From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 2 Apr 2025 20:51:06 +0000 (+0200)
Subject: RELEASE-NOTES: synced
X-Git-Tag: curl-8_14_0~399
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=673c56a034b238de59b22e354efa6d5c6d68670a;p=thirdparty%2Fcurl.git

RELEASE-NOTES: synced

and bump to 8.13.1 for now
---

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 31b29e04b5..4f6cb74657 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -1,333 +1,21 @@
-curl and libcurl 8.13.0
+curl and libcurl 8.13.1
 
- Public curl releases:         266
+ Public curl releases:         267
  Command line options:         268
  curl_easy_setopt() options:   307
  Public functions in libcurl:  96
- Contributors:                 3378
+ Contributors:                 3379
 
 This release includes the following changes:
 
- o curl: add write-out variable 'tls_earlydata' [79]
- o curl: make --url support a file with URLs [104]
- o gnutls: set priority via --ciphers [167]
- o IMAP: add CURLOPT_UPLOAD_FLAGS and --upload-flags [124]
- o lib: add CURLFOLLOW_OBEYCODE and CURLFOLLOW_FIRSTONLY [147]
- o OpenSSL/quictls: add support for TLSv1.3 early data [150]
- o rustls: add support for CERTINFO [106]
- o rustls: add support for SSLKEYLOGFILE [282]
- o rustls: support ECH w/ DoH lookup for config [280]
- o rustls: support native platform verifier
- o var: add a '64dec' function that can base64 decode a string [78]
- o wolfssl: tls early data support [50]
 
 This release includes the following bugfixes:
 
