From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 10 Sep 2025 10:54:59 +0000 (+0200)
Subject: RELEASE-NOTES: synced
X-Git-Tag: rc-8_17_0-1~414
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=31f0f0a0609bc8cc4ce665907b58b90330f69f5c;p=thirdparty%2Fcurl.git

RELEASE-NOTES: synced

and bump include/curl/curlver.h
---

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 5b9f4324af..04e1ad4779 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -1,6 +1,6 @@
-curl and libcurl 8.16.0
+curl and libcurl 8.16.1
 
- Public curl releases:         270
+ Public curl releases:         271
  Command line options:         272
  curl_easy_setopt() options:   308
  Public functions in libcurl:  98
@@ -8,286 +8,12 @@ curl and libcurl 8.16.0
 
 This release includes the following changes:
 
- o build: bump minimum required mingw-w64 to v3.0 (from v1.0) [33]
- o curl: add --follow [129]
- o curl: add --out-null [101]
- o curl: add --parallel-max-host to limit concurrent connections per host [81]
- o curl: make --retry-delay and --retry-max-time accept decimal seconds [112]
- o hostip: cache negative name resolves [175]
- o ip happy eyeballing: keep attempts running [80]
- o mbedtls: bump minimum version required to 3.2.0 [180]
- o multi: add curl_multi_get_offt [56]
- o multi: add CURLMOPT_NETWORK_CHANGED to signal network changed [84]
- o netrc: use the NETRC environment variable (first) if set [70]
- o smtp: allow suffix behind a mail address for RFC 3461 [127]
- o tls: make default TLS version be minimum 1.2 [71]
- o tool_getparam: add support for `--longopt=value` [69]
- o vquic: drop msh3 [8]
- o websocket: support CURLOPT_READFUNCTION [193]
- o writeout: add %time{} [74]
 
 This release includes the following bugfixes:
 
