cURL 8.0.1 was released on 20-March-2023. 130 + 1 bugfixes since v7.88.1: Home | Changelog | Downloads | Releaselogs
cURL | Homepage | Changelog | Downloads | Releaselogs | News 8.1.2 was released on 30-May-2023. Spoiler curl 8.1.2 release video Bugfixes: configure: quote the assignments for run-compiler configure: without pkg-config and no custom path, use -lnghttp2 curl: cache the --trace-time value for a second http2: fix EOF handling on uploads with auth negotiation http3: send EOF indicator early as possible lib1560: verify more scheme guessing lib: remove unused functions, make single-use static libcurl.m4: remove the trailing 'dnl' that causes this to break autoconf libssh: when keyboard-interactive auth fails, try password misc: fix spelling mistakes page-header: mention curl version and how to figure out the current release page-header: minor wording polish in the URL segment scripts/singleuse.pl: add more API calls urlapi: remove superfluous host name check
cURL | Homepage | Changelog | Downloads | Releaselogs | News 8.2.0 was released on 19-July-2023. Spoiler Changelog Related: Daily Snapshots Source repo Security Vulnerabilities Release log Pending Release Notes Fixed in 8.2.0 - July 19, 2023 Changes: curl: add --ca-native and --proxy-ca-native curl: add --trace-ids CURLOPT_MAIL_RCPT_ALLOWFAILS: replace CURLOPT_MAIL_RCPT_ALLLOWFAILS haproxy: add --haproxy-clientip flag to set client IPs lib: add CURLINFO_CONN_ID and CURLINFO_XFER_ID Bugfixes: bufq: make write/pass methods more robust build: drop unused/redundant `HAVE_WINLDAP_H` cf-socket: don't bypass fclosesocket callback if cancelled before connect cf-socket: move ctx declaration under HAVE_GETPEERNAME cf-socket: skip getpeername()/getsockname for TFTP checksrc: modernise perl file open checksrc: quote the file name to work with "funny" letters CI: brew fix for openssl in default path CI: don't install impacket if tests are not run CI: enable parallel make in more builds circleci: install impacket & wolfssl 5.6.0 cmake: add support for "unity" builds cmake: make use of snprintf cmake: stop CMake from quietly ignoring missing Brotli configure: add check for ldap_init_fd configure: fix run-compiler for old /bin/sh configure: the --without forms of the options are also gone connect-timeout.d: mention that the DNS lookup is included curl.h: include <sys/select.h> for vxworks curl: count uploaded data to stop at the originally given size curl: return error when asked to use an unsupported HTTP version curl_easy_nextheader.3: add missing open parenthesis examples curl_log: evaluate log statement only when transfer is verbose curl_mprintf.3: minor fix of the example curl_pushheader_byname/bynum.3: document in their own man pages curl_url_set: enforce the max string length check for all parts CURLOPT_AWS_SIGV4.3: remove unused variable from example CURLOPT_INFILESIZE.3: mention -1 triggers chunked CURLOPT_MIMEPOST.3: clarify what setting to NULL means CURLOPT_SSH_PRIVATE_KEYFILE.3: expand on the file search docs/libcurl/libcurl.3: cleanups and improvements docs: add more .IP after .RE to fix indentation of generate paragraphs docs: fix missing parameter names in examples docs: update CURLOPT_UPLOAD.3 docs: update HTTP3.md for newer ngtcp2 and nghttp3 docs: use a space after RFC when spelling out RFC numbers example/connect-to: show CURLOPT_CONNECT_TO example/crawler: also set CURLOPT_AUTOREFERER example/crawler: make it use a few more options example/default-scheme: set the default scheme for schemeless URLs example/hsts-preload: show one way to HSTS preload example/http2-download: set CURLOPT_BUFFERSIZE example/ipv6: feature CURLOPT_ADDRESS_SCOPE in use example/maxconnects: set maxconnect example example/opensslthreadlock: remove examples/ftpuploadresume.c: add use of CURLOPT_ACCEPTTIMEOUT_MS examples/http-options: show how to send "OPTIONS *" examples/https.c: use CURLOPT_CA_CACHE_TIMEOUT examples/multi-debugcallback.c: avoid the bool typedef examples/smtp-mime: use CURLOPT_MAIL_RCPT_ALLOWFAILS examples/unixsocket.c: example using CURLOPT_UNIX_SOCKET_PATH examples/websocket.c: websocket example using CONNECT_ONLY examples: make use of CURLOPT_(REDIR_|)PROTOCOLS_STR fopen: fix conversion warning on 32-bit Android fopen: optimize hostip.c: Move macOS-specific calls into global init call HTTP/2: upload