From: Hleb Valoshka <375gnu@gmail.com>
Date: Mon, 17 Aug 2015 16:19:46 +0300
Subject: Add upstream changelog

---
 CHANGELOG.md | 1067 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 1067 insertions(+)
 create mode 100644 CHANGELOG.md

diff --git a/CHANGELOG.md b/CHANGELOG.md
new file mode 100644
index 0000000..c7a9fe7
--- /dev/null
+++ b/CHANGELOG.md
@@ -0,0 +1,1067 @@
+## Changes
+
+### Changes in 2.6.0
+
+This release includes internal CookieManager implementation change. It
+involves compatibility layer but for the case your library depends on internal
+implementation it also provides a way to restore the implementation. See below
+for more details.
+
+ * Changes
+
+   * feat: use http-cookie if available for better Cookies spec compliance.
+
+     Instead of WebAgent 0.6.2 that is not maintained over 10 years. To omit
+     maintaining that library use http-cookie for better spec compliance and
+     healthy development.
+
+     This introduces following incompatibility from existing cookies
+     implementation.
+
+     * Expired cookies are not saved. With the old implementation expired
+       cookies are saved in file and not be sent to the server. With the new
+       implementation the expired cookies are not saved to the file and not
+       be sent to the server.
+     * Cookie#domain returns dot-less domain for domain cookies. Instead,
+       Cookie#dot_domain returns with dot.
+
+     http-cookie is used by default if available but you can restore original
+     CookieManager behavior by loading 'httpclient/webagent-cookie' feature
+     before 'httpclient' like this;
+
+     ```ruby
+     require 'httpclient/webagent-cookie'
+     require 'httpclient'
+     ```
+
+     The new implementation dumps warnings to help you migrate to http-cookie.
+     Please follow the suggestion to avoid future compatibility.
+
+     ```ruby
+     e.g.
+      WebAgent::Cookie is deprecated and will be replaced with HTTP::Cookie in the near future. Please use Cookie#origin= instead of Cookie#url= for the replacement.
+      Cookie#domain returns dot-less domain name now. Use Cookie#dot_domain if you need "." at the beginning.
+      CookieManager#find is deprecated and will be removed in near future. Use HTTP::Cookie.cookie_value(CookieManager#cookies) instead
+     ```
+
+   * feat: Message#previous to get responses in negotiation
+
+     HTTP::Message#previous keeps previous response in negotiation.  For
+     redirection, authorization negotiation and retry from custom filter.
+     Closes #234.
+
+   * feat: Add JSONClient
+
+     JSONClient auto-converts Hash <-> JSON in request and response.
+     * For POST or PUT request, convert Hash body to JSON String with
+       'application/json; charset=utf-8' header.
+     * For response, convert JSON String to Hash when content-type is
+       '(application|text)/(x-)?json'
+
+     This commit include bin/jsonclient that works as same as bin/httpclient
+     not with HTTPClient but with JSONClient.
+
+   * feat: Add download command
+
+     ```
+     % httpclient download http://host/path > file
+     ```
+
+ * Bug fixes
+
+   * fix: duplicated query params by follow_redirect
+
+     When the original request has query and the server returns redirection
+     response with Location, HTTPClient wrongly adds query to the new URI. In
+     such case the Location header could include query part;
+
+     ```
+     e.g.
+      http://originalhost/api/call?limit=10
+      -> Location: http://otherhost/api/call?limit=10
+     ```
+
+     HTTPClient should just hit the new location '/api/call?limit=10' not
+     '/api/call?limit=10&limit=10'. Closes #236.
+
+   * fix: NTLM & Basic dual auth
+
+     When a server returns two or more WWW-Authenticate headers and the first
+     one is NTLM, say WWW-Authenticate: NTLM and WWW-Authenticate: Basic in
+     this order, HTTPClient sent Basic Authorization header after finishing
+     NTLM auth negotiation.
+
+     NTLM auth is a connection authentication scheme so HTTPClient deleted
+     the internal auth negotiation state so that NTLM authenticator does not
+     do anything after the negotiation has completed. In such case, for the
+     subsequent requests, NTLM authenticator does nothing but Basic
+     authenticator sends Basic Authorization header to the server that is
+     already negotiated via NTLM authenticator. This can cause authentication
+     failure.
+
+     This commit changes the internal state handling not to delete the state
+     but introduce :done state. NTLM authenticator returns :skip for the
+     request to the server that auth negotiation has completed. WWWAuth skips
+     other authenticator to avoid above issue.  Closes #157.
+
+   * fix: transplant IO positions to new request in negotiation
+
+     In authorization negotiation HTTP::Message for request is generated for
+     each request, of course, but HTTPClient did not care the IO position
+     recorded in the previous requests in the subsequent requests.  Closes #130.
+
+   * fix: avoid inconsistent Content-Length and actual body
+
+     If lengths of all posted arguments are known HTTPClient sends
+     'Content-Length' as a sum length of all arguments. But the length of
+     actual body was wrong because it read as much as possible regardless of
+     what IO#size returned. So if the file is getting bigger while HTTPClient
+     is processing a request the request has inconsistent Content-Length and
+     body.
+
+     This bug is found, and the fix is proposed both by @Teshootub7. Thank
+     you very much for patient trouble shooting!  Fixes #117.
+
+   * fix: KeepAliveDisconnected race condition
+
+     As details explained in #84, current HTTPClient's KeepAliveDisconnected
+     handling has a race condition bug that allows a client to have
+     invalidated connection two or more times. This could be a cause of #185.
