mirror of
https://github.com/curl/curl.git
synced 2026-01-18 17:21:26 +01:00
246 lines
11 KiB
Plaintext
246 lines
11 KiB
Plaintext
curl and libcurl 8.18.0
|
|
|
|
Public curl releases: 272
|
|
Command line options: 273
|
|
curl_easy_setopt() options: 308
|
|
Public functions in libcurl: 100
|
|
Contributors: 3541
|
|
|
|
This release includes the following changes:
|
|
|
|
o build: drop support for VS2008 (Windows) [62]
|
|
o build: drop Windows CE / CeGCC support [69]
|
|
o openssl: bump minimum OpenSSL version to 3.0.0 [60]
|
|
|
|
This release includes the following bugfixes:
|
|
|
|
o _PROGRESS.md: add the E unit, mention kibibyte [24]
|
|
o asyn-thrdd: release rrname if ares_init_options fails [41]
|
|
o autotools: drop autoconf <2.59 compatibility code (zz60-xc-ovr) [70]
|
|
o ccsidcurl: make curl_mime_data_ccsid() use the converted size [74]
|
|
o cf-https-connect: allocate ctx at first in cf_hc_create() [79]
|
|
o cf-socket: trace ignored errors [97]
|
|
o checksrc.pl: detect assign followed by more than one space [26]
|
|
o cmake: adjust defaults for target platforms not supporting shared libs [35]
|
|
o cmake: disable `CURL_CA_PATH` auto-detection if `USE_APPLE_SECTRUST=ON` [16]
|
|
o code: minor indent fixes before closing braces [107]
|
|
o config2setopts: bail out if curl_url_get() returns OOM [102]
|
|
o config2setopts: exit if curl_url_set() fails on OOM [105]
|
|
o conncache: silence `-Wnull-dereference` on gcc 14 RISC-V 64 [17]
|
|
o connect: reshuffle Curl_timeleft_ms to avoid 'redundant condition' [100]
|
|
o cookie: propagate errors better, cleanup the internal API [118]
|
|
o cshutdn: acknowledge FD_SETSIZE for shutdown descriptors [25]
|
|
o curl: fix progress meter in parallel mode [15]
|
|
o curl_setup.h: drop stray `#undef stat` (Windows) [103]
|
|
o CURLINFO: remove 'get' and 'get the' from each short desc [50]
|
|
o CURLINFO_SCHEME/PROTOCOL: they return the "scheme" for a "transfer" [48]
|
|
o CURLINFO_TLS_SSL_PTR.md: remove CURLINFO_TLS_SESSION text [49]
|
|
o CURLOPT_READFUNCTION.md: clarify the size of the buffer [47]
|
|
o CURLOPT_SSH_KEYFUNCTION.md: fix minor indent mistake in example
|
|
o digest_sspi: properly free sspi identity [12]
|
|
o docs: fix checksrc `EQUALSPACE` warnings [21]
|
|
o docs: mention umask need when curl creates files [56]
|
|
o examples/crawler: fix variable [92]
|
|
o examples/multithread: fix race condition [101]
|
|
o ftp: refactor a piece of code by merging the repeated part [40]
|
|
o ftp: remove #ifdef for define that is always defined [76]
|
|
o getinfo: improve perf in debug mode [99]
|
|
o gnutls: report accurate error when TLS-SRP is not built-in [18]
|
|
o gtls: add return checks and optimize the code [2]
|
|
o gtls: skip session resumption when verifystatus is set
|
|
o hostip: don't store negative lookup on OOM [61]
|
|
o http: replace atoi use in Curl_http_follow with curlx_str_number [65]
|
|
