mirror of
https://github.com/curl/curl.git
synced 2026-07-19 08:07:15 +03:00
193 lines
8.2 KiB
Text
193 lines
8.2 KiB
Text
curl and libcurl 8.22.0
|
|
|
|
Public curl releases: 276
|
|
Command line options: 274
|
|
curl_easy_setopt() options: 308
|
|
Public functions in libcurl: 100
|
|
Authors: 1494
|
|
Contributors: 3745
|
|
|
|
This release includes the following changes:
|
|
|
|
o gssapi: add support for Apple GSS Framework [72]
|
|
o TLS: drop support for TLS-SRP [71]
|
|
|
|
This release includes the following bugfixes:
|
|
|
|
o autotools: minor fixes and improvements [33]
|
|
o build: always use local `inet_pton()`/`inet_ntop()` implementations [56]
|
|
o build: drop superfluous `STDC_HEADERS` macro [51]
|
|
o build: enable thread-safe `getaddrinfo()` for OpenBSD [35]
|
|
o cd2nroff: stricter checks for asterisks for italics [73]
|
|
o cf-ngtcp2-cmn: initialize new callback ptr for ngtcp2 1.24.0+ [52]
|
|
o cmake: dedupe expressions into local vars in `cmake_uninstall.in.cmake` [9]
|
|
o cmake: fix not to build `tunits` when `BUILD_CURL_EXE=OFF` [7]
|
|
o cmake: flatten build tree, tidy up base dir variables [12]
|
|
o cmake: minor improvements to `cmake_uninstall.in.cmake` [54]
|
|
o cmake: replace `remove` command with `rm` and pass arg safely [11]
|
|
o cmake: robustify base path in local file reference [15]
|
|
o cmake: stop probing unused `float.h` for `STDC_HEADERS` [10]
|
|
o configure: fix misleading error messages [42]
|
|
o configure: link `-lcrypt32` instead of `-lm` for wolfSSL on Windows [79]
|
|
o configure: remove double check for GnuTLS [21]
|
|
o configure: set ldap lib to no by default for non-finds [18]
|
|
o conncache: apply multi limits to transfers using a shared pool [41]
|
|
o conncache: connection alive checks intervals [20]
|
|
o content_encoding: give a clear error on multi-member gzip [46]
|
|
o CREDENTIALS.md: remove comment about empty user/pass [50]
|
|
o curl_ws_meta.md: polish and better vocabulary [19]
|
|
o CURLOPT_HEADERFUNCTION.md: document folded header unfolding [53]
|
|
o CURLOPT_SSH_*_KEYFILE: used for setting up, then no more [48]
|
|
o CURLOPT_UNRESTRICTED_AUTH.md: 'Authorization' instead of 'Authentication' [74]
|
|
o CURLSHOPT_(UN)SHARE.md: do not modify shares while in use [44]
|
|
o FTP: fix TLS session reuse on the data connection [80]
|
|
o ftp: reject control bytes in ACCT and alternative-to-user [26]
|
|
o gopher: reject CR and LF in the selector [1]
|
|
o hostip: only cache negative resolves for authoritative answers [16]
|
|
o http: trim custom header name before the Authorization drop [17]
|
|
o INSTALL.md: add building-from-source overview section [29]
|
|
o ldap: support insecure mode for Windows native LDAP [3]
|
|
o lib1587: fix gcc `-Wconversion` with LibreSSL on Windows, test in CI [6]
|
|
o lib: add "Curl_" prefix to two global functions [84]
|
|
o lib: fix 'ns' -> 'us' in trace messages [57]
|
|
o lib: ratelimit timestamps [14]
|
|
o mbedtls: replace `memset()` with `psa_hash_operation_init()` [28]
|
|
o mime: reject CR and LF in mail part name and filename [30]
|
|
o mod_curltest: fix compiler warnings [49]
|
|
o mqtt: reject control bytes in the topic [43]
|
|
o multi: forbid curl_easy_pause from within multi socket callback [22]
|
|
o openldap: handle Curl_sasl_continue() returns better [45]
|
|
o openssl+sectrust: fix session reuse [4]
|
|
o openssl+sectrust: move session verified set into result check [82]
|
|
o openssl: drop unused pre-OpenSSL3 `ctx_option_t` typedef [8]
|
|
o openssl: prefer modern API flavors for `EVP_MD_CTX` new/free [47]
|
|
o openssl: replace stray legacy API variant with `EVP_DigestInit_ex()` [27]
|
|
o runtests: restore `-k` option and actively process as no-op [32]
|
|
o sasl: fix zero-length response encoding [36]
|
|
o schannel: shut off experimental TLS 1.3 support for Win 10 [25]