+
+     To avoid this, make HTTPClient acquire new connection for retry of
+     KeepAliveDisconnected.  Closes #84. Closes #185.
+
+### Changes in 2.5.3
+
+This release includes behavior changes of POST and PUT requests that has
+nil as a body. See changes below. Emtpty String as a body is not affected.
+
+ * Changes
+
+   * Update cacert. "Certificate data from Mozilla as of: Tue Oct 28 22:03:58 2014"
+     -> Reverted in 2.5.3.3 because it caused unexpected SSLError. See
+     https://github.com/nahi/httpclient/issues/230
+
+   * Allow no content POST and PUT.
+     Previously POST or PUT with :body => nil meant that 'POST or PUT with 0
+     length entity body'. But sometimes you need to POST or PUT actually no
+     content which should not have Content-Type nor Content-Length.
+     It could be incompatible change for user who POST/PUT-ed with empty body
+     but it should be rare, actually WEBrick cannot handle such 'no content'
+     POST and PUT. #128.
+
+   * Add default_header property.
+     :default_header is for providing default headers Hash that all HTTP
+     requests should have, such as custom 'Authorization' header in API.  You
+     can override :default_header with :header Hash parameter in HTTP request
+     methods.
+
+   * raise if redirect res does not have Location header. #155.
+
+ * Bug fixes
+
+   * Avoid NPE by a cookie without domain=.
+     The root cause is still uncertain though. Closes #123
+
+   * Suppress verify_callback warning.
+     Because OpenSSL can try multiple certificate chains and some of it can
+     fail, and one of them succeeds. For that case warning is irrelevant.
+     Let it warn only in $DEBUG mode. #221.
+
+### Changes in 2.5.2
+
+Oct 29, 2014 - version 2.5.2
+
+  * Changes
+    * Add :force_basic_auth config - #166, #179, #181.
+	  Generally HTTP client must send Authorization header after it gets 401
+	  error from server from security reason. But in some situation (e.g.
+	  API client) you might want to send Authorization from the beginning.
+	  You can turn on/off force_basic_auth flag for sending Authorization
+	  header from the beginning. (Of cource, if a request URI matches with
+	  the URI you set in set_auth method)
+
+    Syntax:
+    ```ruby
+      HTTPClient.new(:force_basic_auth => true)
+      # or
+      c = HTTPClient.new
+      c.force_basic_auth = true
+    ```
+
+    * Add :base_url to HTTPClient configuration.
+    Passing path to get, post, etc. is recognized as a request to
+    :base_url + uri.  If you pass full URL :base_url is ignored.
+
+    ```ruby
+      api = HTTPClient.new(:base_url => 'https://api.example.com/v1')
+      api.get("/users.json") # => Get https://api.example.com/v1/users.json
+      api.get("https://localhost/path") # => https://localhost/path
+    ```
+
+
+### Changes in 2.5.1
+
+Oct 19, 2014 - version 2.5.1
+
+  * Changes
+	* Allow to specify :query in POST, PUT, DELETE and OPTIONS requests.
+      Closes #83.
+    * Allow to specify :body in OPTIONS request. Closes #136.
+
+
+### Changes in 2.5.0
+
+Oct 17, 2014 - version 2.5.0
+
+**IMPORTANT CHANGES**
+
+This version changes (again) default SSL options to help
+BEAST/CRIME/POODLE Attack prevension.
+
+ * Disabled SSLv3 in favor of POODLE Attack prevention.
+ * Enabled 1/n-1 fragment in favor of BEAST Attack prevention.
+ * No TLS compression in favor of CRIME Attack prevention.
+
+You can restore the previous SSL configuration like this;
+
+```ruby
+client = HTTPClient.new
+client.ssl_config.ssl_version = :SSLv23
+client.ssl_config.options = OpenSSL::SSL::OP_ALL | OpenSSL::SSL::OP_NO_SSLv2
+```
+
+  * Changes
+	* Change default SSL options. See above.
+    * Keep cause error of KeepAliveDisconnected. It allows caller to
+	  investigate the cause of KeepAliveDisconnected.
+
+
+### Changes in 2.4.0
+
+Jun 8, 2014 - version 2.4.0
+
+**IMPORTANT CHANGES**
+
+This version changes default SSL version to :auto (same as nil) to use SSL/TLS
+version negotiation.  Former versions use SSLv3 as default that does not connect
+via TLS.  This change makes underlying OpenSSL library decide which SSL/TLS
+version to use but SSLv2 is disabled.
+
+This change makes your secure connection safer but if you see SSL connection
+failure with this version try specifying SSL version to use SSLv3 like;
+```
+client = HTTPClient.new
+client.ssl_config.ssl_version = :SSLv3
+```
+
+  * Bug fixes
+    * Avoid unnecessary connection retries for OAuth error.
+      [#203](https://github.com/nahi/httpclient/issues/203)
+	* Make authentication drivers Thread-safe.  Note that HTTPClient instance is
+	  Thread-safe for authentication state update but it shares authentication
+	  state across threads by design.  If you don't want to share authentication
+	  state, such as for using different authentication username/password pair
+	  per thread, create HTTPClient instance for each Thread.
+      [#200](https://github.com/nahi/httpclient/issues/200)
+    * Avoid chunked String recycle in callback block.
