From cf6bd35c5341be8f1d08d5609bc917fe135e49f1 Mon Sep 17 00:00:00 2001 From: Josh Feinberg <15068619+joshafeinberg@users.noreply.github.com> Date: Mon, 29 Apr 2024 11:10:35 -0500 Subject: [PATCH 1/3] Prepare for release 7.0.0 --- CHANGELOG.md | 4 ++++ README.md | 42 ++++++++++++++++++++++++++++++++++++++---- gradle.properties | 2 +- 3 files changed, 43 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a6cba572a..b4a3764f6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,7 @@ +7.0.0 (2024-03-19) +--------------------------------------------- +- [#537](https://github.com/dropbox/dropbox-sdk-java/pull/537) Remove cert pinning from the SDK + 6.1.0 (2024-03-19) --------------------------------------------- - [#527](https://github.com/dropbox/dropbox-sdk-java/pull/527) Adds nullability annotations to data models for improved interop with Kotlin diff --git a/README.md b/README.md index 6f9104a55..b7a0a10eb 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,7 @@ If you're using Maven, then edit your project's "pom.xml" and add this to the `< com.dropbox.core dropbox-core-sdk - 6.1.0 + 7.0.0 ``` @@ -33,7 +33,7 @@ If you are using Gradle, then edit your project's "build.gradle" and add this to ```groovy dependencies { // ... - implementation 'com.dropbox.core:dropbox-core-sdk:6.1.0' + implementation 'com.dropbox.core:dropbox-core-sdk:7.0.0' } ``` @@ -268,8 +268,8 @@ Edit your project's "build.gradle" and add the following to the dependencies sec ``` dependencies { // ... - implementation 'com.dropbox.core:dropbox-core-sdk:6.1.0' - implementation 'com.dropbox.core:dropbox-android-sdk:6.1.0' + implementation 'com.dropbox.core:dropbox-core-sdk:7.0.0' + implementation 'com.dropbox.core:dropbox-android-sdk:7.0.0' } ``` If you leverage jettifier and see the following errors then please add `android.jetifier.ignorelist = jackson-core,fastdoubleparser` to your `gradle.properties` file. @@ -399,3 +399,37 @@ The only ProGuard rules necessary are for the SDK's required and optional depend -dontwarn javax.servlet.** -dontwarn org.apache.** ``` + +### How do I enable certificate pinning? + +As of version 7.0.0, the SDK no longer provides certificate pinning by default. We provide hooks for you to run each of your requests with +your own `SSLSocketFactory` or `CertificatePinner`. To provide this to your calls, you can use any of the requestors provided + +#### Using `StandardHttpRequestor` + +```java +StandardHttpRequestor.Config customConfig = StandardHttpRequestor.Config.DEFAULT_INSTANCE.copy() + .withSslSocketFactory(mySslSocketFactory) + .build(); +``` + +#### Using `OkHttp3Requestor` + +See: [CertificatePinner](https://square.github.io/okhttp/3.x/okhttp/okhttp3/CertificatePinner.html) + +```java +OkHttp3Requestor.Config customConfig = OkHttp3Requestor.Config.DEFAULT_INSTANCE.copy() + .withCertificatePinner(myCertificatePinner) + .build(); +``` + +#### Using `OkHttpRequestor` + +See: [CertificatePinner](https://square.github.io/okhttp/2.x/okhttp/com/squareup/okhttp/CertificatePinner.html) + +```java +OkHttpRequestor.Config customConfig = OkHttpRequestor.Config.DEFAULT_INSTANCE.copy() + .withCertificatePinner(myCertificatePinner) + .build(); +``` + diff --git a/gradle.properties b/gradle.properties index 4e5356947..0a9eb7ae3 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,6 +1,6 @@ # POM GROUP = com.dropbox.core -VERSION_NAME=6.2.0-SNAPSHOT +VERSION_NAME=7.0.0 POM_URL = https://github.com/dropbox/dropbox-sdk-java/ POM_SCM_URL = https://github.com/dropbox/dropbox-sdk-java/ From 8c9151600e3a3faa094080745b0735ed290f964e Mon Sep 17 00:00:00 2001 From: Josh Feinberg <15068619+joshafeinberg@users.noreply.github.com> Date: Mon, 29 Apr 2024 11:17:01 -0500 Subject: [PATCH 2/3] Fix docs --- README.