed by the Lucene Connector Framework
project.

Changelog
-------------------
* [HTTPCLIENT-1015] Support only-if-cached directive.
  Contributed by Michajlo Matijkiw <michajlo_matijkiw at comcast.com>

* [HTTPCLIENT-990] Allow heuristic freshness caching.
  Contributed by Michajlo Matijkiw <michajlo_matijkiw at comcast.com>

* [HTTPCLIENT-919] Support for NTLMv1, NTLMv2, and NTLM2 Session authentication.
  Contributed by Karl Wright <karl.wright at nokia.com>

* [HTTPCLIENT-1008] Send all variants' ETags on "variant miss".
  Contributed by Michajlo Matijkiw <michajlo_matijkiw at comcast.com> and
  Mohammed Azeem Uddin <mohammedazeem_uddin at comcast.com>

* [HTTPCLIENT-1011] Handling of IOExceptions thrown by cache components.
  Contributed by Jonathan Moore <jonathan_moore at comcast.com>

* [HTTPCLIENT-1003] Handle conditional requests in cache.
  Contributed by Michajlo Matijkiw <michajlo_matijkiw at comcast.com> and
  Mohammed Azeem Uddin <mohammedazeem_uddin at comcast.com>

* [HTTPCLIENT-1002] Stale connection check fails if wire logging is on.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-1000] Maximum connection lifetimes settings for ThreadSafeClientConnManager.
  Contributed by Michajlo Matijkiw <michajlo_matijkiw at comcast.com>

* [HTTPCLIENT-960] HttpMultipart doesn't generate Content-Type header for binary parts in
  BROWSER_COMPATIBLE mode.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-998] Cache should use both Last-Modified and ETag for validations when available.
  Contributed by Jonathan Moore <jonathan_moore at comcast.com>

* [HTTPCLIENT-997] Cache module should handle out-of-order validations properly and unconditionally
  refresh.
  Contributed by Jonathan Moore <jonathan_moore at comcast.com>

* [HTTPCLIENT-994] Cache does not allow client to override origin-specified freshness using
  max-stale.
  Contributed by Jonathan Moore <jonathan_moore at comcast.com>

* [HTTPCLIENT-995] Cache returns cached responses even if validators not consistent with all
  conditional headers.
  Contributed by Jonathan Moore <jonathan_moore at comcast.com>

* [HTTPCLIENT-977] Memcached implementation for HttpCache.
  Contributed by Mohammed Azeem Uddin <mohammedazeem_uddin at comcast.com>

* [HTTPCLIENT-992] cache should not generate stale responses to requests explicitly requesting
  first-hand or fresh ones.
  Contributed by Jonathan Moore <jonathan_moore at comcast.com>

* [HTTPCLIENT-991] cache module produces improperly formatted Warning header when revalidation
  fails.
  Contributed by Jonathan Moore <jonathan_moore at comcast.com>

* [HTTPCLIENT-989] DefaultHttpRequestRetryHandler no longer retries non-idempotent http methods
  if NoHttpResponseException is thrown.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-988] Cache module should strip 'Content-Encoding: identity' from responses
  Contributed by Jonathan Moore <jonathan_moore at comcast.com>

* [HTTPCLIENT-987] cache module does not recognize equivalent URIs.
  Contributed by Jonathan Moore <jonathan_moore at comcast.com>

* [HTTPCLIENT-986] cache module does not completely handle upstream Warning headers correctly
  Contributed by Jonathan Moore <jonathan_moore at comcast.com>

* [HTTPCLIENT-985] cache module should populate Via header to capture upstream and downstream protocols
  Contributed by Jonathan Moore <jonathan_moore at comcast.com>

* [HTTPCLIENT-984] Additional conditional compliance tests for the caching module for
  Content-Encoding, Content-Location, Date, Expires, Server, Transfer-Encoding, and Vary headers.
  Contributed by Jonathan Moore <jonathan_moore at comcast.com>

* [HTTPCLIENT-978] HTTP cache update exception handling
  Contributed by Michajlo Matijkiw <michajlo_matijkiw at comcast.com>

* [HTTPCLIENT-981] CachingHttpClient returns a 411 respones when executing a POST (HttpPost)
  request.
  Contributed by Joe Campbell <joseph.r.campbell at gmail.com>