+      [#193](https://github.com/nahi/httpclient/issues/193)
+    * Do not send empty 'oauth_token' in signed request for compatibility.
+      [#188](https://github.com/nahi/httpclient/issues/188)
+    * Ignore negative Content-Length header from server.
+      [#175](https://github.com/nahi/httpclient/issues/175)
+    * Fix incorrect use of absolute URL for HTTPS proxy requests.
+      [#168](https://github.com/nahi/httpclient/issues/168)
+    * Handle UTF characters in chunked bodies.
+      [#167](https://github.com/nahi/httpclient/issues/167)
+    * A new cookie never be accepted if an HTTPClient has the same expired cookie.
+      [#154](https://github.com/nahi/httpclient/issues/154)
+	* Allow spaces in NO_PROXY environment like; "hosta, hostb"
+      [#141](https://github.com/nahi/httpclient/issues/141)
+	* Avoid HttpClient::Message::Body#dump causes Encoding::CompatibilityError.
+      [#140](https://github.com/nahi/httpclient/issues/140)
+
+  * Changes
+	* Change default SSL version to :auto to use version negotiation.
+      [#186](https://github.com/nahi/httpclient/issues/186),
+      [#204](https://github.com/nahi/httpclient/issues/204)
+    * Allow to pass client private key passphrase in SSLConfig.
+      [#201](https://github.com/nahi/httpclient/issues/201)
+    * Convert README to markdown syntax
+      [#198](https://github.com/nahi/httpclient/issues/198)
+    * Update default CA certificates: change the source from JDK's to Firefox's.
+      The file is downloaded from
+	  https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt
+	  (Certificate data from Mozilla as of: Tue Apr 22 08:29:31 2014)
+      [#195](https://github.com/nahi/httpclient/issues/195)
+	* Callback block can be defined as to get 2 arguments to retrieve the
+	  response object.
+      [#194](https://github.com/nahi/httpclient/issues/194)
+    * Remove [] from given address for IPv6 compat.
+      [#176](https://github.com/nahi/httpclient/issues/176)
+    * Update API endpoints to those of Twitter REST API v1.1.
+      [#150](https://github.com/nahi/httpclient/issues/150)
+
+
+### Changes in 2.3.4
+
+July 27, 2013 - version 2.3.4
+
+  * Bug fixes
+    * Make sure to read socket in BINARY buffer.
+	  [#171](https://github.com/nahi/httpclient/issues/171)
+
+### Changes in 2.3.3
+
+February 24, 2013 - version 2.3.3
+
+  * Changes
+
+	* Add User-Agent field by default. You can remove the header by setting nil
+	  to HTTPClient#agent_name.
+      [#144](https://github.com/nahi/httpclient/issues/144)
+
+### Changes in 2.3.2
+
+January 5, 2013 - version 2.3.2
+
+```
+  * Changes
+
+    * #138 Revert Timeout change unintentionally included in v2.3.1.  It's
+      reported that the change causes background processes not terminated
+      properly.
+```
+
+### Changes in 2.3.1
+
+January 1, 2013 - version 2.3.1
+
+```
+  * Changes
+
+    * #137 Signing key is expiring for cacert_sha1.p7s.
+      Deleted p7s signature check for default cacerts.  Sorry for many troubles
+      in the past. This feature is not useful without having online/real-time
+      CA certs update but I don't think I can implement it in near future.
+      Users depend on this signature check (who puts cacert.p7s in R/W
+      filesystem and ssl_config.rb in R/O filesystem) should take care the
+      tampering by themself.
+
+  * Bug fixes
+
+    * #122 Support IPv6 address in URI
+```
+
+
+### Changes in 2.3.0
+
+October 10, 2012 - version 2.3.0
+
+```
+    * Features
+
+      * Added debug mode CLI.  bin/httpclient is installed as CLI.
+          Usage: 1) % httpclient get https://www.google.co.jp/ q=ruby
+          Usage: 2) %httpclient
+        For 1) it issues a GET request to the given URI and shows the wiredump
+        and the parsed result.  For 2) it invokes irb shell with the binding
+        that has a HTTPClient as 'self'.  You can call HTTPClient instance
+        methods like;
+          > get "https://www.google.co.jp/", :q => :ruby
+
+      * #119 Addressable gem support (only if it exists); should handle IRI
+        properly.
+
+    * Bug fixes
+
+      * #115 Cookies couldn't work properly if the path in an URI is ommited.
+      * #112, #117 Proper handling of sized IO (the IO object that responds to
+        :size) for chunked POST. HTTPClient did read till EOF even if the
+        given IO has :size method.
+      * Handle '303 See Other' properly.  RFC2616 says it should be redirected
+        with GET.
+      * #116 Fix "100-continue" support.  It was just ignored.
+      * #118 Support for boolean values when making POST/PUT requests with
+        multiipart/form Content-Type.
+      * #110 Allows leading dots in no_proxy hostname suffixes.
+```
+
+### Changes in 2.2.7
+
+August 14, 2012 - version 2.2.7
+
+```
+    * Bug fixes
+
+      * Fix arity incompatibility introduced in 2.2.6.  It broke Webmock.
+        Thanks Andrew France for the report!
+```
+
+### Changes in 2.2.6
+
+August 14, 2012 - version 2.2.6
+
+```
+    * Bug fixes
+
+      * Make get_content doesn't raise a BadResponseError for perfectly good
+        responses like 304 Not Modified. Thanks to Florian Hars.