- o addrinfo: add curl macro to avoid redefining foreign symbols [29]
- o asyn-thread: avoid the separate 'struct resdata' alloc [20]
- o asyn-thread: avoid the separate curl_mutex_t alloc [6]
- o asyn-thread: do not allocate thread_data separately [21]
- o asyn-thread: remove 'status' from struct Curl_async [36]
- o autotools: fix `dllmain.c` in unity builds [257]
- o autotools: fix `libtest` bundle to depend on `FIRSTFILES` [240]
- o autotools: use `CURLDEBUG` to exclude TrackMemory code from unity [253]
- o aws_sigv4: cannot be used for proxy [171]
- o aws_sigv4: merge repeated headers in canonical request [272]
- o aws_sigv4: use strparse more for parsing [55]
- o base64: drop `BUILDING_CURL` macro, always include in tests/server [234]
- o build: add Windows CE / CeGCC support, with CI jobs [87]
- o build: cmake multi-pkg-config detection improvements (brotli, ldap, mbedtls) [192]
- o build: do not apply curl debug macros to `tests/server` by default [254]
- o build: drop unused `getpart` tool [107]
- o build: enable -Wjump-misses-init for GCC 4.5+ [62]
- o build: enable `-Wcast-qual`, fix or silence compiler warnings [208]
- o build: fix compiler warnings in feature detections [39]
- o build: replace Curl_ prefix with curlx_ for functions used in servers [236]
- o build: set `-O3` and tune WinCE in CI, fix `getpart`, `vtls_scache` fallouts [137]
- o build: set `HAVE_STDINT_H` if `stdint.h` is available [155]
- o build: set `HAVE_WRITABLE_ARGV` for Apple cross-builds [8]
- o build: silence bogus `-Wconversion` warnings with gcc 5.1-5.4 [68]
- o build: silence mingw32ce C99 format warnings, simplify CI [143]
- o build: tidy-ups around `inet_pton` [180]
- o c-ares httpsrr: fix ifdef [223]
- o c-ares: error out for unsupported versions, drop unused macros [85]
- o ca-native.md: sync with CURLSSLOPT_NATIVE_CA [72]
- o cf-socket: deduplicate Windows Vista detection [11]
- o cf-socket: remove empty switch [75]
- o client writer: handle pause before decoding [61]
- o cmake: `CURL_LIBDIRS` improvements (upstreamed from vcpkg) [191]
- o cmake: `SHARE_LIB_OBJECT=ON` requires CMake 3.12 or newer [46]
- o cmake: add custom command scripts as dependencies where missing [298]
- o cmake: add pre-fill for Unix, enable in GHA/macos, verify pre-fills [42]
- o cmake: add shell completion support [261]
- o cmake: allow `CURL_STATIC_CRT` with shared libcurl and no curl exe [123]
- o cmake: allow `CURL_STATIC_CRT` with UCRT VS2015+ builds [134]
- o cmake: allow empty `IMPORT_LIB_SUFFIX`, add suffix collision detection [41]
- o cmake: avoid `-Wnonnull` warning in `HAVE_FSETXATTR_5` detection [81]
- o cmake: disable HTTPS-proxy as a feature if proxy is disabled [77]
- o cmake: drop `CURL_DISABLE_TESTS` option [94]
- o cmake: drop `HAVE_C_FLAG_Wno_long_double` logic for ancient Apple gcc [126]
- o cmake: drop `HAVE_IN_ADDR_T` from pre-fill too
- o cmake: drop two stray TLS feature checks for wolfSSL [9]
- o cmake: exclude `-MP` for `clang-cl` again [132]
- o cmake: fix `HAVE_ATOMIC`/`HAVE_STDATOMIC` pre-fill for clang-cl [28]
- o cmake: fix clang-tidy builds to verify tests, fix fallouts [289]
- o cmake: fix detection pre-fills for iOS [153]
- o cmake: fix ECH detection in custom-patched OpenSSL [32]
- o cmake: fix typo in ECH config error msg [246]
- o cmake: hide empty `MINGW64_VERSION` output for mingw32ce [114]
- o cmake: improve httpd detection for pytest [127]
- o cmake: mention 'insecure' in the debug build warning [15]
- o cmake: misc tidy-ups [38]
- o cmake: pre-fill known type sizes for Windows OSes [100]
- o cmake: replace CMAKE_COMPILER_IS_GNUCC with CMAKE_C_COMPILER_ID [232]
- o cmake: replace exec_program() with execute_process() [239]
- o cmake: restrict static CRT builds to static curl exe, test in CI [113]
- o cmake: sync cutoff version with autotools for picky option `-ftree-vrp` [99]
- o cmake: sync OpenSSL(-fork) feature checks with `./configure` [49]
- o cmake: unity mode optimization for non-`CURLDEBUG` `testdeps` targets [231]
- o CODE_STYLE: readability and banned functions [35]
- o config-win32: set `HAVE_STDINT_H` where available [264]
- o configure: call the blocking resolver "blocking", not "default" [220]
- o configure: fix ECH detection with MultiSSL [259]
- o configure: silence compiler warnings in feature checks, drop duplicates [86]
- o configure: tidy up shell completion rules [292]
- o configure: use `curl_cv_apple` variable [40]
- o conn: eliminate `conn->now` [293]
- o conn: fix connection reuse when SSL is optional [54]
- o conncache: eliminate `conn->destination_len` as premature optimization [294]
- o contributors.sh: lowercase 'github' for consistency [52]
- o contrithanks.sh: update docs/THANKS in place [119]
- o cookie: do prefix matching case-sensitively [82]
- o cookie: minor parser simplification [58]
- o cookie: simplify invalid_octets() [24]
- o core: stop redefining `E*` macros on Windows, map `EACCES`, related fixes [233]
- o curl.h: change some enums to defines with L suffix [84]
- o curl.h: convert CURLUSESSL* names to defines [146]
- o curl.h: stop defining non-curl `__has_declspec_attribute` [142]
- o curl.h: switch `CURL_HTTP_VERSION*` enums to long constants [160]
- o curl/system.h: drop leftover comment about 32 bit curl_off_t [305]
- o curl: add my_setopt_long() and _offt() [158]
- o curl_msh3: remove verify bypass from DEBUGBUILDs [43]
- o curl_setup: drop `ERANGE` (for WinCE), no longer used [249]
- o curl_setup_once: drop `E*` macro redefines unused (with winsock2) [164]
- o curl_setup_once: stop redefining `ENAMETOOLONG` to winsock2 error code [163]
- o curl_trc: fix build with CURL_DISABLE_VERBOSE_STRINGS [109]
- o curl_ws_recv.md: expand a little on the fragments the API delivers [251]
- o CURLMOPT_SOCKETFUNCTION.md: add advice for socket callback invocation[69]
- o CURLOPT_HTTPHEADER.md: add comments to the example [90]
- o CURLOPT_HTTPHEADER.md: rephrases [108]
- o curltime: use libcurl time functions in src and tests/server [247]
- o DISABLED: add 313 for sectransp (move from GHA/macos) [209]
- o docs/cmdline-opts: use imperative form [270]
- o docs: adapt to removed --with-random [177]
- o docs: add FD_ZERO to curl_multi_fdset example [19]