* [HTTPCLIENT-980] CachingHttpClient returns a 503 response when the backend HttpClient produces
  an IOException.
  Contributed by Jonathan Moore <jonathan_moore at comcast.com>

* [HTTPCLIENT-978] Ehcache based HTTP cache implementation
  Contributed by Michajlo Matijkiw <michajlo_matijkiw at comcast.com>

* [HTTPCLIENT-967] support for non-shared (private) caches
  Contributed by Jonathan Moore <jonathan_moore at comcast.com>

* [HTTPCLIENT-969] BasicCookieStore#getCookies() to return a copy of Cookie list
  Contributed by David Smiley <dsmiley at mitre.org>

* [HTTPCLIENT-965] Fixed problem with cache not honoring must-revalidate or
  proxy-revalidate Cache-Control directives.
  Contributed by Jonathan Moore <jonathan_moore at comcast.com>

* [HTTPCLIENT-964] 'no-cache' directives with field names are no longer transmitted
  downstream.
  Contributed by Jonathan Moore <jonathan_moore at comcast.com>

* [HTTPCLIENT-963] Fixed handling of 'Cache-Control: no-store' on requests.
  Contributed by Jonathan Moore <jonathan_moore at comcast.com>

* [HTTPCLIENT-962] Fixed handling of Authorization headers in shared cache mode.
  Contributed by Jonathan Moore <jonathan_moore at comcast.com>

* [HTTPCLIENT-961] Not all applicable URIs are invalidated on PUT/POST/DELETEs
  that pass through client cache.
  Contributed by Jonathan Moore <jonathan_moore at comcast.com>

* [HTTPCLIENT-958] Client cache no longer allows incomplete responses to be
  passed on to the client.
  Contributed by Jonathan Moore <jonathan_moore at comcast.com>

* [HTTPCLIENT-951] Non-repeatable entity enclosing requests are not correctly
  retried when 'expect-continue' handshake is active.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-948] In rare circumstances the idle connection handling code
  can leave closed connections in a inconsistent state.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-953] IllegalStateException thrown by RouteSpecificPool.
  Contributed by Guillaume <gueugaie at gmail.com>

* [HTTPCLIENT-952] Trust store parameter is ignored by SSLSocketFactory
  (affects version 4.1-alpha2 only)
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-937] CacheEntry made immutable; now uses immutable HttpEntity
  to store cached content.
  Contributed by David Mays <david_mays at comcast.com> and
  Oleg Kalnichevski <olegk at apache.org>

Release 4.1 ALPHA2
-------------------

HttpClient 4.1 ALPHA2 fixes a number of non-severe bugs discovered since
the last release and introduces support for two frequently requested features:

* HTTP/1.1 response caching

* transparent support for host multihoming

* a mechanism to bypass the standard certificate trust verification
(useful when dealing with self-signed certificates)

Compatibility notes
-------------------
(1) Please note the HTTP caching module is still considered experimental and
its API may change significantly in the future releases.

(2) This release eliminates Mime4J as a dependency for the HttpMime module.
HttpMime is no longer binary compatible with the previous releases.
Full API and binary compatibility between minor versions of HttpMime will be
maintained as of 4.1 GA release.

Changelog
-------------------

* [HTTPCLIENT-936] Fixed bug causing NPE or an infinite loop in
  the authentication code in case of a SPNEGO authentication failure.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-427] HTTP caching support
  Contributed by Joe Campbell, David Cleaver, David Mays, Jon Moore, Brad Spenla

* Dropped dependency on Mime4j for HttpMime.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Extended SSLSocketFactory with a mechanism to bypass the standard certificate
  trust verification (primarily to simplify dealing with self-signed
  certificates)
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-898] Improved support for host multihoming
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-916] UsernamePasswordCredentials, NTUserPrincipal,
  BasicClientCookie, BasicClientCookie2 and BasicCookieStore made Serializable.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-914] Upgraded Commons Codec dependency to version 1.4
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-903] Use ConcurrentHashMap instead of [Linked]HashMap for
  thread-safety. Improve performance of AuthSchemeRegistry, CookieSpecRegistry
  and SchemeRegistry classes.
  Contributed by Sebastian Bazley <sebb at apache.org>

* [HTTPCLIENT-902] HttpRequestRetryHandler not called on I/O exceptions
  thrown when opening a new connection.
  Contributed by Olivier Lamy <olamy at apache.org> and
  Oleg Kalnichevski <olegk at apache.org>

Release 4.1 ALPHA1
-------------------

HttpClient 4.1 ALPHA1 builds on the stable 4.0 release and adds several
functionality improvements and new features.