+
+      * Add 'Content-Type: application/x-www-form-urlencoded' for the PUT
+        request that has urlencoded entity-body.
+
+    * Features
+
+      * Add HTTPClient::IncludeClient by Jonathan Rochkind, a mix-in for easily
+        adding a thread-safe lazily initialized class-level HTTPClient object
+        to your class.
+
+      * Proxy DigestAuth support. Thanks to Alexander Kotov and Florian Hars.
+
+      * Accept an array of strings (and IO-likes) as a query value
+        e.g. `{ x: 'a', y: [1,2,3] }` is encoded into `"x=a&y=1&y=2&y=3"`.
+        Thanks to Akinori MUSHA.
+
+      * Allow body for DELETE method.
+
+      * Allow :follow_redirect => true for HEAD request.
+
+      * Fill request parameters request_method, request_uri and request_query
+        as part of response Message::Header.
+```
+
+### Changes in 2.2.5
+
+  May 06, 2012 - version 2.2.5
+
+```
+    * Bug fixes
+
+      * Added Magic encoding comment to hexdump.rb to avoid encoding error.
+      * Add workaround for JRuby issue on Windows (JRUBY-6136)
+        On Windows, calling File#size fails with an Unknown error (20047).
+        This workaround uses File#lstat instead.
+      * Require open-uri only on ruby 1.9, since it is not needed on 1.8.
+
+    * Features
+
+      * Allow symbol Header name for HTTP request.
+      * Dump more SSL certificate information under $DEBUG.
+      * Add HTTPClient::SSLConfig#ssl_version property.
+      * Add 'Accept: */*' header to request by default. Rails requies it.
+        It doesn't override given Accept header from API.
+      * Add HTTPClient::SSLConfig#set_default_paths. This method makes
+        HTTPClient instance to use OpenSSL's default trusted CA certificates.
+      * Allow to set Date header manually.
+        ex. clent.get(uri, :header => {'Date' => Time.now.httpdate})
+```
+
+### Changes in 2.2.4
+
+  Dec 08, 2011 - version 2.2.4
+
+```
+    * Bug fixes
+
+      * Do not recycle buffer String object for yielding.  When the response is
+        not chunked and the size of the response > 16KB, API with block style
+        yields recycled String object for each yields.
+
+      * Set VERSION string in User-Agent header.  $Id$ didn't work long time...
+
+      Bugs are reported by Seamus Abshere. Thanks!
+```
+
+### Changes in 2.2.3
+
+  Oct 28, 2011 - version 2.2.3
+
+```
+    * Bug fixes
+
+      * Ruby 1.8.6 support.  It's broken from 2.2.0.
+```
+
+### Changes in 2.2.2
+
+  Oct 17, 2011 - version 2.2.2
+
+```
+    * Bug fixes
+
+      * Do not sort query params on request: Wrongly sorted query params for
+        easier debugging but the order of request parameter should be
+        preserved. #65
+
+    * Changes
+
+      * Set responce String encoding if possible.  Parse content-type response
+        header with some helps from OpenURI::Meta and set response String
+        encoding. #26
+
+      * Improve connection cache strategy.  Reuse cached session in MRU order,
+        not in LRU.  MRU is more server friendly than LRU because it reduces
+        number of cached sessions when a number of requests drops after an
+        usaage spike.
+
+        With reusing sessions in LRU order, all sessions are equally checked if
+        it's closed or not, as far as there's a request to the same site.  With
+        reusing sessions in MRU order, old cold sessions are kept in cache long
+        time even if there's a request to the same site.  To avoid this leakage,
+        this version adds keep_alive_timeout property and let SessionManager
+        scrub all sessions with checking the timeout for each session.  When the
+        session expires against the last used time, it's closed and collected.
+
+        keep_alive_timeout is 15[sec] by default. The value is from the default
+        value for KeepAliveTimeout of Apache httpd 2.  #68 #69
+```
+
+### Changes in 2.2.1
+
+  Jun 2, 2011 - version 2.2.1
+
+```
+    * Bug fixes
+
+      * For Lighttpd + PUT/POST support, do not send a request using chunked
+        encoding when IO respond to :size, File for example.
+
+        - There is no need to send query with Transfer-Encoding: chuncked when
+          IO respond to :size.
+        - Lighttpd does not support PUT, POST with Transfer-Encoding: chuncked.
+          You will see that the lighty respond with 200 OK, but there is a file
+          whose size is zero.
+
+        LIMITATION:
+          timeout occurs certainly when you send very large file and
+          @send_timeout is default since HTTPClient::Session#query() assumes
+          that *all* write are finished in @send_timeout sec not each write.
+
+        WORKAROUND:
+          increment @send_timeout and @receive_timeout or set @send_timeout and
+          @receive_timeout to 0 not to be timeout.
+
+        This fix is by TANABE Ken-ichi <nabeken@tknetworks.org>. Thanks!
+
+      * Allow empty http_proxy ENV variable. Just treat it the same as if it's
+        nil/unset. This fix is by Ash Berlin <ash_github@firemirror.com>.
+        Thanks!
+
+      * Check EOF while reading chunked response and close the session. It
+        raised NoMethodError.
+
+    * Changes
+
+      * Updated trusted CA certificates file (cacert.p7s and cacert_sha1.p7s).
+        CA certs are imported from
+        'Java(TM) SE Runtime Environment (build 1.6.0_25-b06)'.
+
+      * Changed default chunk size from 4K to 16K. It's used for reading size
+        at a time.
