4.14.0
(feat): Idempotency-key auto-generation is now driven by the IR (SdkConfig.idempotencyKeyGeneration)
instead of a per-generator config flag. When enabled, the SDK adds the configured idempotency
header on the configured HTTP methods unless the caller already supplied one. The header name
and eligible methods come from the IR, and generated output is unchanged when the feature is off.
4.13.4
(fix): Fix smart-casing snake_case names dropping the word boundary after a number.
Names like ConversationsV2Configuration now produce the snake_case
conversations_v2_configuration instead of conversations_v2configuration,
matching the camelCase and pascalCase variants.
4.13.3
(chore): Upgrade the Java SDK generator to consume IR v67. The generated SDK output is unchanged.
4.13.2
(fix): Fix the OAuth OAuthTokenSupplier generator to derive each get-token request
property’s Java type from its IR TypeReference (via PoetTypeNameMapper)
instead of hardcoding String. Previously a non-string token-request property
(e.g. permissions: Optional<List<String>>) generated a String field and a
.permissions(String) builder call that did not match the request builder’s
typed setter, breaking compilation of the entire SDK. The generated custom
property fields, constructor parameters, client-builder setters, and request
builder calls now use the property’s real type.
4.13.1
(fix): Make the generated User-Agent comply with the RFC 7230 token grammar. The
Maven coordinate in the product token now uses a dot instead of a colon, since
a colon is not a valid token character (e.g. com.fern:imdb/0.0.1 becomes
com.fern.imdb/0.0.1); this applies to both the plain header value and the
structured value emitted when includePlatformHeaders is enabled. For the
structured value, the architecture label is also normalized so the 64-bit x86
aliases (x64, amd64, x86_64) all report as the canonical x86_64.
4.13.0
(feat): Add opt-in support for a structured User-Agent header on generated SDK clients,
of the form {sdkName}/{sdkVersion} ({os}; {arch}) {runtime}/{runtimeVersion}
(e.g. com.fern:sdk/0.0.1 (linux; amd64) Java/17.0.13). The os
(System.getProperty("os.name"), lowercased), arch (System.getProperty("os.arch")),
and runtime version (System.getProperty("java.version")) are resolved at runtime;
any segment that cannot be determined is omitted rather than emitted as null.
This is gated behind a new includePlatformHeaders config option and is disabled by
default, so existing generated output is unchanged. When enabled, the header is still
subject to omit-fern-headers.
4.12.1
(fix): Decompress gzip and deflate encoded response bodies via a new
ResponseDecompressionInterceptor added to the generated OkHttpClient.
OkHttp only performs transparent gzip decompression when it adds the
Accept-Encoding header itself, so responses to requests with a
spec-defined Accept-Encoding: gzip header were previously returned as
raw gzip bytes.
4.12.0
(feat): Add client builder options to customize the retry backoff schedule, alongside the existing
maxRetries option: initialRetryDelayMillis (default 1000), maxRetryDelayMillis
(default 60000), and retryJitterFactor (default 0.2). The options are available on both
the root client builder and ClientOptions.Builder.
4.11.2
(fix): Fix a thread-safety bug in the generated OAuth and inferred-auth token
caches. OAuthTokenSupplier and InferredAuthTokenSupplier now use
double-checked locking with volatile cache fields, so the token/header
cache (a singleton shared across all request threads) is refreshed exactly
once under concurrent load (single-flight) and cached values are safely
published across threads. The cache-hit path stays lock-free.
OAuthAuthProvider’s existing double-checked locking is corrected by
marking its accessToken/expiresAt fields volatile. No public API
changes; generated code remains Java 8 compatible.
4.11.1
(fix): Fix misleading “Network error” message when deserialization fails. JSON deserialization
errors (e.g. unsupported date formats) are now reported as “Failed to deserialize response”
instead of being incorrectly wrapped as network errors.
(fix): Add RFC 1123 (RFC 2822) date format support to DateTimeDeserializer. Dates like
“Thu, 07 May 2026 14:23:38 +0000” are now parsed correctly.
4.11.0
(fix): Fix URL building for paths with non-slash-separated suffixes (e.g.,
/{Sid}.json). The suffix is now correctly concatenated with the path
parameter value instead of being added as a separate path segment,
which previously caused an extra / before the suffix.
(feat): Add per-request maxRetries override on RequestOptions. A non-null
per-request value overrides the client-wide ClientOptions.maxRetries;
when unset, behavior is unchanged. Mirrors the existing per-request
timeout override pattern and matches the behavior of the TypeScript,
Python, Go, C#, PHP, Rust, and Swift SDKs.
4.10.19
(fix): Remove duplicate JavaDoc descriptions in staged builder implementation methods.
Previously, builder methods would display the field description twice in IDE
inline documentation.
4.10.18
(chore): Bump jackson from 2.18.8 to 2.22.0 to fix CVE-2026-54515.
2.18.9 backport not yet published; 2.22.0 is the first available release with the fix.
4.10.17
(fix): Make the generated Maven Central publish configuration compatible with Java 8 builds by only resolving and applying the sonatype-central-upload plugin (which requires a Java 11+ runtime) when the build runs on Java 11 or newer.
4.10.16
(chore): Bump jackson-databind from 2.18.6 to 2.18.8 to fix CVE-2026-54513
(allowIfSubTypeIsArray bypass) and CVE-2026-54514 (InetSocketAddress SSRF).
4.10.15
(fix): Support extending a type alias that resolves to an object. Previously the generator crashed with “Non-objects cannot be extended”; it now resolves the alias to its underlying object declaration when generating the interface.
4.10.14
(fix): Generate Java 8 compatible endpoint security metadata. The EndpointMetadata
class and raw clients no longer emit Java 9+ List.of()/Map.of() calls, so
SDKs with per-endpoint security requirements compile under Java 8.
4.10.13
(chore): Enable the exhaustive:local-files seed fixture by skipping the Gradle build
scripts for source-only local_files output (which has no Gradle project).
4.10.12
(fix): Fix inferred auth token supplier generation when the token endpoint’s request body is a referenced (named) type rather than an inlined body. The supplier now resolves the referenced type’s properties and passes the required token-request properties to the builder, instead of calling builder().build() on a staged builder that has required properties.
4.10.11
(fix): Fix OAuth client-credentials token supplier generation so the mapped scopes request property is set on the token request builder, preventing a compile error when the token endpoint uses a custom scopes property.