handling fixes http2: better support for --limit-rate http2: error stream resets with code CURLE_HTTP2_STREAM http2: fix crash in handling stream weights http2: fix variable type http2: h2 and h2-PROXY connection alive check fixes http2: raise header limitations above and beyond http2: send HEADER & DATA together if possible http2: treat initial SETTINGS as a WINDOW_UPDATE HTTP3.md: update openssl version http3/ngtcp2: upload EAGAIN handling http: rectify the outgoing Cookie: header field size check hyper: fix EOF handling on input hyper: unslow imap-append.c: update to make it more likely to work imap: Provide method to disable SASL if it is advertised krb5: add typecast to please Coverity libcurl-url.3: also mention CURLUPART_ZONEID libcurl-ws.3. WebSocket API overview libssh2: provide error message when setting host key type fails libssh2: use custom memory functions ngtcp2: assigning timeout, but value is overwritten before used ngtcp2: build with 0.17.0 and nghttp3 0.13.0 ngtcp2: use ever increasing timestamp in io quiche: avoid NULL deref in debug logging quiche: fix defects found in latest coverity report quote.d: fix indentation of generated paragraphs runtests: abort test run after failure without -a runtests: better handle ^C during slow tests runtests: consistently write the test check summary block runtests: create multiple test runners when requested runtests: include missing valgrind package runtests: make test file directories in log/N runtests: rename server command file runtests: use more consistent failure lines runtests: work around a perl without SIGUSR1 runtests; give each server a unique log lock file scripts: Fix GHA matrix job detection in cijobs.pl sectransp: fix EOF handling system.h: remove __IBMC__/__IBMCPP__ guards and apply to all z/OS compiles test2600: fix the description test427: verify sending more cookies than fit in a 8190 bytes line tests/http: Add mod_h2 directive `H2ProxyRequests` tests/servers.pm: pick unused port number with a server socket tests/servers: generate temp names in /tmp for unix domain sockets tests: fix error messages & handling around sockets tests: improve reliability of TFTP tests testutil: allow multiple %-operators on the same line timeval: use CLOCK_MONOTONIC_RAW if available tls13-ciphers.d: include Schannel tool: remove exclamation marks from error/warning messages tool: remove newlines from all helpf/notef/warnf/errorf calls tool_easysrc.h: correct `easysrc_perform` for `CURL_DISABLE_LIBCURL_OPTION` tool_getparam: fix comment tool_operate: allow cookie lines up to 8200 bytes tool_parsecfg: accept line lengths up to 10M tool_urlglob: use curl_off_t instead of longs tool_writeout_json: fix encoding of control characters transfer: clear credentials when redirecting to absolute URL urlapi: have *set(PATH) prepend a slash if one is missing urlapi: scheme must start with alpha vtls: avoid memory leak if sha256 call fails websocket-cb: example doing WebSocket download using callback wolfssl: detect when TLS 1.2 support is not built into wolfssl wolfssl: support setting CA certificates as blob ws: make the curl_ws_meta() return pointer a const
cURL | Homepage | Changelog | Downloads | Releaselogs | News Version 8.2.1 was released on 26-July-2023. Spoiler Fixed in 8.2.1 - July 26, 2023 curl 8.2.1 release video Changes: Changes: Bugfixes: amigaos: fix sys/mbuf.h m_len macro clash amissl: add missing signal.h include amissl: fix AmiSSL v5 detection cfilters: rename close/connect functions to avoid clashes ciphers.d: put URL in first column cmake: add `libcurlu`/`libcurltool` for unit tests cmake: update ngtcp2 detection configure: check for nghttp2_session_get_stream_local_window_size CONTRIBUTE: drop mention of copyright year ranges CONTRIBUTE: fix syntax in commit message description curl_multi_wait.3: fix arg quoting to doc macro .BR docs: mark two TLS options for TLS, not SSL docs: provide more see also for cipher options hostip: return IPv6 first for localhost resolves http2: fix regression on upload EOF handling http: VLH, very large header test and fixes libcurl-errors.3: add CURLUE_OK os400: correct EXPECTED_STRING_LASTZEROTERMINATED quiche: fix lookup of transfer at multi quiche: fix segfault and other things rustls: update rustls-ffi 0.10.0 socks: print ipv6 address within brackets src/mkhelp: strip off escape sequences tool: fix tool_seek_cb build when SIZEOF_CURL_OFF_T > SIZEOF_OFF_T transfer: do not clear the credentials on redirect to absolute URL unittest: remove unneeded *_LDADD websocket: rename arguments/variables to match docs