- o _PROTOCOLS.md: mention file:// is only for absolute paths [102]
- o acinclude: --with-ca-fallback only works with OpenSSL [217]
- o alpn: query filter [104]
- o ares: destroy channel on shutdown [178]
- o ares: use `ares_strerror()` to retrieve error messages [236]
- o asyn-thrdd: fix --disable-socketpair builds [235]
- o asyn-thrdd: fix Curl_async_pollset without socketpair [205]
- o asyn-thrdd: fix no `HAVE_GETADDRINFO` builds [214]
- o asyn-thrdd: manage DEFERRED and locks better [228]
- o autotools: make curl-config executable [253]
- o aws-lc: do not use large buffer [250]
- o BINDINGS.md: add LibQurl [156]
- o bufq: add integer overflow checks before chunk allocations [108]
- o bufq: removed "Useless Assignment" [188]
- o bufq: simplify condition [207]
- o build: allow libtests/clients to use libcurl dependencies directly [87]
- o build: disable `TCP_NODELAY` for emscripten [176]
- o build: enable _GNU_SOURCE on GNU/Hurd [27]
- o build: extend GNU C guards to clang where applicable, fix fallouts [61]
- o build: fix build errors/warnings in rare configurations [7]
- o build: fix disable-verbose [48]
- o build: fix mingw-w64 version guard for mingw32ce [124]
- o build: if no perl, fix to use the pre-built hugehelp, if present [144]
- o build: link to Apple frameworks required by static wolfSSL [40]
- o build: support LibreSSL native crypto lib with ngtcp2 1.15.0+ [209]
- o build: tidy up compiler definition for tests [37]
- o cf-https-connect: delete unused declaration [15]
- o clang-tidy: disable `clang-analyzer-security.ArrayBound` [265]
- o cmake: `CURL_CA_FALLBACK` only works with OpenSSL [215]
- o cmake: capitalize 'Rustls' in the config summary
- o cmake: defer building `unitprotos.h` till a test target needs it [75]
- o cmake: define `WIN32_LEAN_AND_MEAN` for examples [159]
- o cmake: drop redundant unity mode for `curlinfo` [155]
- o cmake: enable `-Wall` for MSVC 1944 [128]
- o cmake: fix `ENABLE_UNIX_SOCKETS=OFF` with pre-fill enabled on unix
- o cmake: fix setting LTO properties on the wrong targets [258]
- o cmake: fix to disable Schannel and SSPI for non-Windows targets
- o cmake: fix to restrict `SystemConfiguration` to macOS [139]
- o cmake: honor `CMAKE_C_FLAGS` in test 1119 and 1167 [206]
- o cmake: improve error message for invalid HTTP/3 MultiSSL configs [187]
- o cmake: keep websockets disabled if HTTP is disabled
- o cmake: make `runtests` targets build the curl tool [32]
- o cmake: make the ExternalProject test work [183]
- o cmake: omit linking duplicate/unnecessary libs to tests & examples [45]
- o cmake: re-add simple test target, and name it `tests` [142]
- o cmake: set `CURL_DIRSUFFIX` automatically in multi-config builds [154]
- o CODE_STYLE: sync with recent `checksrc.pl` updates [49]
- o config-win32.h: do not use winsock2 `inet_ntop()`/`inet_pton()` [58]
- o configure: if no perl, disable unity and shell completion, related tidy ups [137]
- o configure: tidy up internal names in ngtcp2 ossl detection logic [212]
- o connectdata: remove primary+secondary ip_quadruple [126]
- o connection: terminate after goaway [62]
- o contrithanks: fix for BSD `sed` tool [98]
- o cookie: don't treat the leading slash as trailing [185]
- o cookie: remove expired cookies before listing [158]
- o curl-config: remove X prefix use [138]
- o curl/system.h: fix for GCC 3.3.x and older [38]
- o curl: make the URL indexes 64 bit [117]
- o curl: tool_read_cb fix of segfault [18]
- o curl_addrinfo: drop workaround for old-mingw [14]
- o curl_easy_ssls_export: make the example more clear [78]
- o curl_fnmatch, servers: drop local macros in favour of `sizeof()` [21]
- o curl_mime_data_cb.md: mention what datasize is for [107]
- o curl_ossl: extend callback table for nghttp3 1.11.0 [46]
- o curl_setup.h: include `stdint.h` earlier [260]
- o curl_setup.h: move UWP detection after `config-win32.h` (revert) [51]
- o curl_setup.h: move UWP detection after `config-win32.h` [23]
- o CURLINFO_FILETIME*.md: correct the examples [242]
- o CURLOPT: bump `CURL_REDIR_*` macros to `long` [110]
- o CURLOPT: bump `CURL_SSLVERSION_*` macros to `long` [149]
- o CURLOPT: bump `CURLALTSVC_*` macros to `long` [96]
- o CURLOPT: bump `CURLFTP*` enums to `long`, drop casts [54]
- o CURLOPT: bump `CURLHEADER_*` macros to `long`, drop casts [94]
- o CURLOPT: bump `CURLPROTO_*` macros to `long` [148]
- o CURLOPT: bump `CURLPROXY_*` enums to `long`, drop casts [95]
- o CURLOPT: bump `CURLWS_NOAUTOPONG`, `CURLWS_RAW_MODE` macros to `long` [150]
- o CURLOPT: bump remaining macros to `long` [147]
- o CURLOPT: drop redundant `long` casts [55]
- o CURLOPT: replace `(long)` cast with `L` suffix for `CURLHSTS_*` macros
- o CURLOPT_HTTP_VERSION: mention new default value [179]
- o CURLOPT_SSL_CTX_*: replace the base64 with XXXX [171]
- o delta: fix warnings, fix for non-GNU `date` tool [99]
- o DEPRECATE.md: drop old OpenSSL versions [266]
- o DEPRECATE.md: drop support for c-ares versions before 1.16.0 [191]
- o DEPRECATE.md: drop support for Windows XP/2003 [31]
- o DEPRECATE.md: remove leftover "nothing" [57]