- o docs: bump `rustls` to 0.14.1 [111]
- o docs: correct argument names & URL redirection [4]
- o docs: minor edits to please the new spellchecker regime
- o docs: rework RUSTLS install instructions
- o docs: unify HTTP version style in --help output [139]
- o docs: vulnerabilities in debug code are not eligible for a bounty [118]
- o doh: improve HTTPS RR svcparams parsing [198]
- o doh: remove wrong but unreachable exit path from doh_decode_rdata_name [199]
- o dynbuf: assert init on free [295]
- o easy: drop `break` after `return` [300]
- o easy: fix warning about possible comma misuse [219]
- o eventfd: allow use on all CPUs [93]
- o examples: prefer `return` over `exit()` (cont.) [110]
- o ftp/sftp: strdup data info memory [237]
- o ftp: fix comment [135]
- o gnutls: fix connection state check on handshake [80]
- o gnutls: fix use of pkcs11 urls for keys/certs [122]
- o gtls: fix uninitialized variable [154]
- o hash: use single linked list for entries [57]
- o hostip: don't use alarm() for DoH resolves [214]
- o hostip: make CURLOPT_RESOLVE support replacing IPv6 addresses [47]
- o http2: add on_invalid_frame callback for error detection [174]
- o http2: detect session being closed on ingress handling [173]
- o http2: enhance error messages on Curl_dyn* upon receiving headers [149]
- o http2: fix stream assignemnt for pushes [302]
- o http2: reset stream on response header error [175]
- o HTTP3.md: only speak about minimal versions [18]
- o http: convert parsers to strparse [48]
- o http: fix NTLM info message typo [22]
- o http: fix the auth check [88]
- o http: make the RTSP version check stricter [73]
- o http: negotiation and room for alt-svc/https rr to navigate [64]
- o http: remove a HTTP method size restriction [241]
- o http: version negotiation [45]
- o http_chunks: replace a strofft call with curl_str_hex [138]
- o https-rr: implementation improvements [44]
- o httpsrr: fix port detection [51]
- o httpsrr: fix the HTTPS-RR threaded-resolver build combo [67]
- o INFRASTRUCTURE.md: add IRC and Matrix details [278]
- o INSTALL-CMAKE.md: CMake usage updates [101]
- o INSTALL-CMAKE.md: mention `ZLIB_USE_STATIC_LIBS` [112]
- o lib1156: pass longs to `curl_easy_setopt()` [159]
- o lib1560: test set path containing LR or CR [299]
- o lib2302: fix crash due to stack overflow on MSVC and clang Windows [228]
- o lib696: fix building on Windows in non-bundle mode [267]
- o lib: better optimized casecompare() and ncasecompare() [3]
- o lib: clear up CURLRES_ASYNCH vs USE_CURL_ASYNC use [215]
- o lib: fix two curlx_strtoofft invokes [128]
- o lib: rename curlx_strtoofft to Curl_str_numblanks() [218]
- o lib: replace while(ISBLANK()) loops with Curl_str_passblanks() [148]
- o lib: simplify more white space loops [60]
- o lib: strtoofft.h header cleanup [17]
- o lib: use Curl_str_* instead of strtok_r() [59]
- o lib: use Curl_str_number() for parsing decimal numbers [13]
- o libssh2: fix freeing of resources in disconnect [207]
- o libssh2: fix memory leak in `SSH_SFTP_REALPATH` state [224]
- o libssh2: fix to ignore `known_hosts` if SHA256 host public key is set [296]
- o libssh2: print user with verbose flag [125]
- o libssh2: show crypto backend in the verbose connect log [316]
- o libssh: fix freeing of resources in disconnect [206]
- o libssh: fix scp large file upload for 32-bit size_t systems [211]
- o libtest/first.c: remove the Test: stderr output for unity builds [301]
- o libtest/libprereq.c: set CURLOPT_FOLLOWLOCATION with a long [89]
- o managen: accept more markdown-quote-markers [243]
- o managen: correct the warning for un-escaped '<' and '>' [1]
- o mbedtls: re-enable an error check [288]
- o memdebug.h: avoid `-Wredundant-decls` with an extra guard [230]
- o memdebug: drop dynamic allocation from `curl_dbg_log()` [285]
- o mprintf: switch three number parsers to use strparse [221]
- o mqtt: convert sendleftovers to dynbuf [262]
- o msvc: drop support for VS2005 and older [96]
- o multi: call protocol handler done() if PROTOCONNECT or later [238]
- o multi: event based rework [74]
- o multi: kill off remaining internal handles in curl_multi_cleanup [248]
- o multi: start the loop over when handles are removed [129]
- o multi_ev: fixes regarding connection shutdowns [284]
- o ngtcp2: do not iterate over multi handles [194]
- o ntlm: merge ntlm.h into ntlm.c [235]
- o openssl-quic: do not iterate over multi handles [188]
- o openssl: check return value of X509_get0_pubkey [105]
- o openssl: drop support for old OpenSSL/LibreSSL versions [95]
- o openssl: fix crash on missing cert password [271]
- o openssl: fix pkcs11 URI checking for key files. [152]
- o openssl: remove bad `goto`s into other scope [63]
- o prox/preproxy.md: document argument within <brackets> [317]
- o pytest: test negotiate with http proxy [83]
- o quiche: do not iterate over multi handles [182]
- o RELEASE-PROCEDURE.md: explain release candidates [161]
- o request: clear sendbuf_hds_len when resetting request bufq [166]
- o resolve: fix building without Unix sockets and `CURLDEBUG` [213]
- o runtests: accept `CURL_DIRSUFFIX` without ending slash [133]
- o runtests: add feature-based filtering [268]
- o runtests: check and report if `diff` tool is missing [162]
- o runtests: drop logic calling the `handle` tool (Windows) [263]
- o runtests: drop recognizing 'winssl' as Schannel [102]
- o runtests: drop ref to unused external function
- o runtests: fix bundled test invocation with `-g` option [308]
- o runtests: fix SSH server not starting in cases, re-ignore failing vcpkg CI jobs [225]
- o runtests: fix test key format for libssh2 WinCNG (and others) [229]
- o runtests: generate certs dynamically, bump to EC-256, tidy up [279]
- o runtests: recognize AWS-LC as OpenSSL [103]
- o runtests: rewrite `genserv.sh` in Perl [312]
- o runtests: support multi-target cmake, drop workarounds from CI [116]
- o runtests: support running tests under wine or qemu (cont.) [309]
- o runtests: support running tests under wine or qemu [210]
- o runtests: use `setfacl` on Cygwin/MSYS, if present [291]
- o rustls: add ECH support w/ string ECH config [281]
- o rustls: cap maximum allowed CRL file size to 8MB [196]