cURL | Homepage | Changelog | Downloads | Releaselogs | News Version 8.3.0 has been released. (13-September-2023) 9 changes and 174 bug fixes… Spoiler Fixed in 8.3.0 - September 13, 2023 Changes: curl: make %output{} in -w specify a file to write to gskit: remove lib: --disable-bindlocal builds curl without local binding support nss: remove support for this TLS library tool: add “variable” support trace: make tracing available in non-debug builds url: change the default value for CURLOPT_MAXREDIRS to 30 urlapi: CURLU_PUNY2IDN – convert from punycode to IDN name wolfssl: support loading system CA certificates Bugfixes: altsvc: accept and parse IPv6 addresses in response headers asyn-ares: reduce timeout to, 2000ms aws-sigv4: canonicalize the query aws-sigv4: fix having date header twice in some cases aws-sigv4: handle no-value user header entries bearssl: don't load CA certs when peer verification is disabled bearssl: handshake fix, provide proper get_select_socks() implementation build: fix portability of mancheck and checksrc targets build: streamline non-UWP wincrypt detections c-hyper: adjust the hyper to curlcode conversion c-hyper: fix memory leaks in `Curl_http` cf-haproxy: make CURLOPT_HAPROXY_CLIENT_IP set the *source* IP cf-socket: log successful interface bind CI/cirrus: disable python install on FreeBSD CI: add a 32-bit i686 Linux build CI: add caching to many jobs CI: move on to ngtcp2 v0.19.1 CI: move the Alpine build from Cirrus to GHA CI: ngtcp2-linux: use separate caches for tls libraries CI: remove Windows builds from Cirrus, without replacement CI: switch macOS ARM build from Cirrus to Circle CI CI: use master again for wolfssl cirrus: install everything with pkg, avoid pip CMake: add GnuTLS option CMake: add support for `CURL_DEFAULT_SSL_BACKEND` CMake: add support for single libcurl compilation pass CMake: allow `SHARE_LIB_OBJECT=ON` on all platforms CMake: assume `wldap32` availability on Windows CMake: cache more config and delete unused ones CMake: detect `SSL_set0_wbio` in OpenSSL CMake: drop `HAVE_LIBWINMM` and `HAVE_LIBWS2_32` feature checks CMake: fix to use variable for the curl namespace CMake: fixup the H2 duplicate symbols for unity builds CMake: set SIZEOF_LONG_LONG in curl_config.h CMake: support building static and shared libcurl in one go cmdline-docs: make sure to phrase it as “added in ….” cmdline-docs: use present tense, not future cmdline-opts/docs: mention the negative option part cmdline-opts/page-header: clarify stronger that !opt == URL cmdline-opts/page-header: reorder, clean up configure, CMake, lib: more form api deprecation configure: fix `HAVE_TIME_T_UNSIGNED` check configure: trust pkg-config when it's used for zlib configure: use the pkg-config --libs-only-l flag for libssh2 connect: stop halving the remaining timeout when less than 600 ms left cookie-jar.d: emphasize that this option is ONLY writing cookies crypto: ensure crypto initialization works curl_url_get/set.3: add missing semicolon in SYNOPSIS CURLINFO_CERTINFO.3: better explain curl_certinfo struct CURLINFO_TLS_SSL_PTR.3: clarify a recommendation CURLOPT_*TIMEOUT*: extend and clarify CURLOPT_SSL_VERIFYPEER.3: mention it does not load CA certs when disabled CURLOPT_URL.3: add two URL API calls in the see-also section CURLOPT_URL.3: explain curl_url_set() uses the same parser digest: Use hostname to generate spn instead of realm disable.d: explain --disable not implemented prior to 7.50.0 docs/cmdline-opts/gen.pl: hide “added in” before 7.50.0 docs/cmdline-opts: match the current output docs/cmdline-opts: spell fixes, typos and polish docs/cmdline: add small “warning” to verbose options docs/cmdline: remove repeated working for negotiate + NTLM docs/HYPER.md: document a workaround for a link error docs: add curl_global_trace to some SEE ALSO sections docs: link to the website versions instead of markdowns docs: mark --ssl-revoke-best-effort as Schannel specific docs: mention critical files in same directories as curl saves docs: removing “pausing transfers” from HYPER.md. docs: rewrite to present tense