- o DISTROS.md: add Haiku [39]
- o docs/cmdline-opts: the auth types are not mutually exclusive [103]
- o docs: add CURLOPT type change history, drop casts where present [143]
- o docs: add major incident section to vuln disclosure policy [271]
- o docs: fix link CONTRIBUTE.md link [192]
- o docs: fix name in curl_easy_ssls_export man page [12]
- o docs: fix typo (staring -> starting) [211]
- o docs: point two broken links to archive.org [134]
- o docs: put `<>` within backticks in titles [261]
- o doh: rename symbols to avoid collision with mingw-w64 headers [66]
- o easy handle: check validity on external calls [28]
- o examples: drop long cast for `CURLALTSVC_*`
- o examples: make `CURLPIPE_MULTIPLEX` fallback `long` [233]
- o examples: remove base64 encoded chunks from examples [189]
- o examples: remove href_extractor.c [186]
- o ftp: store dir components as start+len instead of memdup'ing [198]
- o ftp: use 'conn' instead of 'data->conn' [208]
- o gnutls: fix building with older supported GnuTLS versions [241]
- o gnutls: some small cleanups [41]
- o hmac: return error if init fails [2]
- o hostip: do DNS cache pruning in milliseconds [132]
- o HTTP3.md: avoid `configure` issue for ngtcp2 1.14.0+ compatibility [182]
- o http: const up readonly H2_NON_FIELD [10]
- o http: do the cookie list access under lock [270]
- o http: silence `-Warray-bounds` with gcc 13+ [44]
- o idn: reject conversions that end up as a zero length hostname [273]
- o inet_pton, inet_ntop: drop declarations when unused [59]
- o lib1560: fix memory leak when run without UTF-8 support [17]
- o lib1560: replace an `int` with `bool` [97]
- o lib2700: use `testnum` [151]
- o lib517: use `LL` 64-bit literals & re-enable a test case (`time_t`) [100]
- o lib: drop `UNUSED_PARAM` macro [259]
- o libcurl: reset rewind flag in curl_easy_reset() [184]
- o libssh: Use sftp_aio instead of sftp_async for sftp_recv [92]
- o libtests: update format strings to avoid casts, drop some macros [109]
- o libtests: use `FMT_SOCKET_T`, drop more casts [136]
- o managen: reset text mode at end of table marker [145]
- o mbedtls: check for feature macros instead of version [166]
- o mdlinkcheck: handle links with a leading slash properly [195]
- o memanalyze: fix warnings [22]
- o memory: make function overrides work reliably in unity builds [93]
- o multi event: remove only announced [25]
- o multi: don't insert a node into the splay tree twice [68]
- o multi: fix assert in multi_getsock() [53]
- o multi: fix bad splay management [133]
- o multi: process pending, one by one [90]
- o multi: replace remaining EXPIRE_RUN_NOW [67]
- o multissl: initialize when requesting a random number [30]
- o ngtcp2: extend callback tables for nghttp3 1.11.0 and ngtcp2 1.14.0 [47]
- o ngtcp2: handshake timeout should be equal to --connect-timeout [262]
- o ngtcp2: use custom mem funcs [204]
- o openldap: fix `-Wtentative-definition-compat` [268]
- o openssl: add and use `HAVE_BORINGSSL_LIKE` internal macro [222]
- o openssl: add and use `HAVE_OPENSSL3` internal macro [223]
- o openssl: assume `OPENSSL_VERSION_NUMBER` [181]
- o openssl: auto-pause on verify callback retry [167]
- o openssl: check SSL_write() length on retries [152]
- o openssl: clear errors after a failed `d2i_X509()` [161]
- o openssl: drop more legacy cruft [224]
- o openssl: drop redundant `HAVE_OPENSSL_VERSION` macro [221]
- o openssl: drop redundant version check [246]
- o openssl: drop single-use interim macro `USE_OPENSSL_SRP` [201]
- o openssl: enable `HAVE_KEYLOG_CALLBACK` for AWS-LC [220]
- o openssl: merge two `#if` blocks [218]
- o openssl: output unescaped utf8 x509 issuer/subject DNs [169]
- o openssl: remove legacy cruft, document macro guards [231]
- o openssl: save and restore OpenSSL error queue in two functions [172]
- o openssl: some small cleanups [42]
- o openssl: split cert_stuff into smaller sub functions [72]
- o openssl: sync an AWS-LC guard with BoringSSL [199]
- o openssl: use `RSA_flags()` again with BoringSSL [219]
- o parallel-max: bump the max value to 65535 [86]
- o parsedate: make Curl_getdate_capped able to return epoch [229]
- o processhelp.pm: fix to use the correct null device on Windows [164]
- o processhelp.pm: use `Win32::Process*` perl modules if available [200]
- o projects: drop unused logic from `generate.bat` [157]
- o projects: fix Windows project 'clean' function [203]
- o pytest: add SOCKS tests and scoring [9]
- o pytest: fix test_17_09_ssl_min_max for BoringSSL [197]
- o pytest: increase server KeepAliveTimeout [26]
- o pytest: relax error check on test_07_22 [16]
- o resolving: dns error tracing [196]
- o runtests: assume `Time::HiRes`, drop Perl Win32 dependency [163]
- o runtests: remove warning message [230]
- o runtests: replace `--ci` with `--buidinfo`, show OS/Perl version again [247]
- o runtests: show still running tests when nothing has happened for a while [227]
- o schannel: add an error message for client cert not found [165]
- o schannel: assume `CERT_CHAIN_REVOCATION_CHECK_CHAIN` [114]
- o schannel: drop fallbacks for 4 macros [121]