* Simplified configuration of connection managers.

* Persistence of authentication data between request executions within
  the same execution context.

* Support for SPNEGO/Kerberos authentication scheme

* Support for transparent content encoding. Please note transparent content
  encoding is not enabled per default in order to avoid conflicts with
  already existing custom content encoding solutions.

* 5 to 10% performance increase due to elimination of unnecessary Log object
  lookups by short-lived components.

Please note all methods and classes added in this release and marked as
4.1 are API unstable and can change in the future 4.1 ALPHA releases.

Changelog
-------------------

* [HTTPCLIENT-889] 'expect: continue' handshake disabled per default.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-862] Extended client's redirect handling interface to allow
  control of the content of the redirect.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-872] HttpClient can now persist authentication data between request
  executions as long as they share the same execution context. It has also become
  much easier to make HttpClient authenticate preemptively by pre-populating
  authentication data cache.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-883] SO_TIMEOUT is not reset on persistent (re-used) connections.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-832] Distinguish cookie format errors from violations of
  restrictions imposed by a cookie specification. In the latter case
  CookieRestrictionViolationException will be thrown.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-523] Support for SPNEGO authentication scheme.
  Contributed by Matthew Stevenson <mavricknzwork at yahoo.com>

* Simplified configuration of connection managers. Total connection maximum
  and maximum connection per route limits can be set using methods of
  the class instead of HTTP parameters.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Added parameters to define the order of preference for supported auth
  schemes for target host and proxy authentication.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-875] DefaultClientConnectionOperator#openConnection doesn't
  update the connection state if the connection socket changed after
  the call to SocketFactory#connectSocket().
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-834] Transparent content encoding support.
  Contributed by James Abley <james.abley at gmail.com>

Release 4.0.1
-------------------

This is a bug fix release that addresses a number of issues discovered since
the previous stable release. None of the fixed bugs is considered critical.
Most notably this release eliminates eliminates dependency on JCIP annotations.

This release is also expected to improve performance by 5 to 10% due to
elimination of unnecessary Log object lookups by short-lived components.

Changelog
-------------------

* [HTTPCLIENT-895] Eliminated Log lookups in short lived objects impairing
  performance.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-885] URLEncodedUtils now correctly parses form-url-encoded
  entities that specify a charset.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-884] UrlEncodedFormEntity now sets charset on the Content-Type
  header.
  Contributed by Jared Jacobs <jmjacobs at cs.stanford.edu>

* [HTTPCLIENT-883] SO_TIMEOUT is not reset on persistent (re-used) connections.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-882] Auth state is now correctly updated if a successful NTLM
  authentication results in a redirect. This is a minor bug as HttpClient
  manages to recover from the problem automatically.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-881] Fixed race condition in AbstractClientConnAdapter that makes
  it possible for an aborted connection to be returned to the pool.
  Contributed by Tim Boemker <tboemker at elynx.com> and
  Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-866] Removed dependency on jcip-annotations.jar.
  Contributed by Oleg Kalnichevski <olegk at apache.org>
  and Sebastian Bazley <sebb at apache.org>


Release 4.0
-------------------

HttpClient 4.0 represents a complete, ground-up redesign and almost a complete
rewrite of the HttpClient 3.x codeline. This release finally addresses several
design flaws that existed since the 1.0 release and could not be fixed without
a major code overhaul and breaking API compatibility.


Architectural changes
---------------------

* Redesign of the HttpClient internals addressing all known major
  architectural shortcomings of the 3.x codeline.

* Cleaner, more flexible and expressive API.

* More modular structure.

* Better performance and smaller memory footprint due to a more efficient HTTP
  transport based on HttpCore.

* Implementation of cross-cutting HTTP protocol aspects through protocol
  interceptors.

* Improved connection management, better handling of persistent connections,
  support for stateful connections

* Pluggable redirect and authentication handlers.

