romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-14 22:41:40 +03:00
Code Issues Projects Releases Packages Wiki Activity

RELEASE-NOTES: synced

Browse source
This commit is contained in:
Daniel Stenberg 2025-12-11 15:38:00 +01:00
parent 624d98e79c
commit 846eaf4e6b
No known key found for this signature in database
GPG key ID: 5CC908FDB71E12C2
1 changed files with 59 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

72
RELEASE-NOTES
View file

@ -4,7 +4,7 @@ curl and libcurl 8.18.0
Command line options: 273 Command line options: 273
curl_easy_setopt() options: 308 curl_easy_setopt() options: 308
Public functions in libcurl: 100 Public functions in libcurl: 100
Contributors: 3557 Contributors: 3559
This release includes the following changes: This release includes the following changes:
@ -17,6 +17,7 @@ This release includes the following changes:
This release includes the following bugfixes: This release includes the following bugfixes:
o _PROGRESS.md: add the E unit, mention kibibyte [24] o _PROGRESS.md: add the E unit, mention kibibyte [24]
o alt-svc: more flexibility on same destination [298]
o altsvc: make it one malloc instead of three per entry [266] o altsvc: make it one malloc instead of three per entry [266]
o AmigaOS: increase minimum stack size for tool_main [137] o AmigaOS: increase minimum stack size for tool_main [137]
o apple-sectrust: always ask when `native_ca_store` is in use [162] o apple-sectrust: always ask when `native_ca_store` is in use [162]
@ -27,10 +28,13 @@ This release includes the following bugfixes:
o auth: always treat Curl_auth_ntlm_get() returning NULL as OOM [186] o auth: always treat Curl_auth_ntlm_get() returning NULL as OOM [186]
o autotools: add nettle library detection via pkg-config (for GnuTLS) [178] o autotools: add nettle library detection via pkg-config (for GnuTLS) [178]
o autotools: drop autoconf <2.59 compatibility code (zz60-xc-ovr) [70] o autotools: drop autoconf <2.59 compatibility code (zz60-xc-ovr) [70]
o autotools: fix LargeFile feature display on Windows (after prev patch) [276]
o autotools: tidy-up `if` expressions [275]
o badwords: fix issues found in scripts and other files [142] o badwords: fix issues found in scripts and other files [142]
o badwords: fix issues found in tests [156] o badwords: fix issues found in tests [156]
o build: add build-level `CURL_DISABLE_TYPECHECK` options [163] o build: add build-level `CURL_DISABLE_TYPECHECK` options [163]
o build: exclude clang prereleases from compiler warning options [154] o build: exclude clang prereleases from compiler warning options [154]
o build: set `-Wno-format-signedness` [288]
o build: tidy-up MSVC CRT warning suppression macros [140] o build: tidy-up MSVC CRT warning suppression macros [140]
o ccsidcurl: make curl_mime_data_ccsid() use the converted size [74] o ccsidcurl: make curl_mime_data_ccsid() use the converted size [74]
o cf-https-connect: allocate ctx at first in cf_hc_create() [79] o cf-https-connect: allocate ctx at first in cf_hc_create() [79]
@ -47,8 +51,11 @@ This release includes the following bugfixes:
o cmake: save and restore `CMAKE_MODULE_PATH` in `curl-config.cmake` [222] o cmake: save and restore `CMAKE_MODULE_PATH` in `curl-config.cmake` [222]
o code: minor indent fixes before closing braces [107] o code: minor indent fixes before closing braces [107]
o CODE_STYLE.md: sync banned function list with checksrc.pl [243] o CODE_STYLE.md: sync banned function list with checksrc.pl [243]
o config-win32.h: delete obsolete, non-Windows comments [295]
o config-win32.h: drop unused/obsolete `CURL_HAS_OPENLDAP_LDAPSDK` [278]
o config2setopts: bail out if curl_url_get() returns OOM [102] o config2setopts: bail out if curl_url_get() returns OOM [102]
