3 All notable changes to this project will be documented in this file, in reverse chronological order by release.
9 - [#135](https://github.com/zendframework/zend-http/pull/135) adds a package suggestion of paragonie/certainty, which provides automated
10 management of cacert.pem files.
12 - [#143](https://github.com/zendframework/zend-http/pull/143) adds support for PHP 7.2.
28 - [#140](https://github.com/zendframework/zend-http/pull/140) fixes retrieval of headers when multiple headers of the same name
29 are added to the `Headers` instance; it now ensures that the last header added of the same
30 type is retrieved when it is not a multi-value type. Previous values are overwritten.
32 - [#112](https://github.com/zendframework/zend-http/pull/112) provides performance improvements when parsing large chunked messages.
34 - introduces changes to `Response::fromString()` to pull the next line of the response
35 and parse it for the status when a 100 status code is initially encountered, per https://tools.ietf.org/html/rfc7231\#section-6.2.1
37 - [#122](https://github.com/zendframework/zend-http/pull/122) fixes an issue with the stream response whereby if the `outputstream`
38 option is set, the output file was opened twice; it is now opened exactly once.
40 - [#147](https://github.com/zendframework/zend-http/pull/147) fixes an issue with header retrieval when the header line is malformed.
41 Previously, an exception would be raised if a specific `HeaderInterface` implementation determined
42 the header line was invalid. Now, `Header::has()` will return false for such headers, allowing
43 `Request::getHeader()` to return `false` or the provided default value. Additionally, in cases
44 where the header name is malformed (e.g., `Useragent` instead of `User-Agent`, users can still
45 retrieve by the submitted header name; they will receive a `GenericHeader` instance in such
48 - [#133](https://github.com/zendframework/zend-http/pull/133) Adds back missing
49 sprintf placeholder in CacheControl exception message
55 - [#110](https://github.com/zendframework/zend-http/pull/110) Adds status
56 codes 226, 308, 444, 499, 510, 599 with their corresponding constants and
61 - [#120](https://github.com/zendframework/zend-http/pull/120) Changes handling
62 of Cookie Max-Age parameter to conform to specification
63 [rfc6265#section-5.2.2](https://tools.ietf.org/html/rfc6265#section-5.2.2).
64 Specifically, non-numeric values are ignored and negative numbers are changed
73 - [#115](https://github.com/zendframework/zend-http/pull/115) dropped php 5.5
78 - [#130](https://github.com/zendframework/zend-http/pull/130) Fixed cURL
79 adapter not resetting headers from previous request when used with output
85 - [#99](https://github.com/zendframework/zend-http/pull/99) added
86 TimeoutException for cURL adapter.
87 - [#98](https://github.com/zendframework/zend-http/pull/98) added connection
88 timeout (`connecttimeout`) for cURL and Socket adapters.
89 - [#97](https://github.com/zendframework/zend-http/pull/97) added support to
90 `sslcafile` and `sslcapath` to cURL adapter.
104 ## 2.5.6 - 2017-01-31
120 - [#107](https://github.com/zendframework/zend-http/pull/107) fixes the
121 `Expires` header to allow values of `0` or `'0'`; these now resolve
122 to the start of the unix epoch (1970-01-01).
123 - [#102](https://github.com/zendframework/zend-http/pull/102) fixes the Curl
124 adapter timeout detection.
125 - [#93](https://github.com/zendframework/zend-http/pull/93) fixes the Content
126 Security Policy CSP HTTP header when it is `none` (empty value).
127 - [#92](https://github.com/zendframework/zend-http/pull/92) fixes the flatten
128 cookies value for array value (also multidimensional).
129 - [#34](https://github.com/zendframework/zend-http/pull/34) fixes the
130 standard separator (&) for application/x-www-form-urlencoded.
132 ## 2.5.5 - 2016-08-08
136 - [#44](https://github.com/zendframework/zend-http/pull/44),
137 [#45](https://github.com/zendframework/zend-http/pull/45),
138 [#46](https://github.com/zendframework/zend-http/pull/46),
139 [#47](https://github.com/zendframework/zend-http/pull/47),
140 [#48](https://github.com/zendframework/zend-http/pull/48), and
141 [#49](https://github.com/zendframework/zend-http/pull/49) prepare the
142 documentation for publication at https://zendframework.github.io/zend-http/
154 - [#87](https://github.com/zendframework/zend-http/pull/87) fixes the
155 `ContentLength` constructor to test for a non null value (vs a falsy value)
156 before validating the value; this ensures 0 values may be specified for the
158 - [#85](https://github.com/zendframework/zend-http/pull/85) fixes infinite recursion
159 on AbstractAccept. If you create a new Accept and try to call getFieldValue(),
160 an infinite recursion and a fatal error happens.
161 - [#58](https://github.com/zendframework/zend-http/pull/58) avoid triggering a notice
162 with special crafted accept headers. In the case the value of an accept header
163 does not contain an equal sign, an "Undefined offset" notice is triggered.
165 ## 2.5.4 - 2016-02-04
181 - [#42](https://github.com/zendframework/zend-http/pull/42) updates dependencies
182 to ensure it can work with PHP 5.5+ and 7.0+, as well as zend-stdlib
185 ## 2.5.3 - 2015-09-14
201 - [#23](https://github.com/zendframework/zend-http/pull/23) fixes a BC break
202 introduced with fixes for [ZF2015-04](http://framework.zend.com/security/advisory/ZF2015-04),
203 pertaining specifically to the `SetCookie` header. The fix backs out a
204 check for message splitting syntax, as that particular class already encodes
205 the value in a manner that prevents the attack. It also adds tests to ensure
206 the security vulnerability remains patched.
208 ## 2.5.2 - 2015-08-05
224 - [#7](https://github.com/zendframework/zend-http/pull/7) fixes a call in the
225 proxy adapter to `Response::extractCode()`, which does not exist, to
226 `Response::fromString()->getStatusCode()`, which does.
227 - [#8](https://github.com/zendframework/zend-http/pull/8) ensures that the Curl
228 client adapter enables the `CURLINFO_HEADER_OUT`, which is required to ensure
229 we can fetch the raw request after it is sent.
230 - [#14](https://github.com/zendframework/zend-http/pull/14) fixes
231 `Zend\Http\PhpEnvironment\Request` to ensure that empty `SCRIPT_FILENAME` and
232 `SCRIPT_NAME` values which result in an empty `$baseUrl` will not raise an
233 `E_WARNING` when used to do a `strpos()` check during base URI detection.