curl/RELEASE-NOTES
Daniel Stenberg 30d7440295
RELEASE-NOTES: synced
And bump to 8.22.0 for the pending release
2026-07-13 12:34:23 +02:00

193 lines
8.2 KiB
Text

curl and libcurl 8.22.0
Public curl releases: 276
Command line options: 274
curl_easy_setopt() options: 308
Public functions in libcurl: 100
Authors: 1494
Contributors: 3745
This release includes the following changes:
o gssapi: add support for Apple GSS Framework [72]
o TLS: drop support for TLS-SRP [71]
This release includes the following bugfixes:
o autotools: minor fixes and improvements [33]
o build: always use local `inet_pton()`/`inet_ntop()` implementations [56]
o build: drop superfluous `STDC_HEADERS` macro [51]
o build: enable thread-safe `getaddrinfo()` for OpenBSD [35]
o cd2nroff: stricter checks for asterisks for italics [73]
o cf-ngtcp2-cmn: initialize new callback ptr for ngtcp2 1.24.0+ [52]
o cmake: dedupe expressions into local vars in `cmake_uninstall.in.cmake` [9]
o cmake: fix not to build `tunits` when `BUILD_CURL_EXE=OFF` [7]
o cmake: flatten build tree, tidy up base dir variables [12]
o cmake: minor improvements to `cmake_uninstall.in.cmake` [54]
o cmake: replace `remove` command with `rm` and pass arg safely [11]
o cmake: robustify base path in local file reference [15]
o cmake: stop probing unused `float.h` for `STDC_HEADERS` [10]
o configure: fix misleading error messages [42]
o configure: link `-lcrypt32` instead of `-lm` for wolfSSL on Windows [79]
o configure: remove double check for GnuTLS [21]
o configure: set ldap lib to no by default for non-finds [18]
o conncache: apply multi limits to transfers using a shared pool [41]
o conncache: connection alive checks intervals [20]
o content_encoding: give a clear error on multi-member gzip [46]
o CREDENTIALS.md: remove comment about empty user/pass [50]
o curl_ws_meta.md: polish and better vocabulary [19]
o CURLOPT_HEADERFUNCTION.md: document folded header unfolding [53]
o CURLOPT_SSH_*_KEYFILE: used for setting up, then no more [48]
o CURLOPT_UNRESTRICTED_AUTH.md: 'Authorization' instead of 'Authentication' [74]
o CURLSHOPT_(UN)SHARE.md: do not modify shares while in use [44]
o FTP: fix TLS session reuse on the data connection [80]
o ftp: reject control bytes in ACCT and alternative-to-user [26]
o gopher: reject CR and LF in the selector [1]
o hostip: only cache negative resolves for authoritative answers [16]
o http: trim custom header name before the Authorization drop [17]
o INSTALL.md: add building-from-source overview section [29]
o ldap: support insecure mode for Windows native LDAP [3]
o lib1587: fix gcc `-Wconversion` with LibreSSL on Windows, test in CI [6]
o lib: add "Curl_" prefix to two global functions [84]
o lib: fix 'ns' -> 'us' in trace messages [57]
o lib: ratelimit timestamps [14]
o mbedtls: replace `memset()` with `psa_hash_operation_init()` [28]
o mime: reject CR and LF in mail part name and filename [30]
o mod_curltest: fix compiler warnings [49]
o mqtt: reject control bytes in the topic [43]
o multi: forbid curl_easy_pause from within multi socket callback [22]
o openldap: handle Curl_sasl_continue() returns better [45]
o openssl+sectrust: fix session reuse [4]
o openssl+sectrust: move session verified set into result check [82]
o openssl: drop unused pre-OpenSSL3 `ctx_option_t` typedef [8]
o openssl: prefer modern API flavors for `EVP_MD_CTX` new/free [47]
o openssl: replace stray legacy API variant with `EVP_DigestInit_ex()` [27]
o runtests: restore `-k` option and actively process as no-op [32]
o sasl: fix zero-length response encoding [36]
o schannel: shut off experimental TLS 1.3 support for Win 10 [25]
o scripts: use end-of-options marker in `cd`, `mkdir`, `mv`, `sha256sum` commands [34]
o setopt: error for CURLOPT_SHARE when easy handle is used [68]
o setopt: return OK earlier for the deprecated h2 dep options [77]
o smtp: reject CR and LF in the envelope address [37]
o sws: allow connection-monitor to log all disconnects [2]
o test 1560: test RFC4291 style IPv6 IPv4-mapped addresses [40]
o tests: remove test1701 [58]
o tests: skip test 311 for wolfSSL 5.9.2 [63]
o tidy-up: typos, comment nits [60]
o tool: do not flush on out-null [38]
