diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 80af206978..1b0fe92c74 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -1,6 +1,6 @@
-curl and libcurl 8.19.0
+curl and libcurl 8.19.1
 
- Public curl releases:         273
+ Public curl releases:         274
  Command line options:         273
  curl_easy_setopt() options:   308
  Public functions in libcurl:  100
@@ -8,281 +8,11 @@ curl and libcurl 8.19.0
 
 This release includes the following changes:
 
- o we stopped the bug bounty [23]
- o cmake: add `CURL_BUILD_EVERYTHING` option [51]
- o initial support for MQTTS [81]
- o tool: support fractions for --limit-rate and --max-filesize [79]
- o tool_cb_hdr: with -J, use the redirect name as a backup [147]
- o vquic: drop support for OpenSSL-QUIC [80]
- o windows: add build option to use the native CA store [82]
- o windows: bump minimum to Vista (from XP) [12]
 
 This release includes the following bugfixes:
 
- o altsvc: only accept 17 byte dates from files [22]
- o asyn-ares: abort with OOM error when Curl_dnscache_mk_entry fails [107]
- o async-ares: blocking resolve timeout handling, better [239]
- o badwords: move into ./scripts, speed up [187]
- o build: add missing `GENERATEDCERTS` files [210]
- o build: adjust minimum version for some clang picky warnings [211]
- o build: check `MSG_NOSIGNAL` directly, drop detection and interim macro [26]
- o build: constify `memchr()`/`strchr()`/etc result variables (cont.) [85]
- o build: detect and include `inttypes.h` again [13]
- o build: do not include wolfSSL header in `curl_setup.h` [215]
- o build: drop duplicate C includes [54]
- o build: drop global suppression of `-Wformat-nonliteral`, fix fallouts [19]
- o build: drop unused `snprintf()` feature check on Windows [261]
- o build: fix `-Wunused-macros` warnings, and related tidy-ups [176]
- o build: fix building rare combinations [109]
- o build: fully omit verbose strings and code when disabled [113]
- o build: globally suppress DJGPP warnings in `FD_SET()` [56]
- o build: merge TrackMemory (`CURLDEBUG`) into debug-enabled option [46]
- o build: move curl stat struct type to the curlx namespace [156]
- o build: opt-in MSVC to C99-style verbose logging logic [108]
- o build: require POSIX `strdup()` [159]
- o build: tidy up and dedupe `strdup` functions [162]
- o cf-socket: ignore SOCK_CLOEXEC etc for socktype equality checks [226]
- o cf-socket: use SOCK_CLOEXEC in socket_open when available [130]
- o checksrc-all.pl: skip non-repository files [144]
- o checksrc: do not apply `BANNEDFUNC` to struct member functions [35]
- o checksrc: warn for leading spaces before the preprocessor hash [72]
- o clang-tidy: add missing and delete redundant parentheses [155]
- o clang-tidy: add more missing parentheses in macro values [224]
- o clang-tidy: avoid/silence `bugprone-not-null-terminated-result` [222]
- o clang-tidy: check `bugprone-macro-parentheses`, fix fallouts [212]
- o clang-tidy: drop redundant conditions reported by `misc-redundant-expression` [217]
- o clang-tidy: enable `bugprone-signed-char-misuse`, fix fallouts [227]
- o clang-tidy: enable more checks [225]
- o clang-tidy: enable scanning headers [205]
- o clang-tidy: fix issues found with build-fuzzing [275]
- o clang-tidy: silence more minor issues found by v22 [276]
- o cmake/FindMbedTLS: add workaround for missing static MSVC `mbedcrypto.lib` 4.0.0 [174]
- o cmake: add `CURL_DROP_UNUSED` option to reduce binary sizes [105]
- o cmake: add native clang-tidy support for tests, with concatenated sources [223]
- o cmake: always build curlu and curltool test libs in unity mode [190]
- o cmake: always define `CURL::win32_winsock` on Windows in `curl-config.cmake` [104]
- o cmake: convert `curl_add_clang_tidy_test_target()` macro to function [281]