- o schannel: drop fallbacks for unused `BCRYPT_*` macros [122]
- o schannel: drop old-mingw special case [77]
- o schannel: fix recent update for mingw32ce [123]
- o schannel: fix renegotiation [202]
- o schannel: improve handshake procedure [239]
- o schannel: not supported with UWP, drop redundant code [105]
- o schannel: use if(result) like the code style says [125]
- o scripts: enable strict warnings in Perl where missing, fix fallouts [63]
- o scripts: fix two Perl uninitialized value warnings [60]
- o sendf: getting less data than "max allowed" is okay [170]
- o servers: convert two macros to scoped static const strings [89]
- o setopt: refactor out the booleans from setopt_long to setopt_bool [83]
- o setopt: split out cookielist() and cookiefile() [130]
- o socks: do_SOCKS5: Fix invalid buffer content on short send [43]
- o socks_sspi: simplify, clean up Curl_SOCKS5_gssapi_negotiate [237]
- o spacecheck.pl: when detecting unicode, mention line number [85]
- o spacecheck: warn for 3+ empty lines in a row, fix fallouts [240]
- o spelling: file system [232]
- o test1148: drop redundant `LC_NUMBER=` env setting [13]
- o test1557: pass `long` type to `multi_setopt()` [234]
- o test1560: set locale/codeset with `LC_ALL` (was: `LANG`), test in CI [19]
- o test1560: skip some URLs if UTF-8 is not supported [34]
- o test1: raise alloc limits [11]
- o test428: re-enable for Windows [5]
- o test436: fix running on Windows with `_curlrc` present [153]
- o test: add `cygwin` feature and use it (test 1056, 1517) [249]
- o tests/ech_tests.sh: indent, if/for style, inline ifs [131]
- o tests: constify command-line arguments [82]
- o tests: delete unused commands [177]
- o tests: drop unused `BLANK` envs, unset `CURL_NOT_SET` [248]
- o tests: drop unused `CURL_FORCEHOST` envs [36]
- o tests: fix perl warnings in http2-server, http3-server [119]
- o tests: fix prechecks to call the bundle libtest tool [120]
- o tests: fix UTF-8 detection, per-test `LC_*` settings, CI coverage [6]
- o tests: merge clients into libtests, drop duplicate code [76]
- o tests: remove the QUIT filters [210]
- o tests: set `CURL_ENTROPY` per test, not globally [35]
- o tests: unset some envs instead of blanking them [4]
- o threaded-resolver: fix shutdown [252]
- o tidy-up: `Curl_thread_create()` callback return type [20]
- o tidy-up: move literal to the right side of comparisons [65]
- o tidy-up: prefer `ifdef`/`ifndef` for single checks [64]
- o tls: CURLINFO_TLS_SSL_PTR testing [79]
- o TODO: remove session export item [194]
- o TODO: remove the expand ~ idea [216]
- o tool_cb_wrt: stop alloc/free for every chunk windows console output [140]
- o tool_filetime: accept setting negative filetime [256]
- o tool_getparam: let --trace-config override -v [238]
- o tool_getparam: warn on more unicode prefixes [275]
- o tool_operate: avoid superfluous strdup'ing output [1]
- o tool_operate: use stricter curl_multi_setopt() arguments [225]
- o tool_operate: use the correct config pointer [115]
- o tool_paramhlp: fix secs2ms() [116]
- o tool_parsecfg: use dynbuf for quoted arguments [162]
- o tool_urlglob: add integer overflow protection [244]
- o tool_urlglob: polish, cleanups, improvements [141]
- o typecheck-gcc: add type checks for curl_multi_setopt() [226]
- o unit-tests: build the unitprotos.h from here [73]
- o unit2604: avoid `UNCONST()` [135]
- o URL-SYNTAX.md: drop link to codepoints.net to pass linkcheck [190]
- o urlapi: allow more path characters "raw" when asked to URL encode [146]
- o urldata: reduce two long struct fields to unsigned short [174]
- o urlglob: only accept 255 globs
- o vquic-tls: fix SSL backend type for QUIC connections using gnutls [29]
- o vquic: replace assert [254]
- o vquic: use curl_getenv [168]
- o vtls: set seen http version on successful ALPN [160]
- o websocket example: cast print values to unsigned int [251]
- o websocket: handling of PONG frames [213]
- o websocket: improve handling of 0-len frames [269]
- o websocket: reset upload_done when sending data [245]
- o windows: assume `ADDRESS_FAMILY`, drop feature checks [88]
- o windows: document toolchain support for `CERT_NAME_SEARCH_ALL_NAMES_FLAG`
- o windows: document toolchain support for some macros (cont.) [111]
- o windows: document toolchain support for some macros [113]
- o windows: drop `CRYPT_E_*` macro fallbacks, limit one to mingw32ce [118]
- o windows: drop two interim, single-use macros [106]
- o windows: drop unused `curlx/version_win32.h` includes [52]
- o windows: fix `if_nametoindex()` detection with autotools, improve with cmake [24]
- o windows: include `wincrypt.h` before `iphlpapi.h` for mingw-w64 <6 [50]
- o windows: target version macro tidy-ups [3]
- o wolfssl: rename ML-KEM hybrids to match IETF draft [173]
- o write-out.md: header_json is not included the json object [243]
- o ws: avoid NULL pointer deref in curl_ws_recv [91]
- o ws: get a new mask for each new outgoing frame [255]
+ o curl_easy_getinfo: error code on NULL arg [2]
+ o easy_getinfo: check magic, Curl_close safety [3]
+ o quic: ignore EMSGSIZE on receive [4]
 