o config2setopts: exit if curl_url_set() fails on OOM [105] o config2setopts: exit if curl_url_set() fails on OOM [105]
o configure: delete unused variable [294]
o conncache: silence `-Wnull-dereference` on gcc 14 RISC-V 64 [17] o conncache: silence `-Wnull-dereference` on gcc 14 RISC-V 64 [17]
o conncontrol: reuse handling [170] o conncontrol: reuse handling [170]
o connect: reshuffle Curl_timeleft_ms to avoid 'redundant condition' [100] o connect: reshuffle Curl_timeleft_ms to avoid 'redundant condition' [100]
@ -62,6 +69,7 @@ This release includes the following bugfixes:
o curl: fix progress meter in parallel mode [15] o curl: fix progress meter in parallel mode [15]
o curl_fopen: do not pass invalid mode flags to `open()` on Windows [84] o curl_fopen: do not pass invalid mode flags to `open()` on Windows [84]
o curl_gssapi: make sure Curl_gss_log_error() has an initialized buffer [257] o curl_gssapi: make sure Curl_gss_log_error() has an initialized buffer [257]
o curl_sasl: if redirected, require permission to use bearer [250]
o curl_sasl: make Curl_sasl_decode_mech compare case insensitively [160] o curl_sasl: make Curl_sasl_decode_mech compare case insensitively [160]
o curl_setup.h: document more funcs flagged by `_CRT_SECURE_NO_WARNINGS` [124] o curl_setup.h: document more funcs flagged by `_CRT_SECURE_NO_WARNINGS` [124]
o curl_setup.h: drop stray `#undef stat` (Windows) [103] o curl_setup.h: drop stray `#undef stat` (Windows) [103]
@ -70,6 +78,7 @@ This release includes the following bugfixes:
o CURLINFO_SCHEME/PROTOCOL: they return the "scheme" for a "transfer" [48] o CURLINFO_SCHEME/PROTOCOL: they return the "scheme" for a "transfer" [48]
o CURLINFO_TLS_SSL_PTR.md: remove CURLINFO_TLS_SESSION text [49] o CURLINFO_TLS_SSL_PTR.md: remove CURLINFO_TLS_SESSION text [49]
o CURLMOPT_SOCKETFUNCTION.md: fix the callback argument use [206] o CURLMOPT_SOCKETFUNCTION.md: fix the callback argument use [206]
o CURLOPT_FOLLOWLOCATION.md: s/Authentication:/Authorization:/ [283]
o CURLOPT_READFUNCTION.md: clarify the size of the buffer [47] o CURLOPT_READFUNCTION.md: clarify the size of the buffer [47]
o CURLOPT_SSH_KEYFUNCTION.md: fix minor indent mistake in example o CURLOPT_SSH_KEYFUNCTION.md: fix minor indent mistake in example
o curlx/fopen: replace open CRT functions their with `_s` counterparts (Windows) [204] o curlx/fopen: replace open CRT functions their with `_s` counterparts (Windows) [204]
@ -79,12 +88,14 @@ This release includes the following bugfixes:
o curlx: replace `mbstowcs`/`wcstombs` with `_s` counterparts (Windows) [143] o curlx: replace `mbstowcs`/`wcstombs` with `_s` counterparts (Windows) [143]
o curlx: replace `sprintf` with `snprintf` [194] o curlx: replace `sprintf` with `snprintf` [194]
o curlx: use curlx allocators in non-memdebug builds (Windows) [155] o curlx: use curlx allocators in non-memdebug builds (Windows) [155]
o DEPRECATE: add CMake <3.18 deprecation for April 2026 [291]
o digest_sspi: fix a memory leak on error path [149] o digest_sspi: fix a memory leak on error path [149]
o digest_sspi: properly free sspi identity [12] o digest_sspi: properly free sspi identity [12]
o DISTROS.md: add OpenBSD [126] o DISTROS.md: add OpenBSD [126]
o DISTROS: fix a Mageia URL o DISTROS: fix a Mageia URL
o DISTROS: remove broken URLs for buildroot o DISTROS: remove broken URLs for buildroot
o doc: some returned in-memory data may not be altered [196] o doc: some returned in-memory data may not be altered [196]
o Dockerfile: update debian:bookworm-slim digest to e899040 [305]
o docs/libcurl: fix C formatting nits [207] o docs/libcurl: fix C formatting nits [207]
o docs: clarify how to do unix domain sockets with SOCKS proxy [240] o docs: clarify how to do unix domain sockets with SOCKS proxy [240]
