On Tue, Jun 2, 2026 at 3:18 PM Oleg Kalnichevski <[email protected]> wrote: > > Folks > > I think it is time to officially declare HttpClient 4.x at the end of > life and discontinue its support. > > Does anyone see any good reason to keep it supported?
I'm OK to keep supporting it, as it still lives deep in some of my transitive dependencies. I would even consider adding a toggle to all versions that says: "Even though I've added a header manually, I don't want it magically forwarded on any redirect-type of operation. Maybe there's 2 APIs: add short vs. long lived header. This comes up so often as a security issue, that I wish we could force users to call a "I know what I'm doing" API because adding a plain old header seems like normal behavior for these folks. 2c, Gary > > Oleg > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
