RELEASE-NOTES: synced

2026-04-14 22:41:40 +03:00 · 2025-12-05 23:51:47 +01:00 · 2025-12-05 23:51:47 +01:00 · 15e5ac6da8
commit 15e5ac6da8
parent 51587f6f14
1 changed files with 68 additions and 8 deletions
--- a/76
+++ b/76
@ -4,7 +4,7 @@ curl and libcurl 8.18.0
 Command line options:         273
 curl_easy_setopt() options:   308
 Public functions in libcurl:  100
- Contributors:                 3554
+ Contributors:                 3556

 This release includes the following changes:

@ -50,11 +50,13 @@ This release includes the following bugfixes:
 o conncache: silence `-Wnull-dereference` on gcc 14 RISC-V 64 [17]
 o conncontrol: reuse handling [170]
 o connect: reshuffle Curl_timeleft_ms to avoid 'redundant condition' [100]
+ o connection: attached transfer count [228]
 o cookie: propagate errors better, cleanup the internal API [118]
 o cookie: return error on OOM [131]
 o cshutdn: acknowledge FD_SETSIZE for shutdown descriptors [25]
 o curl: fix progress meter in parallel mode [15]
 o curl_fopen: do not pass invalid mode flags to `open()` on Windows [84]
+ o curl_gssapi: make sure Curl_gss_log_error() has an initialized buffer [257]
 o curl_sasl: make Curl_sasl_decode_mech compare case insensitively [160]
 o curl_setup.h: document more funcs flagged by `_CRT_SECURE_NO_WARNINGS` [124]
 o curl_setup.h: drop stray `#undef stat` (Windows) [103]
@ -62,21 +64,28 @@ This release includes the following bugfixes:
 o CURLINFO: remove 'get' and 'get the' from each short desc [50]
 o CURLINFO_SCHEME/PROTOCOL: they return the "scheme" for a "transfer" [48]
 o CURLINFO_TLS_SSL_PTR.md: remove CURLINFO_TLS_SESSION text [49]
+ o CURLMOPT_SOCKETFUNCTION.md: fix the callback argument use [206]
 o CURLOPT_READFUNCTION.md: clarify the size of the buffer [47]
 o CURLOPT_SSH_KEYFUNCTION.md: fix minor indent mistake in example
 o curlx/fopen: replace open CRT functions their with `_s` counterparts (Windows) [204]
 o curlx/multibyte: stop setting macros for non-Windows [226]
 o curlx/strerr: use `strerror_s()` on Windows [75]
+ o curlx: limit use of system allocators to the minimum possible [169]
 o curlx: replace `mbstowcs`/`wcstombs` with `_s` counterparts (Windows) [143]
 o curlx: replace `sprintf` with `snprintf` [194]
 o curlx: use curlx allocators in non-memdebug builds (Windows) [155]
 o digest_sspi: fix a memory leak on error path [149]
 o digest_sspi: properly free sspi identity [12]
 o DISTROS.md: add OpenBSD [126]
+ o DISTROS: remove broken URLs for buildroot
 o doc: some returned in-memory data may not be altered [196]
+ o docs/libcurl: fix C formatting nits [207]
+ o docs: clarify how to do unix domain sockets with SOCKS proxy [240]
 o docs: fix checksrc `EQUALSPACE` warnings [21]
 o docs: mention umask need when curl creates files [56]
+ o docs: remove dead URLs
 o docs: spell it Rustls with a capital R [181]
+ o docs: use .example URLs for proxies
 o example: fix formatting nits [232]
 o examples/crawler: fix variable [92]
 o examples/multi-uv: fix invalid req->data access [177]
@ -84,6 +93,7 @@ This release includes the following bugfixes:
 o examples: fix minor typo [203]
 o examples: make functions/data static where missing [139]
 o examples: tidy-up headers and includes [138]
+ o FAQ: fix hackerone URL
 o file: do not pass invalid mode flags to `open()` on upload (Windows) [83]
 o ftp: refactor a piece of code by merging the repeated part [40]