o docs: fix checksrc `EQUALSPACE` warnings [21] o docs: fix checksrc `EQUALSPACE` warnings [21]
@ -100,6 +111,8 @@ This release includes the following bugfixes:
o examples: fix minor typo [203] o examples: fix minor typo [203]
o examples: make functions/data static where missing [139] o examples: make functions/data static where missing [139]
o examples: tidy-up headers and includes [138] o examples: tidy-up headers and includes [138]
o examples: use 64-bit `fstat` on Windows [301]
o FAQ/TODO/KNOWN_BUGS: convert to markdown [307]
o FAQ: fix hackerone URL o FAQ: fix hackerone URL
o file: do not pass invalid mode flags to `open()` on upload (Windows) [83] o file: do not pass invalid mode flags to `open()` on upload (Windows) [83]
o formdata: validate callback is non-NULL before use [267] o formdata: validate callback is non-NULL before use [267]
@ -110,8 +123,10 @@ This release includes the following bugfixes:
o gnutls: add PROFILE_MEDIUM as default [233] o gnutls: add PROFILE_MEDIUM as default [233]
o gnutls: report accurate error when TLS-SRP is not built-in [18] o gnutls: report accurate error when TLS-SRP is not built-in [18]
o gtls: add return checks and optimize the code [2] o gtls: add return checks and optimize the code [2]
o gtls: Call keylog_close in cleanup
o gtls: skip session resumption when verifystatus is set o gtls: skip session resumption when verifystatus is set
o h2/h3: handle methods with spaces [146] o h2/h3: handle methods with spaces [146]
o headers: add length argument to Curl_headers_push() [309]
o hostcheck: fail wildcard match if host starts with a dot [235] o hostcheck: fail wildcard match if host starts with a dot [235]
o hostip: don't store negative lookup on OOM [61] o hostip: don't store negative lookup on OOM [61]
o hostip: make more functions return CURLcode [202] o hostip: make more functions return CURLcode [202]
@ -129,11 +144,13 @@ This release includes the following bugfixes:
o idn: avoid allocations and wcslen on Windows [247] o idn: avoid allocations and wcslen on Windows [247]
o idn: fix memory leak in `win32_ascii_to_idn()` [173] o idn: fix memory leak in `win32_ascii_to_idn()` [173]
o idn: use curlx allocators on Windows [165] o idn: use curlx allocators on Windows [165]
o imap: check buffer length before accessing it [308]
o imap: make sure Curl_pgrsSetDownloadSize() does not overflow [200] o imap: make sure Curl_pgrsSetDownloadSize() does not overflow [200]
o INSTALL-CMAKE.md: document static option defaults more [37] o INSTALL-CMAKE.md: document static option defaults more [37]
o krb5: fix detecting channel binding feature [187] o krb5: fix detecting channel binding feature [187]
o krb5_sspi: unify a part of error handling [80] o krb5_sspi: unify a part of error handling [80]
o ldap: call ldap_init() before setting the options [236] o ldap: call ldap_init() before setting the options [236]
o ldap: drop PP logic for old, unsupported, Windows SDKs [279]
o ldap: improve detection of Apple LDAP [174] o ldap: improve detection of Apple LDAP [174]
o ldap: provide version for "legacy" ldap as well [254] o ldap: provide version for "legacy" ldap as well [254]
o lib/sendf.h: forward declare two structs [221] o lib/sendf.h: forward declare two structs [221]
@ -162,11 +179,13 @@ This release includes the following bugfixes:
o mbedtls_threadlock: avoid calloc, use array [244] o mbedtls_threadlock: avoid calloc, use array [244]
o mdlinkcheck: ignore IP numbers, allow '@' in raw URLs o mdlinkcheck: ignore IP numbers, allow '@' in raw URLs
o memdebug: add mutex for thread safety [184] o memdebug: add mutex for thread safety [184]
o memdebug: fix realloc logging [286]
o mk-ca-bundle.md: the file format docs URL is permaredirected [188] o mk-ca-bundle.md: the file format docs URL is permaredirected [188]
