cURL / News

News

[SECURITY NOTICE] libidn with bad UTF8 input June 29 2015

A recent security review of libcurl showed that a remote attacker can abuse libcurl's support for international domain names to disclose memory of a libcurl application or cause other unintended behaviors by passing in a malformed unicode string in the URL parameter.

The entire libidn notice

Release archives over HTTPS June 29 2015

As long as the main curl site is still on HTTP only, we now offer HTTPS downloads of the source archives over HTTPS from github. We also modified the look of the release archives list slightly.

Enjoy!

ISP blacklisted by Spamhaus June 18 2015

Right now a large amount of mail servers in the world refuse to accept mails from our primary mail server since Spamhaus deems our ISP to be irresponsible and blacklists us.

We have a fixed IP and we've done nothing wrong here, but apparently collective punishment is a method.

daniel weekly 37 June 17 2015

curl and libcurl 7.43.0 June 17 2015

The curl team proudly presents curl and libcurl version 7.43.0. Read up on all the changes and bug fixes in the changelog.

This release comes bundled with two security advisories: CVE-2015-3236: lingering HTTP credentials in connection re-use and CVE-2015-3237: SMB send off unrelated memory contents.

daniel weekly 36 June 9 2015

daniel weekly 35 June 3 2015

curl user poll 2015 analysis May 26 2015

The 30 page document with all details and analyses of the curl user poll 2015 is now available. It shows details of all the questions, most of them with a comparison with last year’s survey. The write-ins are also full of good advice, wisdom and some signs of ignorance or unawareness.

curl and libcurl 7.42.1 April 29 2015

The curl team proudly presents another curl and libcurl relese: version 7.42.1. Read up on all the changes and bug fixes in the changelog.

This release comes bundled another security advisory: CVE-2015-3153: sensitive HTTP server headers also sent to proxies.

curl and libcurl 7.42.0 April 22 2015

The curl team proudly presents another curl and libcurl relese: version 7.42.0. Read up on all the changes and bug fixes in the changelog.

This release comes bundled with no less than four different security advisories:

becoming more github friendly March 2 2015

We're trying to lower barriers and friction for newcomers. We have a new positive attitude to pull requests and issues filed directly at github. Welcome!

Existing hackers: consider clicking 'watch' on that repo to get notified.

curl and libcurl 7.41.0 February 25 2015

The curl team proudly presents another curl and libcurl relese: version 7.41.0. Read up on all the changes and bug fixes in the changelog.

Enhanced vulnerability overview January 9 2015

The vulnerability table on the web site has gotten an overhaul. It is the complete list of all published curl vulnerabilities together with which curl versions that are vulnerable.

The new layout is much smaller HTML, and it now features links to specific summaries for each individual curl release through the history. Each summarizing its own vulnerability situation.

For example, you can look at the vulnerability situation for curl 7.37.0 as well as all the others - back to 6.0, released in 1999.

curl and libcurl 7.40.0 January 8 2015

The curl team proudly presents another curl and libcurl relese: version 7.40.0. Read up on all the changes and bug fixes on the changes page.

We also publish two security advisories in association with this release. See CVE-2014-8151 and CVE-2014-8150 for all the details.

videos on curl front page November 28 2014

The front page is now slightly modified to provide a fixed slot for the weekly (or so) videos made by Daniel.

Thanks page remake November 6 2014

The THANKS page,crediting all the people that have helped out in the project, has just gotten a little overhaul and now features a completely new look. We also made some extra efforts and removed some duplicate names from it, which explains why the amount of names went down somewhat.

Of course, if you think you are wrongly missing from the list of names, please tell us. We truly believe in giving proper credit!

curl and libcurl 7.39.0 November 5 2014

The curl team proudly presents another curl and libcurl relese: version 7.39.0. Read up on all the changes and bug fixes on the changes page.

We also publish a security advisory in association with this release. See CVE-2014-3707.

curl is no POODLE October 17 2014

curl is not affected by the POODLE attack. Described further in Daniel's blog post: curl is no POODLE

Random curl info October 10 2014

Recent posts (off-site) by Daniel about curl and libcurl stuff:

Daniel Youtubes about curl September 15 2014

Daniel (curl project leader) is doing a video series about what he's working on at the moment. They are 5-7 minutes each, are posted weekly and include lots of details of what's been happening in the curl project.

curl and libcurl 7.38.0 September 10 2014

The curl team proudly presents a new and shiny curl and libcurl relese: version 7.38.0. Read up on all the changes and bug fixes on the changes page.

This time we also publish two HTTP cookie related security advisories in association with this release. See CVE-2014-3613 and CVE-2014-3620.

RSA-1024 cacert cleanups September 5 2014

Mozilla has recently removed weak certs from the CA certs bundle. Weak, in the meaning that they used 1024 bit RSA.

If you download the latest cacert bundle from the link above right now, you'll see that s3.amazonaws.com sites no longer gets verified fine. I guess that it goes for a few other sites too.

Read more.

curl and libcurl 7.37.1 July 16 2014

Another eight week cycle loops and the curl team proudly presents a new and shiny curl and libcurl relese: version 7.37.1. Read up on all the changes and bug fixes on the changes page.

curl and libcurl survey results June 13 2014

The results from the 2014 survey is now published.

These are the "raw" numbers, analysis and conclusions drawn from this are left to do. Join in and tell us what you think this means!

poll: curl and libcurl usage and project details June 2 2014

The curl project runs the curl and libcurl 2014 poll, asking for your input and feedback on a set of questions around the project, its present and its future.

Feel free to share this link to others who may have a relevant opinion.

The poll is open until midnight June 11th (central european time).

You'll find some of the older news here.