Command line options: 274
curl_easy_setopt() options: 308
Public functions in libcurl: 100
- Authors: 1479
- Contributors: 3691
+ Authors: 1481
+ Contributors: 3696
This release includes the following changes:
This release includes the following bugfixes:
o asyn-thrdd: fix result processing without wakeup socketpair [2]
+ o autotools: mbedtls detection fixes [163]
o BUFQ.md: re-sync with source code [111]
o build: omit zlib pkg-config reference for Android [130]
o cf-h2-prox: fix peer leak [132]
o cf-h2-proxy: drop interim responses [47]
+ o cf-socket: set scope_id for IPv6 link-local addresses [150]
o cfilters: fix busy loop on blocked transfers [72]
o CIPHERS.md: fix the example that uses only TLS 1.3 [137]
o cmake: auto-select static nghttp2/nghttp3/ngtcp2 Config [8]
o cmake: opt in `MSVC_VERSION` 1951 to picky warnings [55]
o cmake: quote `COMPONENTS` string in `curl-config.in.cmake` [80]
o connect: remove deref of freed pointer in trace call [128]
+ o content_encoding: fix limit failure message [171]
+ o content_encoding: timeout during slow decoding [170]
o cookie: compare path case sensitively [52]
o cookie: simplify strstore(), remove outdated comment [12]
o cookie: trim trailing dots when checking PSL [39]
o creds: add sasl service name [75]
o creds: mask OAuth bearer token in trace logs [117]
+ o creds: remove two unused functions [158]
o curl_easy_pause.md: rephrase the stream cache when pause clause [120]
o curl_easy_setopt.md: change options when no transfer runs [122]
o curl_ntlm_core: fix nettle 4+ builds in certain MultiSSL combos [87]
o curl_ntlm_core: propagate DES `CryptEncrypt()` error [84]
+ o curl_sha512_256: fix result code on error [166]
o CURLOPT_ECH.md: simplify the description language [18]
o CURLOPT_HAPROXYPROTOCOL.md: only sent for newly setup connections [32]
o CURLOPT_MAXFILESIZE: clarify this also works for on-going transfers [78]
o CURLOPT_SHARE: warn about early remove [51]
o CURLOPT_SSH_HOSTKEYFUNCTION.md: for new connections only [48]
o delta: harden external command invocations [98]
+ o dnscache: remove Curl_dns_entry_link [160]
o docs/libcurl: fix the version for curl_multi_socket_action
o docs: end "...can be used several times..." sentences with period [34]
o docs: fix --follow doc typo [97]
o gsasl: fix potential double free [56]
o gtls: fix ignored return and uninitialized status in OCSP check [49]
o gtls: fix some typos [15]
+ o gtls: use the correct return code in trace output [173]
+ o h3-proxy: fix callback return values, and a typo in tests [139]
o hostip: remove unused MAX_HOSTCACHE_LEN and MAX_DNS_CACHE_SIZE [101]
+ o http: don't pass on set cookies to new origins [140]
o idn: replace header guards with forward declaration [100]
o KNOWN_BUGS.md: remove fixed GnuTLS <-> OpenSSL incompat bug [41]
o KNOWN_BUGS: remove stale Threads::Threads entry [135]
o lib: two minor typos [16]
o libcurl-easy.md: minor clarifications [19]
o libssh: map SSH_KNOWN_HOSTS_OTHER to CURLKHMATCH_MISMATCH [125]
+ o m4: drop redundant conditions in TLS library detections [155]
o managen: apply minor fixes and improvements [115]
o mbedtls: null-terminate the private key blob [36]
o mk-unity.pl: `#include`, and not concatenate input headers [124]
o multi: silence gcc 16 `-Wnull-dereference`, bump CI job to test [54]
