From 15e5ac6da8d4827e04c5a32d4672f58492615729 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 5 Dec 2025 23:51:47 +0100 Subject: [PATCH] RELEASE-NOTES: synced --- RELEASE-NOTES | 76 +++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 68 insertions(+), 8 deletions(-) diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 512bc5425d..af81fffb90 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -4,7 +4,7 @@ curl and libcurl 8.18.0 Command line options: 273 curl_easy_setopt() options: 308 Public functions in libcurl: 100 - Contributors: 3554 + Contributors: 3556 This release includes the following changes: @@ -50,11 +50,13 @@ This release includes the following bugfixes: o conncache: silence `-Wnull-dereference` on gcc 14 RISC-V 64 [17] o conncontrol: reuse handling [170] o connect: reshuffle Curl_timeleft_ms to avoid 'redundant condition' [100] + o connection: attached transfer count [228] o cookie: propagate errors better, cleanup the internal API [118] o cookie: return error on OOM [131] o cshutdn: acknowledge FD_SETSIZE for shutdown descriptors [25] o curl: fix progress meter in parallel mode [15] o curl_fopen: do not pass invalid mode flags to `open()` on Windows [84] + o curl_gssapi: make sure Curl_gss_log_error() has an initialized buffer [257] o curl_sasl: make Curl_sasl_decode_mech compare case insensitively [160] o curl_setup.h: document more funcs flagged by `_CRT_SECURE_NO_WARNINGS` [124] o curl_setup.h: drop stray `#undef stat` (Windows) [103] @@ -62,21 +64,28 @@ This release includes the following bugfixes: o CURLINFO: remove 'get' and 'get the' from each short desc [50] o CURLINFO_SCHEME/PROTOCOL: they return the "scheme" for a "transfer" [48] o CURLINFO_TLS_SSL_PTR.md: remove CURLINFO_TLS_SESSION text [49] + o CURLMOPT_SOCKETFUNCTION.md: fix the callback argument use [206] o CURLOPT_READFUNCTION.md: clarify the size of the buffer [47] o CURLOPT_SSH_KEYFUNCTION.md: fix minor indent mistake in example o curlx/fopen: replace open CRT functions their with `_s` counterparts (Windows) [204] o curlx/multibyte: stop setting macros for non-Windows [226] o curlx/strerr: use `strerror_s()` on Windows [75] + o curlx: limit use of system allocators to the minimum possible [169] o curlx: replace `mbstowcs`/`wcstombs` with `_s` counterparts (Windows) [143] o curlx: replace `sprintf` with `snprintf` [194] o curlx: use curlx allocators in non-memdebug builds (Windows) [155] o digest_sspi: fix a memory leak on error path [149] o digest_sspi: properly free sspi identity [12] o DISTROS.md: add OpenBSD [126] + o DISTROS: remove broken URLs for buildroot o doc: some returned in-memory data may not be altered [196] + o docs/libcurl: fix C formatting nits [207] + o docs: clarify how to do unix domain sockets with SOCKS proxy [240] o docs: fix checksrc `EQUALSPACE` warnings [21] o docs: mention umask need when curl creates files [56] + o docs: remove dead URLs o docs: spell it Rustls with a capital R [181] + o docs: use .example URLs for proxies o example: fix formatting nits [232] o examples/crawler: fix variable [92] o examples/multi-uv: fix invalid req->data access [177] @@ -84,6 +93,7 @@ This release includes the following bugfixes: o examples: fix minor typo [203] o examples: make functions/data static where missing [139] o examples: tidy-up headers and includes [138] + o FAQ: fix hackerone URL o file: do not pass invalid mode flags to `open()` on upload (Windows) [83] o ftp: refactor a piece of code by merging the repeated part [40] o ftp: remove #ifdef for define that is always defined [76] @@ -103,16 +113,22 @@ This release includes the following bugfixes: o http: handle oom error from Curl_input_digest() [192] o http: replace atoi use in Curl_http_follow with curlx_str_number [65] o http: the :authority header should never contain user+password [147] + o idn: avoid allocations and wcslen on Windows [247] o idn: fix memory leak in `win32_ascii_to_idn()` [173] o idn: use curlx allocators on Windows [165] o imap: make sure Curl_pgrsSetDownloadSize() does not overflow [200] o INSTALL-CMAKE.md: document static option defaults more [37] o krb5: fix detecting channel binding feature [187] o krb5_sspi: unify a part of error handling [80] + o ldap: call ldap_init() before setting the options [236] + o ldap: improve detection of Apple LDAP [174] + o ldap: provide version for "legacy" ldap as well [254] o lib/sendf.h: forward declare two structs [221] o lib: cleanup for some typos about spaces and code style [3] o lib: eliminate size_t casts [112] o