+```
+
+### Changes in 2.2.0
+
+  Apr 8, 2011 - version 2.2.0
+
+```
+    * Features
+      * Add HTTPClient#cookies as an alias of #cookie_manager.cookies.
+
+      * Add res.cookies method. It returns parsed cookie in response header.
+        It's different from client.cookie_manager.cookies. Manager keeps
+        persistent cookies in it.
+
+      * Add res.headers method which returns a Hash of headers.
+        Hash key and value are both String. Each key has a single value so you
+        can't extract exact value when a message has multiple headers like
+        'Set-Cookie'. Use header['Set-Cookie'] for that purpose.
+        (It returns an Array always)
+
+      * Allow keyword style argument for HTTPClient#get, post, etc.
+        Introduced keywords are: :body, :query, and :header.
+        You can write
+          HTTPClient.get(uri, :header => {'X-custom' => '1'})
+        instead of;
+          HTTPClient.get(uri, nil, {'X-custom' => '1'})
+
+      * Add new keyword argument :follow_redirect to get/post. Now you can
+        follow redirection response with passing :follow_redirect => true.
+
+      * [INCOMPAT] Rename HTTPClient::HTTP::Message#body to #http_body, then
+        add #body as an alias of #content. It's incompatible change though
+        users rarely depends on this method. (I've never seen such a case)
+        Users who are using req.body and/or res.body should follow this
+        change. (req.http_body and res.http_body)
+
+    * Bug fixes
+
+      * Reenable keep-alive for chunked response.
+        This feature was disabled by c206b687952e1ad3e20c20e69bdbd1a9cb38609e at
+        2008-12-09. I should have written a test for keep-alive. Now I added it.
+        Thanks Takahiro Nishimura(@dr_taka_n) for finding this bug.
+```
+
+### Changes in 2.1.7
+
+  Mar 22, 2011 - version 2.1.7
+
+```
+    * Features
+      * Add MD5-sess auth support. Thanks to wimm-dking. (#47)
+      * Add SNI support. (Server Name Indication of HTTPS connection) (#49)
+      * Add GSSAPI auth support using gssapi gem. Thanks to zenchild. (#50)
+      * NTLM logon to exchange Web Services. [experimental] Thanks to curzonj and mccraigmccraig (#52)
+      * Add HTTPOnly cookie support. Thanks to nbrosnahan. (#55)
+      * Add HTTPClient#socket_local for specifying local binding hostname and port of TCP socket. Thanks to icblenke.
+```
+
+### Changes in 2.1.6
+
+  Dec 20, 2010 - version 2.1.6
+
+```
+    * IMPORTANT update for HTTPS(SSL) connection
+      * Trusted CA bundle file cacert_sha1.p7s for older environment (where
+        you cannot use SHA512 algorithm such as an old Mac OS X) included in
+        httpclient 2.1.5 expires in Dec 31, 2010.  Please update to 2.1.6 if
+        you're on such an environment.
+      * Updated trusted CA certificates file (cacert.p7s and cacert_sha1.p7s).
+        CA certs are imported from
+        'Java(TM) SE Runtime Environment (build 1.6.0_22-b04)'.
+
+    * IMPORTANT bug fix for persistent connection
+      * #29 Resource Leak: If httpclient establishes two connections to the
+        same server in parallel, one of these connections will be leaked, patch
+        by xb.
+      * #30 When retrying a failed persistent connection, httpclient should use
+        a fresh connection, reported by xb.
+        These 2 fixes should fix 'Too many open files' error as well if you're
+        getting this. Please check 2.1.6 and let me know how it goes!
+
+    * Features
+      * #4 Added OAuthClient. See sample clients in sample/ dir.
+      * #42 Added transparent_gzip_decompression property, patch by Teshootub7.
+        All you need to use it is done by;
+        client.transparent_gzip_decompression = true
+        Then you can retrieve a document as usural in decompressed format.
+      * #38 Debug dump binary data (checking it includes \0 or not) in hex
+        encoded format, patch by chetan.
+
+    * Bug fixes
+      * #8 Opened certificate and key files for SSL not closed properly.
+      * #10 "get" method gets blocked in "readpartial" when receiving a 304
+        with no Content-Length.
+      * #11 Possible data corruption problem in asynchronous methods, patch by
+        a user. (http://dev.ctor.org/http-access2/ticket/228)
+      * #13 illegal Cookie PATH handling. When no PATH part given in Set-Cookie
+        header, URL's path part should be used for path variable.
+      * #16 httpclient doesn't support multiline server headers.
+      * #19 set_request_header clobbers 'Host' header setting if given, patch
+        by meuserj.
+      * #20 Relative Location on https redirect fails, patch by zenchild.
+      * #22 IIS/6 + MicrosoftSharePointTeamServices uses "NTLM" instead of
+        "Negotiate".
+      * #27 DigestAuth header: 'qop' parameter must not be enclosed between
+        double quotation, patch by ibc.
+      * #36 Wrong HTTP version in headers with Qt4 applications, reported by
+        gauleng.
+      * #38 DigestAuth + posting IO fails, patch by chetan.
+      * #41 https-over-proxy fails with IIS, patch by tai.