 o ftp: remove #ifdef for define that is always defined [76]
@ -103,16 +113,22 @@ This release includes the following bugfixes:
 o http: handle oom error from Curl_input_digest() [192]
 o http: replace atoi use in Curl_http_follow with curlx_str_number [65]
 o http: the :authority header should never contain user+password [147]
+ o idn: avoid allocations and wcslen on Windows [247]
 o idn: fix memory leak in `win32_ascii_to_idn()` [173]
 o idn: use curlx allocators on Windows [165]
 o imap: make sure Curl_pgrsSetDownloadSize() does not overflow [200]
 o INSTALL-CMAKE.md: document static option defaults more [37]
 o krb5: fix detecting channel binding feature [187]
 o krb5_sspi: unify a part of error handling [80]
+ o ldap: call ldap_init() before setting the options [236]
+ o ldap: improve detection of Apple LDAP [174]
+ o ldap: provide version for "legacy" ldap as well [254]
 o lib/sendf.h: forward declare two structs [221]
 o lib: cleanup for some typos about spaces and code style [3]
 o lib: eliminate size_t casts [112]
 o lib: error for OOM when extracting URL query [127]
+ o lib: fix formatting nits (part 2) [253]
+ o lib: fix formatting nits (part 3) [248]
 o lib: fix formatting nits [215]
 o lib: fix gssapi.h include on IBMi [55]
 o lib: refactor the type of funcs which have useless return and checks [1]
@ -129,6 +145,7 @@ This release includes the following bugfixes:
 o m4/sectrust: fix test(1) operator [4]
 o manage: expand the 'libcurl support required' message [208]
 o mbedtls: fix potential use of uninitialized `nread` [8]
+ o mbedtls: sync format across log messages [213]
 o mbedtls_threadlock: avoid calloc, use array [244]
 o memdebug: add mutex for thread safety [184]
 o mk-ca-bundle.pl: default to SHA256 fingerprints with `-t` option [73]
@ -139,6 +156,7 @@ This release includes the following bugfixes:
 o multibyte: limit `curlx_convert_*wchar*()` functions to Unicode builds [135]
 o ngtcp2+openssl: fix leak of session [172]
 o ngtcp2: remove the unused Curl_conn_is_ngtcp2 function [85]
+ o noproxy: fix ipv6 handling [239]
 o noproxy: replace atoi with curlx_str_number [67]
 o openssl: exit properly on OOM when getting certchain [133]
 o openssl: fix a potential memory leak of bio_out [150]
@ -146,6 +164,7 @@ This release includes the following bugfixes:
 o openssl: no verify failf message unless strict [166]
 o openssl: release ssl_session if sess_reuse_cb fails [43]
 o openssl: remove code handling default version [28]
+ o openssl: simplify `HAVE_KEYLOG_CALLBACK` guard [212]
 o OS400/ccsidcurl: fix curl_easy_setopt_ccsid for non-converted blobs [94]
 o OS400/makefile.sh: fix shellcheck warning SC2038 [86]
 o osslq: code readability [5]
@ -153,7 +172,10 @@ This release includes the following bugfixes:
 o projects/README.md: Markdown fixes [148]
 o pytest fixes and improvements [159]
 o pytest: disable two H3 earlydata tests for all platforms (was: macOS) [116]
+ o pytest: fix and improve reliability [251]
+ o pytest: improve stragglers [252]
 o pytest: skip H2 tests if feature missing from curl [46]
+ o quiche: use client writer [255]
 o ratelimit: redesign [209]
 o rtmp: fix double-free on URL parse errors [27]
 o rtmp: precaution for a potential integer truncation [54]
@ -161,6 +183,7 @@ This release includes the following bugfixes:
 o runtests: detect bad libssh differently for test 1459 [11]
 o runtests: drop Python 2 support remains [45]