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index b7a0a10eb..aae63f47f 100644 --- a/README.md +++ b/README.md @@ -411,6 +411,7 @@ your own `SSLSocketFactory` or `CertificatePinner`. To provide this to your call StandardHttpRequestor.Config customConfig = StandardHttpRequestor.Config.DEFAULT_INSTANCE.copy() .withSslSocketFactory(mySslSocketFactory) .build(); +StandardHttpRequestor requestor = new StandardHttpRequestor(customConfig); ``` #### Using `OkHttp3Requestor` @@ -418,8 +419,8 @@ StandardHttpRequestor.Config customConfig = StandardHttpRequestor.Config.DEFAULT See: [CertificatePinner](https://square.github.io/okhttp/3.x/okhttp/okhttp3/CertificatePinner.html) ```java -OkHttp3Requestor.Config customConfig = OkHttp3Requestor.Config.DEFAULT_INSTANCE.copy() - .withCertificatePinner(myCertificatePinner) +okhttp3.OkHttpClient httpClient = OkHttp3Requestor.defaultOkHttpClientBuilder() + .certificatePinner(myCertificatePinner) .build(); ``` @@ -428,8 +429,8 @@ OkHttp3Requestor.Config customConfig = OkHttp3Requestor.Config.DEFAULT_INSTANCE. See: [CertificatePinner](https://square.github.io/okhttp/2.x/okhttp/com/squareup/okhttp/CertificatePinner.html) ```java -OkHttpRequestor.Config customConfig = OkHttpRequestor.Config.DEFAULT_INSTANCE.copy() - .withCertificatePinner(myCertificatePinner) +OkHttpClient httpClient = OkHttpRequestor.defaultOkHttpClient().clone() + .setCertificatePinner(myCertificatePinner) .build(); ``` From 775dcaf92dffb9a569d900026118956926be1fdf Mon Sep 17 00:00:00 2001 From: Josh Feinberg <15068619+joshafeinberg@users.noreply.github.com> Date: Mon, 29 Apr 2024 14:01:26 -0500 Subject: [PATCH 3/3] Add additional notes for release --- CHANGELOG.md | 1 + README.md | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b4a3764f6..afd69b325 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,7 @@ 7.0.0 (2024-03-19) --------------------------------------------- - [#537](https://github.com/dropbox/dropbox-sdk-java/pull/537) Remove cert pinning from the SDK +- [#539](https://github.com/dropbox/dropbox-sdk-java/pull/539) Exclude pycache from task input key on StoneTask 6.1.0 (2024-03-19) --------------------------------------------- diff --git a/README.md b/README.md index aae63f47f..f2110e5e0 100644 --- a/README.md +++ b/README.md @@ -403,7 +403,10 @@ The only ProGuard rules necessary are for the SDK's required and optional depend ### How do I enable certificate pinning? As of version 7.0.0, the SDK no longer provides certificate pinning by default. We provide hooks for you to run each of your requests with -your own `SSLSocketFactory` or `CertificatePinner`. To provide this to your calls, you can use any of the requestors provided +your own `SSLSocketFactory` or `CertificatePinner`. To provide this to your calls, you can use any of the requestors provided. + +*Note*: If you were previously using `SSLConfig`, this is no longer available. You can view the source in [git history](https://github.com/dropbox/dropbox-sdk-java/blob/0f765cb69940ac047682cf117af7a94a1f66b6eb/core/src/main/java/com/dropbox/core/http/SSLConfig.java) +but we no longer provide any default certificate pinning or any other configuration. #### Using `StandardHttpRequestor`