- o rustls: support ECH GREASE
- o rustls: use client cert and key if available
- o schannel: deduplicate Windows Vista detection [98]
- o schannel: enable ALPN support under WINE 6.0+ [92]
- o schannel: enable ALPN with MinGW, fix ALPN for UWP builds [71]
- o schannel: guard ALPN init code to ALPN builds [91]
- o scripts/managen: fix option 'single' [31]
- o scripts/managen: fix parsing of markdown code sections [30]
- o scripts: update completion.pl to parse options from docs [266]
- o sectransp: add support for HTTP/2 in gcc builds [200]
- o sendf: client reader line conversion: do not change data->state.infilesize [244]
- o setopt: illegal CURLOPT_SOCKS5_AUTH should return error [185]
- o setopt: remove unnecessary void pointer typecasts [76]
- o setopt: setting PROXYUSERPWD after PROXYUSERNAME/PASSWORD is fine [197]
- o shutdowns: split shutdown handling from connection pool [156]
- o socks: remove bad assert from do_SOCKS5() [216]
- o src: avoid strdup on platforms not doing UTF-8 conversions [176]
- o src: cleanup ISBLANK vs ISSPACE [195]
- o src: remove Curl_ prefix from tool-specific function [205]
- o src: remove final uses of Curl_ symbol prefixes in tool code [242]
- o src: replace strto[u][ld] with curlx_str_ parsers [222]
- o ssh: consider sftp quote commands case sensitive [33]
- o sshserver.pl: adjust `AuthorizedKeysFile2` cutoff version [204]
- o sshserver.pl: use Perl `chmod` [311]
- o sshserver: fix excluding obsolete client config lines [212]
- o ssl session cache: add exportable flag [56]
- o SSLCERTS: list support for SSL_CERT_FILE and SSL_CERT_DIR [265]
- o strparse: make Curl_str_number() return error for no digits [14]
- o strparse: switch the API to work on 'const char *' [2]
- o strparse: switch to curl_off_t as base data type [7]
- o test1022: add support for rc releases [144]
- o test1167: catch #defines with extra whitespace [140]
- o test313: disable CRL test for Schannel due to lack of support and flakiness [310]
- o test313: disable via `<features>` for backends without CRL support [303]
- o test489: set output dir [186]
- o test612: SCP `rm` the uploaded remote file (not the local source), unignore in CI [297]
- o test613: make it pass on Windows, fix postprocess, unignore in CI [290]
- o test615: fix for Cygwin, unignore in CI [276]
- o tests/certs: cleanup [151]
- o tests/server: drop unused `base64.pl` [258]
- o tests/server: fix to check against winsock2 error codes on Windows [168]
- o tests/server: give global `path` variable a more descriptive name [255]
- o tests/server: make the signal handler signal-safe [269]
- o tests/server: replace `errno` with `SOCKERRNO` in sockfilt, socksd, sws [183]
- o tests/server: replace `strerror` with `sstrerror` in socksd
- o tests/server: support bundle binary [217]
- o tests/server: sync `wait_ms()` with the libcurl implementation [226]
- o tests/server: use `curlx_str_numblanks()` to avoid `errno` [250]
- o tests/servers.pm: remove unused variable 'portrange' [227]
- o tests: build non-debug unit tests with autotools, run them [287]
- o tests: fix comment in lib533 [121]
- o tests: fix enum/int confusion, fix autotools `CFLAGS` for `servers` [27]
- o tests: make sure 'commands.log' is generated in the correct logdir [172]
- o tests: mark tests 1631, 1632 flaky [157]
- o tests: reformat error messages to avoid tripping MSBuild [201]
- o tests: remove base64 encoded sections [260]
- o tests: Remove unused variables [245]
- o tests: replace remaining non-ASCII bytes with hex markup [283]
- o tftpd: prefix TFTP protocol error `E*` constants with `TFTP_` [189]
- o tidy-up: align MSYS2/Cygwin codepaths, follow Cygwin `MAX_PID` bump [97]
- o tidy-up: delete, comment or scope C macros reported unused [16]
- o tidy-up: drop unused `CURL_INADDR_NONE` macro and `in_addr_t` type [26]
- o tidy-up: use `CURL_ARRAYSIZE()` [37]
- o timediff: fix comment for curlx_mstotv() [25]
- o timediff: remove unnecessary double typecast [53]
- o tool_dirhie: create dir hierarchy without strtok [169]
- o tool_getparam: clear sensitive arguments better [66]
- o tool_getparam: do parse_upload_flags without the alloc/free [181]
- o tool_getparam: parse --trace-config without strdup()/free() [178]
- o tool_getparam: parse_header() without strtok [165]
- o tool_operate: change "1 retries" to "1 retry" [145]
- o tool_operate: fail SSH transfers without server auth [70]
- o tool_operate: fix pluralization of seconds [273]
- o tool_operate: remove unnecessary (long) typecasts [141]
- o tool_paramhlp: do --proto parsing without strtok [170]
- o tool_parsecfg: make my_get_line skip comments and newlines [130]
- o tool_setopt: reduce use of "code hiding" macros [203]
- o url: call protocol handler's disconnect in Curl_conn_free [193]
- o urlapi: fix redirect from file:// with query, and simplify [136]
- o urlapi: remove percent encoded dot sequences from the URL path [252]
- o urlapi: simplify junkscan [23]
- o urldata: remove 'hostname' from struct Curl_async [131]
- o variable.md: clarify 'trim' example [12]
- o vquic: obey IOV_MAX [275]
- o vtls: fix compiler warnings seen with gcc 7.3.0 and mbedTLS [187]
- o winbuild: reduce command-line length by dropping whitespace [117]
- o windows: do not use winsock2 `inet_ntop()`/`inet_pton()` [202]
- o windows: drop code and curl manifest targeting W2K and older [115]
- o windows: fix issues detected by clang-tidy, and some more [286]
- o wolfssh: fix freeing of resources in disconnect [184]
- o wolfssh: retrieve the error using wolfSSH_get_error [5]
- o wolfssl: fix CA certificate multiple location import [34]
- o wolfssl: fix unused variable warning [190]
- o wolfssl: warn if CA native import option is ignored [65]
- o wolfssl: when using PQ KEM, use ML-KEM, not Kyber [10]
- o ws: corrected curlws_cont to reflect its documented purpose [120]
- o ws: fix and extend CURLWS_CONT handling [256]
- o zlib: bump minimum to 1.2.5.2 (was: 1.2.0.4) [179]
+ o contrithanks.sh: drop set -e [6]
+ o lib: unify conversions to/from hex [3]
+ o processhelp.pm: avoid potential endless loop, log more (Windows) [5]
+ o test: make unittest 1308 into a libtest [4]
+ o tests/serverhelp: remove last remnants of http-pipe server [1]
 