- o cmake: enable binutils ld workaround for all toolchains at build-time [57]
- o cmake: fix `LOCATION` property access condition (debug) [241]
- o cmake: fix `LOCATION` property read errors in target debug function [243]
- o cmake: fix building with `CMAKE_FIND_PACKAGE_PREFER_CONFIG=ON` [254]
- o cmake: fix confusing error when a dependency is undetected in `curl-config.cmake` [169]
- o cmake: fix logic for openssl/zlib binutils ld workaround [71]
- o cmake: fix passing system header directories to clang-tidy for tests [221]
- o cmake: fix system include directory position for clang-tidy in tests [284]
- o cmake: improve clang-tidy test command-line reproduction [242]
- o cmake: minor fixes to test targets after prev [214]
- o cmake: normalize uppercase hex winver (for display) [191]
- o cmake: omit `curl.rc` from curltool lib [209]
- o cmake: reference OpenSSL and ZLIB imported targets only when enabled [41]
- o cmake: replace internal option with a new `tt` (test tools) target [220]
- o cmake: silence potential unused var warnings in C++ test snippet [201]
- o cmake: silence silly Apple clang warnings in C89 mode, test in CI [14]
- o cmake: silence useless compiler warnings triggered by the FASTBuild generator [43]
- o cmake: skip binutils ld hack if zlib/openssl target is not `IMPORTED` [90]
- o cmake: warn for invalid `CURL_TARGET_WINDOWS_VERSION` values [192]
- o cmke: add `*_USE_STATIC_LIBS` options for 9 dependencies [49]
- o config-plan9: set `HAVE_STDINT_H` again [17]
- o config2setopts: acknowledge OOM error from CURLOPT_MIMEPOST [120]
- o config2setopts: fix for --disable-aws build configuration [34]
- o configure: drop always true `if` check (Windows) [250]
- o content_encoding: return 'identity' if none other exists [235]
- o curl: add -I and -i to -h important [135]
- o curl: limit Windows-specific code to Windows builds, other tidy-ups [48]
- o curl_easy_nextheader.md: a new transfer invalidates 'prev' [69]
- o curl_get_line: drop single-use macro [93]
- o curl_multi_perform.md: resolve inconsistency [143]
- o curl_ntlm_core: merge two `#if` blocks [177]
- o curl_setup.h: drop extra header guard for internal include [91]
- o curl_setup.h: merge back single-use internal header `curl_setup_once.h` [78]
- o curl_setup.h: simplify curl memory macro mappings [163]
- o curl_setup_once: allow CURL_DEBUGASSERT for customization [125]
- o CURLINFO_CONTENT_LENGTH_DOWNLOAD_T.md: fix available protocols [97]
- o curlx: drop unused `curlx_saferealloc()` [161]
- o digest: escape double quotes and backslashes in realm and nonce [83]
- o digest: fix memory leak in auth_create_digest_http_message() [263]
- o digest: handle quotes in the path [50]
- o docs/INSTALL: update configure details [45]
- o docs/libcurl: unify WARNING use [89]
- o docs: add LibreELEC to DISTROS.md
- o docs: add reproducible example for generating man page [95]
- o docs: avoid starting sentences with However, [175]
- o docs: avoid using the word 'magic' [256]
- o docs: clarify --ipv4 and --ipv6 [149]
- o docs: document the need for a 64-bit type and stdint.h [118]
- o docs: drop basically [229]
- o docs: explicitly call out Slowloris as not a security flaw [6]
- o docs: fix grammar nitpicks [128]
- o docs: handle error in `curl_global_init*` examples [204]
- o docs: replace instances of the vague qualifier 'quite' [171]
- o docs: reword explanation of --variable option [150]
- o docs: some nitpicks [277]
- o docs: use dot instead of comma at end of sentences [168]
- o easy: reset errorbuf on eyeballing success [179]
- o easy: reset pausing when resetting request [218]
- o examples/usercertinmem: use modern OpenSSL API, drop mentions of RSA [188]
- o examples: improve OpenSSL certificate examples [248]
- o examples: omit forward declarations, apply misc fixes [60]