o mk-ca-bundle.pl: default to SHA256 fingerprints with `-t` option [73] o mk-ca-bundle.pl: default to SHA256 fingerprints with `-t` option [73]
o mk-ca-bundle.pl: use `open()` with argument list to replace backticks [71] o mk-ca-bundle.pl: use `open()` with argument list to replace backticks [71]
o mqtt: reject overly big messages [39] o mqtt: reject overly big messages [39]
o multi: make max_total_* members size_t [158] o multi: make max_total_* members size_t [158]
o multi: remove MSTATE_TUNNELING [297]
o multi: simplify admin handle processing [189] o multi: simplify admin handle processing [189]
o multibyte: limit `curlx_convert_*wchar*()` functions to Unicode builds [135] o multibyte: limit `curlx_convert_*wchar*()` functions to Unicode builds [135]
o ngtcp2+openssl: fix leak of session [172] o ngtcp2+openssl: fix leak of session [172]
@ -190,6 +209,7 @@ This release includes the following bugfixes:
o pytest: disable two H3 earlydata tests for all platforms (was: macOS) [116] o pytest: disable two H3 earlydata tests for all platforms (was: macOS) [116]
o pytest: fix and improve reliability [251] o pytest: fix and improve reliability [251]
o pytest: improve stragglers [252] o pytest: improve stragglers [252]
o pytest: quiche flakiness [280]
o pytest: skip H2 tests if feature missing from curl [46] o pytest: skip H2 tests if feature missing from curl [46]
o quiche: use client writer [255] o quiche: use client writer [255]
o ratelimit: redesign [209] o ratelimit: redesign [209]
@ -228,6 +248,7 @@ This release includes the following bugfixes:
o test1475: consistently use %CR in headers [234] o test1475: consistently use %CR in headers [234]
o test1498: disable 'HTTP PUT from stdin' test on Windows [115] o test1498: disable 'HTTP PUT from stdin' test on Windows [115]
o test2045: replace HTML multi-line comment markup with `#` comments [36] o test2045: replace HTML multi-line comment markup with `#` comments [36]
o test318: tweak the name a little
o test3207: enable memdebug for this test again [249] o test3207: enable memdebug for this test again [249]
o test363: delete stray character (typo) from a section tag [52] o test363: delete stray character (typo) from a section tag [52]
o test787: fix possible typo `&` -> `%` in curl option [241] o test787: fix possible typo `&` -> `%` in curl option [241]
@ -243,6 +264,7 @@ This release includes the following bugfixes:
o tftpd: fix/tidy up `open()` mode flags [57] o tftpd: fix/tidy up `open()` mode flags [57]
o tidy-up: avoid `(())`, clang-format fixes and more [141] o tidy-up: avoid `(())`, clang-format fixes and more [141]
o tidy-up: move `CURL_UNCONST()` out from macro `curl_unicodefree()` [121] o tidy-up: move `CURL_UNCONST()` out from macro `curl_unicodefree()` [121]
o tidy-up: URLs (cont.) and mdlinkcheck [285]
o tidy-up: URLs [182] o tidy-up: URLs [182]
o TODO: remove a mandriva.com reference o TODO: remove a mandriva.com reference
o tool: consider (some) curl_easy_setopt errors fatal [7] o tool: consider (some) curl_easy_setopt errors fatal [7]
@ -276,6 +298,7 @@ This release includes the following bugfixes:
o vtls: handle possible malicious certs_num from peer [53] o vtls: handle possible malicious certs_num from peer [53]
o vtls: pinned key check [98] o vtls: pinned key check [98]
o wcurl: import v2025.11.09 [29] o wcurl: import v2025.11.09 [29]
o windows: assume `USE_WIN32_LARGE_FILES` [292]
o windows: use `_strdup()` instead of `strdup()` where missing [145] o windows: use `_strdup()` instead of `strdup()` where missing [145]
o wolfSSL: able to differentiate between IP and DNS in alt names [13] o wolfSSL: able to differentiate between IP and DNS in alt names [13]
