cURL / News

News

curl and libcurl 7.50.3 September 14 2016

The curl team proudly presents curl and libcurl version 7.50.3. All changes and bug fixes are documented in the changelog.

Pay special attention to the new security vulnerability CVE-2016-7167.

curl and libcurl 7.50.2 September 7 2016

The curl team proudly presents curl and libcurl version 7.50.2. All changes and bug fixes are documented in the changelog.

curl and libcurl 7.50.1 August 3 2016

The curl team proudly presents curl and libcurl version 7.50.1. All changes and bug fixes are documented in the changelog. Pay special attention to the three new security vulnerabilities mentioned there.

curl and libcurl 7.50.0 July 21 2016

The curl team proudly presents curl and libcurl version 7.50.0. All changes and bug fixes are documented in the changelog.

Windows DLL hijacking May 30 2016

curl and libcurl are vulnerable to a Windows DLL hijacking (known as CVE-2016-4802). Affecting versions running on Microsoft Windows.

curl and libcurl 7.49.1 May 30 2016

The curl team proudly presents curl and libcurl version 7.49.1. All changes and bug fixes are documented in the changelog.

curl and libcurl 7.49.0 May 18 2016

The curl team proudly presents curl and libcurl version 7.49.0. All changes and bug fixes are documented in the changelog.

TLS certificate check bypass with mbedTLS/PolarSSL May 18 2016

curl and libcurl are vulnerable to a TLS certificate check bypass (known as CVE-2016-3739) when built to use mbedTLS or PolarSSL.

curl and libcurl 7.48.0 March 23 2016

The curl team proudly presents yet another version in the never ending train of curl releases. curl and libcurl version 7.48.0 is out. Read up on all the changes and bug fixes in the changelog.

curl and libcurl 7.47.1 February 8 2016

The curl team proudly presents curl and libcurl version 7.47.1. Read up on all the changes and bug fixes in the changelog.

git repo moved on github February 3 2016

The git repositories on github for the source and the web site have now been moved over to its new home there: the curl organization.

web site over HTTPS January 29 2016

The curl web site is now served over HTTPS and with HTTP/2 - with certificates from Let's Encrypt. Starting February 3, the curl site automatically redirects all http accesses to its https version. No more HTTP accesses to contents.

curl and libcurl 7.47.0 January 27 2016

The curl team proudly presents curl and libcurl version 7.47.0. Read up on all the changes and bug fixes in the changelog.

This release comes bundled with two security advisories: CVE-2016-0754: local drive traversal when saving file on Windows and CVE-2016-0755: NTLM credentials not-checked for proxy connection re-use.

curl and libcurl 7.46.0 December 2 2015

The curl team proudly presents curl and libcurl version 7.46.0. Read up on all the changes and bug fixes in the changelog.

This is the 150th release counted from the beginning!

curl and libcurl 7.45.0 October 7 2015

The curl team proudly presents the best release ever: curl and libcurl version 7.45.0. Read up on all the changes and bug fixes in the changelog.

curl HTTP cheat sheet September 24 2015

As a little side-project, a curl cheat sheet is being worked on, as a small page showing the most commonly used curl HTTP options.

Help us improve it! It will most probably move into the curl site umbrella at some point.

curl and libcurl 7.44.0 August 12 2015

The curl team proudly presents curl and libcurl version 7.44.0. Read up on all the changes and bug fixes in the changelog.

[SECURITY NOTICE] libidn with bad UTF8 input June 29 2015

A recent security review of libcurl showed that a remote attacker can abuse libcurl's support for international domain names to disclose memory of a libcurl application or cause other unintended behaviors by passing in a malformed unicode string in the URL parameter.

The entire libidn notice

Release archives over HTTPS June 29 2015

As long as the main curl site is still on HTTP only, we now offer HTTPS downloads of the source archives over HTTPS from github. We also modified the look of the release archives list slightly.

Enjoy!

ISP blacklisted by Spamhaus June 18 2015

Right now a large amount of mail servers in the world refuse to accept mails from our primary mail server since Spamhaus deems our ISP to be irresponsible and blacklists us.

We have a fixed IP and we've done nothing wrong here, but apparently collective punishment is a method.

daniel weekly 37 June 17 2015

curl and libcurl 7.43.0 June 17 2015

The curl team proudly presents curl and libcurl version 7.43.0. Read up on all the changes and bug fixes in the changelog.

This release comes bundled with two security advisories: CVE-2015-3236: lingering HTTP credentials in connection re-use and CVE-2015-3237: SMB send off unrelated memory contents.

daniel weekly 36 June 9 2015

daniel weekly 35 June 3 2015

curl user poll 2015 analysis May 26 2015

The 30 page document with all details and analyses of the curl user poll 2015 is now available. It shows details of all the questions, most of them with a comparison with last year’s survey. The write-ins are also full of good advice, wisdom and some signs of ignorance or unawareness.

You'll find some of the older news here.