* Improved support for sending requests via a proxy or a chain of proxies

* More flexible SSL context customization

* Reduced intermediate garbage in the process of generating HTTP requests
  and parsing HTTP responses


Important notes
-------------------

* Future releases of HttpMime module may be binary incompatible with this
  release due to possible API changes in Apache Mime4J. Apache Mime4J is
  still being actively developed and its API is considered unstable.

* HttpClient 4.0 is not fully binary compatible with 4.0 BETA1 release.
  Some protected variables in connection management class have been
  made final in order to help ensure their thread safety:

    org.apache.http.conn.BasicEofSensorWatcher#attemptReuse
    org.apache.http.conn.BasicEofSensorWatcher#managedConn
    org.apache.http.impl.conn.DefaultClientConnectionOperator#schemeRegistry
    org.apache.http.impl.conn.DefaultHttpRoutePlanner#schemeRegistry
    org.apache.http.impl.conn.ProxySelectorRoutePlanner#schemeRegistry
    org.apache.http.impl.conn.SingleClientConnManager#alwaysShutDown
    org.apache.http.impl.conn.SingleClientConnManager#connOperator
    org.apache.http.impl.conn.SingleClientConnManager#schemeRegistry
    org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager#connOperator
    org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager#schemeRegistry


Bug fixes since 4.0 BETA2 release
-------------------

* [HTTPCLIENT-861] URIUtils#resolve is now compatible with all examples given
  in RFC 3986.
  Contributed by Johannes Koch <johannes.koch at fit.fraunhofer.de>

* [HTTPCLIENT-860] HttpClient no longer converts redirects of PUT/POST to GET
  for status codes 301, 302, 307, as required by the HTTP spec.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-859] CookieIdentityComparator now takes path attribute into
  consideration when comparing cookies.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HttpClient will no longer send expired cookies back to the origin server.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-856] Proxy NTLM authentication no longer fails on a redirect to
  a different host.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-841] Removed automatic connection release using garbage collection
  due to a memory leak.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-853] Fixed bug causing invalid cookie origin port to be selected
  when the target is accessed on the default port and the connection is
  established via a proxy.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-852] Fixed bug causing automatically retried redirects fail with
  CircularRedirectException.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Fixed problem with the default HTTP response parser failing to handle garbage
  preceding a valid HTTP response.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* NonRepeatableRequestExceptions now include the cause that the original
  request failed.
  Contributed by Sam Berlin <sberlin at apache.org>

* [HTTPCLIENT-837] Fixed problem with the wire log skipping zero byte values
  if read one byte at a time.
  Contributed by Kirill Safonov <ksafonov at swiftteams.com>

* [HTTPCLIENT-823] 'http.conn-manager.max-total' parameter can be adjusted
  dynamically. However, the size of existing connection pools per route,
  once allocated, will not be adjusted.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-822] Default socket factories to rethrow SocketTimeoutException
  as ConnectTimeoutException in case of connect failure due to a time out.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-813] Fixed default port resolution. Invalid ports no longer
  get replaced with the default port value.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

Release 4.0 beta 2
-------------------

BETA2 is a maintenance release, which addresses a number of issues
discovered since the previous release.

The only significant new feature is an addition of an OSGi compliant
bundle combining HttpClient and HttpMime jars.

All upstream projects are strongly encouraged to upgrade.

* Fixed NPE in DefaultRequestDirector thrown when retrying a failed
  request over a proxied connection.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-803] Fixed bug in SSL host verifier implementations
  causing the SSL certificate to be rejected as invalid if the connection
  is established using an IP address.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-806] DefaultHttpMethodRetryHandler will no longer retry
  on ConnectExceptions.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* DigestScheme can use an arbitrary digest algorithm requested by the
  target server (such as SHA) as long as this algorithm is supported by
  the Java runtime.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Fixed parsing and validation of RFC2109 compliant Set-Cookie headers
  by the Best-Match cookie spec.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Fixed bug that can cause a managed connection to be returned from the
  pool in an inconsistent state.
  Contributed by Oleg Kalnichevski <olegk at apache.org>


4.0 Beta 1
-------------------

BETA1 release brings yet another round of API enhancements and
improvements in the area of connection management. Among the most notable
ones is the capability to handle stateful connections such as persistent
NTLM connections and private key authenticated SSL connections.

This is the first API stable release of HttpClient 4.0. All further
releases in the 4.0 code line will maintain API compatibility with this
release.

