Release notes for HTTP-Tiny
0.086 2023-06-22 10:06:37-04:00 America/New_York
[FIXED]
- Fix code to use `$ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT}` as documented.
0.084 2023-06-14 06:35:01-04:00 America/New_York
- No changes from 0.083-TRIAL.
0.083 2023-06-11 07:05:45-04:00 America/New_York (TRIAL RELEASE)
[!!! SECURITY !!!]
- Changes the `verify_SSL` default parameter from `0` to `1`.
Fixes CVE-2023-31486.
- `$ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT}` can be used to restore the
old default if required.
0.082 2022-07-25 09:45:34-04:00 America/New_York
- No changes from 0.081-TRIAL.
0.081 2022-07-17 09:01:51-04:00 America/New_York (TRIAL RELEASE)
[FIXED]
- No longer deletes the 'headers' key from post_form arguments hashref.
[DOCS]
- Noted that request/response content are handled as raw bytes.
0.080 2021-11-05 08:15:46-04:00 America/New_York
- No changes from 0.079-TRIAL.
0.079 2021-11-04 12:33:43-04:00 America/New_York (TRIAL RELEASE)
[FIXED]
- Fixed uninitialized value warnings on older Perls when the REQUEST_METHOD
environment variable is set and CGI_HTTP_PROXY is not.
0.078 2021-08-02 09:24:03-04:00 America/New_York
- No changes from 0.077-TRIAL.
0.077 2021-07-22 13:07:14-04:00 America/New_York (TRIAL RELEASE)
[ADDED]
- Added a `patch` helper method for the HTTP `PATCH` verb.
- If the REQUEST_METHOD environment variable is set, then CGI_HTTP_PROXY
replaces HTTP_PROXY.
[FIXED]
- Unsupported scheme errors early without giving an uninitialized value
warning first.
- Sends Content-Length: 0 on empty body PUT/POST. This is not in the spec,
but some servers require this.
- Allows optional status line reason, as clarified in RFC 7230.
- Ignore SIGPIPE on reads as well as writes, as IO::Socket::SSL says that
SSL reads can also send writes as a side effect.
- Check if a server has closed a connection before preserving it for reuse.
[DOCS]
- Clarified that exceptions/errors result in 599 status codes.
[PREREQS]
- Optional IO::Socket::IP prereq must be at least version 0.32 to be used.
This ensures correct timeout support.
0.076 2018-08-05 21:07:38-04:00 America/New_York
- No changes from 0.075-TRIAL.
0.075 2018-08-01 07:03:36-04:00 America/New_York (TRIAL RELEASE)
[CHANGED]
- The 'peer' option now also can take a code reference
0.074 2018-07-30 15:35:44-04:00 America/New_York
- No changes from 0.073-TRIAL.
0.073 2018-07-24 11:33:53-04:00 America/New_York (TRIAL RELEASE)
0.071 never made it to CPAN; skipping to 0.073
[DOCS]
- Documented 'protocol' field in response hash.
0.071 2018-04-22 14:45:43+02:00 Europe/Oslo (TRIAL RELEASE)
[DOCS]
- Documented that method argument to request() is case-sensitive.
[INTERNAL]
- Minor regex cleanup
- Updated .travis.yml for recent Perls
0.070 2016-10-09 23:23:28-04:00 America/New_York
- No changes from 0.069-TRIAL.
0.069 2016-10-05 11:35:58-04:00 America/New_York (TRIAL RELEASE)
[INTERNAL]
- Lazy load Carp only if needed.
0.068 2016-09-23 16:10:03-04:00 America/New_York
- No changes from 0.067-TRIAL.
0.067 2016-09-14 11:43:14-04:00 America/New_York (TRIAL RELEASE)
[FIXED]
- Includes redirect history when issuing a 599 internal error.