- o FAQ: syntax improvements [230]
- o fopen.h: simplify curl memory macro mappings [160]
- o ftp: replace a `curlx_free()` with `curlx_dyn_free()` [86]
- o ftp: split ftp_state_use_port into sub functions [172]
- o GOVERNANCE.md: Post-Daniel BDFL [31]
- o gss: exclude verbose error logic from non-verbose builds [122]
- o h2+h3: align stream close handling [131]
- o hostip.c: fix leak of addrinfo [11]
- o hostip6: remove debug-only code [24]
- o hostip: fix unreachable code in rare build configuration [74]
- o http/3: add description for known server error codes [15]
- o http1: fix potential NULL dereference in `Curl_h1_req_parse_read()` [268]
- o http: only send bearer if auth is allowed [228]
- o http_aws_sigv4: fix query normalization of %2b [117]
- o imap: add a check for Curl_meta_get() [157]
- o imap: check `imap_sendf()` printf masks at compile-time [67]
- o imap: skip literals inside quoted strings [30]
- o include: avoid recursive macros [182]
- o include: mask computed auth/proto bitmasks to 32 bits [145]
- o INSTALL-CMAKE.md: document Apple framework options [53]
- o INSTALL.md: fix typo [278]
- o INSTALL.md: suggest `-Wl,-dead_strip` for Apple targets [68]
- o KNOWN_BUGS.md: absolute Unix domain filename for SOCKS on Windows [37]
- o ldap: silence clang-tidy v22 warning [279]
- o ldap: silence potential unused variable warning (OS400) [55]
- o lib: delete unused local includes [181]
- o lib: disable websockets early if no http [140]
- o lib: make sigpipe handling more lazy [52]
- o lib: reorder protocol functions to avoid forward declarations (email) [76]
- o lib: reorder protocol functions to avoid forward declarations (ftp) [75]
- o lib: reorder protocol functions to avoid forward declarations (misc cont.) [66]
- o lib: reorder protocol functions to avoid forward declarations (misc) [77]
- o lib: reorder protocol functions to avoid forward declarations (ssh) [65]
- o lib: separate scheme info from protocol implementation [42]
- o lib: skip compiling code with features disabled [189]
- o lib: use (u)int64_t instead of long long [39]
- o libcurl docs: reduce 'since ...' in descriptions [28]
- o libcurl-security.md: fix typos and add a point about URLs
- o libtests: drop two redundant `memset()`s [110]
- o Makefile.am: delete RPM targets referencing non-existent files [9]
- o Makefile.am: drop stray VC project files from dist [5]
- o managen: silence Perl warnings [141]
- o mbedtls: guard TLS 1.3 + session tickets usage inside ifdef [260]
- o mbedtls: no pinnedpubkey wo MBEDTLS_SSL_KEEP_PEER_CERTIFICATE [29]
- o mbedtls: remove newline from failf() call [25]
- o mbedtls: split mbed_connect_step1 into sub functions [166]
- o md4, md5: drop redundant forward declarations [64]
- o md4, md5: replace custom types with `uint32_t` [111]
- o memdebug: include `backtrace.h` as system header [148]
- o mime: drop fallback for unused `R_OK` macro [58]
- o mimepost: allocate main struct on-demand [20]
- o mk-ca-bundle.pl: drop support for obsolete/insecure fingerprint algos [138]
- o mod_curltest: silence unused argument compiler warning [63]
- o mprintf: drop old sprintf fallback [7]
- o mprintf: rename internal enum to avoid collision with AmigaOS symbol [183]
- o mprintf: silence clang-tidy `readability-suspicious-call-argument` [262]
- o mprintf: use `_snprintf()` when compiled with VS2013 and older [280]
- o mqtt: better too-big-message-check [73]
- o mqtt: fix EOF handling [231]
- o mqtt: verify Remaining Length for CONNACK and PUBACK [153]
- o msvc: drop exception, make `BIT()` a bitfield with Visual Studio [2]
- o msvc: VS2026: unlock picky warning in cmake, test in CI [198]
- o multi: avoid a theoretical 32-bit wrap [186]
- o multi: fix unreachable code compiler warning [264]
- o multi: probe for IPv6 functionality in multi_init() [114]