lib: error for OOM when extracting URL query [127] + o lib: fix formatting nits (part 2) [253] + o lib: fix formatting nits (part 3) [248] o lib: fix formatting nits [215] o lib: fix gssapi.h include on IBMi [55] o lib: refactor the type of funcs which have useless return and checks [1] @@ -129,6 +145,7 @@ This release includes the following bugfixes: o m4/sectrust: fix test(1) operator [4] o manage: expand the 'libcurl support required' message [208] o mbedtls: fix potential use of uninitialized `nread` [8] + o mbedtls: sync format across log messages [213] o mbedtls_threadlock: avoid calloc, use array [244] o memdebug: add mutex for thread safety [184] o mk-ca-bundle.pl: default to SHA256 fingerprints with `-t` option [73] @@ -139,6 +156,7 @@ This release includes the following bugfixes: o multibyte: limit `curlx_convert_*wchar*()` functions to Unicode builds [135] o ngtcp2+openssl: fix leak of session [172] o ngtcp2: remove the unused Curl_conn_is_ngtcp2 function [85] + o noproxy: fix ipv6 handling [239] o noproxy: replace atoi with curlx_str_number [67] o openssl: exit properly on OOM when getting certchain [133] o openssl: fix a potential memory leak of bio_out [150] @@ -146,6 +164,7 @@ This release includes the following bugfixes: o openssl: no verify failf message unless strict [166] o openssl: release ssl_session if sess_reuse_cb fails [43] o openssl: remove code handling default version [28] + o openssl: simplify `HAVE_KEYLOG_CALLBACK` guard [212] o OS400/ccsidcurl: fix curl_easy_setopt_ccsid for non-converted blobs [94] o OS400/makefile.sh: fix shellcheck warning SC2038 [86] o osslq: code readability [5] @@ -153,7 +172,10 @@ This release includes the following bugfixes: o projects/README.md: Markdown fixes [148] o pytest fixes and improvements [159] o pytest: disable two H3 earlydata tests for all platforms (was: macOS) [116] + o pytest: fix and improve reliability [251] + o pytest: improve stragglers [252] o pytest: skip H2 tests if feature missing from curl [46] + o quiche: use client writer [255] o ratelimit: redesign [209] o rtmp: fix double-free on URL parse errors [27] o rtmp: precaution for a potential integer truncation [54] @@ -161,6 +183,7 @@ This release includes the following bugfixes: o runtests: detect bad libssh differently for test 1459 [11] o runtests: drop Python 2 support remains [45] o runtests: enable torture testing with threaded resolver [176] + o runtests: make memanalyzer a Perl module (for 1.1-2x speed-up per test run) [238] o rustls: fix a potential memory issue [81] o rustls: minor adjustment of sizeof() [38] o rustls: simplify init err path [219] @@ -178,21 +201,29 @@ This release includes the following bugfixes: o socks_sspi: use free() not FreeContextBuffer() [93] o speedcheck: do not trigger low speed cancel on transfers with CURL_READFUNC_PAUSE [113] o speedlimit: also reset on send unpausing [197] + o src: fix formatting nits [246] o ssh: tracing and better pollset handling [230] + o sws: fix binding to unix socket on Windows [214] o telnet: replace atoi for BINARY handling with curlx_str_number [66] o TEST-SUITE.md: correct the man page's path [136] o test07_22: fix flakiness [95] + o test1498: disable 'HTTP PUT from stdin' test on Windows [115] o test2045: replace HTML multi-line comment markup with `#` comments [36] + o test3207: enable memdebug for this test again [249] o test363: delete stray character (typo) from a section tag [52] + o test787: fix possible typo `&` -> `%` in curl option [241] o tests/data: replace hard-coded test numbers with `%TESTNUMBER` [33] o tests/data: support using native newlines on disk, drop `.gitattributes` [91] o tests/server: do not fall back to original data file in `test2fopen()` [32] o tests/server: replace `atoi()` and `atol()` with `curlx_str_number()` [110] + o tests: add `%AMP` macro, use it in two tests [245] o tests: allow 2500-2503 to use ~2MB malloc [31] o tests: fix formatting nits [225] o tftp: release filename if conn_get_remote_addr fails [42] o tftpd: fix/tidy up `open()` mode flags [57] + o tidy-up: avoid `(())`, clang-format fixes and more [141] o tidy-up: move `CURL_UNCONST()` out from macro `curl_unicodefree()` [121] + o TODO: remove a mandriva.com reference o tool: consider (some) curl_easy_setopt errors fatal [7] o tool: log when loading .curlrc in verbose mode [191] o tool_cfgable: free ssl-sessions at exit [123] @@ -212,6 +243,7 @@ This release includes the following bugfixes: o tool_urlglob: clean up used memory on errors better [44] o tool_writeout: bail out proper on OOM [104] o url: fix return code for OOM in parse_proxy() [193] + o url: if curl_url_get() fails due to OOM, error out properly [205] o url: if OOM in parse_proxy() return error [132] o urlapi: fix mem-leaks in curl_url_get error paths [22] o urlapi: handle OOM properly when setting URL [180] @@ -253,14 +285,15 @@ advice from friends like these: Aleksandr Sergeev, Aleksei Bavshin, Andrew Kirillov, BANADDA, boingball, Brad King, bttrfl on github, Christian Schmitz, Dan Fandrich, Daniel McCarney, Daniel Stenberg, Deniz Parlak, Fd929c2CE5fA on github, - ffath-vo on github, Gisle Vanem, Jiyong Yang, Juliusz Sosinowicz, Kai Pastor, - Leonardo Taccari, letshack9707 on hackerone, Marc Aldorasi, Marcel Raad, - Max Faxälv, nait-furry, ncaklovic on github, Nick Korepanov, - Omdahake on github, Patrick Monnerat, pelioro on hackerone, Ray Satiro, - renovate[bot], Samuel Henrique, st751228051 on github, Stanislav Fort, - Stefan Eissing, Sunny, Thomas Klausner, Viktor Szakats, Wesley Moore, + ffath-vo on github, Georg Schulz-Allgaier, Gisle Vanem, Greg Hudson, + Jiyong Yang, Juliusz Sosinowicz, Kai Pastor, Leonardo Taccari, + letshack9707 on hackerone, Marc Aldorasi, Marcel Raad, Max Faxälv, + nait-furry, ncaklovic on github, Nick Korepanov, Omdahake on github, + Patrick Monnerat, pelioro on hackerone, Ray Satiro, renovate[bot], + Samuel Henrique, st751228051 on github, Stanislav Fort, Stefan Eissing, + Sunny, Theo Buehler, Thomas Klausner, Viktor Szakats, Wesley Moore, Xiaoke Wang, Yedaya Katsman - (41 contributors) + (44 contributors) References to bug reports and discussions on issues: @@ -377,6 +410,7 @@ References to bug reports and discussions on issues: [112] = https://curl.se/bug/?i=19495 [113] = https://curl.se/bug/?i=19653 [114] = https://curl.se/bug/?i=19605 + [115] = https://curl.se/bug/?i=19855 [116] = https://curl.se/bug/?i=19724 [117] = https://curl.se/bug/?i=19644 [118] = https://curl.se/bug/?i=19493 @@ -402,6 +436,7 @@ References to bug reports and discussions on issues: [138] = https://curl.se/bug/?i=19580 [139] = https://curl.se/bug/?i=19579 [140] = https://curl.se/bug/?i=19175 + [141] = https://curl.se/bug/?i=19854 [142] = https://curl.se/bug/?i=19572 [143] = https://curl.se/bug/?i=19581 [144] = https://curl.se/bug/?i=19571 @@ -429,10 +464,12 @@ References to bug reports and discussions on issues: [166] = https://curl.se/bug/?i=19615 [167] = https://curl.se/bug/?i=19609 [168] = https://curl.se/bug/?i=19612 + [169] = https://curl.se/bug/?i=19748 [170] = https://curl.se/bug/?i=19333 [171] = https://curl.se/bug/?i=19714 [172] = https://curl.se/bug/?i=19717 [173] = https://curl.se/bug/?i=19789 + [174] = https://curl.se/bug/?i=19849 [175] = https://curl.se/bug/?i=19784 [176] = https://curl.se/bug/?i=19786 [177] = https://curl.se/bug/?i=19462 @@ -461,10 +498,16 @@ References to bug reports and discussions on issues: [202] = https://curl.se/bug/?i=19669 [203] = https://curl.se/bug/?i=19683 [204] = https://curl.se/bug/?i=19643 + [205] = https://curl.se/bug/?i=19838 + [206] = https://curl.se/bug/?i=19840 + [207] = https://curl.se/bug/?i=19844 [208] = https://curl.se/bug/?i=19665 [209] = https://curl.se/bug/?i=19384 [210] = https://curl.se/bug/?i=19769 [211] = https://curl.se/bug/?i=19768 + [212] = https://curl.se/bug/?i=19843 + [213] = https://curl.se/bug/?i=19842 + [214] = https://curl.se/bug/?i=19812 [215] = https://curl.se/bug/?i=19764 [217] = https://curl.se/bug/?i=19763 [219] = https://curl.se/bug/?i=19759 @@ -474,8 +517,25 @@ References to bug reports and discussions on issues: [223] = https://curl.se/bug/?i=16973 [225] = https://curl.se/bug/?i=19754 [226] = https://curl.se/bug/?i=19751 + [228] = https://curl.se/bug/?i=19836 [230] = https://curl.se/bug/?i=19745 [232] = https://curl.se/bug/?i=19746 + [236] = https://curl.se/bug/?i=19830 + [238] = https://curl.se/bug/?i=19786 + [239] = https://curl.se/bug/?i=19828 + [240] = https://curl.se/bug/?i=19829 + [241] = https://curl.se/bug/?i=19826 [242] = https://curl.se/bug/?i=19734 [243] = https://curl.se/bug/?i=19733 [244] = https://curl.se/bug/?i=19732 + [245] = https://curl.se/bug/?i=19824 + [246] = https://curl.se/bug/?i=19823 + [247] = https://curl.se/bug/?i=19798 + [248] = https://curl.se/bug/?i=19811 + [249] = https://curl.se/bug/?i=19813 + [251] = https://curl.se/bug/?i=19970 + [252] = https://curl.se/bug/?i=19809 + [253] = https://curl.se/bug/?i=19800 + [254] = https://curl.se/bug/?i=19808 + [255] = https://curl.se/bug/?i=19803 + [257] = https://curl.se/bug/?i=19802 -- 2.47.3