0.065 2016-09-09 22:42:43-04:00 America/New_York (TRIAL RELEASE)
[TESTS]
- Try harder to clean up environment in t/140_proxy.t (needed for VMS)
0.064 2016-08-16 21:37:51-04:00 America/New_York
- No changes from 0.063-TRIAL
0.063 2016-08-08 12:18:03-04:00 America/New_York (TRIAL RELEASE)
[FIXED]
- Fixed chunked transfer encoding, which previously omitted a trailing
CRLF.
0.061 2016-08-05 12:10:19-04:00 America/New_York (TRIAL RELEASE)
[FIXED]
- Avoid overwriting 'If-Modified-Since' header in mirror() if
the header already exists in something other than lower-case.
[TESTS]
- Normalize CRLF when reading test data files in t\150-post_form.t
on Win32
0.059 2016-07-29 16:10:32-04:00 America/New_York (TRIAL RELEASE)
[FIXED]
- Timeout can now be set as a constructor argument again.
- CVE-2016-1238: avoid loading optional modules from
@INC path with `.` at the end.
[TESTS]
- Updated tests for a future perl which may omit `.` from
the list of directories in @INC by default.
0.058 2016-05-03 11:29:57-04:00 America/New_York
- No changes from 0.057
0.057 2016-04-18 10:17:00-04:00 America/New_York (TRIAL RELEASE)
[ADDED]
- Added support for the SSL_CERT_FILE environment variable.
- Added 'peer' attribute to force a connection to a particular
server.
- Added 'connected' method to allow introspection of persistent
connections.
- An array reference of redirection result hash references is included
in the final response hash reference (but only if redirects occur).
[CHANGED]
- Because folded headers are obsoleted in the revised RFCs, if CRLF is
found in header values followed by one or more spaces, they are all
replaced by a single space.
[FIXED]
- Per the RFC, control headers are now sent first before other headers
(which are sent in arbitrary order).
- Only well-known headers have their case canonicalized; all other
headers are sent in the case provided by the user.
- The 'keep_alive' option now also sets the SO_KEEPALIVE option
on the underlying socket to help with long-lived, idle connections.
- Request header field values are now validated against the RFC rules
(i.e. empty or else space-or-tab separated tokens of printable
characters).
0.056 2015-05-19 06:00:40-04:00 America/New_York
- No changes from 0.055
0.055 2015-05-07 18:13:41-04:00 America/New_York (TRIAL RELEASE)
[ADDED]
- Added 'can_ssl' method to detect SSL support before trying and
failing with a fatal exception.
- Added support for 308 redirects
[FIXED]
- When specifying a custom CA file, if that file is missing or
unreadable, HTTP::Tiny will no longer fall back to a default CA
[DOCUMENTED]
- Noted units are bytes for max_size
0.054 2015-01-27 07:18:19-05:00 America/New_York
[ADDED]
- Added more fallback paths to find CA files (thanks golang)
[DOCUMENTED]
- Fixed a typo
0.053 2014-12-11 23:42:17-05:00 America/New_York
[FIXED]
- Defended tests against HTTP_PROXY set in the environment
0.052 2014-12-11 15:23:54-05:00 America/New_York
[CHANGED]
- Proxy allowed from environment variable HTTP_PROXY (uppercase) unless
REQUEST_METHOD is also set.
0.051 2014-11-17 22:58:44-05:00 America/New_York
[FIXED]
- Checks for threads without loading threads.pm
0.050 2014-09-23 15:30:18-04:00 America/New_York
[FIXED]
- Fixed CONNECT requests for some proxies
0.049 2014-09-02 11:20:07-04:00 America/New_York
[FIXED]
- 'keep_alive' is now fork-safe and thread-safe
0.048 2014-08-21 13:19:51-04:00 America/New_York
[FIXED]
- Protected proxy tests from ALL_PROXY in the environment
0.047 2014-07-29 14:09:05-04:00 America/New_York
[CHANGED]
- Updated Mozilla::CA module recommendation version to 20130114
[FIXED]
- Fixed t/00-report-prereqs.t when CPAN::Meta is not installed
0.046 2014-07-21 10:32:32-04:00 America/New_York
[FIXED]
- Empty header fields are now allowed; headers with the 'undef' value
will be rendered as an empty header.
