From: Daniel Stenberg Date: Mon, 26 Jan 2026 11:47:02 +0000 (+0100) Subject: RELEASE-NOTES: synced X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=146de2460a68d06c29d4f4723ca33f9079dcf43f;p=thirdparty%2Fcurl.git RELEASE-NOTES: synced --- diff --git a/RELEASE-NOTES b/RELEASE-NOTES index acc698f4aa..da71c48a92 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -4,10 +4,12 @@ curl and libcurl 8.19.0 Command line options: 273 curl_easy_setopt() options: 308 Public functions in libcurl: 100 - Contributors: 3582 + Contributors: 3587 This release includes the following changes: + o BUG-BOUNTY.md: we stop the bug-bounty end of Jan 2026 [23] + o cmake: add `CURL_BUILD_EVERYTHING` option [51] o mqtt: initial support for MQTTS [81] o tool: support fractions for --limit-rate and --max-filesize [79] o vquic: drop support for OpenSSL-QUIC [80] @@ -17,17 +19,27 @@ This release includes the following changes: This release includes the following bugfixes: o altsvc: only accept 17 byte dates from files [22] + o asyn-ares: abort with OOM error when Curl_dnscache_mk_entry fails [107] + o build: constify `memchr()`/`strchr()`/etc result variables (cont.) [85] o build: detect and include `inttypes.h` again [13] o build: drop duplicate C includes [54] o build: drop global suppression of `-Wformat-nonliteral`, fix fallouts [19] + o build: fully omit verbose strings and code when disabled [113] o build: globally suppress DJGPP warnings in `FD_SET()` [56] o build: merge TrackMemory (`CURLDEBUG`) into debug-enabled option [46] + o build: opt-in MSVC to C99-style verbose logging logic [108] o checksrc: do not apply `BANNEDFUNC` to struct member functions [35] o checksrc: warn for leading spaces before the preprocessor hash [72] + o cmake: add `CURL_DROP_UNUSED` option to reduce binary sizes [105] + o cmake: always define `CURL::win32_winsock` on Windows in `curl-config.cmake` [104] + o cmake: enable binutils ld workaround for all toolchains at build-time [57] + o cmake: fix logic for openssl/zlib binutils ld workaround [71] o cmake: reference OpenSSL and ZLIB imported targets only when enabled [41] o cmake: silence silly Apple clang warnings in C89 mode, test in CI [14] o cmake: silence useless compiler warnings triggered by the FASTBuild generator [43] + o cmke: add `*_USE_STATIC_LIBS` options for 9 dependencies [49] o config-plan9: set `HAVE_STDINT_H` again [17] + o config2setopts: acknowledge OOM error from CURLOPT_MIMEPOST [120] o config2setopts: fix for --disable-aws build configuration [34] o curl: limit Windows-specific code to Windows builds, other tidy-ups [48] o curl_easy_nextheader.md: a new transfer invalidates 'prev' [69] @@ -65,15 +77,24 @@ This release includes the following bugfixes: o mprintf: drop old sprintf fallback [7] o mqtt: better too-big-message-check [73] o msvc: drop exception, make `BIT()` a bitfield with Visual Studio [2] + o multi: probe for IPv6 functionality in multi_init() [114] o ngtcp2: stabilize recv [18] + o noproxy: simplify, don't mix const non-const in strchr() [88] o openldap: avoid forward declarations in ldaps code [62] o plan9: drop special build and orphaned references [33] o ratelimit: download finetune [16] o REUSE: drop broken reference to `MAIL-ETIQUETTE` [59] + o runtests: pass config filename to stunnel in native format (Windows) [94] + o setopt: fix checking range for CURLOPT_MAXCONNECTS [92] o sigpipe: unset SA_SIGINFO since it is using sa_handler [40] + o socket: check result of SO_NOSIGPIPE [124] + o socketpair: set SO_NOSIGPIPE where possible [103] o tftp: correct the filename length check [70] + o timeout handling: auto-detect effective timeout [121] o tls: add new SSLSUPP flags for several options [32] + o tool: enable header separation for HTTPS proxies [106] o tool: improve error/warning messages when output filename sanitization fails [36] + o tool: return code variable consistency [84] o tool_cb_hdr: suppress header output when --out-null [10] o tool_dirhie: drop superfluous `F_OK` fallback (Windows) [8] o tool_doswin: document `ENABLE_VIRTUAL_TERMINAL_PROCESSING` toolchain support [44] @@ -84,6 +105,8 @@ This release includes the following bugfixes: o urldata: change 'keep_post' into three distinct bitfields [21] o urldata: convert 'long' fields to fixed variable types [47] o urldata: switch to uint* types [1] + o verbose.md: explain the { and } prefixes [96] + o winapi: use FormatMessageA instead of FormatMessageW [115] o wolfssl: fix build without USE_BIO_CHAIN [27] This release includes the following known bugs: @@ -105,13 +128,15 @@ Planned upcoming removals include: This release would not have looked like this without help, code, reports and advice from friends like these: - Andrew Kvalheim, Arnav-Purushotam-CUBoulder, calm329, Dag Haavi Finstad, - Daniel Gustafsson, Daniel Stenberg, dependabot[bot], Frank Buss, - gudyuu on hackerone, James Fuller, Joshua Vandaële, Maksim Ściepanienka, + Andrew Kvalheim, Arnav Purushotam, Arnav-Purushotam-CUBoulder, calm329, + Dag Haavi Finstad, Dan Fandrich, Daniel Gustafsson, Daniel Stenberg, + dEajL3kA, dependabot[bot], Frank Buss, gudyuu on hackerone, Jacek Migacz, + James Fuller, Joshua Vandaële, Kai Pastor, Maksim Ściepanienka, Megamouse on github, Michał Antoniak, Patrick Monnerat, Ray Satiro, - renovate[bot], Sascha Frinken, Stefan Eissing, Tomáš Malý, tommy, - Viktor Szakats, z2_, Йоте - (24 contributors) + renovate[bot], Rudi Heitbaum, Sascha Frinken, Stefan Eissing, + Thibault de Villèle, Tomáš Malý, tommy, Viktor Szakats, Wyuer on github, z2_, + Йоте + (32 contributors) References to bug reports and discussions on issues: @@ -136,6 +161,7 @@ References to bug reports and discussions on issues: [20] = https://curl.se/bug/?i=20260 [21] = https://curl.se/bug/?i=20262 [22] = https://curl.se/bug/?i=20259 + [23] = https://curl.se/bug/?i=20312 [24] = https://curl.se/bug/?i=20334 [25] = https://curl.se/bug/?i=20333 [27] = https://curl.se/bug/?i=20250 @@ -160,12 +186,15 @@ References to bug reports and discussions on issues: [46] = https://curl.se/bug/?i=20331 [47] = https://curl.se/bug/?i=20227 [48] = https://curl.se/bug/?i=20213 + [49] = https://curl.se/bug/?i=20015 [50] = https://curl.se/bug/?i=20295 + [51] = https://curl.se/bug/?i=20429 [52] = https://curl.se/bug/?i=20326 [53] = https://curl.se/bug/?i=20350 [54] = https://curl.se/bug/?i=20303 [55] = https://curl.se/bug/?i=20302 [56] = https://curl.se/bug/?i=20299 + [57] = https://curl.se/bug/?i=20382 [58] = https://curl.se/bug/?i=20298 [59] = https://curl.se/bug/?i=20348 [60] = https://curl.se/bug/?i=20296 @@ -179,6 +208,7 @@ References to bug reports and discussions on issues: [68] = https://curl.se/bug/?i=20346 [69] = https://curl.se/bug/?i=20285 [70] = https://hackerone.com/reports/3508321 + [71] = https://curl.se/bug/?i=20382 [72] = https://curl.se/bug/?i=20282 [73] = https://hackerone.com/reports/3508500 [74] = https://curl.se/bug/?i=20344 @@ -189,3 +219,21 @@ References to bug reports and discussions on issues: [80] = https://curl.se/bug/?i=20226 [81] = https://curl.se/bug/?i=19418 [82] = https://curl.se/bug/?i=18279 + [84] = https://curl.se/bug/?i=20426 + [85] = https://curl.se/bug/?i=20420 + [88] = https://curl.se/bug/?i=20425 + [92] = https://curl.se/bug/?i=20414 + [94] = https://curl.se/bug/?i=20413 + [96] = https://curl.se/bug/?i=20386 + [103] = https://curl.se/bug/?i=20397 + [104] = https://curl.se/bug/?i=20382 + [105] = https://curl.se/bug/?i=20357 + [106] = https://curl.se/bug/?i=20398 + [107] = https://curl.se/bug/?i=20385 + [108] = https://curl.se/bug/?i=20387 + [113] = https://curl.se/bug/?i=20341 + [114] = https://curl.se/bug/?i=20383 + [115] = https://curl.se/bug/?i=20261 + [120] = https://curl.se/bug/?i=20375 + [121] = https://curl.se/bug/?i=20347 + [124] = https://curl.se/bug/?i=20370