cURL cURL > News

News

curl user poll 2015 analysis May 26 2015

The 30 page document with all details and analyses of the curl user poll 2015 is now available. It shows details of all the questions, most of them with a comparison with last year’s survey. The write-ins are also full of good advice, wisdom and some signs of ignorance or unawareness.

curl and libcurl 7.42.1 April 29 2015

The curl team proudly presents another curl and libcurl relese: version 7.42.1. Read up on all the changes and bug fixes in the changelog.

This release comes bundled another security advisory: CVE-2015-3153: sensitive HTTP server headers also sent to proxies.

curl and libcurl 7.42.0 April 22 2015

The curl team proudly presents another curl and libcurl relese: version 7.42.0. Read up on all the changes and bug fixes in the changelog.

This release comes bundled with no less than four different security advisories:

becoming more github friendly March 2 2015

We're trying to lower barriers and friction for newcomers. We have a new positive attitude to pull requests and issues filed directly at github. Welcome!

Existing hackers: consider clicking 'watch' on that repo to get notified.

curl and libcurl 7.41.0 February 25 2015

The curl team proudly presents another curl and libcurl relese: version 7.41.0. Read up on all the changes and bug fixes in the changelog.

Enhanced vulnerability overview January 9 2015

The vulnerability table on the web site has gotten an overhaul. It is the complete list of all published curl vulnerabilities together with which curl versions that are vulnerable.

The new layout is much smaller HTML, and it now features links to specific summaries for each individual curl release through the history. Each summarizing its own vulnerability situation.

For example, you can look at the vulnerability situation for curl 7.37.0 as well as all the others - back to 6.0, released in 1999.

curl and libcurl 7.40.0 January 8 2015

The curl team proudly presents another curl and libcurl relese: version 7.40.0. Read up on all the changes and bug fixes on the changes page.

We also publish two security advisories in association with this release. See CVE-2014-8151 and CVE-2014-8150 for all the details.

videos on curl front page November 28 2014

The front page is now slightly modified to provide a fixed slot for the weekly (or so) videos made by Daniel.

Thanks page remake November 6 2014

The THANKS page,crediting all the people that have helped out in the project, has just gotten a little overhaul and now features a completely new look. We also made some extra efforts and removed some duplicate names from it, which explains why the amount of names went down somewhat.

Of course, if you think you are wrongly missing from the list of names, please tell us. We truly believe in giving proper credit!

curl and libcurl 7.39.0 November 5 2014

The curl team proudly presents another curl and libcurl relese: version 7.39.0. Read up on all the changes and bug fixes on the changes page.

We also publish a security advisory in association with this release. See CVE-2014-3707.

curl is no POODLE October 17 2014

curl is not affected by the POODLE attack. Described further in Daniel's blog post: curl is no POODLE

Random curl info October 10 2014

Recent posts (off-site) by Daniel about curl and libcurl stuff:

Daniel Youtubes about curl September 15 2014

Daniel (curl project leader) is doing a video series about what he's working on at the moment. They are 5-7 minutes each, are posted weekly and include lots of details of what's been happening in the curl project.

curl and libcurl 7.38.0 September 10 2014

The curl team proudly presents a new and shiny curl and libcurl relese: version 7.38.0. Read up on all the changes and bug fixes on the changes page.

This time we also publish two HTTP cookie related security advisories in association with this release. See CVE-2014-3613 and CVE-2014-3620.

RSA-1024 cacert cleanups September 5 2014

Mozilla has recently removed weak certs from the CA certs bundle. Weak, in the meaning that they used 1024 bit RSA.

If you download the latest cacert bundle from the link above right now, you'll see that s3.amazonaws.com sites no longer gets verified fine. I guess that it goes for a few other sites too.

Read more.

curl and libcurl 7.37.1 July 16 2014

Another eight week cycle loops and the curl team proudly presents a new and shiny curl and libcurl relese: version 7.37.1. Read up on all the changes and bug fixes on the changes page.

curl and libcurl survey results June 13 2014

The results from the 2014 survey is now published.

These are the "raw" numbers, analysis and conclusions drawn from this are left to do. Join in and tell us what you think this means!

poll: curl and libcurl usage and project details June 2 2014

The curl project runs the curl and libcurl 2014 poll, asking for your input and feedback on a set of questions around the project, its present and its future.

Feel free to share this link to others who may have a relevant opinion.

The poll is open until midnight June 11th (central european time).

curl and libcurl 7.37.0 May 21 2014

The curl team proudly presents another new and shiny curl and libcurl relese: version 7.37.0. Read up on all the changes and bug fixes on the changes page.

CA bundle over HTTPS May 8 2014

Our CA extract service is very popular to download Mozilla's CA cert bundle in PEM format. Starting now, we also provide a proper HTTPS download link for users who want to be sure there's no foul play going on during the download.

The HTTPS download is provided via github so it will also provide an alternative hosting site for cases where one or the other has problems. Since there's a chicken-and-egg problem with TLS and CA certs, we still offer the same download URL as before over plain HTTP as well.

Thank you for flying curl.

a curl wiki April 25 2014

To enhance everyone's ability to contribute with docs, examples, good ideas and other curl related information we've enabled a curl wiki over at github.

It is a bit of a test. Is there user interest enough to add content and provide info here?

curl and proxy headers April 8 2014

curl and libcurl offer options to specify HTTP proxy headers separate from origin server headers in next version.

curl and libcurl 7.36.0 - and four security advisories! March 26 2014

The curl team proudly presents curl and libcurl 7.36.0. Read up on all the changes and bug fixes on the changes page.

Security advisories released today:

http2 and --next in curl March 15 2014

A few days ago, Daniel blogged about http2 in curl, how it works, what to expect and more. Also, a separate explanation of the upcoming new --next option.

curl and libcurl 7.35.0 January 29 2014

The curl team proudly presents the first release of the year: curl and libcurl 7.35.0. Read up on all the changes and bug fixes on the changes page.

Extra attention should be put on the security advisory we announce today.

You'll find some of the older news here.