easy: remove #ifdefs to make code easier on the eye egd: delete feature detection and related source code ftp: fix temp write of ipv6 address gen.pl: escape all dashes (ASCII minus) to avoid unicode hyphens gen.pl: replace all single quotes with aq GHA: adding quiche workflow headers: accept leading white spaces on first response header http2: avoid too early connection re-use/multiplexing http2: cleanup trace messages http2: disable assertion blocking OSSfuzz testing http2: fix in h2 proxy tunnel: progress in ingress on sending http2: polish things around POST http2: upgrade tests and add fix for non-existing stream http3/ngtcp2: shorten handshake, trace cleanup http3: quiche, handshake optimization, trace cleanup http: close the connection after a late 417 is received http: do not require a user name when using CURLAUTH_NEGOTIATE http: fix sending of large requests http: remove the p_pragma struct field http: return error when receiving too large header set hyper: fix a progress upload counter bug hyper: fix ownership problems hyper: remove `hyptransfer->endtask` IMAP: add a check for failing strdup() IMAP: remove the only sscanf() call in the IMAP code include.d: explain headers not printed with --fail before 7.75.0 include/curl/mprintf.h: add __attribute__ for the prototypes krb5: fix “implicit conversion loses integer precision” warnings lib: add the ability to disable auths individually lib: build fixups when built with most things disabled lib: fix a few *printf() flag mistakes lib: fix null ptr derefs and uninitialized vars (h2/h3) lib: move mimepost data from ->req.p.http to ->state libtest: use curl_free() to free libcurl allocated data list-only.d: mention SFTP as a supported protocol macOS: fix target detection more misc: fix various typos multi.h: the 'revents' field of curl_waitfd is supported multi: more efficient pollfd count for poll multi: remove 'processing: <url>' debug message ngtcp2: fix handling of large requests openssl: auto-detect `SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED` openssl: clear error queue after SSL_shutdown openssl: make aws-lc version support OCSP openssl: Support async cert verify callback openssl: switch to modern init for LibreSSL 2.7.0+ openssl: use `SSL_CTX_set_ciphersuites` with LibreSSL 3.4.1 openssl: use `SSL_CTX_set_keylog_callback` with LibreSSL 3.5.0 openssl: when CURLOPT_SSL_CTX_FUNCTION is registered, init x509 store before os400: build test servers os400: do not check translatable options at build time os400: implement CLI tool page-footer: QLOGDIR works with ngtcp2 and quiche page-header: move up a URL paragraph from GLOBBING to URL pytest: fix check for slow_network skips to only apply when intended quic: don't set SNI if hostname is an IP address quiche: adjust quiche `QUIC_IDLE_TIMEOUT` to 60s quiche: enable quiche to handle timeout events resolve: use PF_INET6 family lookups when CURL_IPRESOLVE_V6 is set revert “schannel: reverse the order of certinfo insertions” schannel: fix ordering of cert chain info schannel: fix user-set legacy algorithms in Windows 10 & 11 schannel: verify hostname independent of verify cert sectransp: fix compiler warnings sectransp: prevent CFRelease() of NULL secureserver.pl: fix stunnel path quoting secureserver.pl: fix stunnel version parsing SECURITY-PROCESS.md: not a sec issue: Tricking user to run a cmdline system.h: add CURL_OFF_T definitions on HP-UX with HP aCC test1304: build and skip without netrc support test1554: check translatable string options in OS400 wrapper test1608: make it build and get skipped without shuffle DNS support test687/688: two more basic --xattr tests tests/tftpd+mqttd: make variables static to silence picky warnings tests: add 'large-time' as a testable feature tests: add support for nested %if conditions tests: don't call HTTP errors OK in test cases tests: ensure `libcurl.def` contains all exports tests: fix h3 server check and parallel instances tests: TLS session sharing test tests: update cookie expiry dates to far in the future time-cond.d: mention what happens on a missing file tool: avoid including leading spaces in the Location hyperlink tool: change some fopen failures from warnings to errors tool: make the length argument an int for printf()-.