Release 2.12.4 with CVE Fix: 2024-53990

Author: hyperxpro

bom/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <groupId>org.asynchttpclient</groupId>
         <artifactId>async-http-client-project</artifactId>
-        <version>2.12.3</version>
+        <version>2.12.4</version>
     </parent>
 
     <artifactId>async-http-client-bom</artifactId>

client/pom.xml

@@ -2,7 +2,7 @@
   <parent>
     <groupId>org.asynchttpclient</groupId>
     <artifactId>async-http-client-project</artifactId>
-    <version>2.12.3</version>
+    <version>2.12.4</version>
   </parent>
   <modelVersion>4.0.0</modelVersion>
   <artifactId>async-http-client</artifactId>

client/src/main/java/org/asynchttpclient/DefaultAsyncHttpClient.java

@@ -214,7 +214,7 @@ public <T> ListenableFuture<T> executeRequest(Request request, AsyncHandler<T> h
         if (!cookies.isEmpty()) {
           RequestBuilder requestBuilder = request.toBuilder();
           for (Cookie cookie : cookies) {
-            requestBuilder.addOrReplaceCookie(cookie);
+            requestBuilder.addCookieIfUnset(cookie);
           }
           request = requestBuilder.build();
         }

client/src/main/java/org/asynchttpclient/RequestBuilderBase.java

@@ -308,26 +308,43 @@ public T addCookie(Cookie cookie) {
 
   /**
    * Add/replace a cookie based on its name
+   *
    * @param cookie the new cookie
    * @return this
    */
   public T addOrReplaceCookie(Cookie cookie) {
+    return maybeAddOrReplaceCookie(cookie, true);
+  }
+
+  /**
+   * Add a cookie based on its name, if it does not exist yet. Cookies that
+   * are already set will be ignored.
+   *
+   * @param cookie the new cookie
+   * @return this
+   */
+  public T addCookieIfUnset(Cookie cookie) {
+    return maybeAddOrReplaceCookie(cookie, false);
+  }
+
+  private T maybeAddOrReplaceCookie(Cookie cookie, boolean allowReplace) {
     String cookieKey = cookie.name();
     boolean replace = false;
     int index = 0;
     lazyInitCookies();
-    for (Cookie c : this.cookies) {
+    for (Cookie c : cookies) {
       if (c.name().equals(cookieKey)) {
         replace = true;
         break;
       }
 
       index++;
     }
-    if (replace)
-      this.cookies.set(index, cookie);
-    else
-      this.cookies.add(cookie);
+    if (!replace) {
+      cookies.add(cookie);
+    } else if (allowReplace) {
+      cookies.set(index, cookie);
+    }
     return asDerivedType();
   }
 

client/src/main/java/org/asynchttpclient/netty/handler/intercept/Redirect30xInterceptor.java

@@ -135,8 +135,9 @@ else if (isNonEmpty(request.getBodyParts())) {
           // Update request's cookies assuming that cookie store is already updated by Interceptors
           List<Cookie> cookies = cookieStore.get(newUri);
           if (!cookies.isEmpty())
-            for (Cookie cookie : cookies)
-              requestBuilder.addOrReplaceCookie(cookie);
+            for (Cookie cookie : cookieStore.get(newUri)) {
+              requestBuilder.addCookieIfUnset(cookie);
+            }
         }
 
         boolean sameBase = request.getUri().isSameBase(newUri);

example/pom.xml

@@ -2,7 +2,7 @@
   <parent>
     <groupId>org.asynchttpclient</groupId>
     <artifactId>async-http-client-project</artifactId>
-    <version>2.12.3</version>
+    <version>2.12.4</version>
   </parent>
   <modelVersion>4.0.0</modelVersion>
   <artifactId>async-http-client-example</artifactId>

extras/guava/pom.xml

@@ -2,7 +2,7 @@
   <parent>
     <groupId>org.asynchttpclient</groupId>
     <artifactId>async-http-client-extras-parent</artifactId>
-    <version>2.12.3</version>
+    <version>2.12.4</version>
   </parent>
   <modelVersion>4.0.0</modelVersion>
   <artifactId>async-http-client-extras-guava</artifactId>

extras/jdeferred/pom.xml

@@ -18,7 +18,7 @@
   <parent>
     <artifactId>async-http-client-extras-parent</artifactId>
     <groupId>org.asynchttpclient</groupId>
-    <version>2.12.3</version>
+    <version>2.12.4</version>
   </parent>
   <artifactId>async-http-client-extras-jdeferred</artifactId>
   <name>Asynchronous Http Client JDeferred Extras</name>

extras/pom.xml

@@ -2,7 +2,7 @@
   <parent>
     <groupId>org.asynchttpclient</groupId>
     <artifactId>async-http-client-project</artifactId>
-    <version>2.12.3</version>
+    <version>2.12.4</version>
   </parent>
   <modelVersion>4.0.0</modelVersion>
   <artifactId>async-http-client-extras-parent</artifactId>

extras/registry/pom.xml

@@ -2,7 +2,7 @@
   <parent>
     <groupId>org.asynchttpclient</groupId>
     <artifactId>async-http-client-extras-parent</artifactId>
-    <version>2.12.3</version>
+    <version>2.12.4</version>
   </parent>
   <modelVersion>4.0.0</modelVersion>
   <artifactId>async-http-client-extras-registry</artifactId>

extras/retrofit2/pom.xml

@@ -4,7 +4,7 @@
   <parent>
     <artifactId>async-http-client-extras-parent</artifactId>
     <groupId>org.asynchttpclient</groupId>
-    <version>2.12.3</version>
+    <version>2.12.4</version>
   </parent>
 