 This release includes the following known bugs:
 
@@ -311,295 +37,11 @@ Planned upcoming removals include:
 This release would not have looked like this without help, code, reports and
 advice from friends like these:
 
-  adamse on github, Ahmad Gani, Alice Lee Poetics, Ammar Faizi,
-  Andrew Kirillov, Andriy Druk, Anthony Hu, Berthin Torres Callañaupa,
-  BobodevMm on github, Calvin Ruocco, Caolán McNamara, Cole Leavitt,
-  correctmost on github, d1r3ct0r, Dan Fandrich, Daniel Böhmer, Daniel Engberg,
-  Daniel McCarney, Daniel Stenberg, David Zhuang, devgs on github,
-  Dominik Tomecki, Dustin L. Howett, Eshan Kelkar, Florian Friedrich,
-  Gabriel Marin, Gisle Vanem, Google Big Sleep, Harry Sintonen,
-  IoannisGS on github, James Fuller, Jelle Raaijmakers, Jeroen Ooms,
-  Kai Pastor, Karthik Das, kkmuffme on github, kupavcevdenis on github,
-  letshack9707 on hackerone, lf- on github, LoRd_MuldeR, Marcel Raad,
-  Michael Osipov, Michał Petryka, Natris on github, nevakrien on github,
-  Oxan van Leeuwen, Paul Gilmartin, Pavel Kropachev, Petar Popovic,
-  Philippe Antoine, Pino Toscano, Qriist on github, Ray Satiro,
-  renovate[bot], RepoRascal on hackerone, rm-rmonaghan on github,
-  Roberto Hidalgo, Samuel Henrique, Schrijvers Luc, Sebastian Carlos,
-  Sergio Durigan Junior, Simon Dalvai, Stanislav Osipov, Stefan Eissing,
-  stephannn on github, sunriseL, Tal Regev, Terence Eden, Todd Gamblin,
-  Viktor Szakats, Waldemar Kornewald, XCas13, xfangfang, yaoy6 on github,
-  Yedaya Katsman, ウさん
-  (76 contributors)
+  Daniel Stenberg, Ethan Everett, Stefan Eissing
+  (3 contributors)
 
 References to bug reports and discussions on issues:
 
