cURL cURL > News

News

"just another week" November 17 2014

Daniel posts weekly videos with comments and updates on his work. Mostly focused on curl but occasional related projects of his are mentioned.

Thanks page remake November 6 2014

The THANKS page,crediting all the people that have helped out in the project, has just gotten a little overhaul and now features a completely new look. We also made some extra efforts and removed some duplicate names from it, which explains why the amount of names went down somewhat.

Of course, if you think you are wrongly missing from the list of names, please tell us. We truly believe in giving proper credit!

curl and libcurl 7.39.0 November 5 2014

The curl team proudly presents another curl and libcurl relese: version 7.39.0. Read up on all the changes and bug fixes on the changes page.

We also publish a security advisories in association with this release. See CVE-2014-3707.

curl is no POODLE October 17 2014

curl is not affected by the POODLE attack. Described further in Daniel's blog post: curl is no POODLE

Random curl info October 10 2014

Recent posts (off-site) by Daniel about curl and libcurl stuff:

Daniel Youtubes about curl September 15 2014

Daniel (curl project leader) is doing a video series about what he's working on at the moment. They are 5-7 minutes each, are posted weekly and include lots of details of what's been happening in the curl project.

curl and libcurl 7.38.0 September 10 2014

The curl team proudly presents a new and shiny curl and libcurl relese: version 7.38.0. Read up on all the changes and bug fixes on the changes page.

This time we also publish two HTTP cookie related security advisories in association with this release. See CVE-2014-3613 and CVE-2014-3620.

RSA-1024 cacert cleanups September 5 2014

Mozilla has recently removed weak certs from the CA certs bundle. Weak, in the meaning that they used 1024 bit RSA.

If you download the latest cacert bundle from the link above right now, you'll see that s3.amazonaws.com sites no longer gets verified fine. I guess that it goes for a few other sites too.

Read more.

curl and libcurl 7.37.1 July 16 2014

Another eight week cycle loops and the curl team proudly presents a new and shiny curl and libcurl relese: version 7.37.1. Read up on all the changes and bug fixes on the changes page.

curl and libcurl survey results June 13 2014

The results from the 2014 survey is now published.

These are the "raw" numbers, analysis and conclusions drawn from this are left to do. Join in and tell us what you think this means!

poll: curl and libcurl usage and project details June 2 2014

The curl project runs the curl and libcurl 2014 poll, asking for your input and feedback on a set of questions around the project, its present and its future.

Feel free to share this link to others who may have a relevant opinion.

The poll is open until midnight June 11th (central european time).

curl and libcurl 7.37.0 May 21 2014

The curl team proudly presents another new and shiny curl and libcurl relese: version 7.37.0. Read up on all the changes and bug fixes on the changes page.

CA bundle over HTTPS May 8 2014

Our CA extract service is very popular to download Mozilla's CA cert bundle in PEM format. Starting now, we also provide a proper HTTPS download link for users who want to be sure there's no foul play going on during the download.

The HTTPS download is provided via github so it will also provide an alternative hosting site for cases where one or the other has problems. Since there's a chicken-and-egg problem with TLS and CA certs, we still offer the same download URL as before over plain HTTP as well.

Thank you for flying curl.

a curl wiki April 25 2014

To enhance everyone's ability to contribute with docs, examples, good ideas and other curl related information we've enabled a curl wiki over at github.

It is a bit of a test. Is there user interest enough to add content and provide info here?

curl and proxy headers April 8 2014

curl and libcurl offer options to specify HTTP proxy headers separate from origin server headers in next version.

curl and libcurl 7.36.0 - and four security advisories! March 26 2014

The curl team proudly presents curl and libcurl 7.36.0. Read up on all the changes and bug fixes on the changes page.

Security advisories released today:

http2 and --next in curl March 15 2014

A few days ago, Daniel blogged about http2 in curl, how it works, what to expect and more. Also, a separate explanation of the upcoming new --next option.

curl and libcurl 7.35.0 January 29 2014

The curl team proudly presents the first release of the year: curl and libcurl 7.35.0. Read up on all the changes and bug fixes on the changes page.

Extra attention should be put on the security advisory we announce today.

curl and libcurl 7.34.0 December 17 2013

The curl team proudly presents curl and libcurl 7.34.0. Read up on all the changes and bug fixes on the changes page.

Extra attention should be put on the security advisory we announce today.

SECURITY ADVISORY: libcurl cert name check ignore November 15 2013

libcurl is vulnerable to a case of missing out the checking of the certificate CN or SAN name field when the digital signature verification is turned off. Read the full Project cURL Security Advisory for CVE-2013-4545.

curl in Mac OS X Mavericks 10.9 October 23 2013

Apple released Mac OS X Mavericks 10.9 the other day and in that they ship an updated curl with some noteworthy changes. Graciously brought to us by Nick Zitzmann.

curl and libcurl 7.33.0 October 14 2013

The curl team proudly presents curl and libcurl 7.33.0. Read up on all the changes and bug fixes on the changes page.

curl and libcurl 7.32.0 August 12 2013

The curl team proudly presents curl and libcurl 7.32.0. Read up on all the changes and bug fixes on the changes page.

dotdot removal in libcurl July 30 2013

Daniel posted an article on the upcoming change in libcurl when it will start doing dotdot removal. It is a feature of the upcoming libcurl 7.32.0 release.

curl and libcurl 7.31.0 June 22 2013

The curl team proudly presents curl and libcurl 7.31.0. Read up on all the changes and bug fixes on the changes page.

Extra attention should be put on the libcurl URL decode buffer boundary flaw security advisory we've announced today.

You'll find some of the older news here.