   <artifactId>async-http-client-extras-retrofit2</artifactId>

extras/rxjava/pom.xml

@@ -3,7 +3,7 @@
   <parent>
     <artifactId>async-http-client-extras-parent</artifactId>
     <groupId>org.asynchttpclient</groupId>
-    <version>2.12.3</version>
+    <version>2.12.4</version>
   </parent>
   <artifactId>async-http-client-extras-rxjava</artifactId>
   <name>Asynchronous Http Client RxJava Extras</name>

extras/rxjava2/pom.xml

@@ -3,7 +3,7 @@
   <parent>
     <artifactId>async-http-client-extras-parent</artifactId>
     <groupId>org.asynchttpclient</groupId>
-    <version>2.12.3</version>
+    <version>2.12.4</version>
   </parent>
   <artifactId>async-http-client-extras-rxjava2</artifactId>
   <name>Asynchronous Http Client RxJava2 Extras</name>

extras/simple/pom.xml

@@ -3,7 +3,7 @@
   <parent>
     <artifactId>async-http-client-extras-parent</artifactId>
     <groupId>org.asynchttpclient</groupId>
-    <version>2.12.3</version>
+    <version>2.12.4</version>
   </parent>
   <artifactId>async-http-client-extras-simple</artifactId>
   <name>Asynchronous Http Simple Client</name>

extras/typesafeconfig/pom.xml

@@ -4,7 +4,7 @@
   <parent>
     <artifactId>async-http-client-extras-parent</artifactId>
     <groupId>org.asynchttpclient</groupId>
-    <version>2.12.3</version>
+    <version>2.12.4</version>
   </parent>
 
   <artifactId>async-http-client-extras-typesafe-config</artifactId>

netty-utils/pom.xml

@@ -2,7 +2,7 @@
   <parent>
     <groupId>org.asynchttpclient</groupId>
     <artifactId>async-http-client-project</artifactId>
-    <version>2.12.3</version>
+    <version>2.12.4</version>
   </parent>
   <modelVersion>4.0.0</modelVersion>
   <artifactId>async-http-client-netty-utils</artifactId>

pom.xml

@@ -4,7 +4,7 @@
 
   <groupId>org.asynchttpclient</groupId>
   <artifactId>async-http-client-project</artifactId>
-  <version>2.12.3</version>
+  <version>2.12.4</version>
   <packaging>pom</packaging>
 
   <name>Asynchronous Http Client Project</name>
@@ -24,17 +24,17 @@
 
   <developers>
     <developer>
-      <id>slandelle</id>
-      <name>Stephane Landelle</name>
-      <email>[email protected]</email>
+      <id>hyperxpro</id>
+      <name>Aayush Atharva</name>
+      <email>[email protected]</email>
     </developer>
   </developers>
 
   <scm>
     <connection>scm:git:[email protected]:AsyncHttpClient/async-http-client.git</connection>
     <developerConnection>scm:git:[email protected]:AsyncHttpClient/async-http-client.git</developerConnection>
     <url>https://github.com/AsyncHttpClient/async-http-client/tree/master</url>
-    <tag>async-http-client-project-2.12.3</tag>
+    <tag>async-http-client-project-2.12.4</tag>
   </scm>
 
   <distributionManagement>
@@ -220,42 +220,41 @@
           </execution>
         </executions>
       </plugin>
+      <plugin>
+        <groupId>org.sonatype.plugins</groupId>
+        <artifactId>nexus-staging-maven-plugin</artifactId>
+        <version>1.7.0</version>
+        <extensions>true</extensions>
+        <configuration>
+          <serverId>ossrh</serverId>
+          <nexusUrl>https://oss.sonatype.org/</nexusUrl>
+          <autoReleaseAfterClose>false</autoReleaseAfterClose>
+          <skipRemoteStaging>false</skipRemoteStaging>
+        </configuration>
+      </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-gpg-plugin</artifactId>
+        <version>3.2.7</version>
+        <executions>
+          <execution>
+            <id>sign-artifacts</id>
+            <phase>verify</phase>
+            <goals>
+              <goal>sign</goal>
+            </goals>
+            <configuration>
+              <!-- Prevent gpg from using pinentry programs -->
+              <gpgArguments>
+                <arg>--pinentry-mode</arg>
+                <arg>loopback</arg>
+              </gpgArguments>
+            </configuration>
+          </execution>
+        </executions>
+      </plugin>
     </plugins>
   </build>
-  <profiles>
-    <profile>
-      <id>release-sign-artifacts</id>
-      <activation>
-        <property>
-          <name>performRelease</name>
-          <value>true</value>
-        </property>
-      </activation>
-      <build>
-        <plugins>
-          <plugin>
-            <artifactId>maven-gpg-plugin</artifactId>
-            <version>1.6</version>
-            <executions>
-              <execution>
-                <id>sign-artifacts</id>
-                <phase>verify</phase>
-                <goals>
-                  <goal>sign</goal>
-                </goals>
-              </execution>
-            </executions>
-          </plugin>
-        </plugins>
-      </build>
-    </profile>
-    <profile>
-      <id>test-output</id>
-      <properties>
-        <surefire.redirectTestOutputToFile>false</surefire.redirectTestOutputToFile>
-      </properties>
-    </profile>
-  </profiles>
 
   <modules>
     <module>bom</module>