+```
+
+### Changes in 2.1.5
+
+  Jun 25, 2009 - version 2.1.5.2
+
+```
+    * Added another cacert distribution certificate which uses
+      sha1WithRSAEncryption.  OpenSSL/0.9.7 cannot handle non-SHA1 digest
+      algorithm for certificate.  The new certificate is
+      RSA 2048 bit + SHA1 + notAfter:2010/12/31.  Corresponding CA bundle file
+      is cacert_sha1.p7s.  It is loaded only when cacert.p7s cannot be loaded
+      with the original distribution certificate.
+```
+
+  Jun 11, 2009 - version 2.1.5.1
+
+```
+    * README update.
+```
+
+  Jun 8, 2009 - version 2.1.5
+
+```
+    * IMPORTANT update for HTTPS(SSL) connection
+      * Trusted CA bundle file included in httpclient <= 2.1.4 expires in
+        Nov 2009. Please update to 2.1.5 by Oct 2009 if your application
+        depends on trusted CA bundle file.
+      * Updated trusted CA certificates file (cacert.p7s). CA certs are
+        imported from 'Java(TM) SE Runtime Environment (build 1.6.0_13-b03)'.
+      * Updated a cacert distribution certificate.
+        RSA 2048 bit + SHA512 + notAfter:2037/12/31. (#215)
+
+    * Feature
+      * WWW authentication with Negotiate based on win32/sspi as same as Proxy
+        authentication. Applied a patch from Paul Casto. Thanks! (#212)
+
+    * Bug fixes
+      * Infinite loop caused by EOF error while reading response message body
+        without Content-Length.  IO#readpartial does not clear the second
+        argument (buffer) when an exception raised.  Fixed by a patch from an
+        user.  Thanks! (#216)
+      * NoMethodError caused by the cookie string that includes a double
+        semicolons ";;".  Fixed by a patch from an user.  Thanks! (#211)
+      * CNONCE attribute in Digest Authentication was not properly generated by
+        itself (used same nonce sent from the connecting server). Fixed by a
+        patch from bterlson
+        [http://github.com/bterlson/httpclient/commit/6d0df734840985a7be88a2d54443bbf892d50b9a]
+        Thanks! (#209)
+      * Cookie header was not set in authentication negotiation. Fixed. This
+        bug was found and pointed out by bterlson at
+        [http://github.com/bterlson/httpclient/commits/master]. Thanks! (#210)
+      * Do not send 'Content-Length: 0' when a request doesn't have message
+        body. Some server application (!EasySoap++/0.6 for example) corrupts
+        with the request with Content-Length: 0. This bug was found by clay
+        [http://daemons.net/~clay/2009/05/03/ruby-why-do-you-torment-me/].
+        Thanks! (#217)
+      * Ensure to reset connection after invoking HTTPClient singleton methods
+        for accessing such as HTTPClient.get_content. Thanks to @xgavin! (#214)
+```
+
+### Changes in 2.1.4
+
+  Feb 13, 2009 - version 2.1.4
+
+```
+    * Bug fixes
+      * When we hit some site through http-proxy we get a response without
+        Content-Length header.  httpclient/2.1.3 drops response body for such
+        case. fixed. (#199)
+      * Avoid duplicated 'Date' header in request. Fixed. (#194)
+      * Avoid to add port number to 'Host' header.  Some servers like GFE/1.3
+        dislike it. Thanks to anonymous user for investigating the behavior.
+        (#195)
+      * httpclient/2.1.3 does not work when you fork a process after requiring
+        httpclient module (Passenger). Thanks to Akira Yamada for tracing down
+        this bug. (#197)
+      * httpclient/2.1.3 cannot handle Cookie header with 'expires=' and
+        'expires=""'.  Empty String for Time.parse returns Time.now unlike
+        ParseDate.parsedate. Thanks to Mark for the patch. (#200)
+```
+
+### Changes in 2.1.3
+
+  Jan 8, 2009 - version 2.1.3.1
+
+```
+    * Security fix introduced at 2.1.3.
+      * get_content/post_content of httpclient/2.1.3 may send secure cookies
+        for a https site to non-secure (non-https) site when the https site
+        redirects the request to a non-https site.  httpclient/2.1.3 caches
+        request object and reuses it for redirection.  It should not be cached
+        and recreated for each time as httpclient <= 2.1.2 and http-access2.
+      * I realized this bug when I was reading open-uri story on
+        [ruby-core:21205].  Ruby users should use open-uri rather than using
+        net/http directly wherever possible.
+```
+
+  Dec 29, 2008 - version 2.1.3
+
+```
+    * Features
+      * Proxy Authentication for SSL.
+      * Performance improvements.
+      * Full RDoc. Please tell me any English problem. Thanks in advance.
+      * Do multipart file upload when a given body includes a File. You don't
+        need to set 'Content-Type' and boundary String any more.
+      * Added propfind and proppatch methods.
+
+    * Changes
+      * Avoid unnecessary memory consuming for get_content/post_content with
+        block.  get_content returns nil when you call it with a block.
+      * post_content with IO did not work when redirect/auth cycle is required.
+        (CAUTION: post_content now correctly follows redirection and posts the
+        given content)
+      * Exception handling cleanups.
+        * Raises HTTPClient::ConfigurationError? for environment problem.
+          (trying to do SSL without openssl installed for example)
+        * Raises HTTPClient::BadResponse? for HTTP response problem.  You can
+          get the response HTTPMessage returned via $!.res.
+        * Raises SocketError? for connection problem (as same as before).
+
+    * Bug fixes
+      * Avoid unnecessary negotiation cycle for Negotiate(NTLM) authentication.
+        Thanks Rishav for great support for debugging Negotiate authentication.