- o multi: split multi_runsingle into sub functions [197]
- o multi: update timer unconditionally in multi_remove_handle [158]
- o ngtcp2: stabilize recv [18]
- o noproxy: simplify, don't mix const non-const in strchr() [88]
- o openldap: avoid forward declarations in ldaps code [62]
- o openssl+ech: workaround for insecure handshakes [238]
- o openssl: adapt to OpenSSL master adding const to more APIs [253]
- o OpenSSL: check reuse of sessions for verify status [142]
- o openssl: disable local keylog feature if built-in upstream [178]
- o openssl: fix compiler warning with OpenSSL master [193]
- o openssl: fix potential NULL dereference when loading certs (Windows) [165]
- o openssl: fix potential OOB read in debug/verbose logging [216]
- o plan9: drop special build and orphaned references [33]
- o proxy-auth: additional tests [232]
- o pytest: remove 03_02 [127]
- o quiche: use PRIu64 for outputting the stream id [184]
- o rand: drop impossible preprocessor branches (wincrypt) [246]
- o rand: drop scan-build silencer [245]
- o ratelimit: download finetune [16]
- o request.h: rename parameter 'buf' to 'req' in Curl_req_send [219]
- o REUSE: drop broken reference to `MAIL-ETIQUETTE` [59]
- o rtsp: fix assertion failure on zero-length RTP payload [180]
- o rtspd: fix to check `realloc()` result [173]
- o runtests: pass config filename to stunnel in native format (Windows) [94]
- o schannel: refactor: reduce variable scopes, fix comment, fix indent [196]
- o send: drop `CURL_UNCONST()` from buffer argument on most platforms [116]
- o setopt: fix checking range for CURLOPT_MAXCONNECTS [92]
- o setopt: refuse blobs with zero length [167]
- o setup-os400.h: drop no longer used custom type `u_int32_t` [112]
- o sigpipe: unset SA_SIGINFO since it is using sa_handler [40]
- o silent.md: also mention it shuts off warning messages [213]
- o smb: free the path in the request struct properly [137]
- o smb: include arpa/inet.h for NonStop [195]
- o socket: check result of SO_NOSIGPIPE [124]
- o socketpair: clear 'err' when retrying due to EINTR [233]
- o socketpair: set SO_NOSIGPIPE where possible [103]
- o socks: ensure DNS is freed in failure cases. [247]
- o src: simplify declaring `curl_ca_embed` [185]
- o ssh: dedupe state change function [99]
- o stop using the word 'just' [257]
- o sws: prevent "connection monitor" to say disconnect twice
- o synctime: fix use of uninitialized buffer on non-Windows [234]
- o system_win32: replace manual init code with `curlx_now_init()` call [170]
- o tests/server/sockfilt: avoid possible endless loop on Windows [101]
- o tests/server: drop unused `curlx/version_win32.c` [151]
- o tests/server: fix to clear the complete `srvr_sockaddr_union_t` variable [207]
- o tests/server: tidy-up error messages (Windows) [102]
- o tests: avoid assignment in `if` conditions in `first.h` [126]
- o tests: convert base64 data to %b64[] [87]
- o tftp: correct the filename length check [70]
- o timeout handling: auto-detect effective timeout [121]
- o tls: add new SSLSUPP flags for several options [32]
- o tls: remove checks for DEFAULT [136]
- o tool: enable header separation for HTTPS proxies [106]
- o tool: improve config error messaging [208]
- o tool: improve error/warning messages when output filename sanitization fails [36]
- o tool: rename curl handle and result variable in `--libcurl`-generated code [146]
- o tool: return code variable consistency [84]
- o tool_cb_hdr: suppress header output when --out-null [10]
- o tool_cb_prg: drop duplicate preprocessor logic [119]
- o tool_dirhie: drop superfluous `F_OK` fallback (Windows) [8]
- o tool_doswin: avoid memory-leak with CURL_FN_SANITIZE_* [236]
- o tool_doswin: avoid Windowsisms in socket code (cont.) [134]