 o runtests: enable torture testing with threaded resolver [176]
+ o runtests: make memanalyzer a Perl module (for 1.1-2x speed-up per test run) [238]
 o rustls: fix a potential memory issue [81]
 o rustls: minor adjustment of sizeof() [38]
 o rustls: simplify init err path [219]
@ -178,21 +201,29 @@ This release includes the following bugfixes:
 o socks_sspi: use free() not FreeContextBuffer() [93]
 o speedcheck: do not trigger low speed cancel on transfers with CURL_READFUNC_PAUSE [113]
 o speedlimit: also reset on send unpausing [197]
+ o src: fix formatting nits [246]
 o ssh: tracing and better pollset handling [230]
+ o sws: fix binding to unix socket on Windows [214]
 o telnet: replace atoi for BINARY handling with curlx_str_number [66]
 o TEST-SUITE.md: correct the man page's path [136]
 o test07_22: fix flakiness [95]
+ o test1498: disable 'HTTP PUT from stdin' test on Windows [115]
 o test2045: replace HTML multi-line comment markup with `#` comments [36]
+ o test3207: enable memdebug for this test again [249]
 o test363: delete stray character (typo) from a section tag [52]
+ o test787: fix possible typo `&` -> `%` in curl option [241]
 o tests/data: replace hard-coded test numbers with `%TESTNUMBER` [33]
 o tests/data: support using native newlines on disk, drop `.gitattributes` [91]
 o tests/server: do not fall back to original data file in `test2fopen()` [32]
 o tests/server: replace `atoi()` and `atol()` with `curlx_str_number()` [110]
+ o tests: add `%AMP` macro, use it in two tests [245]
 o tests: allow 2500-2503 to use ~2MB malloc [31]
 o tests: fix formatting nits [225]
 o tftp: release filename if conn_get_remote_addr fails [42]
 o tftpd: fix/tidy up `open()` mode flags [57]
+ o tidy-up: avoid `(())`, clang-format fixes and more [141]
 o tidy-up: move `CURL_UNCONST()` out from macro `curl_unicodefree()` [121]
+ o TODO: remove a mandriva.com reference
 o tool: consider (some) curl_easy_setopt errors fatal [7]
 o tool: log when loading .curlrc in verbose mode [191]
 o tool_cfgable: free ssl-sessions at exit [123]
@ -212,6 +243,7 @@ This release includes the following bugfixes:
 o tool_urlglob: clean up used memory on errors better [44]
 o tool_writeout: bail out proper on OOM [104]
 o url: fix return code for OOM in parse_proxy() [193]
+ o url: if curl_url_get() fails due to OOM, error out properly [205]
 o url: if OOM in parse_proxy() return error [132]
 o urlapi: fix mem-leaks in curl_url_get error paths [22]
 o urlapi: handle OOM properly when setting URL [180]
@ -253,14 +285,15 @@ advice from friends like these:
  Aleksandr Sergeev, Aleksei Bavshin, Andrew Kirillov, BANADDA, boingball,
  Brad King, bttrfl on github, Christian Schmitz, Dan Fandrich,
  Daniel McCarney, Daniel Stenberg, Deniz Parlak, Fd929c2CE5fA on github,
-  ffath-vo on github, Gisle Vanem, Jiyong Yang, Juliusz Sosinowicz, Kai Pastor,
-  Leonardo Taccari, letshack9707 on hackerone, Marc Aldorasi, Marcel Raad,
-  Max Faxälv, nait-furry, ncaklovic on github, Nick Korepanov,
-  Omdahake on github, Patrick Monnerat, pelioro on hackerone, Ray Satiro,
-  renovate[bot], Samuel Henrique, st751228051 on github, Stanislav Fort,
-  Stefan Eissing, Sunny, Thomas Klausner, Viktor Szakats, Wesley Moore,
+  ffath-vo on github, Georg Schulz-Allgaier, Gisle Vanem, Greg Hudson,
+  Jiyong Yang, Juliusz Sosinowicz, Kai Pastor, Leonardo Taccari,