[DOCUMENTED]
- Updated HTTP/1.1 spec description from RFC 2616 to RFC 7230-7235
0.045 2014-07-19 23:17:28-04:00 America/New_York (TRIAL RELEASE)
[FIXED]
- Fixed t/002_croakage.t for various operating systems.
0.044 2014-07-16 23:46:09-04:00 America/New_York
[CHANGED]
- Providing a custom 'Host' header is now a fatal exception. Previously, it
was silently ignored, as the RFC mandates that Host be set from the
URL, but ignoring it could lead to unexpected, confusing errors.
- optimized URL splitting
- Passing 'undef' for any proxy attribute will prevent HTTP::Tiny from
setting the proxy from the environment.
0.043 2014-02-20 20:40:23-05:00 America/New_York
[FIXED]
- Does not send absolute request URI when tunneling SSL via proxy
- Fixes regression in setting host name to verify SSL
- Protects tests from https_proxy and all_proxy when doing mock testing
0.042 2014-02-18 11:23:17EST-0500 America/New_York
[ADDED]
- If IO::Socket::IP 0.25+ is installed, HTTP::Tiny will use it for
transparent IPv4 or IPv6 support.
0.041 2014-02-17 13:07:54-05:00 America/New_York
[no code change, only an amended Changes file]
[INCOMPATIBLE CHANGES (from 0.039)]
- The 'proxy' attribute no longer takes precedence over the
'http_proxy' environment variable. With the addition of http_proxy
and https_proxy attributes (and corresponding environment variable
defaults), the legacy 'proxy' attribute now maps to the
all_proxy/ALL_PROXY environment variable and only takes effect when
other proxy attributes are not defined.
[ADDED (since 0.039)]
- Added 'keep_alive' attribute for single-server persistent connections
(Clinton Gormley)
- Added support for Basic authorization with proxies
- Added support for https proxies via CONNECT
[FIXED (since 0.039)]
- Requests are made with one less write for lower latency (Martin
Evans)
0.040 2014-02-17 13:02:47-05:00 America/New_York
[INCOMPATIBLE CHANGES]
- The 'proxy' attribute no longer takes precedence over the
'http_proxy' environment variable. With the addition of http_proxy
and https_proxy attributes (and corresponding environment variable
defaults), the legacy 'proxy' attribute now maps to the
all_proxy/ALL_PROXY environment variable and only takes effect when
other proxy attributes are not defined.
[ADDED]
- Added support for Basic authorization with proxies
- Added support for https proxies via CONNECT
0.039 2013-11-27 19:48:29 America/New_York
[FIXED]
- Temporary file creating during mirror() is now opened with O_EXCL
for added security
0.038 2013-11-18 12:56:26 America/New_York
[FIXED]
- Fixed a bug where authentication parameters in the URL would override
an existing Authorization header
0.037 2013-10-28 13:26:21 America/New_York
[FIXED]
- Basic authentication in the URL is now unescaped before being encoded
into the authentication header
[DOCUMENTED]
- Added HTTP::Tiny::UA to SEE ALSO and suggested it as the appropriate
place for new features
0.036 2013-09-25 12:10:06 America/New_York
[FIXED]
- Compile test could hang on Windows
[PREREQS]
- Dropped configure_requires for ExtUtils::MakeMaker to 6.17
[META]
- Updated support files
0.035 2013-09-10 12:29:28 America/New_York
[CHANGED]
- Encoded from data from 'post_form' preserves term order if data is
provided as an array reference. (They are still sorted for consistency
if provided as a hash reference.)