- o tool_doswin: avoid Windowsisms in socket code [139]
- o tool_doswin: document `ENABLE_VIRTUAL_TERMINAL_PROCESSING` toolchain support [44]
- o tool_getparam: avoid `-Wcomma` with Apple clang in C89 mode [38]
- o tool_operate: remove 'else' for VMS [3]
- o tool_operate: reset the URL --url-query between --next [237]
- o typos: silence false positives found in C code [164]
- o unit3205: suppress two clang-tidy false positives [206]
- o URL-SYNTAX.md: fix port number mistakes for IMAP and LDAP [200]
- o url.c: code/comment cleanup around conn creation [132]
- o url.h: fix `-Wdocumentation` [61]
- o url: fix reuse of connections using HTTP Negotiate [100]
- o urlapi: use U_CURLU_URLDECODE when toggling it off unsigned [255]
- o urldata.h: remove two forward-declared structs not used [4]
- o urldata: byebye `conn->hostname_resolve` [240]
- o urldata: change 'keep_post' into three distinct bitfields [21]
- o urldata: convert 'long' fields to fixed variable types [47]
- o urldata: switch to uint* types [1]
- o usercertinmem: use the correct cert BIO [249]
- o verbose.md: explain the { and } prefixes [96]
- o vquic: fix unused variable warning reported by clang-tidy [152]
- o vquic: handle SOCKEMSGSIZE correctly [129]
- o vtls: dedupe common on-session-reuse logic [98]
- o vtls: use ALPN http/1.0 & http/1.1 for HTTP/1.0 requests [123]
- o VULN-DISCLOSURE-POLICY.md: push reports to the web form [154]
- o VULN-DISCLOSURE-POLICY.md: use hackerone [202]
- o winapi: use FormatMessageA instead of FormatMessageW [115]
- o windows: `USE_WINSOCK` to guard winsock2 code (where missing) [133]
- o windows: determine `RtlVerifyVersionInfo` address on global init [258]
- o windows: tidy up `wincrypt.h` / BoringSSL/AWS-LC coexist workaround [203]
- o wolfssl: fix build without USE_BIO_CHAIN [27]
- o ws/tftp: include header file even when protocol disabled [194]
- o x509asn1: make encodeOID stop on too long input [199]
+ o docs: minor wording tweaks
+ o badwords: combine the whitelisting into a single regex [1]
 
 This release includes the following known bugs:
 
@@ -306,294 +36,9 @@ Planned upcoming removals include:
 This release would not have looked like this without help, code, reports and
 advice from friends like these:
 
-  aisle-research-bot, Andrei Rybak, Andrew Kvalheim, Anna Liberty,
-  Arnav Purushotam, Arnav-Purushotam-CUBoulder, Augment code, Billy O'Neal,
-  calm329, Christian Schmitz, Christian Schmitza, cooldadpresident on github,
-  Dag Haavi Finstad, dahmono on github, Dan Fandrich, Daniel Díaz,
-  Daniel Gustafsson, Daniel Lublin, Daniel Stenberg, Daniel Wade,
-  Daniil Gentili, David Korczynski, dbalsom, dEajL3kA, dependabot[bot],
-  Dexter Gerig, Diogo Correia, Florian Imdahl, Frank Buss, gudyuu on hackerone,
-  Hamza Bensliman, huanghuihui0904, Itay Bookstein, Jacek Migacz, James Fuller,
-  Jan Macku, jhauga, John Rodriguez, Joshua Vandaële, Juan Belon, Kai Pastor,
-  Maksim Ściepanienka, Marcel Raad, Max Dymond, Megamouse on github,
-  Michał Antoniak, Muhamad Arga Reksapati, Nathan-M-code on github,
-  Natris on github, nono303 on github, Nuno Goncalves, Patrick Monnerat,
-  Paul Howarth, programmerlexi on github, Randall S. Becker, Ray Satiro,
-  renovate[bot], Rudi Heitbaum, sammydono on github, Samuel Henrique,
-  Sascha Frinken, spectreglobalsec on hackerone, Spenser Black, Stefan Eissing,
-  tawmoto on github, Tenant HellTower, Thibault de Villèle,
-  Tim Friedrich Brüggemann, Tomáš Malý, tommy, Valerie Snyder, Viktor Szakats,
-  Wyuer on github, xmoezzz on github, z2_, Zhicheng Chen, Йоте
-  (77 contributors)
+  Daniel Stenberg
+  (1 contributors)
 
 References to bug reports and discussions on issues:
 
- [1] = https://curl.se/bug/?i=20209
- [2] = https://curl.se/bug/?i=20142
- [3] = https://curl.se/bug/?i=20221
- [4] = https://curl.se/bug/?i=20206