+      * get_content/post_content with block yielded unexpected message body
+        during redirect/auth cycle.
+      * Relative URI redirection should be allowed from 2.1.2 but it did not
+        work... fixed.
+      * Avoid unnecessary timeout waiting when no message body returned such as
+        '204 No Content' for DAV.
+      * Avoid blocking on socket closing when the socket is already closed by
+        foreign host and the client runs under MT-condition.
+```
+
+### Changes in 2.1.2
+
+  Sep 22, 2007 - version 2.1.2
+
+```
+    * HTTP
+      * implemented Negotiate authentication with a support from exterior
+        modules. 'rubyntlm' module is required for Negotiate auth with IIS.
+        'win32/sspi' module is required for Negotiate auth with ISA.
+      * a workaround for Ubuntu + SonicWALL timeout problem. try to send HTTP
+        request in one chunk.
+
+    * SSL
+      * create new self-signing dist-cert which has serial number 0x01 and
+        embed it in httpclient.rb.
+      * update cacert.p7s. certificates are imported from cacerts in JRE 6
+        Update 2. 1 expired CA certificate
+        'C=US, O=GTE Corporation, CN=GTE CyberTrust Root' is removed.
+
+    * Bug fix
+      * [BUG] SSL + debug_dev didn't work under version 2.1.1.
+      * [BUG] Reason-Phrase of HTTP response status line can be empty according
+      * to RFC2616.
+```
+
+### Changes in 2.1.1
+
+  Aug 28, 2007 - version 2.1.1
+
+```
+    * bug fix
+      * domain_match should be case insensitive. thanks to Brian for the patch.
+      * before calling SSLSocket#post_connection_check, check if
+        RUBY_VERSION > "1.8.4" for CN based wildcard certificate. when
+        RUBY_VERSION <= "1.8.4",  it fallbacks to the post_connection_check
+        method in HTTPClient so httpclient should run on 1.8.4 fine as before.
+
+    * misc
+      * added HTTPClient#test_loopback_http_response which accepts test
+        loopback response which contains HTTP header.
+```
+
+### Changes in 2.1.0
+
+  Jul 14, 2007 - version 2.1.0
+
+```
+    * program/project renamed from 'http-access2' to 'httpclient'.
+      there's compatibility layer included so existing programs for
+      http-access2 which uses HTTPAccess2::Client should work with
+      httpclient/2.1.0 correctly.
+
+    * misc
+      * install.rb did not install cacerts.p7s.  Thanks to knu.
+      * now HTTPClient loads http_proxy/HTTP_PROXY and no_proxy/NO_PROXY
+        environment variable at initialization time. bear in mind that it
+        doesn't load http_proxy/HTTP_PROXY when a library is considered to be
+        running under CGI environment (checked by ENVREQUEST_METHOD existence.
+        cgi_http_proxy/CGI_HTTP_PROXY is loaded instead.
+```
+
+### Changes in 2.0.9
+
+  Jul 4, 2007 - version 2.0.9
+
+```
+    * bug fix
+      * fix the BasicAuth regression problem in 2.0.8.  A server may return
+        "BASIC" as an authenticate scheme label instead of "Basic".  It must be
+        treated as a case-insensitive token according to RFC2617 section 1.2.
+        Thanks to mwedeme for contributing the patch. (#159)
+```
+
+### Changes in 2.0.8
+
+  Jun 30, 2007 - version 2.0.8
+
+```
+    * HTTP
+      * added request/response filter interface and implemented DigestAuth
+        based on the filter interface.  DigestAuth calc engine is based on
+        http://tools.assembla.com/breakout/wiki/DigestForSoap
+        Thanks to sromano. (#155)
+      * re-implemented BasicAuth based on the filter interface.  send BasicAuth
+        header only if it's needed. (#31)
+      * handle a response which has 2XX status code as a successfull response
+        while retry check.  applied the patch from Micah Wedemeyer.
+        Thanks! (#158)
+
+    * Connection
+      * show more friendly error message for unconnectable URL. (#156)
+
+    * bug fixes
+      * to avoid MIME format incompatibility, add empty epilogue chunk
+        explicitly.  Thanks to the anonymous user who reported #154 (#154)
+      * rescue EPIPE for keep-alive reconnecting.  Thanks to anonymous user
+        who posted a patch at #124. (#124)
+```
+
+### Changes in 2.0.7
+
+  May 13, 2007 - version 2.0.7
+
+```
+    * HTTP
+      * added proxyauth support. (#6)
+      * let developer allow to rescue a redirect with relative URI. (#28)
+      * changed last-chunk condition statement to allow "0000\r\n" marker from
+        WebLogic Server 7.0 SP5 instead of "0\r\n". (#30)
+      * fixed multipart form submit. (#29, #116)
+      * use http_date format as a date in a request header. (#35)
+      * avoid duplicated Date header when running under mod_ruby. (#127)
+      * reason phrase in Message#reason contains \r. (#122)
+      * trim "\n"s in base64 encoded BasicAuth value for interoperability.
+        (#149)
+      * let retry_connect return a Message not a content. (#119)
+      * rescue SocketError and dump a message when a wrong address given. (#152)
+
+    * HTTP-Cookies
+      * changed "domain" parameter matching condition statement to allow
+        followings; (#24, #32, #118, #147)
+        * [host, domain] = [rubyforge.com, .rubyforge.com]
+        * [host, domain] = [reddit.com, reddit.com]
+
+    * SSL
+      * bundles CA certificates as trust anchors.