o tool: fix memory use in parallel mode [59]
o tool: init progress bar on demand [39]
o tool_cb_hdr: de-duplicate filename setter [24]
o tool_operate: remove call to abort() [23]
o url: reject control codes in credentials set via CURLOPT [70]
o urlapi: do not keep an internal port string [31]
o vquic: add Curl_ prefix to some global functions [76]
o vssh: keyfile use cleanups [83]
o VULN-DISCLOSURE-POLICY.md: issues that should be found by tests are LOW [5]
o wolfssl: fix build for wolfssl without bio chain support [75]
o ws: pause/unpause write handling [55]
This release includes the following known bugs:
See https://curl.se/docs/knownbugs.html
For all changes ever done in curl:
See https://curl.se/changes.html
Planned upcoming removals include:
o local crypto implementations
o NTLM
o SMB
See https://curl.se/dev/deprecate.html
This release would not have looked like this without help, code, reports and
advice from friends like these:
Alhuda Khan, Bigtang on hackerone, Bryan Henderson, Christian Ullrich,
Christoph Reiter, Dan Fandrich, Daniel Stenberg, dependabot[bot],
ed0d2b2ce19451f2 on github, Emmanuel Ugwu, Eunsoo Kim, firexinghe on github,
Graham Campbell, Hendrik Hübner, HwangRock, itzTanos29, Joel Depooter,
Laurent Sabourin, Memduh Çelik, Patrick Monnerat, Ray Satiro, renovate[bot],
Roger Leigh, Sam James, Samuel Dainard, smaeljaish on hackerone,
Stefan Eissing, stze on hackerone, Viktor Szakats
(29 contributors)
References to bug reports and discussions on issues:
[1] = https://curl.se/bug/?i=22116
[2] = https://curl.se/bug/?i=22158
[3] = https://curl.se/bug/?i=22152
[4] = https://curl.se/bug/?i=22235
[5] = https://curl.se/bug/?i=22190
[6] = https://curl.se/bug/?i=22195
[7] = https://curl.se/bug/?i=22198
[8] = https://curl.se/bug/?i=22197
[9] = https://curl.se/bug/?i=22194
[10] = https://curl.se/bug/?i=22191
[11] = https://curl.se/bug/?i=22193
[12] = https://curl.se/bug/?i=22192
[14] = https://curl.se/bug/?i=22292
[15] = https://curl.se/bug/?i=22187
[16] = https://curl.se/bug/?i=22302
[17] = https://curl.se/bug/?i=22178
[18] = https://curl.se/bug/?i=22308
[19] = https://curl.se/bug/?i=22233
[20] = https://curl.se/bug/?i=22169
[21] = https://curl.se/bug/?i=22307
[22] = https://curl.se/bug/?i=22179
[23] = https://curl.se/bug/?i=22182
[24] = https://curl.se/bug/?i=22232
[25] = https://curl.se/bug/?i=22231
[26] = https://curl.se/bug/?i=22301
[27] = https://curl.se/bug/?i=22222
[28] = https://curl.se/bug/?i=22220
[29] = https://curl.se/bug/?i=22113
[30] = https://curl.se/bug/?i=22247
[31] = https://curl.se/bug/?i=22167
[32] = https://curl.se/bug/?i=22100
[33] = https://curl.se/bug/?i=22154
[34] = https://curl.se/bug/?i=22150
[35] = https://curl.se/bug/?i=22148
[36] = https://curl.se/bug/?i=22218
[37] = https://curl.se/bug/?i=22119
[38] = https://curl.se/bug/?i=22165
[39] = https://curl.se/bug/?i=22164
[40] = https://curl.se/bug/?i=22136
[41] = https://curl.se/bug/?i=22265
[42] = https://curl.se/bug/?i=22300
[43] = https://curl.se/bug/?i=22112
[44] = https://curl.se/bug/?i=22217
[45] = https://curl.se/bug/?i=22213
[46] = https://curl.se/bug/?i=22156
[47] = https://curl.se/bug/?i=22219
[48] = https://curl.se/bug/?i=22211
[49] = https://curl.se/bug/?i=22214
[50] = https://curl.se/bug/?i=22212
[51] = https://curl.se/bug/?i=22206
[52] = https://curl.se/bug/?i=22205
[53] = https://curl.se/bug/?i=22296
[54] = https://curl.se/bug/?i=22201
[55] = https://curl.se/bug/?i=22273
[56] = https://curl.se/bug/?i=22170
[57] = https://curl.se/bug/?i=22200
[58] = https://curl.se/bug/?i=22280
[59] = https://curl.se/bug/?i=22277
[60] = https://curl.se/bug/?i=22294
[63] = https://curl.se/bug/?i=22286
[68] = https://curl.se/bug/?i=22253
[70] = https://curl.se/bug/?i=22236
[71] = https://curl.se/bug/?i=21965
[72] = https://curl.se/bug/?i=22052
[73] = https://curl.se/bug/?i=22257
[74] = https://curl.se/bug/?i=22256
[75] = https://curl.se/bug/?i=22255
[76] = https://curl.se/bug/?i=22254
[77] = https://curl.se/bug/?i=22250
[79] = https://curl.se/bug/?i=22251
[80] = https://curl.se/bug/?i=22225
[82] = https://curl.se/bug/?i=22248
[83] = https://curl.se/bug/?i=22243
[84] = https://curl.se/bug/?i=22245