There has been a number of important bug fixes since ALPHA4. All upstream
projects are encouraged to upgrade to the latest release.

Please note HttpClient currently provides only limited support for NTLM
authentication. For details please see NTLM_SUPPORT.txt.

-------------------

Changelog:
-------------------

* [HTTPCLIENT-790] Protocol interceptors are now correctly invoked when
  executing CONNECT methods.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-668] Do not use static loggers.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-781] Respect Keep-Alive header's timeout value.
  Contributed by Sam Berlin <sberlin at apache.org>

* [HTTPCLIENT-779] Top-level classes (HttpClient, and HttpGet, HttpPut
  and similar HttpMethods) throw fewer checked exceptions.
  Contributed by Sam Berlin <sberlin at apache.org>

* HttpClient will throw an exception if an attempt is made to retry
  a request with a non-repeatable request entity.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Fixed request re-generation logic when retrying a failed request.
  Auto-generated headers will no accumulate.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-424] Preemptive authentication no longer limited to BASIC
  scheme only. HttpClient can be customized to authenticate preemptively
  with DIGEST scheme.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-670] Pluggable hostname resolver.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-719] Clone support for HTTP request and cookie objects.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-776] Fixed concurrency issues with AbstractPoolEntry.
  Contributed by Sam Berlin <sberlin at gmail.com>

* Resolved a long standing problem with HttpClient not taking into account
  the user context when pooling / re-using connections. HttpClient now
  correctly handles stateful / user specific connections such as persistent
  NTLM connections and SSL connections with client side authentication.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-773] Improved handling of the 'expires' attribute by the
  'Best Match' cookie spec.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Partial NTLM support (requires an external NTLM engine). For details see
  NTLM_SUPPORT.txt
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Redesigned local execution context management.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

--------------------------------------

Release 4.0 Alpha 4
-------------------

ALPHA4 marks the completion of the overhaul of the connection management
code in HttpClient. All known shortcomings of the old HttpClient 3.x
connection management API have been addressed.

NTLM authentication remains the only missing major feature in the new
codeline that prevents us from moving awards the API freeze.

There has been a number of important bug fixes since ALPHA3. All upstream
projects are encouraged to upgrade to the latest release.

-------------------

HttpClient 3.x features that have NOT yet been ported:
-------------------

* NTLM authentication scheme

-------------------

Changelog:
-------------------

* [HTTPCLIENT-765] String.toLowerCase() / toUpperCase() should specify
  Locale.ENGLISH
  Contributed by Sebastian Bazley <sebb at apache.org>

* [HTTPCLIENT-769] Do not pool connection marked non-reusable.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-763] Fixed problem with AbstractClientConnAdapter#abortConnection()
  not releasing the connection if called from the main execution thread while
  there is no blocking I/O operation.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-652] Added optional state attribute to managed client connections.
  This enables connection managers to correctly handle stateful connections.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-673] Revised max connections per route configuration
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-753] Class Scheme and related classes moved to a separate package
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-757] Improved request wrapping in the DefaultClientRequestDirector.
  This also fixed the problem with the default proxy set at the client level
  having no effect.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-734] Request abort will unblock the thread waiting for a connection
  Contributed by Sam Berlin <sberlin at gmail.com>

* [HTTPCLIENT-759] Ensure release of connections back to the connection manager
  on exceptions.
  Contributed by Sam Berlin <sberlin at gmail.com>

* [HTTPCLIENT-758] Fixed the use of generics in AbstractHttpClient
  #removeRequestInterceptorByClass and #removeResponseInterceptorByClass
  Contributed by Johannes Koch <johannes.koch at fit.fraunhofer.de>

* [HTTPCLIENT-749] HttpParams beans
  Contributed by Stojce Dimski <sdmiski at yahoo.it>

* [HTTPCLIENT-755] Workaround for known bugs in java.net.URI.resolve()
  Bug ID: 4708535
  Contributed by Johannes Koch <johannes.koch at fit.fraunhofer.de>

--------------------------------------

Release 4.0 Alpha 3
-------------------

ALPHA3 release brings another round of API refinements and improvements in
functionality. As of this release HttpClient requires Java 5 compatible
runtime environment and takes full advantage of generics and new concurrency
primitives.