+      * allow user to get peer_cert. (#117, #123)
+      * added wildcard certificate support. (#151)
+      * SSL + HTTP keep-alive + long wait causes uncaught exception.  fixed.
+        (#120)
+
+    * Connection
+      * fixed a loop condition bug that caused intermittent empty response.
+        (#150, #26, #125)
+```
+
+### Changes in 2.0.6
+
+  September 16, 2005 - version 2.0.6
+
+```
+    * HTTP
+      * allows redirects from a "POST" request.  imported a patch from sveit.
+        Thanks! (#7)
+      * add 'content-type: application/application/x-www-form-urlencoded' when
+        a request contains message-body. (#11)
+      * HTTP/0.9 support.  (#15)
+      * allows submitting multipart forms.  imported a patch from sveit.
+        Thanks! (#7)
+
+    * HTTP-Cookies
+      * avoid NameError when a cookie value is nil. (#10)
+      * added netscape_rule property to CookieManager (false by default).  You
+        can turn on the domain attribute test of Netscape rule with the
+        property.  cf. http://wp.netscape.com/newsref/std/cookie_spec.html
+      * added HTTPClient#cookie_manager property for accessing its properties.
+        (#13)
+      * added save_all_cookies method to save unused and discarded cookies as
+        well.  The patch is from Christian Lademann.  Thanks!  (#21)
+      * allow to set cookie_manager.  raise an error when set_cookie_store
+        called and cookie_store has already been set. (#20)
+
+    * SSL
+      * allows SSL connection debugging when debug_dev != nil. (#14)
+      * skip post_connection_check when
+        verify_mode == OpenSSL::SSL::VERIFY_NONE.  Thanks to kdraper. (#12)
+      * post_connection_check: support a certificate with a wildcard in the
+        hostname. (#18)
+      * avoid NameError when no peer_cert and VERIFY_FAIL_IF_NO_PEER_CERT
+        given.  Thanks to Christian Lademann.
+
+    * Connection
+      * insert a connecting host and port to an exception message when
+        connecting failed. (#5)
+      * added socket_sync property to HTTPClient(HTTPAccess2::Client) that
+        controls socket's sync property.  the default value is true.  CAUTION:
+        if your ruby is older than 2005-09-06 and you want to use SSL
+        connection, do not set socket_sync = false to avoid a blocking bug of
+        openssl/buffering.rb.
+```
+
+### Changes in 2.0.5
+
+  December 24, 2004 - version 2.0.5
+
+```
+    This is a minor bug fix release.
+    - Connect/Send/Receive timeout cannot be configured. fixed.
+    - IPSocket#addr caused SocketError? on Mac OS X 10.3.6 + ruby-1.8.1 GA.
+      fixed.
+    - There is a server which does not like 'foo.bar.com:80' style Host header.
+      The server for http://rubyforge.org/export/rss_sfnews.php seems to
+      dislike HTTP/1.1 Host header "Host: rubyforge.net:80".  It returns
+      HTTP 302: Found and redirects to the page again, causes
+      HTTPAccess2::Client to raise "retry count exceeded".  Keat found that the
+      server likes "Host: rubyforge.net" (not with port number).
+```
+
+### Changes in 2.0.4
+
+  February 11, 2004 - version 2.0.4
+
+```
+    - add Client#redirect_uri_callback interface.
+    - refactorings and bug fixes found during negative test.
+    - add SSL test.
+```
+
+### Changes in 2.0.3
+
+  December 16, 2003 - version 2.0.3
+
+```
+    - no_proxy was broken in 2.0.2.
+    - do not dump 'Host' header under protocol_version == 'HTTP/1.0'
+```
+
+### Changes in 2.0.2
+
+  December ?, 2003 - version 2.0.2
+
+```
+    - do not trust HTTP_PROXY environment variable. set proxy server manually.
+      http://ftp.ics.uci.edu/pub/websoft/libwww-perl/archive/2001h1/0072.html
+      http://ftp.ics.uci.edu/pub/websoft/libwww-perl/archive/2001h1/0241.html
+      http://curl.haxx.se/mail/archive-2001-12/0034.html
+    - follow ossl2 change.
+```
+
+### Changes in 2.0.1
+
+  October 4, 2003 - version 2.0.1
+
+```
+    Query was not escaped when query was given as an Array or a Hash.  Fixed.
+    Do not use http_proxy defined by ENV['http_proxy'] or ENV['HTTP_PROXY'] if
+      the destination host is 'localhost'.
+    Hosts which matches ENV['no_proxy'] or ENV['NO_PROXY'] won't be proxyed.
+      [,:] separated. ("ruby-lang.org:rubyist.net")
+      No regexp. (give "ruby-lang.org", not "*.ruby-lang.org")
+      If you want specify hot by IP address, give full address.
+        ("192.168.1.1, 192.168.1.2")
+```
+
+### Changes in 2.0
+
+  September 10, 2003 - version 2.0
+
+```
+    CamelCase to non_camel_case.
+    SSL support (requires Ruby/OpenSSL).
+    Cookies support.  lib/http-access2/cookie.rb is redistributed file which is
+      originally included in Webagent by TAKAHASHI `Maki' Masayoshi.  You can
+      download the entire package from http://www.rubycolor.org/arc/.
+```
+
+  January 11, 2003 - version J
+
+```
+    ruby/1.8 support.
+```