Tags · AsyncHttpClient/async-http-client · GitHub
Skip to content

Tags: AsyncHttpClient/async-http-client

Tags

async-http-client-project-2.16.0

Toggle async-http-client-project-2.16.0's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
Backport: reject set-cookie domain that doesn't match the request host (

#2199)

Backport of: #2196

async-http-client-project-3.0.11

Toggle async-http-client-project-3.0.11's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
Stabilize HTTP/2: fix resource leaks and RFC conformance (#2197)

Motivation:

The HTTP/2 path is newer and less hardened than HTTP/1.1. Bring its
resource lifecycle, RFC 9113/9110 conformance, and connection/stream
management to parity, covering flow control, multiplexing, and
GOAWAY/RST/SETTINGS edge cases.

Modification:

Bind stream-slot and request-body release to the channel lifecycle,
stream request bodies under flow-control backpressure, enforce RFC
9113/9110 conformance (RST_STREAM codes, 1xx interim, Expect
100-continue, TE, :authority, MAX_CONCURRENT_STREAMS=min), gate
WebSocket off HTTP/2, drain pendingOpeners on GOAWAY/SETTINGS, and
restore Http2ConnectionState binary compatibility. HTTP/1.1 behaviour
and public API are unchanged.

Result:

Stablize HTTP/2 even futher for edge cases
Fixes #2160

async-http-client-project-3.0.10

Toggle async-http-client-project-3.0.10's commit message
chore: Dependency upgrade

async-http-client-project-2.15.0

Toggle async-http-client-project-2.15.0's commit message
chore: Dependency upgrade

async-http-client-project-2.14.5

Toggle async-http-client-project-2.14.5's commit message
Release 2.14.5: Security fixes and dependency upgrades

Security:
- Backport GHSA-cmxv-58fp-fm3g: strip Authorization and Proxy-Authorization
  headers on cross-origin, scheme-downgrade, or port-mismatch redirects.
- Add stripAuthorizationOnRedirect config flag (default false) for users
  who need to always strip credentials even on same-origin redirects.
- Clear realm and proxyRealm on future when stripping to prevent
  NettyRequestFactory from regenerating auth headers on redirect.

Tests:
- New RedirectCredentialSecurityTest for cross-origin redirect scenarios.
- New HttpsDowngradeRedirectTest for HTTPS-to-HTTP scheme downgrade.
- New StripAuthorizationOnRedirectHttpTest for the new config flag.
- New DefaultAsyncHttpClientConfigTest for config default coverage.

Dependencies:
- netty 4.1.65.Final -> 4.1.121.Final (CVE fixes)
- slf4j 1.7.30 -> 1.7.36
- netty-reactive-streams 2.0.4 -> 2.0.17
- rxjava2 2.2.10 -> 2.2.21
- logback 1.2.3 -> 1.2.13
- testng 7.1.0 -> 7.5.1 (last Java 8 compatible)
- commons-io 2.6 -> 2.21.0
- commons-fileupload 1.4 -> 1.6.0
- hamcrest-core -> hamcrest 2.2
- jetty pinned at 9.4.18.v20190429 (9.4.58 changes 401 socket behavior)
- tomcat pinned at 9.0.31 (9.0.117 changes WebDAV response format)

CI:
- Add release.yml workflow for Maven Central publishing.
- Update maven.yml to trigger on 2.14.5 branch with Corretto JDK 8.

Test fixes:
- InputStreamTest.available() now honors InputStream contract by
  returning 0 after EOF (Netty 4.1.65+ correctly rejects always-1).
- CookieStoreTest replaces Guava Sets.newHashSet with HashSet
  (TestNG 7.5+ no longer pulls transitive Guava).
- TestUtils uses SslContextFactory.Server (base class deprecated).

async-http-client-project-3.0.9

Toggle async-http-client-project-3.0.9's commit message
Release v3.0.9

async-http-client-project-3.0.8

Toggle async-http-client-project-3.0.8's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
Release v3.0.8 (#2155)

async-http-client-project-3.0.7

Toggle async-http-client-project-3.0.7's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
Release v3.0.7 (#2141)

async-http-client-project-3.0.6

Toggle async-http-client-project-3.0.6's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
Release v3.0.6 (#2137)

async-http-client-project-3.0.5

Toggle async-http-client-project-3.0.5's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
Release AHC v3.0.5 (#2133)