- [1] = https://curl.se/bug/?i=17946
- [2] = https://curl.se/bug/?i=18008
- [3] = https://curl.se/bug/?i=17981
- [4] = https://curl.se/bug/?i=17994
- [5] = https://curl.se/bug/?i=17991
- [6] = https://curl.se/bug/?i=17988
- [7] = https://curl.se/bug/?i=17962
- [8] = https://curl.se/bug/?i=17729
- [9] = https://curl.se/bug/?i=17986
- [10] = https://curl.se/bug/?i=17996
- [11] = https://curl.se/bug/?i=18004
- [12] = https://curl.se/bug/?i=17995
- [13] = https://curl.se/bug/?i=17993
- [14] = https://curl.se/bug/?i=18038
- [15] = https://curl.se/bug/?i=18036
- [16] = https://curl.se/bug/?i=18050
- [17] = https://curl.se/bug/?i=17998
- [18] = https://curl.se/bug/?i=17978
- [19] = https://curl.se/bug/?i=17938
- [20] = https://curl.se/bug/?i=17889
- [21] = https://curl.se/bug/?i=17898
- [22] = https://curl.se/bug/?i=18049
- [23] = https://curl.se/bug/?i=17980
- [24] = https://curl.se/bug/?i=17982
- [25] = https://curl.se/bug/?i=17949
- [26] = https://curl.se/bug/?i=17968
- [27] = https://curl.se/bug/?i=17975
- [28] = https://curl.se/bug/?i=17958
- [29] = https://curl.se/bug/?i=17976
- [30] = https://curl.se/bug/?i=17963
- [31] = https://curl.se/bug/?i=18016
- [32] = https://curl.se/bug/?i=17967
- [33] = https://curl.se/bug/?i=17984
- [34] = https://curl.se/bug/?i=17933
- [35] = https://curl.se/bug/?i=17971
- [36] = https://curl.se/bug/?i=17972
- [37] = https://curl.se/bug/?i=17768
- [38] = https://curl.se/bug/?i=17951
- [39] = https://curl.se/bug/?i=17953
- [40] = https://github.com/microsoft/vcpkg/pull/46444#pullrequestreview-3026575393
- [41] = https://curl.se/bug/?i=17941
- [42] = https://curl.se/bug/?i=17940
- [43] = https://curl.se/bug/?i=17942
- [44] = https://curl.se/bug/?i=18030
- [45] = https://curl.se/bug/?i=17696
- [46] = https://curl.se/bug/?i=18026
- [47] = https://curl.se/bug/?i=18019
- [48] = https://curl.se/bug/?i=18053
- [49] = https://curl.se/bug/?i=18015
- [50] = https://curl.se/bug/?i=18012
- [51] = https://curl.se/bug/?i=18014
- [52] = https://curl.se/bug/?i=18011
- [53] = https://curl.se/bug/?i=18046
- [54] = https://curl.se/bug/?i=17797
- [55] = https://curl.se/bug/?i=17791
- [56] = https://curl.se/bug/?i=17992
- [57] = https://curl.se/bug/?i=18044
- [58] = https://curl.se/bug/?i=18045
- [59] = https://curl.se/bug/?i=18043
- [60] = https://curl.se/bug/?i=18047
- [61] = https://curl.se/bug/?i=17955
- [62] = https://curl.se/bug/?i=17884
- [63] = https://curl.se/bug/?i=17877
- [64] = https://curl.se/bug/?i=18018
- [65] = https://curl.se/bug/?i=17876
- [66] = https://curl.se/bug/?i=18041
- [67] = https://curl.se/bug/?i=17883
- [68] = https://curl.se/bug/?i=18005
- [69] = https://curl.se/bug/?i=17789
- [70] = https://curl.se/bug/?i=17712
- [71] = https://curl.se/bug/?i=17894
- [72] = https://curl.se/bug/?i=18081
- [73] = https://curl.se/bug/?i=18088
- [74] = https://curl.se/bug/?i=18119
- [75] = https://curl.se/bug/?i=18086
- [76] = https://curl.se/bug/?i=18079
- [77] = https://curl.se/bug/?i=18084
- [78] = https://curl.se/bug/?i=18117
- [79] = https://curl.se/bug/?i=18066
- [80] = https://curl.se/bug/?i=18105
- [81] = https://curl.se/bug/?i=18052
- [82] = https://curl.se/bug/?i=18076
- [83] = https://curl.se/bug/?i=17887
- [84] = https://curl.se/bug/?i=17225
- [85] = https://curl.se/bug/?i=18120
- [86] = https://curl.se/bug/?i=18068
- [87] = https://curl.se/bug/?i=18069
- [88] = https://curl.se/bug/?i=18057
- [89] = https://curl.se/bug/?i=18067
- [90] = https://curl.se/bug/?i=18017
- [91] = https://curl.se/bug/?i=18065
- [92] = https://curl.se/bug/?i=17440
- [93] = https://curl.se/bug/?i=17827
- [94] = https://curl.se/bug/?i=18055
- [95] = https://curl.se/bug/?i=18054
- [96] = https://curl.se/bug/?i=18063
- [97] = https://curl.se/bug/?i=18064
- [98] = https://curl.se/bug/?i=18062
- [99] = https://curl.se/bug/?i=18061
- [100] = https://curl.se/bug/?i=18032
- [101] = https://curl.se/bug/?i=17800