0.034 2013-06-26 19:02:25 America/New_York
[ADDED]
- Added support for 'Basic' authorization from
user:password parameters in the URL
0.033 2013-06-21 06:26:51 America/New_York
[FIXED]
- Modifying the 'agent' attribute with the accessor will append the
default agent string, just like setting it during construction
0.032 2013-06-20 11:41:24 America/New_York
[ADDED]
- Added 'no_proxy' attribute, defaulting to $ENV{no_proxy}
0.031 2013-06-16 23:18:18 America/New_York
[FIXED]
- Fixed bug receiving 0-length content bodies
0.030 2013-06-13 11:46:15 America/New_York
[FIXED]
- Requests with the empty string as body content no longer generate
'content-type' and 'content-length' headers.
0.029 2013-04-17 13:49:07 America/New_York
[FIXED]
- Checks for new enough OpenSSL library before using SNI (otherwise
IO::Socket::SSL throws warnings)
0.028 2013-03-05 14:11:57 America/New_York
[SUPPORT]
- Fix repository/issue links to reflect proper repo name
0.027 2013-03-05 12:02:58 America/New_York
[SUPPORT]
- Changed metadata to point to the chansen github repository
for code and issues
[DOCUMENTATION]
- Added hyperlink for HTTP::CookieJar
0.026 2013-03-04 22:53:39 America/New_York
[ADDED]
- Added cookie support if an HTTP::CookieJar object is provided in the
'cookie_jar' attribute [Edward Zborowski]
0.025 2012-12-26 12:09:43 America/New_York
[ADDED]
- Agent string appends default if it ends in a space, just like LWP
[Chris Weyl]
0.024 2012-10-09 20:44:53 America/New_York
[ADDED]
- SSL connections now auto-retry I/O after SSL renegotiation [Alan
Gardner]
[FIXED]
- User-specified CA bundles take precedence over Mozilla::CA [Alan
Gardner]
[PREREQS]
- SSL support now requires Net::SSLeay 1.49 or greater to support
auto-retry [Mike Doherty]
- Downgraded IO::Socket::SSL and related prereqs to 'suggests' again
0.023 2012-09-19 09:55:46 America/New_York
[PREREQS]
- IO::Socket::SSL and related prereqs changed to 'required' for dev
release to get better failure diagnostics from CPAN Testers
[TESTING]
- Skip live SSL testing unless IO::Socket::SSL 1.56+ installed
0.022 2012-06-01 23:31:40 America/New_York
[ADDED]
- Supports local_address option to set local socket interface
[Chris Nehren, David Golden]
0.021 2012-05-15 22:38:57 America/New_York
[TESTING]
- Skip live SSL testing if $ENV{http_proxy} is set
0.020 2012-05-14 15:24:37 America/New_York
[TESTING]
- Capture prerequisite versions under AUTOMATED_TESTING to help
chase down some failures from CPAN Testers
0.019 2012-05-14 07:14:00 America/New_York
[ADDED]
- Require IO::Socket::SSL 1.56 (which added SSL_hostname support) when
doing HTTPS. [Mike Doherty]
[TESTING]
- Provide better diagnostic output in t/210_live_ssl.t [Mike
Doherty]
0.018 2012-04-18 09:39:50 America/New_York
[ADDED]
- Add verify_SSL option to do more secure SSL operations, incl.