* flags tool_cb_wrt: fix invalid unicode for windows console tool_filetime: make -z work with file dates before 1970 tool_operate: allow both SSL_CERT_FILE and SSL_CERT_DIR tool_operate: make aws-sigv4 not require TLS to be used tool_paramhlp: improve str2num(): avoid unnecessary call to strlen() tool_urlglob: use the correct format specifier for curl_off_t in msnprintf transfer: also stop the sending on closed connection transfer: don't set TIMER_STARTTRANSFER on first send unit2600: fix build warning if built without verbose messages url: remove infof() output for “still name resolving” urlapi: fix heap buffer overflow urlapi: make sure zoneid is also duplicated in curl_url_dup urlapi: return CURLUE_BAD_HOSTNAME if puny2idn encoding fails urlapi: setting a blank URL (“") is not an ok URL vquic: show stringified messages for errno vtls: clarify “ALPN: offers” message winbuild: improve check for static zlib wolfSSL: avoid the OpenSSL compat API when not needed workflows/macOS.yml: disable zstd and alt-svc in the http-only build write-out.d: clarify %{time_starttransfer} ws: fix spelling mistakes in examples and tests
cURL and libcurl 8.6.0 have been released. (31-January-2024) Website | Download | News | Releaselogs | Changelog | Video Presentations | Documentation | Spoiler Fixed in 8.6.0 - January 31 2024 Changes: add CURLE_TOO_LARGE add CURLINFO_QUEUE_TIME_T add CURLOPT_SERVER_RESPONSE_TIMEOUT_MS: add asyn-thread: use GetAddrInfoExW on >= Windows 8 configure: make libpsl detection failure cause error docs/cmdline: change to .md for cmdline docs docs: introduce “curldown” for libcurl man page format runtests: support -gl. Like -g but for lldb. Bugfixes: altsvc: free 'as' when returning error appveyor: replace PowerShell with bash + parallel autotools appveyor: switch to out-of-tree builds asyn-ares: with modern c-ares, use its default timeout build: delete unused `HAVE_{GSSHEIMDAL,GSSMIT,HEIMDAL}` build: delete/replace clang warning pragmas build: enable missing OpenSSF-recommended warnings, with fixes build: fix `-Wconversion`/`-Wsign-conversion` warnings build: fix Windows ADDRESS_FAMILY detection build: more `-Wformat` fixes build: remove redundant `CURL_PULL_*` settings cf-h1-proxy: no CURLOPT_USERAGENT in CONNECT with hyper cf-socket: show errno in tcpkeepalive error messages CI/distcheck: run full tests cmake: add option to disable building docs cmake: fix generation for system name iOS cmake: fix typo cmake: freshen up docs/INSTALL.cmake cmake: prefill/cache `HAVE_STRUCT_SOCKADDR_STORAGE` cmake: rework options to enable curl and libcurl docs cmake: when USE_MANUAL=YES, build the curl.1 man page cmdline-opts/write-out.d: remove spurious double quotes cmdline-opts: update availability for the *-ca-native options cmdline/gen: fix the sorting of the man page options configure: add libngtcp2_crypto_boringssl detection configure: fix no default int compile error in ipv6 detection configure: when enabling QUIC, check that TLS supports QUIC connect: remove margin from eyeballer alloc content_encoding: change return code to typedef'ed enum cookie.d: document use of empty string to enable cookie engine cookie: avoid fopen with empty file name curl.h: CURLOPT_DNS_SERVERS is only available with c-ares curl: show ipfs and ipns as supported “protocols” curl_easy_getinfo.3: remove the wrong time value count curl_multi_fdset.3: remove mention of null pointer support CURLINFO_REFERER.3: clarify that it is the *request* header CURLOPT_AUTOREFERER.3: mention CURLINFO_REFERER CURLOPT_POSTFIELDS.3: fix incorrect C string escape in example CURLOPT_SSH_*_KEYFILE: clarify dist: add tests/errorcodes.pl to the tarball docs: clean up Protocols: for cmdline options docs: describe and highlight super cookies docs: do not start lines/sentences with So, But nor And docs: install curl.1 with cmake docs: mention env vars not used by schannel doh: remove unused local variable examples: add four new examples file+ftp: use stack buffers instead of data->state.buffer ftp: handle the PORT parsing without allocation ftp: use dynbuf to store entrypath ftp: use memdup0 to store the OS from a SYST 215 response ftpserver.pl: send 213 SIZE response without spurious newline gen.pl: support ## for doing .IP in table-like lists gen: do italics/bold for a range of letters, not just single word GHA: add a job scanning for “bad words” in markdown GHA: bump