- [102] = https://curl.se/bug/?i=18060
- [103] = https://curl.se/bug/?i=18059
- [104] = https://curl.se/bug/?i=17947
- [105] = https://curl.se/bug/?i=18116
- [106] = https://curl.se/bug/?i=18114
- [107] = https://curl.se/bug/?i=18115
- [108] = https://curl.se/bug/?i=18112
- [109] = https://curl.se/bug/?i=18106
- [110] = https://curl.se/bug/?i=18110
- [111] = https://curl.se/bug/?i=18113
- [112] = https://curl.se/bug/?i=18109
- [113] = https://curl.se/bug/?i=18085
- [114] = https://curl.se/bug/?i=18108
- [115] = https://curl.se/bug/?i=18200
- [116] = https://curl.se/bug/?i=18167
- [117] = https://curl.se/bug/?i=18096
- [118] = https://curl.se/bug/?i=18092
- [119] = https://curl.se/bug/?i=18100
- [120] = https://curl.se/bug/?i=18099
- [121] = https://curl.se/bug/?i=18093
- [122] = https://curl.se/bug/?i=18091
- [123] = https://curl.se/bug/?i=18097
- [124] = https://curl.se/bug/?i=18095
- [125] = https://curl.se/bug/?i=18094
- [126] = https://curl.se/bug/?i=17960
- [127] = https://curl.se/bug/?i=16643
- [128] = https://curl.se/bug/?i=18165
- [129] = https://curl.se/bug/?i=16543
- [130] = https://curl.se/bug/?i=18162
- [131] = https://curl.se/bug/?i=18187
- [132] = https://curl.se/bug/?i=18160
- [133] = https://curl.se/bug/?i=18201
- [134] = https://curl.se/bug/?i=18393
- [135] = https://curl.se/bug/?i=18143
- [136] = https://curl.se/bug/?i=18142
- [137] = https://curl.se/bug/?i=18141
- [138] = https://curl.se/bug/?i=18158
- [139] = https://curl.se/bug/?i=18149
- [140] = https://curl.se/bug/?i=18233
- [141] = https://curl.se/bug/?i=18198
- [142] = https://curl.se/bug/?i=18145
- [143] = https://curl.se/bug/?i=18130
- [144] = https://curl.se/bug/?i=18118
- [145] = https://curl.se/bug/?i=18139
- [146] = https://curl.se/bug/?i=17977
- [147] = https://curl.se/bug/?i=18134
- [148] = https://curl.se/bug/?i=18136
- [149] = https://curl.se/bug/?i=18135
- [150] = https://curl.se/bug/?i=18137
- [151] = https://curl.se/bug/?i=18138
- [152] = https://curl.se/bug/?i=18121
- [153] = https://curl.se/bug/?i=18242
- [154] = https://curl.se/bug/?i=18241
- [155] = https://curl.se/bug/?i=18238
- [156] = https://curl.se/bug/?i=18195
- [157] = https://curl.se/bug/?i=18397
- [158] = https://curl.se/bug/?i=18299
- [159] = https://curl.se/bug/?i=18232
- [160] = https://curl.se/bug/?i=18177
- [161] = https://curl.se/bug/?i=18190
- [162] = https://curl.se/bug/?i=18230
- [163] = https://curl.se/bug/?i=18287
- [164] = https://curl.se/bug/?i=18282
- [165] = https://curl.se/bug/?i=18124
- [166] = https://curl.se/bug/?i=18271
- [167] = https://curl.se/mail/lib-2025-08/0012.html
- [168] = https://curl.se/bug/?i=18170
- [169] = https://curl.se/bug/?i=18171
- [170] = https://curl.se/bug/?i=18283
- [171] = https://curl.se/bug/?i=18261
- [172] = https://curl.se/bug/?i=18190
- [173] = https://curl.se/bug/?i=18123
- [174] = https://curl.se/bug/?i=18173
- [175] = https://curl.se/bug/?i=18157
- [176] = https://curl.se/bug/?i=17974
- [177] = https://curl.se/bug/?i=18319
- [178] = https://curl.se/bug/?i=18216
- [179] = https://curl.se/bug/?i=18272
- [180] = https://curl.se/bug/?i=18254
- [181] = https://curl.se/bug/?i=18388
- [182] = https://curl.se/bug/?i=18188
- [183] = https://curl.se/bug/?i=18208
- [184] = https://curl.se/bug/?i=18206
- [185] = https://curl.se/bug/?i=18266
- [186] = https://curl.se/bug/?i=18264
- [187] = https://curl.se/bug/?i=18246
- [188] = https://curl.se/bug/?i=18322
- [189] = https://curl.se/bug/?i=18260
- [190] = https://curl.se/bug/?i=18259
- [191] = https://curl.se/bug/?i=18408
- [192] = https://curl.se/bug/?i=18372
- [193] = https://curl.se/bug/?i=17683
- [194] = https://curl.se/bug/?i=18243
- [195] = https://curl.se/bug/?i=18382
- [196] = https://curl.se/bug/?i=18247
- [197] = https://curl.se/bug/?i=18385
- [198] = https://curl.se/bug/?i=18312
- [199] = https://curl.se/bug/?i=18384
- [200] = https://curl.se/bug/?i=18308
