4.14.0

(feat): Idempotency-key auto-generation is now driven by the IR (SdkConfig.idempotencyKeyGeneration) instead of a per-generator config flag. When enabled, the SDK adds the configured idempotency header on the configured HTTP methods unless the caller already supplied one. The header name and eligible methods come from the IR, and generated output is unchanged when the feature is off.

4.13.4

(fix): Fix smart-casing snake_case names dropping the word boundary after a number. Names like ConversationsV2Configuration now produce the snake_case conversations_v2_configuration instead of conversations_v2configuration, matching the camelCase and pascalCase variants.

4.13.3

(chore): Upgrade the Java SDK generator to consume IR v67. The generated SDK output is unchanged.

4.13.2

(fix): Fix the OAuth OAuthTokenSupplier generator to derive each get-token request property’s Java type from its IR TypeReference (via PoetTypeNameMapper) instead of hardcoding String. Previously a non-string token-request property (e.g. permissions: Optional<List<String>>) generated a String field and a .permissions(String) builder call that did not match the request builder’s typed setter, breaking compilation of the entire SDK. The generated custom property fields, constructor parameters, client-builder setters, and request builder calls now use the property’s real type.

4.13.1

(fix): Make the generated User-Agent comply with the RFC 7230 token grammar. The Maven coordinate in the product token now uses a dot instead of a colon, since a colon is not a valid token character (e.g. com.fern:imdb/0.0.1 becomes com.fern.imdb/0.0.1); this applies to both the plain header value and the structured value emitted when includePlatformHeaders is enabled. For the structured value, the architecture label is also normalized so the 64-bit x86 aliases (x64, amd64, x86_64) all report as the canonical x86_64.

4.13.0

(feat): Add opt-in support for a structured User-Agent header on generated SDK clients, of the form {sdkName}/{sdkVersion} ({os}; {arch}) {runtime}/{runtimeVersion} (e.g. com.fern:sdk/0.0.1 (linux; amd64) Java/17.0.13). The os (System.getProperty("os.name"), lowercased), arch (System.getProperty("os.arch")), and runtime version (System.getProperty("java.version")) are resolved at runtime; any segment that cannot be determined is omitted rather than emitted as null. This is gated behind a new includePlatformHeaders config option and is disabled by default, so existing generated output is unchanged. When enabled, the header is still subject to omit-fern-headers.

4.12.1

(fix): Decompress gzip and deflate encoded response bodies via a new ResponseDecompressionInterceptor added to the generated OkHttpClient. OkHttp only performs transparent gzip decompression when it adds the Accept-Encoding header itself, so responses to requests with a spec-defined Accept-Encoding: gzip header were previously returned as raw gzip bytes.

4.12.0

(feat): Add client builder options to customize the retry backoff schedule, alongside the existing maxRetries option: initialRetryDelayMillis (default 1000), maxRetryDelayMillis (default 60000), and retryJitterFactor (default 0.2). The options are available on both the root client builder and ClientOptions.Builder.

1Client client = Client.builder()
2 .maxRetries(3)
3 .initialRetryDelayMillis(500)
4 .maxRetryDelayMillis(30000)
5 .retryJitterFactor(0.1)
6 .build();

4.11.2

(fix): Fix a thread-safety bug in the generated OAuth and inferred-auth token caches. OAuthTokenSupplier and InferredAuthTokenSupplier now use double-checked locking with volatile cache fields, so the token/header cache (a singleton shared across all request threads) is refreshed exactly once under concurrent load (single-flight) and cached values are safely published across threads. The cache-hit path stays lock-free. OAuthAuthProvider’s existing double-checked locking is corrected by marking its accessToken/expiresAt fields volatile. No public API changes; generated code remains Java 8 compatible.

4.11.1

(fix): Fix misleading “Network error” message when deserialization fails. JSON deserialization errors (e.g. unsupported date formats) are now reported as “Failed to deserialize response” instead of being incorrectly wrapped as network errors.

(fix): Add RFC 1123 (RFC 2822) date format support to DateTimeDeserializer. Dates like “Thu, 07 May 2026 14:23:38 +0000” are now parsed correctly.

4.11.0

(fix): Fix URL building for paths with non-slash-separated suffixes (e.g., /{Sid}.json). The suffix is now correctly concatenated with the path parameter value instead of being added as a separate path segment, which previously caused an extra / before the suffix.

(feat): Add per-request maxRetries override on RequestOptions. A non-null per-request value overrides the client-wide ClientOptions.maxRetries; when unset, behavior is unchanged. Mirrors the existing per-request timeout override pattern and matches the behavior of the TypeScript, Python, Go, C#, PHP, Rust, and Swift SDKs.

4.10.19

(fix): Remove duplicate JavaDoc descriptions in staged builder implementation methods. Previously, builder methods would display the field description twice in IDE inline documentation.

4.10.18

(chore): Bump jackson from 2.18.8 to 2.22.0 to fix CVE-2026-54515. 2.18.9 backport not yet published; 2.22.0 is the first available release with the fix.

4.10.17

(fix): Make the generated Maven Central publish configuration compatible with Java 8 builds by only resolving and applying the sonatype-central-upload plugin (which requires a Java 11+ runtime) when the build runs on Java 11 or newer.

4.10.16

(chore): Bump jackson-databind from 2.18.6 to 2.18.8 to fix CVE-2026-54513 (allowIfSubTypeIsArray bypass) and CVE-2026-54514 (InetSocketAddress SSRF).

4.10.15

(fix): Support extending a type alias that resolves to an object. Previously the generator crashed with “Non-objects cannot be extended”; it now resolves the alias to its underlying object declaration when generating the interface.

4.10.14

(fix): Generate Java 8 compatible endpoint security metadata. The EndpointMetadata class and raw clients no longer emit Java 9+ List.of()/Map.of() calls, so SDKs with per-endpoint security requirements compile under Java 8.

4.10.13

(chore): Enable the exhaustive:local-files seed fixture by skipping the Gradle build scripts for source-only local_files output (which has no Gradle project).

4.10.12

(fix): Fix inferred auth token supplier generation when the token endpoint’s request body is a referenced (named) type rather than an inlined body. The supplier now resolves the referenced type’s properties and passes the required token-request properties to the builder, instead of calling builder().build() on a staged builder that has required properties.

4.10.11

(fix): Fix OAuth client-credentials token supplier generation so the mapped scopes request property is set on the token request builder, preventing a compile error when the token endpoint uses a custom scopes property.