This release also introduces new default cookie policy that selects a cookie
specification depending on the format of cookies sent by the target host.
It is no longer necessary to know beforehand what kind of HTTP cookie support
the target host provides. HttpClient is now able to pick up either a lenient
or a strict cookie policy depending on the compliance level of the target host.

Another notable improvement is a completely reworked support for multipart
entities based on Apache mime4j library.

-------------------

HttpClient 3.x features that have NOT yet been ported:
-------------------

* NTLM authentication scheme

-------------------

Changelog:
-------------------

* [HTTPCLIENT-742] common interface for HttpRoute and RouteTracker
  Contributed by Roland Weber <rolandw at apache.org>

* [HTTPCLIENT-741] Fixed concurrency issues in AbstractClientConnAdapter.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-726] testcase for spurious wakeups in ThreadSafeClientConnManager
  Contributed by Roland Weber <rolandw at apache.org>

* [HTTPCLIENT-643] Automatic connect fail-over for multi-home remote servers.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-735] unsetting of DEFAULT_PROXY and FORCED_ROUTE in hierarchies
  Contributed by Roland Weber <rolandw at apache.org>

* [HTTPCLIENT-723] route planner based on java.net.ProxySelector
  Contributed by Roland Weber <rolandw at apache.org>

* [HTTPCLIENT-740] don't start connection GC thread in pool constructor
  Contributed by Roland Weber <rolandw at apache.org>

* [HTTPCLIENT-736] route planners use SchemeRegistry instead of ConnManager
  Contributed by Roland Weber <rolandw at apache.org>

* [HTTPCLIENT-730] Fixed rewriting of URIs containing escaped characters
  Contributed by Sam Berlin <sberlin at gmail.com> and
  Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-667] Added 'Meta' cookie policy that selects a cookie
  specification depending on the format of the cookie(s).
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-729] Move HttpRoute and related classes to routing package.
  Contributed by Roland Weber <rolandw at apache.org>

* [HTTPCLIENT-725] Use TimeUnit arguments for timeouts in connection manager.
  Contributed by Roland Weber <rolandw at apache.org>

* [HTTPCLIENT-677] Connection manager no longer uses Thread.interrupt().
  Contributed by Roland Weber <rolandw at apache.org>

* [HTTPCLIENT-716] Allow application-defined routes.
  Contributed by Roland Weber <rolandw at apache.org>

* [HTTPCLIENT-712] Improve HttpRoute API
  Contributed by Roland Weber <rolandw at apache.org>

* [HTTPCLIENT-711] Bad route computed for redirected requests
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-715] Remove RoutedRequest from API
  Contributed by Roland Weber <rolandw at apache.org>

* [HTTPCLIENT-705] Fixed incorrect handling of URIs with null path component.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-688] HttpOptions#getAllowedMethods can now handle multiple
  Allow headers.
  Contributed by Andrea Selva <selva.andre at gmail.com>

--------------------------------------

Release 4.0 Alpha 2
-------------------

ALPHA2 release is another milestone in the redesign of HttpClient. It includes
a number of improvements since ALPHA1, among which are improved connection
pooling, support for proxy chains, redesigned HTTP state and authentication
credentials management API, improved RFC 2965 cookie specification.

-------------------

HttpClient 3.x features that have NOT yet been ported
-------------------
* NTLM authentication scheme

* Support for multipart MIME coded entities

-------------------

Changelog
-------------------

* [HTTPCLIENT-698] Resolve non-absolute redirect URIs relative to
  the request URI
  Contributed by Johannes Koch <johannes.koch at fit.fraunhofer.de>

* [HTTPCLIENT-697] Throw a more intelligible exception when connection
  to a remote host cannot be established.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-689] Caching of SimpleDateFormat in DateUtils
  Contributed by Daniel Müller <strider at digitalstrider.com>

* [HTTPCLIENT-689] stackable parameters in AbstractHttpClient
  Contributed by Roland Weber <rolandw at apache.org>

* [HTTPCLIENT-477] Use distinct instances of the authentication handler
  interface for authentication with target and proxy hosts
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-690] ManagedClientConnection provides access to SSLSession
  Contributed by Roland Weber <rolandw at apache.org>

* [HTTPCLIENT-692] ClientConnectionManager throws InterruptedException
  Contributed by Roland Weber <rolandw at apache.org>