o INSTALL-CMAKE.md: document static option defaults more [37]
|
|
o krb5_sspi: unify a part of error handling [80]
|
|
o lib: cleanup for some typos about spaces and code style [3]
|
|
o lib: eliminate size_t casts [112]
|
|
o lib: fix gssapi.h include on IBMi [55]
|
|
o lib: refactor the type of funcs which have useless return and checks [1]
|
|
o libssh2: cleanup ssh_force_knownhost_key_type [64]
|
|
o libssh2: replace atoi() in ssh_force_knownhost_key_type [63]
|
|
o limit-rate: add example using --limit-rate and --max-time together [89]
|
|
o m4/sectrust: fix test(1) operator [4]
|
|
o mbedtls: fix potential use of uninitialized `nread` [8]
|
|
o mk-ca-bundle.pl: default to SHA256 fingerprints with `-t` option [73]
|
|
o mk-ca-bundle.pl: use `open()` with argument list to replace backticks [71]
|
|
o mqtt: reject overly big messages [39]
|
|
o noproxy: replace atoi with curlx_str_number [67]
|
|
o openssl: release ssl_session if sess_reuse_cb fails [43]
|
|
o openssl: remove code handling default version [28]
|
|
o OS400/ccsidcurl: fix curl_easy_setopt_ccsid for non-converted blobs [94]
|
|
o OS400/makefile.sh: fix shellcheck warning SC2038 [86]
|
|
o osslq: code readability [5]
|
|
o progress: show fewer digits [78]
|
|
o pytest: skip H2 tests if feature missing from curl [46]
|
|
o rtmp: fix double-free on URL parse errors [27]
|
|
o rtmp: precaution for a potential integer truncation [54]
|
|
o runtests: detect bad libssh differently for test 1459 [11]
|
|
o runtests: drop Python 2 support remains [45]
|
|
o rustls: fix a potential memory issue [81]
|
|
o rustls: minor adjustment of sizeof() [38]
|
|
o schannel: fix memory leak of cert_store_path on four error paths [23]
|
|
o schannel: replace atoi() with curlx_str_number() [119]
|
|
o scripts: fix shellcheck SC2046 warnings [90]
|
|
o scripts: use end-of-options marker in `find -exec` commands [87]
|
|
o setopt: disable CURLOPT_HAPROXY_CLIENT_IP on NULL [30]
|
|
o setopt: when setting bad protocols, don't store them [9]
|
|
o sftp: fix range downloads in both SSH backends [82]
|
|
o socks_sspi: use free() not FreeContextBuffer() [93]
|
|
o telnet: replace atoi for BINARY handling with curlx_str_number [66]
|
|
o test07_22: fix flakiness [95]
|
|
o test2045: replace HTML multi-line comment markup with `#` comments [36]
|
|
o test363: delete stray character (typo) from a section tag [52]
|
|
o tests/data: replace hard-coded test numbers with `%TESTNUMBER` [33]
|
|
o tests/data: support using native newlines on disk, drop `.gitattributes` [91]
|
|
o tests/server: do not fall back to original data file in `test2fopen()` [32]
|
|
o tests/server: replace `atoi()` and `atol()` with `curlx_str_number()` [110]
|
|
o tftp: release filename if conn_get_remote_addr fails [42]
|
|
o tool: consider (some) curl_easy_setopt errors fatal [7]
|
|
o tool_help: add checks to avoid unsigned wrap around [14]
|
|
o tool_ipfs: check return codes better [20]