 This release includes the following known bugs:
 
@@ -348,332 +36,13 @@ Planned upcoming removals include:
 This release would not have looked like this without help, code, reports and
 advice from friends like these:
 
-  Abhinav Singhal, Anthony Hu, Aquila Macedo, Austin Moore, Ben Bodenmiller,
-  Brian Inglis, Calvin Ruocco, Carlos Henrique Lima Melara, Catena cyber,
-  Christian Schmitz, Dan Fandrich, Daniel McCarney, Daniel Stenberg,
-  Dave Nicolson, Demi Marie Obenour, dependabot[bot], Derek Huang,
-  Dexter Gerig, Ethan Wilkes, Gabriel Marin, Harry Sintonen, Jan Macku,
-  Jeremy Drake, John Bampton, Joseph Chen, Justin Steventon, Kai Pastor,
-  kayrus on github, kpcyrd on github, kriztalz, Lars Karlitski,
-  LaurenÈiu Nicola, lf- on github, Marcel Raad, Marius Albrecht, Mark Phillips,
-  Martxel, MichaÅ Antoniak, OndÅej HlavatÃ½, Orgad Shaneh, Pavel Kropachev,
-  Peng-Yu Chen, Peter Kokot, Philippe Antoine, qhill on github, Ray Satiro,
-  renovate[bot], Rinku Das, rmg-x on github, Roman Zharkov, Ronald Crane,
-  RubisetCie on github, saimen, Samuel Dionne-Riel, Samuel Henrique,
-  Scott Talbert, Sergey, Stefan Eissing, stevenpackardblp on github,
-  Tatsuhiro Tsujikawa, Teh Kok How, Tianyi Song, Timo Tijhof, tiymat,
-  Viktor Szakats, Vulpes Vulpes, Weng Xuetian, Yedaya Katsman, Zenju on github,
-  Zhang Wen, Zhaoming Luo
-  (71 contributors)
+  Daniel Stenberg, Viktor Szakats, Yedaya Katsman
+  (3 contributors)
 
 References to bug reports and discussions on issues:
 