- [5] = https://curl.se/bug/?i=20272
- [6] = https://curl.se/bug/?i=20219
- [7] = https://curl.se/bug/?i=20218
- [8] = https://curl.se/bug/?i=20214
- [9] = https://curl.se/bug/?i=20270
- [10] = https://curl.se/bug/?i=20235
- [11] = https://curl.se/bug/?i=20465
- [12] = https://curl.se/bug/?i=17985
- [13] = https://curl.se/bug/?i=20208
- [14] = https://curl.se/bug/?i=20363
- [15] = https://curl.se/bug/?i=20202
- [16] = https://curl.se/bug/?i=20228
- [17] = https://curl.se/bug/?i=20201
- [18] = https://curl.se/bug/?i=20220
- [19] = https://curl.se/bug/?i=20366
- [20] = https://curl.se/bug/?i=20260
- [21] = https://curl.se/bug/?i=20262
- [22] = https://curl.se/bug/?i=20259
- [23] = https://curl.se/bug/?i=20312
- [24] = https://curl.se/bug/?i=20334
- [25] = https://curl.se/bug/?i=20333
- [26] = https://curl.se/bug/?i=20559
- [27] = https://curl.se/bug/?i=20250
- [28] = https://curl.se/bug/?i=20369
- [29] = https://curl.se/bug/?i=20319
- [30] = https://curl.se/bug/?i=20320
- [31] = https://curl.se/bug/?i=20325
- [32] = https://curl.se/bug/?i=20364
- [33] = https://curl.se/bug/?i=20243
- [34] = https://curl.se/bug/?i=20368
- [35] = https://curl.se/bug/?i=20323
- [36] = https://curl.se/bug/?i=20044
- [37] = https://curl.se/bug/?i=20236
- [38] = https://curl.se/bug/?i=20362
- [39] = https://curl.se/bug/?i=20233
- [40] = https://curl.se/bug/?i=20278
- [41] = https://curl.se/bug/?i=20217
- [42] = https://curl.se/bug/?i=20351
- [43] = https://curl.se/bug/?i=20230
- [44] = https://curl.se/bug/?i=20315
- [45] = https://curl.se/bug/?i=20301
- [46] = https://curl.se/bug/?i=20331
- [47] = https://curl.se/bug/?i=20227
- [48] = https://curl.se/bug/?i=20213
- [49] = https://curl.se/bug/?i=20015
- [50] = https://curl.se/bug/?i=20295
- [51] = https://curl.se/bug/?i=20429
- [52] = https://curl.se/bug/?i=20326
- [53] = https://curl.se/bug/?i=20350
- [54] = https://curl.se/bug/?i=20303
- [55] = https://curl.se/bug/?i=20302
- [56] = https://curl.se/bug/?i=20299
- [57] = https://curl.se/bug/?i=20382
- [58] = https://curl.se/bug/?i=20298
- [59] = https://curl.se/bug/?i=20348
- [60] = https://curl.se/bug/?i=20296
- [61] = https://curl.se/bug/?i=20294
- [62] = https://curl.se/bug/?i=20293
- [63] = https://curl.se/bug/?i=20292
- [64] = https://curl.se/bug/?i=20291
- [65] = https://curl.se/bug/?i=20290
- [66] = https://curl.se/bug/?i=20289
- [67] = https://curl.se/bug/?i=20287
- [68] = https://curl.se/bug/?i=20346
- [69] = https://curl.se/bug/?i=20285
- [70] = https://hackerone.com/reports/3508321
- [71] = https://curl.se/bug/?i=20382
- [72] = https://curl.se/bug/?i=20282
- [73] = https://hackerone.com/reports/3508500
- [74] = https://curl.se/bug/?i=20344
- [75] = https://curl.se/bug/?i=20276
- [76] = https://curl.se/bug/?i=20275
- [77] = https://curl.se/bug/?i=20274
- [78] = https://curl.se/bug/?i=20555
- [79] = https://curl.se/bug/?i=20266
- [80] = https://curl.se/bug/?i=20226
- [81] = https://curl.se/bug/?i=19418
- [82] = https://curl.se/bug/?i=18279
- [83] = https://curl.se/bug/?i=20482
- [84] = https://curl.se/bug/?i=20426
- [85] = https://curl.se/bug/?i=20420
- [86] = https://curl.se/bug/?i=20494
- [87] = https://curl.se/bug/?i=20547
- [88] = https://curl.se/bug/?i=20425
- [89] = https://curl.se/bug/?i=20561
- [90] = https://curl.se/bug/?i=20419
- [91] = https://curl.se/bug/?i=20544
- [92] = https://curl.se/bug/?i=20414
- [93] = https://curl.se/bug/?i=20542
- [94] = https://curl.se/bug/?i=20413
- [95] = https://curl.se/bug/?i=20699
- [96] = https://curl.se/bug/?i=20386
- [97] = https://curl.se/mail/lib-2026-01/0033.html
- [98] = https://curl.se/bug/?i=20475
- [99] = https://curl.se/bug/?i=20473
- [100] = https://curl.se/bug/?i=20534
- [101] = https://curl.se/bug/?i=20478
- [102] = https://curl.se/bug/?i=20477
- [103] = https://curl.se/bug/?i=20397