+  letshack9707 on hackerone, Marc Aldorasi, Marcel Raad, Max Faxälv,
+  nait-furry, ncaklovic on github, Nick Korepanov, Omdahake on github,
+  Patrick Monnerat, pelioro on hackerone, Ray Satiro, renovate[bot],
+  Samuel Henrique, st751228051 on github, Stanislav Fort, Stefan Eissing,
+  Sunny, Theo Buehler, Thomas Klausner, Viktor Szakats, Wesley Moore,
  Xiaoke Wang, Yedaya Katsman
-  (41 contributors)
+  (44 contributors)

 References to bug reports and discussions on issues:

@ -377,6 +410,7 @@ References to bug reports and discussions on issues:
 [112] = https://curl.se/bug/?i=19495
 [113] = https://curl.se/bug/?i=19653
 [114] = https://curl.se/bug/?i=19605
+ [115] = https://curl.se/bug/?i=19855
 [116] = https://curl.se/bug/?i=19724
 [117] = https://curl.se/bug/?i=19644
 [118] = https://curl.se/bug/?i=19493
@ -402,6 +436,7 @@ References to bug reports and discussions on issues:
 [138] = https://curl.se/bug/?i=19580
 [139] = https://curl.se/bug/?i=19579
 [140] = https://curl.se/bug/?i=19175
+ [141] = https://curl.se/bug/?i=19854
 [142] = https://curl.se/bug/?i=19572
 [143] = https://curl.se/bug/?i=19581
 [144] = https://curl.se/bug/?i=19571
@ -429,10 +464,12 @@ References to bug reports and discussions on issues:
 [166] = https://curl.se/bug/?i=19615
 [167] = https://curl.se/bug/?i=19609
 [168] = https://curl.se/bug/?i=19612
+ [169] = https://curl.se/bug/?i=19748
 [170] = https://curl.se/bug/?i=19333
 [171] = https://curl.se/bug/?i=19714
 [172] = https://curl.se/bug/?i=19717
 [173] = https://curl.se/bug/?i=19789
+ [174] = https://curl.se/bug/?i=19849
 [175] = https://curl.se/bug/?i=19784
 [176] = https://curl.se/bug/?i=19786
 [177] = https://curl.se/bug/?i=19462
@ -461,10 +498,16 @@ References to bug reports and discussions on issues:
 [202] = https://curl.se/bug/?i=19669
 [203] = https://curl.se/bug/?i=19683
 [204] = https://curl.se/bug/?i=19643
+ [205] = https://curl.se/bug/?i=19838
+ [206] = https://curl.se/bug/?i=19840
+ [207] = https://curl.se/bug/?i=19844
 [208] = https://curl.se/bug/?i=19665
 [209] = https://curl.se/bug/?i=19384
 [210] = https://curl.se/bug/?i=19769
 [211] = https://curl.se/bug/?i=19768
+ [212] = https://curl.se/bug/?i=19843
+ [213] = https://curl.se/bug/?i=19842
+ [214] = https://curl.se/bug/?i=19812
 [215] = https://curl.se/bug/?i=19764
 [217] = https://curl.se/bug/?i=19763
 [219] = https://curl.se/bug/?i=19759
@ -474,8 +517,25 @@ References to bug reports and discussions on issues:
 [223] = https://curl.se/bug/?i=16973
 [225] = https://curl.se/bug/?i=19754
 [226] = https://curl.se/bug/?i=19751
+ [228] = https://curl.se/bug/?i=19836
 [230] = https://curl.se/bug/?i=19745
 [232] = https://curl.se/bug/?i=19746
+ [236] = https://curl.se/bug/?i=19830
+ [238] = https://curl.se/bug/?i=19786
+ [239] = https://curl.se/bug/?i=19828
+ [240] = https://curl.se/bug/?i=19829
+ [241] = https://curl.se/bug/?i=19826
 [242] = https://curl.se/bug/?i=19734
 [243] = https://curl.se/bug/?i=19733
 [244] = https://curl.se/bug/?i=19732
+ [245] = https://curl.se/bug/?i=19824
+ [246] = https://curl.se/bug/?i=19823
+ [247] = https://curl.se/bug/?i=19798
+ [248] = https://curl.se/bug/?i=19811
+ [249] = https://curl.se/bug/?i=19813
+ [251] = https://curl.se/bug/?i=19970
+ [252] = https://curl.se/bug/?i=19809
+ [253] = https://curl.se/bug/?i=19800
+ [254] = https://curl.se/bug/?i=19808
+ [255] = https://curl.se/bug/?i=19803
+ [257] = https://curl.se/bug/?i=19802