o netrc: scanner refactor [121]
o ngtcp2: fail handshake directly [138]
+ o pytest: re-enable test test_05_01 and test_05_02 for quiche 0.29.0+ [154]
o pythonlint.sh: make it fail on error, fix ruff warnings in pytest [67]
o rtsp: bump buf after rtsp_filter_rtp() [88]
o runner.pm: apply minor correctness fix [105]
o runner.pm: set `CURL_TESTNUM` for `precheck` commands [13]
o rustls: error on CURLOPT_CRLFILE with native CA store [59]
+ o schannel: check `schannel_sha256sum()` success, and more [165]
o schannel: enforce Extended Key Usage for custom CA roots [29]
o schannel: error on TLS 1.3-only with cipher list [136]
o schannel: fix revoke_best_effort setting for proxy [70]
o setopt: gate a few proxy TLS options by checking backend support [35]
o setopt: more careful cleanup of the HSTS cache [45]
o show-headers.md: mention bold headers and --no-styled-output [17]
- o spnego_sspi: preserve distinction btw policy-only and uncond delegation [74]
o spnego_sspi: honor CURLOPT_GSSAPI_DELEGATION for Windows SSPI [89]
+ o spnego_sspi: preserve distinction btw policy-only and uncond delegation [74]
o src: fix comment typos [83]
o SSLCERTS: document 8.19.0 default Native CA builds (Windows) [14]
o sspi: clear SSPI credentials on AcquireCredentialsHandle failure [76]
o test1981: explicitly set the locale [85]
o tests: add an assert to avoid IPC blocking [69]
o tests: fix unit1636 with --disable-progress-meter [37]
+ o tftp: avoid the timeout calc if the timeout is crazy [151]
o tftp: stricter option name checks [90]
+ o tidy-up: add space around operators, where missing [147]
+ o tidy-up: apply clang-format fixes [153]
o tidy-up: miscellaneous [106]
o tls: fix incomplete mTLS config in conn reuse and session cache [108]
+ o tool: add a retry delay for transfers to same origin on 429 [61]
o tool_formparse.c: fix two minor comment typos [25]
o tool_formparse: polish error message + make two functions static [1]
o tool_formparse: tool2curlparts is no longer recursive [33]
o transfer: clear referer when set to NULL [112]
o unix-sockets: ignore proxy settings [6]
o url: compare full origin when setting credentials [42]
+ o url: connection reuse fixes for starttls [68]
o url: detect proxy changes read from environment [110]
o url: fix connection reuse for starttls protocols [27]
o url: keep the question mark for empty queries [73]
o url: remove ssh_config_matches [31]
o url: remove superfluous check [131]
o url: url_match_destination fix [43]
+ o urlapi: accept 0X prefix in IPv4 address as well [63]
o urlapi: change more lowercase percent-encoded to uppercase [71]
o urlapi: compare zone-id in Curl_url_same_origin() [95]
o urlapi: consume trailing dots after IPv4 numerical addresses [50]
o urlapi: deny hostnames with more than one trailing dot [58]
+ o urlapi: drop base fragment on empty redirect [64]
+ o urlapi: fix an issue parsing file URLs [149]
o urlapi: fix redirect handling if CURLU_NO_GUESS_SCHEME is set [46]
+ o urlapi: forbid '|' in host [172]
o urlapi: handle redirect without set scheme with default-scheme [38]
o user-agent.md: mention double quotes too [3]
+ o vtls: more large buffer support and error checks for SHA-256 [164]
o vtls: use Curl_safecmp for CRLfile and pinned_key comparison [116]
o vtls_scache: include signature_algorithms in the SSL peer cache key [123]