|
|
o tool_operate: exit on curl_share_setopt errors [108]
|
|
o tool_operate: remove redundant condition [19]
|
|
o tool_operate: use curlx_str_number instead of atoi [68]
|
|
o tool_paramhlp: refuse --proto remove all protocols [10]
|
|
o urlapi: fix mem-leaks in curl_url_get error paths [22]
|
|
o verify-release: update to avoid shellcheck warning SC2034 [88]
|
|
o vquic-tls/gnutls: call Curl_gtls_verifyserver unconditionally [96]
|
|
o vtls: fix CURLOPT_CAPATH use [51]
|
|
o vtls: handle possible malicious certs_num from peer [53]
|
|
o vtls: pinned key check [98]
|
|
o wcurl: import v2025.11.09 [29]
|
|
o wolfSSL: able to differentiate between IP and DNS in alt names [13]
|
|
o wolfssl: avoid NULL dereference in OOM situation [77]
|
|
o wolfssl: fix a potential memory leak of session [6]
|
|
o wolfssl: simplify wssl_send_earlydata [111]
|
|
|
|
This release includes the following known bugs:
|
|
|
|
See https://curl.se/docs/knownbugs.html
|
|
|
|
For all changes ever done in curl:
|
|
|
|
See https://curl.se/changes.html
|
|
|
|
Planned upcoming removals include:
|
|
|
|
o Builds using VS2008
|
|
o OpenSSL-QUIC
|
|
o Support for c-ares versions before 1.16.0
|
|
|
|
See https://curl.se/dev/deprecate.html
|
|
|
|
This release would not have looked like this without help, code, reports and
|
|
advice from friends like these:
|
|
|
|
Aleksandr Sergeev, Andrew Kirillov, Brad King, Dan Fandrich, Daniel McCarney,
|
|
Daniel Stenberg, Fd929c2CE5fA on github, Gisle Vanem, Jiyong Yang,
|
|
Juliusz Sosinowicz, Leonardo Taccari, nait-furry, Nick Korepanov,
|
|
Patrick Monnerat, pelioro on hackerone, Ray Satiro, renovate[bot],
|
|
Samuel Henrique, Stanislav Fort, Stefan Eissing, Thomas Klausner,
|
|
Viktor Szakats, Xiaoke Wang
|
|
(23 contributors)
|
|
|
|
References to bug reports and discussions on issues:
|
|
|
|
[1] = https://curl.se/bug/?i=19386
|
|
[2] = https://curl.se/bug/?i=19366
|
|
[3] = https://curl.se/bug/?i=19370
|
|
[4] = https://curl.se/bug/?i=19371
|
|
[5] = https://curl.se/bug/?i=19394
|
|
[6] = https://curl.se/bug/?i=19555
|
|
[7] = https://curl.se/bug/?i=19385
|
|
[8] = https://curl.se/bug/?i=19393
|
|
[9] = https://curl.se/bug/?i=19389
|
|
[10] = https://curl.se/bug/?i=19388
|
|
[11] = https://curl.se/bug/?i=19557
|
|
[12] = https://curl.se/bug/?i=19426
|
|
[13] = https://curl.se/bug/?i=19364
|
|
[14] = https://curl.se/bug/?i=19377
|
|
[15] = https://curl.se/bug/?i=19383
|
|
[16] = https://curl.se/bug/?i=19380
|
|
[17] = https://curl.se/bug/?i=19378
|
|
[18] = https://curl.se/bug/?i=19365
|
|
[19] = https://curl.se/bug/?i=19381
|
|
[20] = https://curl.se/bug/?i=19382
|
|
[21] = https://curl.se/bug/?i=19379
|
|
[22] = https://curl.se/bug/?i=19440
|
|
[23] = https://curl.se/bug/?i=19423
|
|
[24] = https://curl.se/bug/?i=19502
|
|
[25] = https://curl.se/bug/?i=19439
|
|
[26] = https://curl.se/bug/?i=19375
|
|
[27] = https://curl.se/bug/?i=19438
|
|