o wolfssl: avoid NULL dereference in OOM situation [77] o wolfssl: avoid NULL dereference in OOM situation [77]
@ -304,18 +327,20 @@ Planned upcoming removals include:
This release would not have looked like this without help, code, reports and This release would not have looked like this without help, code, reports and
advice from friends like these: advice from friends like these:
Aleksandr Sergeev, Aleksei Bavshin, Andrew Kirillov, BANADDA, boingball, Aleksandr Sergeev, Aleksei Bavshin, Andrew Kirillov,
Brad King, bttrfl on github, Christian Schmitz, Dan Fandrich, anonymous237 on hackerone, BANADDA, boingball, Brad King, bttrfl on github,
Daniel McCarney, Daniel Stenberg, Denis Goleshchikhin, Deniz Parlak, Christian Schmitz, Dan Fandrich, Daniel McCarney, Daniel Stenberg,
dependabot[bot], Fabian Keil, Fd929c2CE5fA on github, ffath-vo on github, Denis Goleshchikhin, Deniz Parlak, dependabot[bot], Fabian Keil,
Georg Schulz-Allgaier, Gisle Vanem, Greg Hudson, Harry Sintonen, Jiyong Yang, Fd929c2CE5fA on github, ffath-vo on github, Georg Schulz-Allgaier,
Juliusz Sosinowicz, Kai Pastor, Leonardo Taccari, letshack9707 on hackerone, Gisle Vanem, Greg Hudson, Harry Sintonen, Jiyong Yang, Juliusz Sosinowicz,
Marc Aldorasi, Marcel Raad, Max Faxälv, nait-furry, ncaklovic on github, Kai Pastor, Leonardo Taccari, letshack9707 on hackerone, Marc Aldorasi,
Nick Korepanov, Omdahake on github, Patrick Monnerat, pelioro on hackerone, Marcel Raad, Max Faxälv, nait-furry, ncaklovic on github, Nick Korepanov,
Ray Satiro, renovate[bot], Robert W. Van Kirk, Samuel Henrique, Omdahake on github, Patrick Monnerat, pelioro on hackerone, Ray Satiro,
st751228051 on github, Stanislav Fort, Stefan Eissing, Sunny, Theo Buehler, renovate[bot], Robert W. Van Kirk, Samuel Henrique, st751228051 on github,
Thomas Klausner, Viktor Szakats, Wesley Moore, Xiaoke Wang, Yedaya Katsman Stanislav Fort, Stefan Eissing, Sunny, Theo Buehler, Thomas Klausner,
(49 contributors) Viktor Szakats, Wesley Moore, Xiaoke Wang, Yedaya Katsman, Yuhao Jiang,
yushicheng7788 on github
(52 contributors)
References to bug reports and discussions on issues: References to bug reports and discussions on issues:
@ -563,6 +588,7 @@ References to bug reports and discussions on issues:
[247] = https://curl.se/bug/?i=19798 [247] = https://curl.se/bug/?i=19798
[248] = https://curl.se/bug/?i=19811 [248] = https://curl.se/bug/?i=19811
[249] = https://curl.se/bug/?i=19813 [249] = https://curl.se/bug/?i=19813
[250] = https://curl.se/bug/?i=19933
[251] = https://curl.se/bug/?i=19970 [251] = https://curl.se/bug/?i=19970
[252] = https://curl.se/bug/?i=19809 [252] = https://curl.se/bug/?i=19809
[253] = https://curl.se/bug/?i=19800 [253] = https://curl.se/bug/?i=19800
@ -581,3 +607,23 @@ References to bug reports and discussions on issues:
[266] = https://curl.se/bug/?i=19857 [266] = https://curl.se/bug/?i=19857
[267] = https://curl.se/bug/?i=19858 [267] = https://curl.se/bug/?i=19858
[268] = https://curl.se/bug/?i=19753 [268] = https://curl.se/bug/?i=19753
[275] = https://curl.se/bug/?i=18189
[276] = https://curl.se/bug/?i=19922
[278] = https://curl.se/bug/?i=19920
[279] = https://curl.se/bug/?i=19918
[280] = https://curl.se/bug/?i=19770
[283] = https://curl.se/bug/?i=19915
[285] = https://curl.se/bug/?i=19911
[286] = https://curl.se/bug/?i=19900
[288] = https://curl.se/bug/?i=19907
[291] = https://curl.se/bug/?i=19902
[292] = https://curl.se/bug/?i=19888
[294] = https://curl.se/bug/?i=19901
[295] = https://curl.se/bug/?i=19899
[297] = https://curl.se/bug/?i=19894
[298] = https://curl.se/bug/?i=19740
[301] = https://curl.se/bug/?i=19896
[305] = https://curl.se/bug/?i=19891
[307] = https://curl.se/bug/?i=19875
[308] = https://curl.se/bug/?i=19887
[309] = https://curl.se/bug/?i=19886