ngtcp2, gnutls, mod_h2, quiche gnutls: fix build with --disable-verbose haproxy-clientip.d: document the arg headers: make sure the trailing newline is not stored headers: remove assert from Curl_headers_push hostip: return error immediately when Curl_ip2addr() fails hsts: remove assert for zero length domain http2: improved on_stream_close/data_done handling http3/quiche: fix result code on a stream reset http3: initial support for OpenSSL 3.2 QUIC stack http: adjust_pollset fix http: check for “Host:” case insensitively http: fix off-by-one error in request method length check http: only act on 101 responses when they are HTTP/1.1 http: remove comment reference to a removed solution http: use stack scratch buffer http_proxy: a blank CURLOPT_USERAGENT should not be used in CONNECT krb5: add prototype to silence clang warnings on mvsnprintf() lib: add debug log outputs for CURLE_BAD_FUNCTION_ARGUMENT lib: error out on multissl + http3 lib: fix variable undeclared error caused by `infof` changes lib: reduce use of strncpy lib: rename Curl_strndup to Curl_memdup0 to avoid misunderstanding lib: replace readwrite with write_resp lib: strndup/memdup instead of malloc, memcpy and null-terminate libssh2: use `libssh2_session_callback_set2()` with v1.11.1 libssh: improve the deprecation warning dismissal libssh: supress warnings without version check Makefile.am: fix the MSVC project generation Makefile.mk: drop Windows support mbedtls: fix `-Wnull-dereference` and `-Wredundant-decls` mbedtls: free the entropy when threaded mime: use memdup0 instead of malloc + memcpy mksymbolsmanpage.pl: provide references to where the symbol is used mprintf: overhaul and bugfixes mqtt: use stack scratch buffer for recv+publish multi: remove total timer reset in file_do() while fetching file:// ngtcp2: put h3 at the front of alpn ntlm_wb: do not use data->state.buffer any longer openldap: fix an LDAP crash openldap: fix STARTTLS openssl: re-match LibreSSL deinit with init openssl: when verifystatus fails, remove session id from cache OS400: sync ILE/RPG binding pingpong: stop using the download buffer pop3: replace calloc + memcpy with memdup0 pytest: scorecard tracking CPU and RSS quiche: return CURLE_HTTP3 on send to invalid stream readwrite_data: loop less Revert “urldata: move async resolver state from easy handle to connectdata” rtsp: deal with borked server responses runtests: for mode="text” on <stdout>, fix newlines on both parts sasl: make login option string override http auth schannel: fix `-Warith-conversion` gcc 13 warning sectransp: do verify_cert without memdup for blobs sectransp_ make TLSCipherNameForNumber() available in non-verbose config sendf: fix compiler warning with CURL_DISABLE_HEADERS_API setopt: clear mimepost when formp is freed setopt: use memdup0 when cloning COPYPOSTFIELDS socks: fix generic output string to say SOCKS instead of SOCKS4 socks: use own buffer instead of data->state.buffer ssh: fix namespace of two local macros ssh: use stack scratch buffer for seeks strerror: repair get_winsock_error() system.h: sync mingw `CURL_TYPEOF_CURL_SOCKLEN_T` with other compilers system_win32: fix a function pointer assignment warning telnet: use dynbuf instad of malloc for escape buffer telnet: use stack scratch buffer for do tests/server: delete workaround for old-mingw tests: avoid int/size_t conversion size/sign warnings tests: respect $TMPDIR when creating unix domain sockets tool: make parser reject blank arguments if not supported tool: prepend output_dir in header callback tool_getparam: bsearch cmdline options tool_getparam: do not try to expand without an argument tool_getparam: stop supporting `@filename` style for --cookie tool_listhelp: regenerate after recent .d updates tool_operate: make --remove-on-error only remove “real” files tool_operate: stop setting the file comment on Amiga transfer: adjust_pollset improvements transfer: fix upload rate limiting, add test cases transfer: make the select_bits_paused condition check both directions transfer: remove warning: Value stored to 'blen' is never read url: don't set default CA paths for Secure Transport backend url: for disabled protocols, mention if found in redirect urlapi: remove assert verify-examples.pl: fail verification on unescaped backslash version: show only the libpsl version, not its dependencies vquic: extract TLS setup into own source vtls: fix missing multissl version info vtls: receive max buffer vtls: remove the Curl_cft_ssl_proxy object if CURL_DISABLE_PROXY websockets: check for negative payload lengths websockets: refactor decode chain windows: delete redundant headers windows: simplify detecting and using system headers wolfssl: load certificate *chain* for PEM client certs x509asn1: remove code for WANT_VERIFYHOST x509asn1: switch from malloc to dynbuf