- [104] = https://curl.se/bug/?i=20382
- [105] = https://curl.se/bug/?i=20357
- [106] = https://curl.se/bug/?i=20398
- [107] = https://curl.se/bug/?i=20385
- [108] = https://curl.se/bug/?i=20387
- [109] = https://curl.se/bug/?i=20712
- [110] = https://curl.se/bug/?i=20649
- [111] = https://curl.se/bug/?i=20469
- [112] = https://curl.se/bug/?i=20470
- [113] = https://curl.se/bug/?i=20341
- [114] = https://curl.se/bug/?i=20383
- [115] = https://curl.se/bug/?i=20261
- [116] = https://curl.se/bug/?i=20463
- [117] = https://curl.se/bug/?i=20543
- [118] = https://curl.se/bug/?i=20384
- [119] = https://curl.se/bug/?i=20531
- [120] = https://curl.se/bug/?i=20375
- [121] = https://curl.se/bug/?i=20347
- [122] = https://curl.se/bug/?i=20551
- [123] = https://curl.se/bug/?i=20487
- [124] = https://curl.se/bug/?i=20370
- [125] = https://curl.se/bug/?i=19744
- [126] = https://curl.se/bug/?i=20646
- [127] = https://curl.se/bug/?i=20458
- [128] = https://curl.se/bug/?i=20518
- [129] = https://curl.se/bug/?i=20440
- [130] = https://curl.se/bug/?i=20442
- [131] = https://curl.se/bug/?i=20207
- [132] = https://curl.se/bug/?i=20464
- [133] = https://curl.se/bug/?i=20455
- [134] = https://curl.se/bug/?i=20457
- [135] = https://curl.se/bug/?i=20483
- [136] = https://curl.se/bug/?i=20453
- [137] = https://curl.se/bug/?i=20854
- [138] = https://curl.se/bug/?i=20527
- [139] = https://curl.se/bug/?i=20452
- [140] = https://curl.se/bug/?i=20526
- [141] = https://curl.se/bug/?i=20707
- [142] = https://curl.se/bug/?i=20435
- [143] = https://curl.se/bug/?i=20444
- [144] = https://curl.se/bug/?i=20439
- [145] = https://curl.se/bug/?i=20242
- [146] = https://curl.se/bug/?i=20437
- [147] = https://curl.se/bug/?i=20430
- [148] = https://curl.se/bug/?i=20642
- [149] = https://curl.se/bug/?i=20585
- [150] = https://curl.se/bug/?i=20636
- [151] = https://curl.se/bug/?i=20855
- [152] = https://curl.se/bug/?i=20752
- [153] = https://curl.se/bug/?i=20513
- [154] = https://curl.se/bug/?i=20515
- [155] = https://curl.se/bug/?i=20749
- [156] = https://curl.se/bug/?i=20508
- [157] = https://curl.se/bug/?i=20510
- [158] = https://curl.se/bug/?i=20498
- [159] = https://curl.se/bug/?i=20505
- [160] = https://curl.se/bug/?i=20506
- [161] = https://curl.se/bug/?i=20504
- [162] = https://curl.se/bug/?i=20497
- [163] = https://curl.se/bug/?i=20499
- [164] = https://curl.se/bug/?i=20500
- [165] = https://curl.se/bug/?i=20634
- [166] = https://curl.se/bug/?i=20689
- [167] = https://curl.se/bug/?i=20705
- [168] = https://curl.se/bug/?i=20700
- [169] = https://curl.se/bug/?i=20737
- [170] = https://curl.se/bug/?i=20852
- [171] = https://curl.se/bug/?i=20841
- [172] = https://curl.se/bug/?i=20685
- [173] = https://curl.se/bug/?i=20621
- [174] = https://curl.se/bug/?i=20616
- [175] = https://curl.se/bug/?i=20834
- [176] = https://curl.se/bug/?i=20593
- [177] = https://curl.se/bug/?i=20620
- [178] = https://curl.se/bug/?i=20611
- [179] = https://curl.se/bug/?i=20608
- [180] = https://curl.se/bug/?i=20735
- [181] = https://curl.se/bug/?i=20607
- [182] = https://curl.se/bug/?i=20597
- [183] = https://curl.se/bug/?i=20584
- [184] = https://curl.se/bug/?i=20849
- [185] = https://curl.se/bug/?i=20601
- [186] = https://curl.se/bug/?i=20742
- [187] = https://curl.se/bug/?i=20869
- [188] = https://curl.se/bug/?i=20595
- [189] = https://curl.se/bug/?i=20587
- [190] = https://curl.se/bug/?i=20677
- [191] = https://curl.se/bug/?i=20586
- [192] = https://curl.se/bug/?i=20582
- [193] = https://curl.se/bug/?i=20681
- [194] = https://curl.se/bug/?i=20568
- [195] = https://curl.se/bug/?i=20579
- [196] = https://curl.se/bug/?i=20569
- [197] = https://curl.se/bug/?i=20573
- [198] = https://curl.se/bug/?i=20577
- [199] = https://curl.se/bug/?i=20871
- [200] = https://curl.se/bug/?i=20679
- [201] = https://curl.se/bug/?i=20736
- [202] = https://curl.se/bug/?i=20683
- [203] = https://curl.se/bug/?i=20567
- [204] = https://curl.se/bug/?i=20866
- [205] = https://curl.se/bug/?i=20720
- [206] = https://curl.se/bug/?i=20731
- [207] = https://curl.se/bug/?i=20730
- [208] = https://curl.se/bug/?i=20598
- [209] = https://curl.se/bug/?i=20671
- [210] = https://curl.se/bug/?i=20728
- [211] = https://curl.se/bug/?i=20665
- [212] = https://curl.se/bug/?i=20647
- [213] = https://curl.se/bug/?i=20664
- [214] = https://curl.se/bug/?i=20727
- [215] = https://curl.se/bug/?i=20726
- [216] = https://curl.se/bug/?i=20654
- [217] = https://curl.se/bug/?i=20644
- [218] = https://curl.se/bug/?i=20641
- [219] = https://curl.se/bug/?i=20660
- [220] = https://curl.se/bug/?i=20708
- [221] = https://curl.se/bug/?i=20670
- [222] = https://curl.se/bug/?i=20723
- [223] = https://curl.se/bug/?i=20667
- [224] = https://curl.se/bug/?i=20721
- [225] = https://curl.se/bug/?i=20622
- [226] = https://curl.se/bug/?i=20808
- [227] = https://curl.se/bug/?i=20654
- [228] = https://curl.se/bug/?i=20843
- [229] = https://curl.se/bug/?i=20835
- [230] = https://curl.se/bug/?i=20812
- [231] = https://curl.se/bug/?i=20815
- [232] = https://curl.se/bug/?i=20837
- [233] = https://curl.se/bug/?i=20809
- [234] = https://curl.se/bug/?i=20806
- [235] = https://curl.se/bug/?i=20805
- [236] = https://curl.se/bug/?i=20804
- [237] = https://curl.se/bug/?i=20802
- [238] = https://curl.se/bug/?i=20655
- [239] = https://curl.se/bug/?i=20819
- [240] = https://curl.se/bug/?i=20833
- [241] = https://curl.se/bug/?i=20838
- [242] = https://curl.se/bug/?i=20829
- [243] = https://curl.se/bug/?i=20828
- [245] = https://curl.se/bug/?i=20860
- [246] = https://curl.se/bug/?i=20859
- [247] = https://curl.se/bug/?i=20813
- [248] = https://curl.se/bug/?i=20807
- [249] = https://curl.se/bug/?i=20800
- [250] = https://curl.se/bug/?i=20858
- [253] = https://curl.se/bug/?i=20797
- [254] = https://curl.se/bug/?i=20729
- [255] = https://curl.se/bug/?i=20753
- [256] = https://curl.se/bug/?i=20796
- [257] = https://curl.se/bug/?i=20793
- [258] = https://curl.se/bug/?i=20853
- [260] = https://curl.se/bug/?i=20789
- [261] = https://curl.se/bug/?i=20790
- [262] = https://curl.se/bug/?i=20791
- [263] = https://curl.se/bug/?i=20862
- [264] = https://curl.se/bug/?i=20788
- [268] = https://curl.se/bug/?i=20779
- [275] = https://curl.se/bug/?i=20774
- [276] = https://curl.se/bug/?i=20770
- [277] = https://curl.se/bug/?i=20748
- [278] = https://curl.se/bug/?i=20766
- [279] = https://curl.se/bug/?i=20762
- [280] = https://curl.se/bug/?i=20761
- [281] = https://curl.se/bug/?i=20760
- [284] = https://curl.se/bug/?i=20751
+ [1] = https://curl.se/bug/?i=20880
diff --git a/include/curl/curlver.h b/include/curl/curlver.h
index 5ceb41ae66..ffe743b93a 100644
--- a/include/curl/curlver.h
+++ b/include/curl/curlver.h
@@ -32,13 +32,13 @@
 
 /* This is the version number of the libcurl package from which this header
    file origins: */
-#define LIBCURL_VERSION "8.19.0-DEV"
+#define LIBCURL_VERSION "8.19.1-DEV"
 
 /* The numeric version number is also available "in parts" by using these
    defines: */
 #define LIBCURL_VERSION_MAJOR 8
 #define LIBCURL_VERSION_MINOR 19
-#define LIBCURL_VERSION_PATCH 0
+#define LIBCURL_VERSION_PATCH 1
 /* This is the numeric version of the libcurl version number, meant for easier
    parsing and comparisons by programs. The LIBCURL_VERSION_NUM define will
    always follow this syntax:
@@ -58,7 +58,7 @@
    CURL_VERSION_BITS() macro since curl's own configure script greps for it
    and needs it to contain the full number.
 */
-#define LIBCURL_VERSION_NUM 0x081300
+#define LIBCURL_VERSION_NUM 0x081301
 
 /*
  * This is the date and time when the full source package was created. The