attempting to validate against a CA bundle (Mozilla::CA
recommended, but will attempt to find some OS bundles). Also
add SSL_opts, which passes through IO::Socket::SSL's SSL_*
options to control SSL verification. (GH #6, #9) [Mike Doherty]
- Reponse hashref includes final URL (including any redirections)
[Lukas Eklund]
0.017 2012-02-22 21:57:37 EST5EDT
[DOCUMENTATION]
- Clarified how max_size exceptions work [rt.cpan.org #75142]
- Clarify that 2XX is success for most methods (except mirror
where 304 is also success) [rt.cpan.org #75141]
0.016 2011-10-26 23:05:50 America/New_York
[BUG FIXES]
- Fixed Perl 5.6 compatibility by emulating utf8::encode [David Golden]
0.015 2011-10-26 16:42:26 America/New_York
[BUG FIXES]
- Make sure PERL_UNICODE doesn't affect PUT test data [Tony Cook]
[DOCUMENTATION]
- Fixed typo
0.014 2011-10-20 13:54:13 America/New_York
[NEW FEATURES]
- Adds additional shorthand methods for all common HTTP verbs
(HEAD, PUT, POST, DELETE) [David Golden]
- post_form() method for POST-ing x-www-form-urlencoded data
[David Golden]
- www_form_urlencode() utility method [David Golden]
0.013 2011-07-17 23:14:22 America/New_York
[NEW FEATURES]
- $ENV{http_proxy} support added [Claes Jakobsson]
[OTHER]
- Internal/private errors converted from "croak" to "die" as internal
errors are caught by "eval"
0.012 2011-03-31 15:48:02 America/New_York
[BUG FIXES]
- mirror() now uses binmode during output (RT #67118) [Serguei Trouchelle]
[DOCUMENTATION]
- noted that SSL certificates are not verified against CA's
(RT #66907)
0.011 2011-03-19 20:48:39 America/New_York
[BUG FIXES]
- Made t/000_load.t less verbose under harness (RT#65507) [Dave Mitchell]
- Removed 'Errno' as an explicit prefix (it is a core module, but not
indexed by PAUSE, which might confuse some installers)
0.010 2011-02-04 02:45:31 EST5EDT
[BUG FIXES]
- Fixed test errors on VMS (RT#65430) [Craig Berry]
0.009 2011-01-17 16:29:22 EST5EDT
- Added workaround for IO::Socket::SSL certificate verification bug
- Minor documentation improvements
- POST example added to the eg/ directory in the distribution tarball
0.008 2011-01-14 06:34:55 EST5EDT
- Added support for direct 'https' connections if IO::Socket::SSL
is installed
- Added support for a callback to provide trailing headers for
chunked transfer encoding
- Data callbacks receive the response hashref as a second argument
for greater flexibility
- Additional limitations documented
0.007 2011-01-12 04:56:16 EST5EDT
- Added support for redirecting 303 and 307 response codes
- Retry (once) a request that fails due to a closed socket
(per RFC2616 8.1.4)
- Automatically sets request Content-Type to 'application/octet-stream'
if there is content the user has not defined its type
- Trailing headers from chunked transfer encoding are now merged
into the response headers instead of ignored
- Improved handling of malformed or unsupported HTTP protocols
- Expanded http:///.../ as http://localhost/.../ and set Host header
- Documented that URL's must be escaped/encoded
- Documented that the headers hash option may contain an array reference
to output multiple values of the same header field
- Improved documentation of limitations
- Added numerous new tests to ensure compliance with the HTTP/1.1 spec
0.006 2011-01-10 07:28:11 EST5EDT
- Transfer-Encodings are case insensitive
- Add additional test for proper behavior when both Content-Length
and Transfer-Encoding headers are received
0.005 2011-01-08 06:32:05 EST5EDT
- Fixed bug getting content for servers which do not sent Content-Length
- Add test coverage for get(), mirror() and request()
- Add test coverage for requests with static and generated content
0.004 2010-12-15 22:53:59 EST5EDT
- Renamed 'ok' response field to 'success'
- Handle all required HTTP/1.1 date formats
- Documented how callbacks are supposed to work
0.003 2010-12-15 12:30:42 EST5EDT
- Added 'ok' response field to simplify checking success
- Added a 'mirror' method mirror content to a file, but shortcut
if not modified
0.002 2010-12-13 21:59:39 EST5EDT
- Added some initial documentation
- Skips utf8::* code on Perls older than 5.8
0.001 2010-12-11 07:59:16 EST5EDT
- Initial CPAN release
# vim: ts=2 sts=2 sw=2 et: