summaryrefslogtreecommitdiff
path: root/libs/libcurl/docs/RELEASE-NOTES
diff options
context:
space:
mode:
Diffstat (limited to 'libs/libcurl/docs/RELEASE-NOTES')
-rw-r--r--libs/libcurl/docs/RELEASE-NOTES789
1 files changed, 648 insertions, 141 deletions
diff --git a/libs/libcurl/docs/RELEASE-NOTES b/libs/libcurl/docs/RELEASE-NOTES
index 334493c8ae..c281f99b3e 100644
--- a/libs/libcurl/docs/RELEASE-NOTES
+++ b/libs/libcurl/docs/RELEASE-NOTES
@@ -1,81 +1,333 @@
-curl and libcurl 8.12.1
+curl and libcurl 8.13.0
- Public curl releases: 265
- Command line options: 267
- curl_easy_setopt() options: 306
+ Public curl releases: 266
+ Command line options: 268
+ curl_easy_setopt() options: 307
Public functions in libcurl: 96
- Contributors: 3344
+ Contributors: 3378
This release includes the following changes:
+ o curl: add write-out variable 'tls_earlydata' [79]
+ o curl: make --url support a file with URLs [104]
+ o gnutls: set priority via --ciphers [167]
+ o IMAP: add CURLOPT_UPLOAD_FLAGS and --upload-flags [124]
+ o lib: add CURLFOLLOW_OBEYCODE and CURLFOLLOW_FIRSTONLY [147]
+ o OpenSSL/quictls: add support for TLSv1.3 early data [150]
+ o rustls: add support for CERTINFO [106]
+ o rustls: add support for SSLKEYLOGFILE [282]
+ o rustls: support ECH w/ DoH lookup for config [280]
+ o rustls: support native platform verifier
+ o var: add a '64dec' function that can base64 decode a string [78]
+ o wolfssl: tls early data support [50]
This release includes the following bugfixes:
- o all: remove FIXME and TODO comments [55]
- o asyn-thread: fix build with `CURL_DISABLE_SOCKETPAIR` [47]
- o asyn-thread: fix HTTPS RR crash [10]
- o asyn-thread: fix the returned bitmask from Curl_resolver_getsock [18]
- o asyn-thread: survive a c-ares channel set to NULL [52]
- o build: add tool_hugehelp.c into IBMi build [40]
- o checksrc.pl: warn on FIXME/TODO comments
- o cmake/Find: set `<Modulename>_FOUND` for compatibility when found via `pkg-config` [22]
- o cmake: add integration tests, run them in CI [21]
- o cmake: always reference OpenSSL and ZLIB via imported targets [24]
- o cmake: avoid unnecessary `-L` for implicit link dirs [11]
- o cmake: drop `LDAP_DEPRECATED=1` macro, to sync with autotools [23]
- o cmake: fix `HAVE_GETHOSTBYNAME_R_*` detections with `CURL_WERROR=ON` [57]
- o cmake: fix to detect `HAVE_OPENSSL_SRP` in MSVC UWP builds [62]
- o cmake: fix/add missing feature detections for Windows/MS-DOS [58]
- o cmake: initialize variables where missing [27]
- o cmake: lib order fixes for picky linkers (e.g. binutils `ld`) [26]
- o cmake: normalize before matching paths with syspaths [30]
- o cmake: respect `GNUTLS_CFLAGS` when detected via `pkg-config` [38]
- o cmake: respect `GNUTLS_LIBRARY_DIRS` in `libcurl.pc` and `curl-config` [39]
- o cmake: save a line with `CMAKE_C_IMPLICIT_LINK_DIRECTORIES` exclusion [32]
- o cmake: tidy up string append and list prepend syntax [28]
- o configure/cmake: check for realpath [19]
- o configure/cmake: set asyn-rr a feature only if httpsrr is enabled [42]
- o content_encoding: #error on too old zlib [2]
- o curl_global_sslset.md: Add SSL backend names [50]
- o CURLOPT_SSH_KNOWNHOSTS.md: strongly recommend using this [41]
- o CURLSHOPT_SHARE.md: adjust for the new SSL session cache [6]
- o docs: better explain multi-part byte range behavior [4]
- o docs: use valid example domain names [54]
- o generate.bat: remove curl_get_line.c from the curlx file list [20]
- o header.md: mention `Authorization:` and `Cookie:` special treatment [43]
- o imap: TLS upgrade fix [14]
- o INTERNALS: fix c-ares, as we actually support 1.6.0 or later [37]
- o ldap: drop support for legacy Novell LDAP SDK [25]
- o lib: include necessary headers for `inet_ntop`/`inet_pton` [8]
- o lib: silence LibreSSL collision warning on non-MSVC Windows [51]
- o libssh2: comparison is always true because rc <= -1 [56]
- o libssh2: raise lowest supported version to 1.2.8 [3]
- o libssh: drop support for libssh older than 0.9.0 [33]
- o libssh: silence `-Wconversion` with a cast (Windows 32-bit) [7]
- o netrc: return code cleanup, fix missing file error [45]
- o openssl-quic: ignore ciphers for h3 [1]
- o openssl: fix out of scope variables in goto [12]
- o pop3: TLS upgrade fix [15]
- o runtests: fix the disabling of the memory tracking [29]
- o runtests: quote commands to support paths with spaces [35]
- o scache: add magic checks [31]
- o smb: silence `-Warray-bounds` with gcc 13+ [9]
- o smtp: TLS upgrade fix [16]
- o SPONSORS.md: clarify that we don't promise goods or services [5]
- o test1516: avoid failure due to spaces in path [36]
- o test2080: simplify, avoid the null byte
- o tests: fix test 558, 1330 for MSVC, allow TrackMemory with MSVC in cmake [53]
- o tidy-up: make per-file `ARRAYSIZE` macros global as `CURL_ARRAYSIZE` [48]
- o tool_cfgable: sort struct fields by size, use bitfields for booleans [17]
- o tool_getparam: add "TLS required" flag for each such option [44]
- o tool_progress: fix percent output of large parallel transfers [61]
- o tool_ssls: switch to tool-specific get_line function [34]
- o verbose.md: mention how carriage-return might occur in headers [49]
- o vquic: make the "disable GSO" use infof, not failf [65]
- o vtls: fix multissl-init [60]
- o vtsl: eliminate 'data->state.ssl_scache' [59]
- o wakeup_write: make sure the eventfd write sends eight bytes [46]
- o wolfssl: silence compiler warning (MSVC 2019), simplify existing [13]
+ o addrinfo: add curl macro to avoid redefining foreign symbols [29]
+ o asyn-thread: avoid the separate 'struct resdata' alloc [20]
+ o asyn-thread: avoid the separate curl_mutex_t alloc [6]
+ o asyn-thread: do not allocate thread_data separately [21]
+ o asyn-thread: remove 'status' from struct Curl_async [36]
+ o autotools: fix `dllmain.c` in unity builds [257]
+ o autotools: fix `libtest` bundle to depend on `FIRSTFILES` [240]
+ o autotools: use `CURLDEBUG` to exclude TrackMemory code from unity [253]
+ o aws_sigv4: cannot be used for proxy [171]
+ o aws_sigv4: merge repeated headers in canonical request [272]
+ o aws_sigv4: use strparse more for parsing [55]
+ o base64: drop `BUILDING_CURL` macro, always include in tests/server [234]
+ o build: add Windows CE / CeGCC support, with CI jobs [87]
+ o build: cmake multi-pkg-config detection improvements (brotli, ldap, mbedtls) [192]
+ o build: do not apply curl debug macros to `tests/server` by default [254]
+ o build: drop unused `getpart` tool [107]
+ o build: enable -Wjump-misses-init for GCC 4.5+ [62]
+ o build: enable `-Wcast-qual`, fix or silence compiler warnings [208]
+ o build: fix compiler warnings in feature detections [39]
+ o build: replace Curl_ prefix with curlx_ for functions used in servers [236]
+ o build: set `-O3` and tune WinCE in CI, fix `getpart`, `vtls_scache` fallouts [137]
+ o build: set `HAVE_STDINT_H` if `stdint.h` is available [155]
+ o build: set `HAVE_WRITABLE_ARGV` for Apple cross-builds [8]
+ o build: silence bogus `-Wconversion` warnings with gcc 5.1-5.4 [68]
+ o build: silence mingw32ce C99 format warnings, simplify CI [143]
+ o build: tidy-ups around `inet_pton` [180]
+ o c-ares httpsrr: fix ifdef [223]
+ o c-ares: error out for unsupported versions, drop unused macros [85]
+ o ca-native.md: sync with CURLSSLOPT_NATIVE_CA [72]
+ o cf-socket: deduplicate Windows Vista detection [11]
+ o cf-socket: remove empty switch [75]
+ o client writer: handle pause before decoding [61]
+ o cmake: `CURL_LIBDIRS` improvements (upstreamed from vcpkg) [191]
+ o cmake: `SHARE_LIB_OBJECT=ON` requires CMake 3.12 or newer [46]
+ o cmake: add custom command scripts as dependencies where missing [298]
+ o cmake: add pre-fill for Unix, enable in GHA/macos, verify pre-fills [42]
+ o cmake: add shell completion support [261]
+ o cmake: allow `CURL_STATIC_CRT` with shared libcurl and no curl exe [123]
+ o cmake: allow `CURL_STATIC_CRT` with UCRT VS2015+ builds [134]
+ o cmake: allow empty `IMPORT_LIB_SUFFIX`, add suffix collision detection [41]
+ o cmake: avoid `-Wnonnull` warning in `HAVE_FSETXATTR_5` detection [81]
+ o cmake: disable HTTPS-proxy as a feature if proxy is disabled [77]
+ o cmake: drop `CURL_DISABLE_TESTS` option [94]
+ o cmake: drop `HAVE_C_FLAG_Wno_long_double` logic for ancient Apple gcc [126]
+ o cmake: drop `HAVE_IN_ADDR_T` from pre-fill too
+ o cmake: drop two stray TLS feature checks for wolfSSL [9]
+ o cmake: exclude `-MP` for `clang-cl` again [132]
+ o cmake: fix `HAVE_ATOMIC`/`HAVE_STDATOMIC` pre-fill for clang-cl [28]
+ o cmake: fix clang-tidy builds to verify tests, fix fallouts [289]
+ o cmake: fix detection pre-fills for iOS [153]
+ o cmake: fix ECH detection in custom-patched OpenSSL [32]
+ o cmake: fix typo in ECH config error msg [246]
+ o cmake: hide empty `MINGW64_VERSION` output for mingw32ce [114]
+ o cmake: improve httpd detection for pytest [127]
+ o cmake: mention 'insecure' in the debug build warning [15]
+ o cmake: misc tidy-ups [38]
+ o cmake: pre-fill known type sizes for Windows OSes [100]
+ o cmake: replace CMAKE_COMPILER_IS_GNUCC with CMAKE_C_COMPILER_ID [232]
+ o cmake: replace exec_program() with execute_process() [239]
+ o cmake: restrict static CRT builds to static curl exe, test in CI [113]
+ o cmake: sync cutoff version with autotools for picky option `-ftree-vrp` [99]
+ o cmake: sync OpenSSL(-fork) feature checks with `./configure` [49]
+ o cmake: unity mode optimization for non-`CURLDEBUG` `testdeps` targets [231]
+ o CODE_STYLE: readability and banned functions [35]
+ o config-win32: set `HAVE_STDINT_H` where available [264]
+ o configure: call the blocking resolver "blocking", not "default" [220]
+ o configure: fix ECH detection with MultiSSL [259]
+ o configure: silence compiler warnings in feature checks, drop duplicates [86]
+ o configure: tidy up shell completion rules [292]
+ o configure: use `curl_cv_apple` variable [40]
+ o conn: eliminate `conn->now` [293]
+ o conn: fix connection reuse when SSL is optional [54]
+ o conncache: eliminate `conn->destination_len` as premature optimization [294]
+ o contributors.sh: lowercase 'github' for consistency [52]
+ o contrithanks.sh: update docs/THANKS in place [119]
+ o cookie: do prefix matching case-sensitively [82]
+ o cookie: minor parser simplification [58]
+ o cookie: simplify invalid_octets() [24]
+ o core: stop redefining `E*` macros on Windows, map `EACCES`, related fixes [233]
+ o curl.h: change some enums to defines with L suffix [84]
+ o curl.h: convert CURLUSESSL* names to defines [146]
+ o curl.h: stop defining non-curl `__has_declspec_attribute` [142]
+ o curl.h: switch `CURL_HTTP_VERSION*` enums to long constants [160]
+ o curl/system.h: drop leftover comment about 32 bit curl_off_t [305]
+ o curl: add my_setopt_long() and _offt() [158]
+ o curl_msh3: remove verify bypass from DEBUGBUILDs [43]
+ o curl_setup: drop `ERANGE` (for WinCE), no longer used [249]
+ o curl_setup_once: drop `E*` macro redefines unused (with winsock2) [164]
+ o curl_setup_once: stop redefining `ENAMETOOLONG` to winsock2 error code [163]
+ o curl_trc: fix build with CURL_DISABLE_VERBOSE_STRINGS [109]
+ o curl_ws_recv.md: expand a little on the fragments the API delivers [251]
+ o CURLMOPT_SOCKETFUNCTION.md: add advice for socket callback invocation[69]
+ o CURLOPT_HTTPHEADER.md: add comments to the example [90]
+ o CURLOPT_HTTPHEADER.md: rephrases [108]
+ o curltime: use libcurl time functions in src and tests/server [247]
+ o DISABLED: add 313 for sectransp (move from GHA/macos) [209]
+ o docs/cmdline-opts: use imperative form [270]
+ o docs: adapt to removed --with-random [177]
+ o docs: add FD_ZERO to curl_multi_fdset example [19]
+ o docs: bump `rustls` to 0.14.1 [111]
+ o docs: correct argument names & URL redirection [4]
+ o docs: minor edits to please the new spellchecker regime
+ o docs: rework RUSTLS install instructions
+ o docs: unify HTTP version style in --help output [139]
+ o docs: vulnerabilities in debug code are not eligible for a bounty [118]
+ o doh: improve HTTPS RR svcparams parsing [198]
+ o doh: remove wrong but unreachable exit path from doh_decode_rdata_name [199]
+ o dynbuf: assert init on free [295]
+ o easy: drop `break` after `return` [300]
+ o easy: fix warning about possible comma misuse [219]
+ o eventfd: allow use on all CPUs [93]
+ o examples: prefer `return` over `exit()` (cont.) [110]
+ o ftp/sftp: strdup data info memory [237]
+ o ftp: fix comment [135]
+ o gnutls: fix connection state check on handshake [80]
+ o gnutls: fix use of pkcs11 urls for keys/certs [122]
+ o gtls: fix uninitialized variable [154]
+ o hash: use single linked list for entries [57]
+ o hostip: don't use alarm() for DoH resolves [214]
+ o hostip: make CURLOPT_RESOLVE support replacing IPv6 addresses [47]
+ o http2: add on_invalid_frame callback for error detection [174]
+ o http2: detect session being closed on ingress handling [173]
+ o http2: enhance error messages on Curl_dyn* upon receiving headers [149]
+ o http2: fix stream assignemnt for pushes [302]
+ o http2: reset stream on response header error [175]
+ o HTTP3.md: only speak about minimal versions [18]
+ o http: convert parsers to strparse [48]
+ o http: fix NTLM info message typo [22]
+ o http: fix the auth check [88]
+ o http: make the RTSP version check stricter [73]
+ o http: negotiation and room for alt-svc/https rr to navigate [64]
+ o http: remove a HTTP method size restriction [241]
+ o http: version negotiation [45]
+ o http_chunks: replace a strofft call with curl_str_hex [138]
+ o https-rr: implementation improvements [44]
+ o httpsrr: fix port detection [51]
+ o httpsrr: fix the HTTPS-RR threaded-resolver build combo [67]
+ o INFRASTRUCTURE.md: add IRC and Matrix details [278]
+ o INSTALL-CMAKE.md: CMake usage updates [101]
+ o INSTALL-CMAKE.md: mention `ZLIB_USE_STATIC_LIBS` [112]
+ o lib1156: pass longs to `curl_easy_setopt()` [159]
+ o lib1560: test set path containing LR or CR [299]
+ o lib2302: fix crash due to stack overflow on MSVC and clang Windows [228]
+ o lib696: fix building on Windows in non-bundle mode [267]
+ o lib: better optimized casecompare() and ncasecompare() [3]
+ o lib: clear up CURLRES_ASYNCH vs USE_CURL_ASYNC use [215]
+ o lib: fix two curlx_strtoofft invokes [128]
+ o lib: rename curlx_strtoofft to Curl_str_numblanks() [218]
+ o lib: replace while(ISBLANK()) loops with Curl_str_passblanks() [148]
+ o lib: simplify more white space loops [60]
+ o lib: strtoofft.h header cleanup [17]
+ o lib: use Curl_str_* instead of strtok_r() [59]
+ o lib: use Curl_str_number() for parsing decimal numbers [13]
+ o libssh2: fix freeing of resources in disconnect [207]
+ o libssh2: fix memory leak in `SSH_SFTP_REALPATH` state [224]
+ o libssh2: fix to ignore `known_hosts` if SHA256 host public key is set [296]
+ o libssh2: print user with verbose flag [125]
+ o libssh2: show crypto backend in the verbose connect log [316]
+ o libssh: fix freeing of resources in disconnect [206]
+ o libssh: fix scp large file upload for 32-bit size_t systems [211]
+ o libtest/first.c: remove the Test: stderr output for unity builds [301]
+ o libtest/libprereq.c: set CURLOPT_FOLLOWLOCATION with a long [89]
+ o managen: accept more markdown-quote-markers [243]
+ o managen: correct the warning for un-escaped '<' and '>' [1]
+ o mbedtls: re-enable an error check [288]
+ o memdebug.h: avoid `-Wredundant-decls` with an extra guard [230]
+ o memdebug: drop dynamic allocation from `curl_dbg_log()` [285]
+ o mprintf: switch three number parsers to use strparse [221]
+ o mqtt: convert sendleftovers to dynbuf [262]
+ o msvc: drop support for VS2005 and older [96]
+ o multi: call protocol handler done() if PROTOCONNECT or later [238]
+ o multi: event based rework [74]
+ o multi: kill off remaining internal handles in curl_multi_cleanup [248]
+ o multi: start the loop over when handles are removed [129]
+ o multi_ev: fixes regarding connection shutdowns [284]
+ o ngtcp2: do not iterate over multi handles [194]
+ o ntlm: merge ntlm.h into ntlm.c [235]
+ o openssl-quic: do not iterate over multi handles [188]
+ o openssl: check return value of X509_get0_pubkey [105]
+ o openssl: drop support for old OpenSSL/LibreSSL versions [95]
+ o openssl: fix crash on missing cert password [271]
+ o openssl: fix pkcs11 URI checking for key files. [152]
+ o openssl: remove bad `goto`s into other scope [63]
+ o prox/preproxy.md: document argument within <brackets> [317]
+ o pytest: test negotiate with http proxy [83]
+ o quiche: do not iterate over multi handles [182]
+ o RELEASE-PROCEDURE.md: explain release candidates [161]
+ o request: clear sendbuf_hds_len when resetting request bufq [166]
+ o resolve: fix building without Unix sockets and `CURLDEBUG` [213]
+ o runtests: accept `CURL_DIRSUFFIX` without ending slash [133]
+ o runtests: add feature-based filtering [268]
+ o runtests: check and report if `diff` tool is missing [162]
+ o runtests: drop logic calling the `handle` tool (Windows) [263]
+ o runtests: drop recognizing 'winssl' as Schannel [102]
+ o runtests: drop ref to unused external function
+ o runtests: fix bundled test invocation with `-g` option [308]
+ o runtests: fix SSH server not starting in cases, re-ignore failing vcpkg CI jobs [225]
+ o runtests: fix test key format for libssh2 WinCNG (and others) [229]
+ o runtests: generate certs dynamically, bump to EC-256, tidy up [279]
+ o runtests: recognize AWS-LC as OpenSSL [103]
+ o runtests: rewrite `genserv.sh` in Perl [312]
+ o runtests: support multi-target cmake, drop workarounds from CI [116]
+ o runtests: support running tests under wine or qemu (cont.) [309]
+ o runtests: support running tests under wine or qemu [210]
+ o runtests: use `setfacl` on Cygwin/MSYS, if present [291]
+ o rustls: add ECH support w/ string ECH config [281]
+ o rustls: cap maximum allowed CRL file size to 8MB [196]
+ o rustls: support ECH GREASE
+ o rustls: use client cert and key if available
+ o schannel: deduplicate Windows Vista detection [98]
+ o schannel: enable ALPN support under WINE 6.0+ [92]
+ o schannel: enable ALPN with MinGW, fix ALPN for UWP builds [71]
+ o schannel: guard ALPN init code to ALPN builds [91]
+ o scripts/managen: fix option 'single' [31]
+ o scripts/managen: fix parsing of markdown code sections [30]
+ o scripts: update completion.pl to parse options from docs [266]
+ o sectransp: add support for HTTP/2 in gcc builds [200]
+ o sendf: client reader line conversion: do not change data->state.infilesize [244]
+ o setopt: illegal CURLOPT_SOCKS5_AUTH should return error [185]
+ o setopt: remove unnecessary void pointer typecasts [76]
+ o setopt: setting PROXYUSERPWD after PROXYUSERNAME/PASSWORD is fine [197]
+ o shutdowns: split shutdown handling from connection pool [156]
+ o socks: remove bad assert from do_SOCKS5() [216]
+ o src: avoid strdup on platforms not doing UTF-8 conversions [176]
+ o src: cleanup ISBLANK vs ISSPACE [195]
+ o src: remove Curl_ prefix from tool-specific function [205]
+ o src: remove final uses of Curl_ symbol prefixes in tool code [242]
+ o src: replace strto[u][ld] with curlx_str_ parsers [222]
+ o ssh: consider sftp quote commands case sensitive [33]
+ o sshserver.pl: adjust `AuthorizedKeysFile2` cutoff version [204]
+ o sshserver.pl: use Perl `chmod` [311]
+ o sshserver: fix excluding obsolete client config lines [212]
+ o ssl session cache: add exportable flag [56]
+ o SSLCERTS: list support for SSL_CERT_FILE and SSL_CERT_DIR [265]
+ o strparse: make Curl_str_number() return error for no digits [14]
+ o strparse: switch the API to work on 'const char *' [2]
+ o strparse: switch to curl_off_t as base data type [7]
+ o test1022: add support for rc releases [144]
+ o test1167: catch #defines with extra whitespace [140]
+ o test313: disable CRL test for Schannel due to lack of support and flakiness [310]
+ o test313: disable via `<features>` for backends without CRL support [303]
+ o test489: set output dir [186]
+ o test612: SCP `rm` the uploaded remote file (not the local source), unignore in CI [297]
+ o test613: make it pass on Windows, fix postprocess, unignore in CI [290]
+ o test615: fix for Cygwin, unignore in CI [276]
+ o tests/certs: cleanup [151]
+ o tests/server: drop unused `base64.pl` [258]
+ o tests/server: fix to check against winsock2 error codes on Windows [168]
+ o tests/server: give global `path` variable a more descriptive name [255]
+ o tests/server: make the signal handler signal-safe [269]
+ o tests/server: replace `errno` with `SOCKERRNO` in sockfilt, socksd, sws [183]
+ o tests/server: replace `strerror` with `sstrerror` in socksd
+ o tests/server: support bundle binary [217]
+ o tests/server: sync `wait_ms()` with the libcurl implementation [226]
+ o tests/server: use `curlx_str_numblanks()` to avoid `errno` [250]
+ o tests/servers.pm: remove unused variable 'portrange' [227]
+ o tests: build non-debug unit tests with autotools, run them [287]
+ o tests: fix comment in lib533 [121]
+ o tests: fix enum/int confusion, fix autotools `CFLAGS` for `servers` [27]
+ o tests: make sure 'commands.log' is generated in the correct logdir [172]
+ o tests: mark tests 1631, 1632 flaky [157]
+ o tests: reformat error messages to avoid tripping MSBuild [201]
+ o tests: remove base64 encoded sections [260]
+ o tests: Remove unused variables [245]
+ o tests: replace remaining non-ASCII bytes with hex markup [283]
+ o tftpd: prefix TFTP protocol error `E*` constants with `TFTP_` [189]
+ o tidy-up: align MSYS2/Cygwin codepaths, follow Cygwin `MAX_PID` bump [97]
+ o tidy-up: delete, comment or scope C macros reported unused [16]
+ o tidy-up: drop unused `CURL_INADDR_NONE` macro and `in_addr_t` type [26]
+ o tidy-up: use `CURL_ARRAYSIZE()` [37]
+ o timediff: fix comment for curlx_mstotv() [25]
+ o timediff: remove unnecessary double typecast [53]
+ o tool_dirhie: create dir hierarchy without strtok [169]
+ o tool_getparam: clear sensitive arguments better [66]
+ o tool_getparam: do parse_upload_flags without the alloc/free [181]
+ o tool_getparam: parse --trace-config without strdup()/free() [178]
+ o tool_getparam: parse_header() without strtok [165]
+ o tool_operate: change "1 retries" to "1 retry" [145]
+ o tool_operate: fail SSH transfers without server auth [70]
+ o tool_operate: fix pluralization of seconds [273]
+ o tool_operate: remove unnecessary (long) typecasts [141]
+ o tool_paramhlp: do --proto parsing without strtok [170]
+ o tool_parsecfg: make my_get_line skip comments and newlines [130]
+ o tool_setopt: reduce use of "code hiding" macros [203]
+ o url: call protocol handler's disconnect in Curl_conn_free [193]
+ o urlapi: fix redirect from file:// with query, and simplify [136]
+ o urlapi: remove percent encoded dot sequences from the URL path [252]
+ o urlapi: simplify junkscan [23]
+ o urldata: remove 'hostname' from struct Curl_async [131]
+ o variable.md: clarify 'trim' example [12]
+ o vquic: obey IOV_MAX [275]
+ o vtls: fix compiler warnings seen with gcc 7.3.0 and mbedTLS [187]
+ o winbuild: reduce command-line length by dropping whitespace [117]
+ o windows: do not use winsock2 `inet_ntop()`/`inet_pton()` [202]
+ o windows: drop code and curl manifest targeting W2K and older [115]
+ o windows: fix issues detected by clang-tidy, and some more [286]
+ o wolfssh: fix freeing of resources in disconnect [184]
+ o wolfssh: retrieve the error using wolfSSH_get_error [5]
+ o wolfssl: fix CA certificate multiple location import [34]
+ o wolfssl: fix unused variable warning [190]
+ o wolfssl: warn if CA native import option is ignored [65]
+ o wolfssl: when using PQ KEM, use ML-KEM, not Kyber [10]
+ o ws: corrected curlws_cont to reflect its documented purpose [120]
+ o ws: fix and extend CURLWS_CONT handling [256]
+ o zlib: bump minimum to 1.2.5.2 (was: 1.2.0.4) [179]
This release includes the following known bugs:
@@ -96,77 +348,332 @@ Planned upcoming removals include:
This release would not have looked like this without help, code, reports and
advice from friends like these:
- Aaron Deadman, Andrei Korshikov, Andrew Kirillov, arlt on github,
- Christian Schmitz, CueXXIII on Github, Dan Fandrich, Daniel Stenberg,
- deliciouslytyped on github, Fay Stegerman, Jan Engelhardt,
- jethrogb on github, Kai Pastor, Marcel Raad, Michael Kaufmann,
- mschroeder-fzj on github, nono303 on github, Philip Heiduck, qhill,
- Ralf A. Timmermann, Ray Satiro, renovate[bot], Stefan Eissing, Terence Eden,
- thisisgk on github, Viktor Szakats, zzq1015 on github
- (27 contributors)
+ Abhinav Singhal, Anthony Hu, Aquila Macedo, Austin Moore, Ben Bodenmiller,
+ Brian Inglis, Calvin Ruocco, Carlos Henrique Lima Melara, Catena cyber,
+ Christian Schmitz, Dan Fandrich, Daniel McCarney, Daniel Stenberg,
+ Dave Nicolson, Demi Marie Obenour, dependabot[bot], Derek Huang,
+ Dexter Gerig, Ethan Wilkes, Gabriel Marin, Harry Sintonen, Jan Macku,
+ Jeremy Drake, John Bampton, Joseph Chen, Justin Steventon, Kai Pastor,
+ kayrus on github, kpcyrd on github, kriztalz, Lars Karlitski,
+ Laurențiu Nicola, lf- on github, Marcel Raad, Marius Albrecht, Mark Phillips,
+ Martxel, Michał Antoniak, Ondřej Hlavatý, Orgad Shaneh, Pavel Kropachev,
+ Peng-Yu Chen, Peter Kokot, Philippe Antoine, qhill on github, Ray Satiro,
+ renovate[bot], Rinku Das, rmg-x on github, Roman Zharkov, Ronald Crane,
+ RubisetCie on github, saimen, Samuel Dionne-Riel, Samuel Henrique,
+ Scott Talbert, Sergey, Stefan Eissing, stevenpackardblp on github,
+ Tatsuhiro Tsujikawa, Teh Kok How, Tianyi Song, Timo Tijhof, tiymat,
+ Viktor Szakats, Vulpes Vulpes, Weng Xuetian, Yedaya Katsman, Zenju on github,
+ Zhang Wen, Zhaoming Luo
+ (71 contributors)
References to bug reports and discussions on issues:
- [1] = https://curl.se/bug/?i=16232
- [2] = https://curl.se/bug/?i=16202
- [3] = https://curl.se/bug/?i=16199
- [4] = https://curl.se/bug/?i=16139
- [5] = https://curl.se/bug/?i=16196
- [6] = https://curl.se/bug/?i=16245
- [7] = https://curl.se/bug/?i=16194
- [8] = https://curl.se/bug/?i=16184
- [9] = https://curl.se/bug/?i=16187
- [10] = https://curl.se/bug/?i=16169
- [11] = https://curl.se/bug/?i=16233
- [12] = https://curl.se/bug/?i=16246
- [13] = https://curl.se/bug/?i=16230
- [14] = https://curl.se/bug/?i=16213
- [15] = https://curl.se/bug/?i=16208
- [16] = https://curl.se/bug/?i=16189
- [17] = https://curl.se/bug/?i=16211
- [18] = https://curl.se/bug/?i=16227
- [19] = https://curl.se/bug/?i=16209
- [20] = https://curl.se/bug/?i=16248
- [21] = https://curl.se/bug/?i=16126
- [22] = https://curl.se/bug/?i=16153
- [23] = https://curl.se/bug/?i=16146
- [24] = https://curl.se/bug/?i=16207
- [25] = https://curl.se/bug/?i=16176
- [26] = https://curl.se/bug/?i=16182
- [27] = https://curl.se/bug/?i=16198
- [28] = https://curl.se/bug/?i=16144
- [29] = https://curl.se/bug/?i=16226
- [30] = https://curl.se/bug/?i=16191
- [31] = https://curl.se/bug/?i=16240
- [32] = https://curl.se/bug/?i=16243
- [33] = https://curl.se/bug/?i=16200
- [34] = https://curl.se/bug/?i=16201
- [35] = https://curl.se/bug/?i=16220
- [36] = https://curl.se/bug/?i=16223
- [37] = https://curl.se/bug/?i=16221
- [38] = https://curl.se/bug/?i=16242
- [39] = https://curl.se/bug/?i=16190
- [40] = https://curl.se/bug/?i=16214
- [41] = https://curl.se/bug/?i=16204
- [42] = https://curl.se/bug/?i=16183
- [43] = https://curl.se/bug/?i=16160
- [44] = https://curl.se/bug/?i=16159
- [45] = https://curl.se/bug/?i=16163
- [46] = https://curl.se/bug/?i=16237
- [47] = https://curl.se/bug/?i=16179
- [48] = https://curl.se/bug/?i=16111
- [49] = https://curl.se/bug/?i=16285
- [50] = https://curl.se/bug/?i=16256
- [51] = https://curl.se/bug/?i=16273
- [52] = https://curl.se/bug/?i=16216
- [53] = https://curl.se/bug/?i=16289
- [54] = https://curl.se/bug/?i=16269
- [55] = https://curl.se/bug/?i=16283
- [56] = https://curl.se/bug/?i=16268
- [57] = https://curl.se/bug/?i=16282
- [58] = https://curl.se/bug/?i=16278
- [59] = https://curl.se/bug/?i=16261
- [60] = https://curl.se/bug/?i=16253
- [61] = https://curl.se/bug/?i=16284
- [62] = https://curl.se/bug/?i=16293
- [65] = https://curl.se/bug/?i=16294
+ [1] = https://curl.se/bug/?i=16315
+ [2] = https://curl.se/bug/?i=16316
+ [3] = https://curl.se/bug/?i=16311
+ [4] = https://curl.se/bug/?i=16334
+ [5] = https://curl.se/bug/?i=16335
+ [6] = https://curl.se/bug/?i=16323
+ [7] = https://curl.se/bug/?i=16336
+ [8] = https://curl.se/bug/?i=16338
+ [9] = https://curl.se/bug/?i=16339
+ [10] = https://curl.se/bug/?i=16337
+ [11] = https://curl.se/bug/?i=16400
+ [12] = https://curl.se/bug/?i=16346
+ [13] = https://curl.se/bug/?i=16319
+ [14] = https://curl.se/bug/?i=16319
+ [15] = https://curl.se/bug/?i=16327
+ [16] = https://curl.se/bug/?i=16279
+ [17] = https://curl.se/bug/?i=16331
+ [18] = https://curl.se/bug/?i=16320
+ [19] = https://curl.se/bug/?i=16325
+ [20] = https://curl.se/bug/?i=16321
+ [21] = https://curl.se/bug/?i=16241
+ [22] = https://curl.se/bug/?i=16305
+ [23] = https://curl.se/bug/?i=16307
+ [24] = https://curl.se/bug/?i=16306
+ [25] = https://curl.se/bug/?i=16310
+ [26] = https://curl.se/bug/?i=16318
+ [27] = https://curl.se/bug/?i=16314
+ [28] = https://curl.se/bug/?i=16313
+ [29] = https://curl.se/bug/?i=16274
+ [30] = https://curl.se/bug/?i=16345
+ [31] = https://curl.se/bug/?i=16344
+ [32] = https://curl.se/bug/?i=16354
+ [33] = https://curl.se/bug/?i=16382
+ [34] = https://curl.se/bug/?i=16391
+ [35] = https://curl.se/bug/?i=16349
+ [36] = https://curl.se/bug/?i=16347
+ [37] = https://curl.se/bug/?i=16381
+ [38] = https://curl.se/bug/?i=16238
+ [39] = https://curl.se/bug/?i=16287
+ [40] = https://curl.se/bug/?i=16340
+ [41] = https://curl.se/bug/?i=16324
+ [42] = https://curl.se/bug/?i=15841
+ [43] = https://curl.se/bug/?i=16342
+ [44] = https://curl.se/bug/?i=16132
+ [45] = https://curl.se/bug/?i=16100
+ [46] = https://curl.se/bug/?i=16375
+ [47] = https://curl.se/bug/?i=16357
+ [48] = https://curl.se/bug/?i=16436
+ [49] = https://curl.se/bug/?i=16352
+ [50] = https://curl.se/bug/?i=16167
+ [51] = https://curl.se/bug/?i=16409
+ [52] = https://curl.se/bug/?i=16443
+ [53] = https://curl.se/bug/?i=16367
+ [54] = https://curl.se/bug/?i=16384
+ [55] = https://curl.se/bug/?i=16366
+ [56] = https://curl.se/bug/?i=16322
+ [57] = https://curl.se/bug/?i=16351
+ [58] = https://curl.se/bug/?i=16362
+ [59] = https://curl.se/bug/?i=16360
+ [60] = https://curl.se/bug/?i=16363
+ [61] = https://curl.se/bug/?i=16280
+ [62] = https://curl.se/bug/?i=16252
+ [63] = https://curl.se/bug/?i=16356
+ [64] = https://curl.se/bug/?i=16117
+ [65] = https://curl.se/bug/?i=16417
+ [66] = https://curl.se/bug/?i=16396
+ [67] = https://curl.se/bug/?i=16399
+ [68] = https://curl.se/bug/?i=16398
+ [69] = https://curl.se/bug/?i=16441
+ [70] = https://curl.se/bug/?i=16205
+ [71] = https://curl.se/bug/?i=16385
+ [72] = https://curl.se/bug/?i=16373
+ [73] = https://curl.se/bug/?i=16435
+ [74] = https://curl.se/bug/?i=16308
+ [75] = https://curl.se/bug/?i=16555
+ [76] = https://curl.se/bug/?i=16426
+ [77] = https://curl.se/bug/?i=16434
+ [78] = https://curl.se/bug/?i=16330
+ [79] = https://curl.se/bug/?i=15956
+ [80] = https://curl.se/bug/?i=16423
+ [81] = https://curl.se/bug/?i=16427
+ [82] = https://curl.se/bug/?i=16494
+ [83] = https://curl.se/bug/?i=14973
+ [84] = https://curl.se/bug/?i=16482
+ [85] = https://curl.se/bug/?i=16407
+ [86] = https://curl.se/bug/?i=16377
+ [87] = https://curl.se/bug/?i=15975
+ [88] = https://curl.se/bug/?i=16419
+ [89] = https://curl.se/bug/?i=16487
+ [90] = https://curl.se/bug/?i=16488
+ [91] = https://curl.se/bug/?i=16420
+ [92] = https://curl.se/bug/?i=16393
+ [93] = https://curl.se/bug/?i=16277
+ [94] = https://curl.se/bug/?i=16134
+ [95] = https://curl.se/bug/?i=16104
+ [96] = https://curl.se/bug/?i=16004
+ [97] = https://curl.se/bug/?i=16217
+ [98] = https://curl.se/bug/?i=16408
+ [99] = https://curl.se/bug/?i=16478
+ [100] = https://curl.se/bug/?i=16464
+ [101] = https://curl.se/bug/?i=16329
+ [102] = https://curl.se/bug/?i=16467
+ [103] = https://curl.se/bug/?i=16466
+ [104] = https://curl.se/bug/?i=16099
+ [105] = https://curl.se/bug/?i=16468
+ [106] = https://curl.se/bug/?i=16459
+ [107] = https://curl.se/bug/?i=16460
+ [108] = https://curl.se/bug/?i=16461
+ [109] = https://curl.se/bug/?i=16462
+ [110] = https://curl.se/bug/?i=16524
+ [111] = https://curl.se/bug/?i=16446
+ [112] = https://curl.se/bug/?i=16457
+ [113] = https://curl.se/bug/?i=16456
+ [114] = https://curl.se/bug/?i=16455
+ [115] = https://curl.se/bug/?i=16453
+ [116] = https://curl.se/bug/?i=16452
+ [117] = https://curl.se/bug/?i=16508
+ [118] = https://curl.se/bug/?i=16527
+ [119] = https://curl.se/bug/?i=16448
+ [120] = https://curl.se/bug/?i=16512
+ [121] = https://curl.se/bug/?i=16523
+ [122] = https://curl.se/bug/?i=16249
+ [123] = https://curl.se/bug/?i=16516
+ [124] = https://curl.se/bug/?i=15970
+ [125] = https://curl.se/bug/?i=16430
+ [126] = https://curl.se/bug/?i=16513
+ [127] = https://curl.se/bug/?i=16515
+ [128] = https://curl.se/bug/?i=16548
+ [129] = https://curl.se/bug/?i=16588
+ [130] = https://curl.se/bug/?i=16590
+ [131] = https://curl.se/bug/?i=16451
+ [132] = https://curl.se/bug/?i=16550
+ [133] = https://curl.se/bug/?i=16506
+ [134] = https://curl.se/bug/?i=16522
+ [135] = https://curl.se/bug/?i=16538
+ [136] = https://curl.se/bug/?i=16498
+ [137] = https://curl.se/bug/?i=16476
+ [138] = https://curl.se/bug/?i=16546
+ [139] = https://curl.se/bug/?i=16542
+ [140] = https://curl.se/bug/?i=16496
+ [141] = https://curl.se/bug/?i=16540
+ [142] = https://curl.se/bug/?i=16491
+ [143] = https://curl.se/bug/?i=16492
+ [144] = https://curl.se/bug/?i=16626
+ [145] = https://curl.se/bug/?i=16586
+ [146] = https://curl.se/bug/?i=16539
+ [147] = https://curl.se/bug/?i=16473
+ [148] = https://curl.se/bug/?i=16520
+ [149] = https://curl.se/bug/?i=16536
+ [150] = https://curl.se/bug/?i=16477
+ [151] = https://curl.se/bug/?i=16593
+ [152] = https://curl.se/bug/?i=16591
+ [153] = https://curl.se/bug/?i=16594
+ [154] = https://curl.se/bug/?i=16625
+ [155] = https://curl.se/bug/?i=16585
+ [156] = https://curl.se/bug/?i=16508
+ [157] = https://curl.se/bug/?i=16584
+ [158] = https://curl.se/bug/?i=16669
+ [159] = https://curl.se/bug/?i=16579
+ [160] = https://curl.se/bug/?i=16580
+ [161] = https://curl.se/bug/?i=16622
+ [162] = https://curl.se/bug/?i=16578
+ [163] = https://curl.se/bug/?i=16620
+ [164] = https://curl.se/bug/?i=16553
+ [165] = https://curl.se/bug/?i=16572
+ [166] = https://curl.se/bug/?i=16573
+ [167] = https://curl.se/bug/?i=16557
+ [168] = https://curl.se/bug/?i=16553
+ [169] = https://curl.se/bug/?i=16566
+ [170] = https://curl.se/bug/?i=16567
+ [171] = https://curl.se/bug/?i=16569
+ [172] = https://curl.se/bug/?i=16568
+ [173] = https://curl.se/bug/?i=16544
+ [174] = https://curl.se/bug/?i=16544
+ [175] = https://curl.se/bug/?i=16535
+ [176] = https://curl.se/bug/?i=16560
+ [177] = https://curl.se/bug/?i=16565
+ [178] = https://curl.se/bug/?i=16559
+ [179] = https://curl.se/bug/?i=16616
+ [180] = https://curl.se/bug/?i=16563
+ [181] = https://curl.se/bug/?i=16552
+ [182] = https://curl.se/bug/?i=16607
+ [183] = https://curl.se/bug/?i=16553
+ [184] = https://curl.se/bug/?i=16668
+ [185] = https://issues.oss-fuzz.com/issues/401430844
+ [186] = https://curl.se/bug/?i=16670
+ [187] = https://curl.se/bug/?i=16614
+ [188] = https://curl.se/bug/?i=16611
+ [189] = https://curl.se/bug/?i=16666
+ [190] = https://curl.se/bug/?i=16608
+ [191] = https://curl.se/bug/?i=16610
+ [192] = https://curl.se/bug/?i=16479
+ [193] = https://curl.se/bug/?i=16604
+ [194] = https://curl.se/bug/?i=16606
+ [195] = https://curl.se/bug/?i=16589
+ [196] = https://curl.se/bug/?i=16716
+ [197] = https://curl.se/bug/?i=16599
+ [198] = https://curl.se/bug/?i=16598
+ [199] = https://curl.se/bug/?i=16710
+ [200] = https://curl.se/bug/?i=16581
+ [201] = https://curl.se/bug/?i=16583
+ [202] = https://curl.se/bug/?i=16577
+ [203] = https://curl.se/bug/?i=16709
+ [204] = https://curl.se/bug/?i=16787
+ [205] = https://curl.se/bug/?i=16657
+ [206] = https://curl.se/bug/?i=16659
+ [207] = https://curl.se/bug/?i=16656
+ [208] = https://curl.se/bug/?i=16142
+ [209] = https://curl.se/bug/?i=16660
+ [210] = https://curl.se/bug/?i=16785
+ [211] = https://curl.se/bug/?i=16641
+ [212] = https://curl.se/bug/?i=16784
+ [213] = https://curl.se/bug/?i=16700
+ [214] = https://curl.se/bug/?i=16649
+ [215] = https://curl.se/bug/?i=16645
+ [216] = https://issues.oss-fuzz.com/issues/401869346
+ [217] = https://curl.se/bug/?i=15000
+ [218] = https://curl.se/bug/?i=16642
+ [219] = https://curl.se/bug/?i=16644
+ [220] = https://curl.se/bug/?i=16646
+ [221] = https://curl.se/bug/?i=16628
+ [222] = https://curl.se/bug/?i=16634
+ [223] = https://curl.se/bug/?i=16861
+ [224] = https://curl.se/bug/?i=16636
+ [225] = https://curl.se/bug/?i=16636
+ [226] = https://curl.se/bug/?i=16627
+ [227] = https://curl.se/bug/?i=16632
+ [228] = https://curl.se/bug/?i=16630
+ [229] = https://curl.se/bug/?i=16781
+ [230] = https://curl.se/bug/?i=16696
+ [231] = https://curl.se/bug/?i=16695
+ [232] = https://curl.se/bug/?i=16797
+ [233] = https://curl.se/bug/?i=16553
+ [234] = https://curl.se/bug/?i=16691
+ [235] = https://curl.se/bug/?i=16690
+ [236] = https://curl.se/bug/?i=16689
+ [237] = https://curl.se/bug/?i=16733
+ [238] = https://curl.se/bug/?i=16681
+ [239] = https://curl.se/bug/?i=16779
+ [240] = https://curl.se/bug/?i=16726
+ [241] = https://curl.se/bug/?i=16729
+ [242] = https://curl.se/bug/?i=16678
+ [243] = https://curl.se/bug/?i=16685
+ [244] = https://issues.oss-fuzz.com/issues/402476456
+ [245] = https://curl.se/bug/?i=16798
+ [246] = https://curl.se/bug/?i=16786
+ [247] = https://curl.se/bug/?i=16653
+ [248] = https://curl.se/bug/?i=16674
+ [249] = https://curl.se/bug/?i=16673
+ [250] = https://curl.se/bug/?i=16671
+ [251] = https://curl.se/bug/?i=16720
+ [252] = https://curl.se/bug/?i=16869
+ [253] = https://curl.se/bug/?i=16723
+ [254] = https://curl.se/bug/?i=16705
+ [255] = https://curl.se/bug/?i=16719
+ [256] = https://curl.se/bug/?i=16687
+ [257] = https://curl.se/bug/?i=16712
+ [258] = https://curl.se/bug/?i=16713
+ [259] = https://curl.se/bug/?i=16774
+ [260] = https://curl.se/bug/?i=16816
+ [261] = https://curl.se/bug/?i=16833
+ [262] = https://curl.se/bug/?i=16823
+ [263] = https://curl.se/bug/?i=16484
+ [264] = https://curl.se/bug/?i=16759
+ [265] = https://curl.se/bug/?i=16762
+ [266] = https://curl.se/bug/?i=16072
+ [267] = https://curl.se/bug/?i=16753
+ [268] = https://curl.se/bug/?i=16533
+ [269] = https://curl.se/bug/?i=16852
+ [270] = https://curl.se/bug/?i=16879
+ [271] = https://curl.se/bug/?i=16806
+ [272] = https://curl.se/bug/?i=16743
+ [273] = https://curl.se/bug/?i=16751
+ [275] = https://curl.se/bug/?i=16846
+ [276] = https://curl.se/bug/?i=16818
+ [278] = https://curl.se/bug/?i=16809
+ [279] = https://curl.se/bug/?i=16824
+ [280] = https://curl.se/bug/?i=16828
+ [281] = https://curl.se/bug/?i=16828
+ [282] = https://curl.se/bug/?i=16828
+ [283] = https://curl.se/bug/?i=16837
+ [284] = https://curl.se/bug/?i=16782
+ [285] = https://curl.se/bug/?i=16745
+ [286] = https://curl.se/bug/?i=16777
+ [287] = https://curl.se/bug/?i=16771
+ [288] = https://curl.se/bug/?i=16766
+ [289] = https://curl.se/bug/?i=16756
+ [290] = https://curl.se/bug/?i=16791
+ [291] = https://curl.se/bug/?i=16437
+ [292] = https://curl.se/bug/?i=16836
+ [293] = https://curl.se/bug/?i=16793
+ [294] = https://curl.se/bug/?i=16792
+ [295] = https://curl.se/bug/?i=16725
+ [296] = https://curl.se/bug/?i=16805
+ [297] = https://curl.se/bug/?i=16801
+ [298] = https://curl.se/bug/?i=16835
+ [299] = https://curl.se/bug/?i=16875
+ [300] = https://curl.se/bug/?i=16873
+ [301] = https://curl.se/bug/?i=16872
+ [302] = https://curl.se/bug/?i=16881
+ [303] = https://curl.se/bug/?i=16865
+ [305] = https://curl.se/bug/?i=16867
+ [308] = https://curl.se/bug/?i=16893
+ [309] = https://curl.se/bug/?i=16863
+ [310] = https://curl.se/bug/?i=16862
+ [311] = https://curl.se/bug/?i=16859
+ [312] = https://curl.se/bug/?i=16858
+ [316] = https://curl.se/bug/?i=16790
+ [317] = https://curl.se/bug/?i=16883
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-01 18:43:22 +0000