cURL and libcurl 8.7.0 have been released. (27-March-2024) Website | Download | News | Releaselogs | Changelog | Video Presentations | Documentation | Spoiler Fixed in 8.7.0 - March 27, 2024 Changes: configure: add --disable-docs flag CURLINFO_USED_PROXY: return bool whether the proxy was used digest: support SHA-512/256 DoH: add trace configuration write-out: add '%{proxy_used}' Bugfixes: ALTSVC.md: correct a typo asyn-ares: fix data race warning asyn-thread: use wakeup_close to close the read descriptor badwords: use hostname, not host name BINDINGS: add mcurl, the python binding bufq: writing into a softlimit queue cannot be partial c-hyper: add header collection writer in hyper builds cd2nroff: gen: make `\>` in input to render as plain '>' in output cd2nroff: remove backticks from titles checksrc.pl: fix handling .checksrc with CRLF cmake: add USE_OPENSSL_QUIC support cmake: add warning for using TLS libraries without 1.3 support cmake: enable `ENABLE_CURL_MANUAL` by default cmake: fix `CURL_WINDOWS_SSPI=ON` with Schannel disabled cmake: fix function description in comment cmake: fix install for older CMake versions cmake: fix libcurl.pc and curl-config library specifications cmdline-docs/Makefile: avoid using a fixed temp file name cmdline-docs: quote and angle bracket cleanup cmdline-opts/_EXITCODES: sync with libcurl-errors cmdline-opts/_VARIABLES.md: improve the description cmdline-opts/_VERSION: provide %VERSION correctly cmdline-opts: shorter help texts configure: add pkg-config support to rustls detection configure: add warning for using TLS libraries without 1.3 support configure: build & install shell completions when enabled configure: do not link with nghttp3 unless necessary configure: Don't build shell completions when disabled configure: Don't make shell completions without perl configure: find libpsl with pkg-config connect.c: fix typo CONTRIBUTE: update the section on documentation format cookie.md: provide an example sending a fixed cookie cookie: if psl fails, reject the cookie curl: exit on config file parser errors curl: make --libcurl output better CURLOPT_*SSLVERSION curl: when allocating variables, add the name into the struct curl_setup.h: add curl_uint64_t internal type curldown: fix email address in Copyright CURLMOPT_MAX*: mention what happens if changed mid-transfer CURLOPT_INTERFACE.md: remove spurious amp, add see-also CURLOPT_POSTQUOTE.md: fix typo CURLOPT_SSL_CTX_FUNCTION.md: no promises of lifetime after return CURLOPT_WRITEFUNCTION.md: typo fix digest: add check for hashing error dist: make sure the http tests are in the tarball DISTROS: add document with distro pointers docs/libcurl: add TLS backend info for all TLS options docs/libcurl: generate PROTOCOLS from meta-data docs: add missing slashes to SChannel client certificate documentation docs: add necessary setup for nghttp3 docs: ascii version of manpage without nroff docs: dist curl*.1 and install without perl docs: make curldown do angle brackets like markdown docs: make each libcurl man specify protocol(s) docs: make sure curl.1 is included in dist tarballs docs: update minimal binary size in INSTALL.md docs: use present tense examples: use present tense in comments file: use xfer buf for file:// transfers fopen: fix narrowing conversion warning on 32-bit Android form-string.md: correct the example ftp: do lineend conversions in client writer ftp: fix socket wait activity in ftp_domore_getsock ftp: tracing improvements ftp: treat a 226 arriving before data as a signal to read data gen.pl: make the "manpageification" faster gen: make `\>` in input to render as plain '>' in output getparam: make --ftp-ssl work again GHA/linux: add sysctl trick to work-around GitHub runner issue GIT-INFO: convert to markdown GOVERNANCE: document the core team header.md: remove backslash, make nicer markdown HTTP/2: write response directly http2, http3: return CURLE_PARTIAL_FILE when bytes were received http2: fix push discard http2: memory errors in the push callbacks are fatal http2: minor tweaks to optimize two struct sizes http2: push headers better cleanup http2: remove the third (unused) argument from http2_data_done() HTTP3.md: adjust the OpenSSL QUIC install instructions http: better error message for HTTP/1.x response without status line http: improve response header handling, save cpu cycles http: move headers collecting to writer http: remove stale comment about rewindbeforesend http: separate response parsing from response action http_chunks: fix the accounting of consumed bytes http_chunks: remove unused 'endptr' variable https-proxy: use IP address and cert with ip in alt names hyper: implement unpausing via client reader ipv6.md: mention IPv4 mapped addresses KNOWN_BUGS: POP3 issue when reading small chunks lib1598: fix `CURLOPT_POSTFIELDSIZE` usage lib582: remove code causing warning that is never run lib: add `void *ctx` to reader/writer instances lib: convert Curl_get_line to use dynbuf lib: Curl_read/Curl_write clarifications lib: enhance client reader resume + rewind lib: initialize output pointers to NULL before calling strto[ff,l,ul] lib: keep conn IP information together lib: move 'done' parameter to SingleRequests lib: remove curl_mimepart object when CURL_DISABLE_MIME libcurl-docs: cleanups libcurl-security.md: Active FTP passes on the local IP address libssh/libssh2: return error on too big range MANUAL.md: fix typo mbedtls: fix building when MBEDTLS_X509_REMOVE_INFO flag is defined mbedtls: fix pytest for newer versions mbedtls: properly cleanup the thread-shared entropy mbedtls: use mbedtls_ssl_conf_{min|max}_tls_version md4: include strdup.h for the memdup proto mime: add client reader misc: fix typos in docs and lib mkhelp: simplify the generated hugehelp program mprintf: fix format prefix I32/I64 for windows compilers multi: add xfer_buf to multi handle multi: fix multi_sock handling of select_bits multi: make add_handle free any multi_easy ngtcp2: no recvbuf for stream ntml_wb: fix buffer type typo OpenSSL QUIC: adapt to v3.3.x openssl-quic: check on Windows that socket conv to int is possible openssl-quic: fix BIO leak and Windows warning openssl-quic: fix unity build, casing, indentation OS400: avoid using awk in the build scripts paramhlp: fix CRLF-stripping files with "-d @file" proxy1.0.md: fix example pytest: adapt to API change request: clarify message when request has been sent off rustls: make curl compile with 0.12.0 schannel: fix hang on unexpected server close scripts: fix cijobs.pl for Azure and GHA sendf: ignore response body to HEAD setopt: fix check for CURLOPT_PROXY_TLSAUTH_TYPE value setopt: fix disabling all protocols sha512_256: add support for GnuTLS and OpenSSL smtp: fix STARTTLS SPONSORS: describe the basics strtoofft: fix the overflow check test 1541: verify getinfo values on first header callback test1165: improve pattern matching tests: support setting/using blank content env variables TIMER_STARTTRANSFER: set the same for everyone TLS: start shutdown only when peer did not already close TODO: update 13.11 with more information tool_cb_hdr: only parse etag + content-disposition for 2xx tool_getparam: accept a blank -w "" tool_getparam: handle non-existing (out of range) short-options tool_operate: change precedence of server Retry-After time tool_operate: do not set CURLOPT_QUICK_EXIT in debug builds trace-config.md: remove the mutexed options list transfer.c: break receive loop in speed limited transfers transfer: improve Windows SO_SNDBUF update limit urldata: move authneg bit from conn to Curl_easy version: allow building with ancient libpsl vquic-tls: fix the error code returned for bad CA file vtls: fix tls proxy peer verification vtls: revert "receive max buffer" + add test case VULN-DISCLOSURE-POLICY.md: update detail about CVE requests websocket: fix curl_ws_recv() wolfSSL: do not call the stub function wolfSSL_BIO_set_init() write-out.md: clarify error handling details
cURL and libcurl 8.7.1 have been released. (27-March-2024) Website | Download | News | Releaselogs | Changelog | Video Presentations | Documentation | Spoiler Fixed in 8.7.1 - March 27, 2024 8.7.1 Bugfixes: Fixed empty tool_hugehelp.c file