On Tue, 2026-06-02 at 15:33 -0400, Gary Gregory wrote: > On Tue, Jun 2, 2026 at 3:18 PM Oleg Kalnichevski <[email protected]> > wrote: > > > > Folks > > > > I think it is time to officially declare HttpClient 4.x at the end > > of > > life and discontinue its support. > > > > Does anyone see any good reason to keep it supported? > > I'm OK to keep supporting it, as it still lives deep in some of my > transitive dependencies. >
Would you be willing to be the release manager for the 4.5.x branch? > I would even consider adding a toggle to all versions that says: > "Even > though I've added a header manually, I don't want it magically > forwarded on any redirect-type of operation. Maybe there's 2 APIs: > add > short vs. long lived header. > I doubt we need such a toggle or two types of APIs given we have request / exec interceptors. > This comes up so often as a security issue, that I wish we could > force > users to call a "I know what I'm doing" API because adding a plain > old > header seems like normal behavior for these folks. > The problem is our poor documentation and overabundance of "security professionals". Oleg > 2c, > Gary > > > > > Oleg > > > > ------------------------------------------------------------------- > > -- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