- [1] = https://curl.se/bug/?i=16315
- [2] = https://curl.se/bug/?i=16316
- [3] = https://curl.se/bug/?i=16311
- [4] = https://curl.se/bug/?i=16334
- [5] = https://curl.se/bug/?i=16335
- [6] = https://curl.se/bug/?i=16323
- [7] = https://curl.se/bug/?i=16336
- [8] = https://curl.se/bug/?i=16338
- [9] = https://curl.se/bug/?i=16339
- [10] = https://curl.se/bug/?i=16337
- [11] = https://curl.se/bug/?i=16400
- [12] = https://curl.se/bug/?i=16346
- [13] = https://curl.se/bug/?i=16319
- [14] = https://curl.se/bug/?i=16319
- [15] = https://curl.se/bug/?i=16327
- [16] = https://curl.se/bug/?i=16279
- [17] = https://curl.se/bug/?i=16331
- [18] = https://curl.se/bug/?i=16320
- [19] = https://curl.se/bug/?i=16325
- [20] = https://curl.se/bug/?i=16321
- [21] = https://curl.se/bug/?i=16241
- [22] = https://curl.se/bug/?i=16305
- [23] = https://curl.se/bug/?i=16307
- [24] = https://curl.se/bug/?i=16306
- [25] = https://curl.se/bug/?i=16310
- [26] = https://curl.se/bug/?i=16318
- [27] = https://curl.se/bug/?i=16314
- [28] = https://curl.se/bug/?i=16313
- [29] = https://curl.se/bug/?i=16274
- [30] = https://curl.se/bug/?i=16345
- [31] = https://curl.se/bug/?i=16344
- [32] = https://curl.se/bug/?i=16354
- [33] = https://curl.se/bug/?i=16382
- [34] = https://curl.se/bug/?i=16391
- [35] = https://curl.se/bug/?i=16349
- [36] = https://curl.se/bug/?i=16347
- [37] = https://curl.se/bug/?i=16381
- [38] = https://curl.se/bug/?i=16238
- [39] = https://curl.se/bug/?i=16287
- [40] = https://curl.se/bug/?i=16340
- [41] = https://curl.se/bug/?i=16324
- [42] = https://curl.se/bug/?i=15841
- [43] = https://curl.se/bug/?i=16342
- [44] = https://curl.se/bug/?i=16132
- [45] = https://curl.se/bug/?i=16100
- [46] = https://curl.se/bug/?i=16375
- [47] = https://curl.se/bug/?i=16357
- [48] = https://curl.se/bug/?i=16436
- [49] = https://curl.se/bug/?i=16352
- [50] = https://curl.se/bug/?i=16167
- [51] = https://curl.se/bug/?i=16409
- [52] = https://curl.se/bug/?i=16443
- [53] = https://curl.se/bug/?i=16367
- [54] = https://curl.se/bug/?i=16384
- [55] = https://curl.se/bug/?i=16366
- [56] = https://curl.se/bug/?i=16322
- [57] = https://curl.se/bug/?i=16351
- [58] = https://curl.se/bug/?i=16362
- [59] = https://curl.se/bug/?i=16360
- [60] = https://curl.se/bug/?i=16363
- [61] = https://curl.se/bug/?i=16280
- [62] = https://curl.se/bug/?i=16252
- [63] = https://curl.se/bug/?i=16356
- [64] = https://curl.se/bug/?i=16117
- [65] = https://curl.se/bug/?i=16417
- [66] = https://curl.se/bug/?i=16396
- [67] = https://curl.se/bug/?i=16399
- [68] = https://curl.se/bug/?i=16398
- [69] = https://curl.se/bug/?i=16441
- [70] = https://curl.se/bug/?i=16205
- [71] = https://curl.se/bug/?i=16385
- [72] = https://curl.se/bug/?i=16373
- [73] = https://curl.se/bug/?i=16435
- [74] = https://curl.se/bug/?i=16308
- [75] = https://curl.se/bug/?i=16555
- [76] = https://curl.se/bug/?i=16426
- [77] = https://curl.se/bug/?i=16434
- [78] = https://curl.se/bug/?i=16330
- [79] = https://curl.se/bug/?i=15956
- [80] = https://curl.se/bug/?i=16423
- [81] = https://curl.se/bug/?i=16427
- [82] = https://curl.se/bug/?i=16494
- [83] = https://curl.se/bug/?i=14973
- [84] = https://curl.se/bug/?i=16482
- [85] = https://curl.se/bug/?i=16407
- [86] = https://curl.se/bug/?i=16377
- [87] = https://curl.se/bug/?i=15975
- [88] = https://curl.se/bug/?i=16419
- [89] = https://curl.se/bug/?i=16487
- [90] = https://curl.se/bug/?i=16488
- [91] = https://curl.se/bug/?i=16420
- [92] = https://curl.se/bug/?i=16393
- [93] = https://curl.se/bug/?i=16277
- [94] = https://curl.se/bug/?i=16134
- [95] = https://curl.se/bug/?i=16104
- [96] = https://curl.se/bug/?i=16004
- [97] = https://curl.se/bug/?i=16217
- [98] = https://curl.se/bug/?i=16408
- [99] = https://curl.se/bug/?i=16478
- [100] = https://curl.se/bug/?i=16464
- [101] = https://curl.se/bug/?i=16329
- [102] = https://curl.se/bug/?i=16467
- [103] = https://curl.se/bug/?i=16466
- [104] = https://curl.se/bug/?i=16099
- [105] = https://curl.se/bug/?i=16468
- [106] = https://curl.se/bug/?i=16459
- [107] = https://curl.se/bug/?i=16460
- [108] = https://curl.se/bug/?i=16461
- [109] = https://curl.se/bug/?i=16462
- [110] = https://curl.se/bug/?i=16524
- [111] = https://curl.se/bug/?i=16446
- [112] = https://curl.se/bug/?i=16457
- [113] = https://curl.se/bug/?i=16456
- [114] = https://curl.se/bug/?i=16455
- [115] = https://curl.se/bug/?i=16453
- [116] = https://curl.se/bug/?i=16452