+ o vtls_spack: drop redundant macro fallbacks [167]
o VULN-DISCLOSURE-POLICY.md: emphasize the no email thank you part [113]
o VULN-DISCLOSURE-POLICY.md: test code is not secure [119]
o websockets: auto-tunnel through http proxy [102]
This release would not have looked like this without help, code, reports and
advice from friends like these:
- 0xN3R3K3, 11soda11, Alan De Smet, amitbidlan, Andrei Rybak, Andrew Nesbitt,
- Aritra Basu, Bastian Jesuiter, Bill Mill, chrizilla on github,
- co-authors in libssh2, Dan Fandrich, Daniel Gustafsson, Daniel Stenberg,
- Dario Vinella, dependabot[bot], Earnestly on github, Elise Vance,
- Emanuel Krollmann, Fabian Keil, Harry Sintonen, jeffhuang, Jeremy Nicoll,
+ 0xN3R3K3, 11soda11, Alan De Smet, ambikeesshh, amitbidlan, Andrei Rybak,
+ Andrew Nesbitt, Aritra Basu, azraelxuemo on hackerone, Bartel Sielski,
+ Bastian Jesuiter, Bill Mill, chrizilla on github, co-authors in libssh2,
+ Dan Fandrich, Daniel Gustafsson, Daniel Stenberg, Dario Vinella,
+ dependabot[bot], Earnestly on github, Elise Vance, Emanuel Krollmann,
+ Fabian Keil, Harry Sintonen, htasta, jeffhuang, Jeremy Nicoll,
Johannes Schlatow, Joshua Rogers, Kai Pastor, Mark Esler, Max Dymond, mik,
- mulan_dh on hackerone, parasol-aser, penpal, Peter Krefting, Raymond Steen,
- Ray Satiro, renovate[bot], Sergio Correia, sfan5 on github, Shintomon Mathew,
- Sollace on github, Song X. Gao, Stefan Eissing, Tim Martin, Viktor Szakats,
+ Mike-menny on github, mulan_dh on hackerone, parasol-aser, penpal,
+ Peter Krefting, Raymond Steen, Ray Satiro, renovate[bot], Ross Burton,
+ Sergio Correia, sfan5 on github, Shintomon Mathew, Sollace on github,
+ Song X. Gao, Stefan Eissing, Tim Martin, tiymat, Viktor Szakats,
Will Cosgrove, Xi Ruoyao, x-xiang on github
- (47 contributors)
+ (54 contributors)
References to bug reports and discussions on issues:
[58] = https://curl.se/bug/?i=21622
[59] = https://curl.se/bug/?i=21614
[60] = https://curl.se/bug/?i=21621
+ [61] = https://curl.se/bug/?i=21355
[62] = https://curl.se/bug/?i=21617
+ [63] = https://curl.se/bug/?i=21820
+ [64] = https://curl.se/bug/?i=21745
[65] = https://curl.se/bug/?i=21682
[66] = https://curl.se/bug/?i=21593
[67] = https://curl.se/bug/?i=21597
+ [68] = https://curl.se/bug/?i=21665
[69] = https://curl.se/bug/?i=21688
[70] = https://curl.se/bug/?i=21683
[71] = https://curl.se/bug/?i=21592
[136] = https://curl.se/bug/?i=21702
[137] = https://curl.se/bug/?i=21719
[138] = https://curl.se/bug/?i=21712
+ [139] = https://curl.se/bug/?i=21802
+ [140] = https://curl.se/bug/?i=21794
+ [147] = https://curl.se/bug/?i=21793
+ [149] = https://curl.se/bug/?i=21743
+ [150] = https://curl.se/bug/?i=21669
+ [151] = https://curl.se/bug/?i=21782
+ [153] = https://curl.se/bug/?i=21786
+ [154] = https://curl.se/bug/?i=21784
+ [155] = https://curl.se/bug/?i=21781
+ [158] = https://curl.se/bug/?i=21776
+ [160] = https://curl.se/bug/?i=21774
+ [163] = https://curl.se/bug/?i=21727
+ [164] = https://curl.se/bug/?i=21771
+ [165] = https://curl.se/bug/?i=21739
+ [166] = https://curl.se/bug/?i=21767
+ [167] = https://curl.se/bug/?i=21768
+ [170] = https://curl.se/bug/?i=21603
+ [171] = https://curl.se/bug/?i=21756
+ [172] = https://curl.se/bug/?i=21762
+ [173] = https://curl.se/bug/?i=21766
projects / thirdparty / curl.git / commitdiff