* [HTTPCORE-116] moved parameter names to interfaces
  Contributed by Roland Weber <rolandw at apache.org>

* [HTTPCLIENT-649] support for proxy chains in HttpConn
  Contributed by Roland Weber <rolandw at apache.org>

* [HTTPCLIENT-636] refactor ThreadSafeClientConnManager in separate package
  Contributed by Roland Weber <rolandw at apache.org>

* [HTTPCLIENT-669] new HttpRoutePlanner interface and implementation
  Contributed by Andrea Selva <selva.andre at gmail.com>

* [HTTPCLIENT-653] detached connection wrapper no longer prevents
  garbage collection of ThreadSafeClientConnManager
  Contributed by Roland Weber <rolandw at apache.org>

* [HTTPCLIENT-674] use org.apache.http.util.VersionInfo instead of a local one
  Contributed by Roland Weber <rolandw at apache.org>

* [HTTPCLIENT-666] Replaced HttpState with CredentialsProvier and CookieStore interfaces
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCORE-100] revised HttpContext hierarchy
  Contributed by Roland Weber <rolandw at apache.org>

* [HTTPCLIENT-618] eliminate class HostConfiguration
  Contributed by Roland Weber <rolandw at apache.org>

* [HTTPCLIENT-672] re-sync with API changes in core alpha6-SNAPSHOT
  Contributed by Roland Weber <rolandw at apache.org>

--------------------------------------

Release 4.0 Alpha 1
-------------------

HttpClient 4.0 represents a complete, ground-up redesign and almost a complete
rewrite of the HttpClient 3.x codeline. This release finally addresses several
design flaws that existed since the 1.0 release and could not be fixed without
a major code overhaul and breaking API compatibility.

The HttpClient 4.0 API is still very experimental and is bound to change
during the course of the ALPHA development phase. Several important features
have not yet been ported to the new API.

Architectural changes
---------------------

* Redesign of the HttpClient internals addressing all known
  major architectural shortcomings of the 3.x codeline

* Cleaner, more flexible and expressive API

* Better performance and smaller memory footprint due to a more
  efficient HTTP transport based on HttpCore. HttpClient 4.0 is
  expected to be 10% to 25% faster than HttpClient 3.x codeline

* More modular structure

* Pluggable redirect and authentication handlers

* Support for protocol incerceptors

* Improved connection management

* Improved support for sending requests via a proxy or a chain of
  proxies

* Improved handling redirects of entity enclosing requests

* More flexible SSL context customization

* Reduced intermediate garbage in the process of
  generating HTTP requests and parsing HTTP responses

-------------------

HttpClient 3.x features that have NOT yet been ported
-------------------
* NTLM authentication scheme

* RFC2965 cookie policy (Cookie2)

* Support for multipart MIME coded entities

-------------------

Changelog
-------------------

The following is a list of contributions tracked in JIRA.
Note that this is not a complete list of contributions or changes.
Since the API was redesigned completely, tracking everything outside
of the source code repository would have been too burdensome.

* [HTTPCLIENT-655] User-Agent string no longer violates RFC
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-541] Virtual host API redesign
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-614] Allow for different strategies when checking
  CN of x509 certificates
  Contributed by Julius Davies <juliusdavies at gmail.com>

* [HTTPCLIENT-136] Fixed inadequate proxy support
  Long standing architectural problem. Issue opened on 19/Dec/2002.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-63] Support for pluggable redirect and authentication handlers
  Long standing architectural problem. Issue opened on 15/Jul/2002.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-245] Fixed redirect handling. HttpClient can now automatically
  handle redirects of entity enclosing requests.
  Long standing architectural problem. Issue opened on 14/Jul/2003.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-613] HTTPS connections now verify CN of x509 certificates
  Contributed by Julius Davies <juliusdavies at gmail.com>

* [HTTPCLIENT-497] Wire/header logger names consistent with class loggers
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-484] AuthSSLProtocolSocketFactory in the main distribution
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* [HTTPCLIENT-589] Do not consume the remaining response content if
  the connection is to be closed
  Contributed by Roland Weber <rolandw at apache.org>

* [HTTPCLIENT-475] Support for unconnected sockets. HTTP requests can now be
  aborted while network socket is still being connected.
  Contributed by Roland Weber <rolandw at apache.org>