[28] = https://curl.se/bug/?i=19354
|
|
[29] = https://curl.se/bug/?i=19430
|
|
[30] = https://curl.se/bug/?i=19434
|
|
[32] = https://curl.se/bug/?i=19429
|
|
[33] = https://curl.se/bug/?i=19427
|
|
[35] = https://curl.se/bug/?i=19420
|
|
[36] = https://curl.se/bug/?i=19498
|
|
[37] = https://curl.se/bug/?i=19419
|
|
[38] = https://hackerone.com/reports/3427460
|
|
[39] = https://curl.se/bug/?i=19415
|
|
[40] = https://curl.se/bug/?i=19411
|
|
[41] = https://curl.se/bug/?i=19410
|
|
[42] = https://curl.se/bug/?i=19409
|
|
[43] = https://curl.se/bug/?i=19405
|
|
[45] = https://curl.se/bug/?i=19544
|
|
[46] = https://curl.se/bug/?i=19412
|
|
[47] = https://curl.se/bug/?i=19402
|
|
[48] = https://curl.se/bug/?i=19403
|
|
[49] = https://curl.se/bug/?i=19404
|
|
[50] = https://curl.se/bug/?i=19406
|
|
[51] = https://curl.se/bug/?i=19401
|
|
[52] = https://curl.se/bug/?i=19490
|
|
[53] = https://curl.se/bug/?i=19397
|
|
[54] = https://curl.se/bug/?i=19399
|
|
[55] = https://curl.se/bug/?i=19336
|
|
[56] = https://curl.se/bug/?i=19396
|
|
[60] = https://curl.se/bug/?i=18330
|
|
[61] = https://curl.se/bug/?i=19484
|
|
[62] = https://curl.se/bug/?i=17931
|
|
[63] = https://curl.se/bug/?i=19479
|
|
[64] = https://curl.se/bug/?i=19479
|
|
[65] = https://curl.se/bug/?i=19478
|
|
[66] = https://curl.se/bug/?i=19477
|
|
[67] = https://curl.se/bug/?i=19475
|
|
[68] = https://curl.se/bug/?i=19480
|
|
[69] = https://curl.se/bug/?i=17927
|
|
[70] = https://curl.se/bug/?i=19464
|
|
[71] = https://curl.se/bug/?i=19461
|
|
[73] = https://curl.se/bug/?i=19359
|
|
[74] = https://curl.se/bug/?i=19465
|
|
[76] = https://curl.se/bug/?i=19463
|
|
[77] = https://curl.se/bug/?i=19459
|
|
[78] = https://curl.se/bug/?i=19431
|
|
[79] = https://curl.se/bug/?i=19454
|
|
[80] = https://curl.se/bug/?i=19452
|
|
[81] = https://curl.se/bug/?i=19425
|
|
[82] = https://curl.se/bug/?i=19460
|
|
[86] = https://curl.se/bug/?i=19451
|
|
[87] = https://curl.se/bug/?i=19450
|
|
[88] = https://curl.se/bug/?i=19449
|
|
[89] = https://curl.se/bug/?i=19473
|
|
[90] = https://curl.se/bug/?i=19432
|
|
[91] = https://curl.se/bug/?i=19398
|
|
[92] = https://curl.se/bug/?i=19446
|
|
[93] = https://curl.se/bug/?i=19445
|
|
[94] = https://curl.se/bug/?i=19444
|
|
[95] = https://curl.se/bug/?i=19530
|
|
[96] = https://curl.se/bug/?i=19531
|
|
[97] = https://curl.se/bug/?i=19520
|
|
[98] = https://curl.se/bug/?i=19529
|
|
[99] = https://curl.se/bug/?i=19525
|
|
[100] = https://curl.se/bug/?i=19523
|
|
[101] = https://curl.se/bug/?i=19524
|
|
[102] = https://curl.se/bug/?i=19518
|
|
[103] = https://curl.se/bug/?i=19519
|
|
[105] = https://curl.se/bug/?i=19517
|
|
[107] = https://curl.se/bug/?i=19512
|
|
[108] = https://curl.se/bug/?i=19513
|
|
[110] = https://curl.se/bug/?i=19510
|
|
[111] = https://curl.se/bug/?i=19509
|
|
[112] = https://curl.se/bug/?i=19495
|
|
[118] = https://curl.se/bug/?i=19493
|
|
[119] = https://curl.se/bug/?i=19483
|