- [117] = https://curl.se/bug/?i=16508
- [118] = https://curl.se/bug/?i=16527
- [119] = https://curl.se/bug/?i=16448
- [120] = https://curl.se/bug/?i=16512
- [121] = https://curl.se/bug/?i=16523
- [122] = https://curl.se/bug/?i=16249
- [123] = https://curl.se/bug/?i=16516
- [124] = https://curl.se/bug/?i=15970
- [125] = https://curl.se/bug/?i=16430
- [126] = https://curl.se/bug/?i=16513
- [127] = https://curl.se/bug/?i=16515
- [128] = https://curl.se/bug/?i=16548
- [129] = https://curl.se/bug/?i=16588
- [130] = https://curl.se/bug/?i=16590
- [131] = https://curl.se/bug/?i=16451
- [132] = https://curl.se/bug/?i=16550
- [133] = https://curl.se/bug/?i=16506
- [134] = https://curl.se/bug/?i=16522
- [135] = https://curl.se/bug/?i=16538
- [136] = https://curl.se/bug/?i=16498
- [137] = https://curl.se/bug/?i=16476
- [138] = https://curl.se/bug/?i=16546
- [139] = https://curl.se/bug/?i=16542
- [140] = https://curl.se/bug/?i=16496
- [141] = https://curl.se/bug/?i=16540
- [142] = https://curl.se/bug/?i=16491
- [143] = https://curl.se/bug/?i=16492
- [144] = https://curl.se/bug/?i=16626
- [145] = https://curl.se/bug/?i=16586
- [146] = https://curl.se/bug/?i=16539
- [147] = https://curl.se/bug/?i=16473
- [148] = https://curl.se/bug/?i=16520
- [149] = https://curl.se/bug/?i=16536
- [150] = https://curl.se/bug/?i=16477
- [151] = https://curl.se/bug/?i=16593
- [152] = https://curl.se/bug/?i=16591
- [153] = https://curl.se/bug/?i=16594
- [154] = https://curl.se/bug/?i=16625
- [155] = https://curl.se/bug/?i=16585
- [156] = https://curl.se/bug/?i=16508
- [157] = https://curl.se/bug/?i=16584
- [158] = https://curl.se/bug/?i=16669
- [159] = https://curl.se/bug/?i=16579
- [160] = https://curl.se/bug/?i=16580
- [161] = https://curl.se/bug/?i=16622
- [162] = https://curl.se/bug/?i=16578
- [163] = https://curl.se/bug/?i=16620
- [164] = https://curl.se/bug/?i=16553
- [165] = https://curl.se/bug/?i=16572
- [166] = https://curl.se/bug/?i=16573
- [167] = https://curl.se/bug/?i=16557
- [168] = https://curl.se/bug/?i=16553
- [169] = https://curl.se/bug/?i=16566
- [170] = https://curl.se/bug/?i=16567
- [171] = https://curl.se/bug/?i=16569
- [172] = https://curl.se/bug/?i=16568
- [173] = https://curl.se/bug/?i=16544
- [174] = https://curl.se/bug/?i=16544
- [175] = https://curl.se/bug/?i=16535
- [176] = https://curl.se/bug/?i=16560
- [177] = https://curl.se/bug/?i=16565
- [178] = https://curl.se/bug/?i=16559
- [179] = https://curl.se/bug/?i=16616
- [180] = https://curl.se/bug/?i=16563
- [181] = https://curl.se/bug/?i=16552
- [182] = https://curl.se/bug/?i=16607
- [183] = https://curl.se/bug/?i=16553
- [184] = https://curl.se/bug/?i=16668
- [185] = https://issues.oss-fuzz.com/issues/401430844
- [186] = https://curl.se/bug/?i=16670
- [187] = https://curl.se/bug/?i=16614
- [188] = https://curl.se/bug/?i=16611
- [189] = https://curl.se/bug/?i=16666
- [190] = https://curl.se/bug/?i=16608
- [191] = https://curl.se/bug/?i=16610
- [192] = https://curl.se/bug/?i=16479
- [193] = https://curl.se/bug/?i=16604
- [194] = https://curl.se/bug/?i=16606
- [195] = https://curl.se/bug/?i=16589
- [196] = https://curl.se/bug/?i=16716
- [197] = https://curl.se/bug/?i=16599
- [198] = https://curl.se/bug/?i=16598
- [199] = https://curl.se/bug/?i=16710
- [200] = https://curl.se/bug/?i=16581
- [201] = https://curl.se/bug/?i=16583
- [202] = https://curl.se/bug/?i=16577
- [203] = https://curl.se/bug/?i=16709
- [204] = https://curl.se/bug/?i=16787
- [205] = https://curl.se/bug/?i=16657
- [206] = https://curl.se/bug/?i=16659
- [207] = https://curl.se/bug/?i=16656
- [208] = https://curl.se/bug/?i=16142
- [209] = https://curl.se/bug/?i=16660
- [210] = https://curl.se/bug/?i=16785
- [211] = https://curl.se/bug/?i=16641
- [212] = https://curl.se/bug/?i=16784
- [213] = https://curl.se/bug/?i=16700
- [214] = https://curl.se/bug/?i=16649
- [215] = https://curl.se/bug/?i=16645
- [216] = https://issues.oss-fuzz.com/issues/401869346
- [217] = https://curl.se/bug/?i=15000
- [218] = https://curl.se/bug/?i=16642
- [219] = https://curl.se/bug/?i=16644
- [220] = https://curl.se/bug/?i=16646
- [221] = https://curl.se/bug/?i=16628
- [222] = https://curl.se/bug/?i=16634
- [223] = https://curl.se/bug/?i=16861
- [224] = https://curl.se/bug/?i=16636
- [225] = https://curl.se/bug/?i=16636
- [226] = https://curl.se/bug/?i=16627
- [227] = https://curl.se/bug/?i=16632
- [228] = https://curl.se/bug/?i=16630