- [201] = https://curl.se/bug/?i=18383
- [202] = https://curl.se/bug/?i=18029
- [203] = https://curl.se/bug/?i=18412
- [204] = https://curl.se/bug/?i=18196
- [205] = https://curl.se/bug/?i=18306
- [206] = https://curl.se/bug/?i=18307
- [207] = https://curl.se/bug/?i=18305
- [208] = https://curl.se/bug/?i=18304
- [209] = https://curl.se/bug/?i=18377
- [210] = https://curl.se/bug/?i=18405
- [211] = https://curl.se/bug/?i=18450
- [212] = https://curl.se/bug/?i=18378
- [213] = https://curl.se/bug/?i=16706
- [214] = https://curl.se/bug/?i=18371
- [215] = https://curl.se/bug/?i=18365
- [216] = https://curl.se/bug/?i=18363
- [217] = https://curl.se/bug/?i=18362
- [218] = https://curl.se/bug/?i=18370
- [219] = https://curl.se/bug/?i=18369
- [220] = https://curl.se/bug/?i=18368
- [221] = https://curl.se/bug/?i=18367
- [222] = https://curl.se/bug/?i=18358
- [223] = https://curl.se/bug/?i=18360
- [224] = https://curl.se/bug/?i=18359
- [225] = https://curl.se/bug/?i=18357
- [226] = https://curl.se/bug/?i=18357
- [227] = https://curl.se/bug/?i=18349
- [228] = https://curl.se/bug/?i=18350
- [229] = https://curl.se/bug/?i=18445
- [230] = https://curl.se/bug/?i=18404
- [231] = https://curl.se/bug/?i=18351
- [232] = https://curl.se/bug/?i=18348
- [233] = https://curl.se/bug/?i=18356
- [234] = https://curl.se/bug/?i=18355
- [235] = https://curl.se/bug/?i=18347
- [236] = https://curl.se/bug/?i=18251
- [237] = https://curl.se/bug/?i=18315
- [238] = https://curl.se/bug/?i=18346
- [239] = https://curl.se/bug/?i=18323
- [240] = https://curl.se/bug/?i=18478
- [241] = https://curl.se/bug/?i=18335
- [242] = https://curl.se/bug/?i=18447
- [243] = https://curl.se/bug/?i=18390
- [244] = https://curl.se/bug/?i=18398
- [245] = https://curl.se/bug/?i=18476
- [246] = https://curl.se/bug/?i=18333
- [247] = https://curl.se/bug/?i=18329
- [248] = https://curl.se/bug/?i=18328
- [249] = https://curl.se/bug/?i=18327
- [250] = https://curl.se/bug/?i=18434
- [251] = https://curl.se/bug/?i=18326
- [252] = https://curl.se/bug/?i=18263
- [253] = https://curl.se/bug/?i=18433
- [254] = https://curl.se/bug/?i=18495
- [255] = https://curl.se/bug/?i=18496
- [256] = https://curl.se/bug/?i=18424
- [258] = https://curl.se/bug/?i=18469
- [259] = https://curl.se/bug/?i=18455
- [260] = https://curl.se/bug/?i=18430
- [261] = https://curl.se/bug/?i=18498
- [262] = https://curl.se/bug/?i=18431
- [265] = https://curl.se/bug/?i=18422
- [266] = https://curl.se/bug/?i=18413
- [268] = https://curl.se/bug/?i=18470
- [269] = https://curl.se/bug/?i=18286
- [270] = https://curl.se/bug/?i=18457
- [271] = https://curl.se/bug/?i=18483
- [273] = https://curl.se/bug/?i=18462
- [275] = https://curl.se/bug/?i=18459
+ [2] = https://curl.se/bug/?i=18512
+ [3] = https://curl.se/bug/?i=18511
+ [4] = https://curl.se/bug/?i=18505
diff --git a/include/curl/curlver.h b/include/curl/curlver.h
index 48fb81df81..03baeb4ae1 100644
--- a/include/curl/curlver.h
+++ b/include/curl/curlver.h
@@ -32,13 +32,13 @@
 
 /* This is the version number of the libcurl package from which this header
    file origins: */
-#define LIBCURL_VERSION "8.16.0-DEV"
+#define LIBCURL_VERSION "8.16.1-DEV"
 
 /* The numeric version number is also available "in parts" by using these
    defines: */
 #define LIBCURL_VERSION_MAJOR 8
 #define LIBCURL_VERSION_MINOR 16
-#define LIBCURL_VERSION_PATCH 0
+#define LIBCURL_VERSION_PATCH 1
 /* This is the numeric version of the libcurl version number, meant for easier
    parsing and comparisons by programs. The LIBCURL_VERSION_NUM define will
    always follow this syntax:
@@ -58,7 +58,7 @@
    CURL_VERSION_BITS() macro since curl's own configure script greps for it
    and needs it to contain the full number.
 */
-#define LIBCURL_VERSION_NUM 0x081000
+#define LIBCURL_VERSION_NUM 0x081001
 
 /*
  * This is the date and time when the full source package was created. The