- [229] = https://curl.se/bug/?i=16781
- [230] = https://curl.se/bug/?i=16696
- [231] = https://curl.se/bug/?i=16695
- [232] = https://curl.se/bug/?i=16797
- [233] = https://curl.se/bug/?i=16553
- [234] = https://curl.se/bug/?i=16691
- [235] = https://curl.se/bug/?i=16690
- [236] = https://curl.se/bug/?i=16689
- [237] = https://curl.se/bug/?i=16733
- [238] = https://curl.se/bug/?i=16681
- [239] = https://curl.se/bug/?i=16779
- [240] = https://curl.se/bug/?i=16726
- [241] = https://curl.se/bug/?i=16729
- [242] = https://curl.se/bug/?i=16678
- [243] = https://curl.se/bug/?i=16685
- [244] = https://issues.oss-fuzz.com/issues/402476456
- [245] = https://curl.se/bug/?i=16798
- [246] = https://curl.se/bug/?i=16786
- [247] = https://curl.se/bug/?i=16653
- [248] = https://curl.se/bug/?i=16674
- [249] = https://curl.se/bug/?i=16673
- [250] = https://curl.se/bug/?i=16671
- [251] = https://curl.se/bug/?i=16720
- [252] = https://curl.se/bug/?i=16869
- [253] = https://curl.se/bug/?i=16723
- [254] = https://curl.se/bug/?i=16705
- [255] = https://curl.se/bug/?i=16719
- [256] = https://curl.se/bug/?i=16687
- [257] = https://curl.se/bug/?i=16712
- [258] = https://curl.se/bug/?i=16713
- [259] = https://curl.se/bug/?i=16774
- [260] = https://curl.se/bug/?i=16816
- [261] = https://curl.se/bug/?i=16833
- [262] = https://curl.se/bug/?i=16823
- [263] = https://curl.se/bug/?i=16484
- [264] = https://curl.se/bug/?i=16759
- [265] = https://curl.se/bug/?i=16762
- [266] = https://curl.se/bug/?i=16072
- [267] = https://curl.se/bug/?i=16753
- [268] = https://curl.se/bug/?i=16533
- [269] = https://curl.se/bug/?i=16852
- [270] = https://curl.se/bug/?i=16879
- [271] = https://curl.se/bug/?i=16806
- [272] = https://curl.se/bug/?i=16743
- [273] = https://curl.se/bug/?i=16751
- [275] = https://curl.se/bug/?i=16846
- [276] = https://curl.se/bug/?i=16818
- [278] = https://curl.se/bug/?i=16809
- [279] = https://curl.se/bug/?i=16824
- [280] = https://curl.se/bug/?i=16828
- [281] = https://curl.se/bug/?i=16828
- [282] = https://curl.se/bug/?i=16828
- [283] = https://curl.se/bug/?i=16837
- [284] = https://curl.se/bug/?i=16782
- [285] = https://curl.se/bug/?i=16745
- [286] = https://curl.se/bug/?i=16777
- [287] = https://curl.se/bug/?i=16771
- [288] = https://curl.se/bug/?i=16766
- [289] = https://curl.se/bug/?i=16756
- [290] = https://curl.se/bug/?i=16791
- [291] = https://curl.se/bug/?i=16437
- [292] = https://curl.se/bug/?i=16836
- [293] = https://curl.se/bug/?i=16793
- [294] = https://curl.se/bug/?i=16792
- [295] = https://curl.se/bug/?i=16725
- [296] = https://curl.se/bug/?i=16805
- [297] = https://curl.se/bug/?i=16801
- [298] = https://curl.se/bug/?i=16835
- [299] = https://curl.se/bug/?i=16875
- [300] = https://curl.se/bug/?i=16873
- [301] = https://curl.se/bug/?i=16872
- [302] = https://curl.se/bug/?i=16881
- [303] = https://curl.se/bug/?i=16865
- [305] = https://curl.se/bug/?i=16867
- [308] = https://curl.se/bug/?i=16893
- [309] = https://curl.se/bug/?i=16863
- [310] = https://curl.se/bug/?i=16862
- [311] = https://curl.se/bug/?i=16859
- [312] = https://curl.se/bug/?i=16858
- [316] = https://curl.se/bug/?i=16790
- [317] = https://curl.se/bug/?i=16883
+ [1] = https://curl.se/bug/?i=16924
+ [3] = https://curl.se/bug/?i=16888
+ [4] = https://curl.se/bug/?i=16891
+ [5] = https://curl.se/bug/?i=16908
+ [6] = https://curl.se/bug/?i=16914
diff --git a/include/curl/curlver.h b/include/curl/curlver.h
index a0d7309d36..754b94e088 100644
--- a/include/curl/curlver.h
+++ b/include/curl/curlver.h
@@ -32,13 +32,13 @@
 
 /* This is the version number of the libcurl package from which this header
    file origins: */
-#define LIBCURL_VERSION "8.13.0-DEV"
+#define LIBCURL_VERSION "8.13.1-DEV"
 
 /* The numeric version number is also available "in parts" by using these
    defines: */
 #define LIBCURL_VERSION_MAJOR 8
 #define LIBCURL_VERSION_MINOR 13
-#define LIBCURL_VERSION_PATCH 0
+#define LIBCURL_VERSION_PATCH 1
 
 /* This is the numeric version of the libcurl version number, meant for easier
    parsing and comparisons by programs. The LIBCURL_VERSION_NUM define will
@@ -59,7 +59,7 @@
    CURL_VERSION_BITS() macro since curl's own configure script greps for it
    and needs it to contain the full number.
 */
-#define LIBCURL_VERSION_NUM 0x080d00
+#define LIBCURL_VERSION_NUM 0x080d01
 
 /*
  * This is the date and time when the full source package was created. The