|
|
o scripts: use end-of-options marker in `cd`, `mkdir`, `mv`, `sha256sum` commands [34]
|
|
o setopt: error for CURLOPT_SHARE when easy handle is used [68]
|
|
o setopt: return OK earlier for the deprecated h2 dep options [77]
|
|
o smtp: reject CR and LF in the envelope address [37]
|
|
o sws: allow connection-monitor to log all disconnects [2]
|
|
o test 1560: test RFC4291 style IPv6 IPv4-mapped addresses [40]
|
|
o tests: remove test1701 [58]
|
|
o tests: skip test 311 for wolfSSL 5.9.2 [63]
|
|
o tidy-up: typos, comment nits [60]
|
|
o tool: do not flush on out-null [38]
|
|
o tool: fix memory use in parallel mode [59]
|
|
o tool: init progress bar on demand [39]
|
|
o tool_cb_hdr: de-duplicate filename setter [24]
|
|
o tool_operate: remove call to abort() [23]
|
|
o url: reject control codes in credentials set via CURLOPT [70]
|
|
o urlapi: do not keep an internal port string [31]
|
|
o vquic: add Curl_ prefix to some global functions [76]
|
|
o vssh: keyfile use cleanups [83]
|
|
o VULN-DISCLOSURE-POLICY.md: issues that should be found by tests are LOW [5]
|
|
o wolfssl: fix build for wolfssl without bio chain support [75]
|
|
o ws: pause/unpause write handling [55]
|
|
|
|
This release includes the following known bugs:
|
|
|
|
See https://curl.se/docs/knownbugs.html
|
|
|
|
For all changes ever done in curl:
|
|
|
|
See https://curl.se/changes.html
|
|
|
|
Planned upcoming removals include:
|
|
|
|
o local crypto implementations
|
|
o NTLM
|
|
o SMB
|
|
|
|
See https://curl.se/dev/deprecate.html
|
|
|
|
This release would not have looked like this without help, code, reports and
|
|
advice from friends like these:
|
|
|
|
Alhuda Khan, Bigtang on hackerone, Bryan Henderson, Christian Ullrich,
|
|
Christoph Reiter, Dan Fandrich, Daniel Stenberg, dependabot[bot],
|
|
ed0d2b2ce19451f2 on github, Emmanuel Ugwu, Eunsoo Kim, firexinghe on github,
|
|
Graham Campbell, Hendrik Hübner, HwangRock, itzTanos29, Joel Depooter,
|
|
Laurent Sabourin, Memduh Çelik, Patrick Monnerat, Ray Satiro, renovate[bot],
|
|
Roger Leigh, Sam James, Samuel Dainard, smaeljaish on hackerone,
|
|
Stefan Eissing, stze on hackerone, Viktor Szakats
|
|
(29 contributors)
|
|
|
|
References to bug reports and discussions on issues:
|
|
|
|
[1] = https://curl.se/bug/?i=22116
|
|
[2] = https://curl.se/bug/?i=22158
|
|
[3] = https://curl.se/bug/?i=22152
|
|
[4] = https://curl.se/bug/?i=22235
|
|
[5] = https://curl.se/bug/?i=22190
|
|
[6] = https://curl.se/bug/?i=22195
|
|
[7] = https://curl.se/bug/?i=22198
|
|
[8] = https://curl.se/bug/?i=22197
|
|
[9] = https://curl.se/bug/?i=22194
|
|
[10] = https://curl.se/bug/?i=22191
|
|
[11] = https://curl.se/bug/?i=22193
|
|
[12] = https://curl.se/bug/?i=22192
|
|
[14] = https://curl.se/bug/?i=22292
|
|
[15] = https://curl.se/bug/?i=22187
|
|
[16] = https://curl.se/bug/?i=22302
|
|
[17] = https://curl.se/bug/?i=22178
|
|
[18] = https://curl.se/bug/?i=22308
|
|
[19] = https://curl.se/bug/?i=22233
|
|
[20] = https://curl.se/bug/?i=22169
|
|
[21] = https://curl.se/bug/?i=22307
|
|
[22] = https://curl.se/bug/?i=22179
|
|
[23] = https://curl.se/bug/?i=22182
|
|
[24] = https://curl.se/bug/?i=22232
|
|
[25] = https://curl.se/bug/?i=22231
|
|
[26] = https://curl.se/bug/?i=22301
|
|
[27] = https://curl.se/bug/?i=22222
|
|
[28] = https://curl.se/bug/?i=22220
|
|
[29] = https://curl.se/bug/?i=22113
|
|
[30] = https://curl.se/bug/?i=22247
|
|
[31] = https://curl.se/bug/?i=22167
|
|
[32] = https://curl.se/bug/?i=22100
|
|
[33] = https://curl.se/bug/?i=22154
|
|
[34] = https://curl.se/bug/?i=22150
|
|
[35] = https://curl.se/bug/?i=22148
|
|
[36] = https://curl.se/bug/?i=22218
|
|
[37] = https://curl.se/bug/?i=22119
|
|
[38] = https://curl.se/bug/?i=22165
|
|
[39] = https://curl.se/bug/?i=22164
|
|
[40] = https://curl.se/bug/?i=22136
|
|
[41] = https://curl.se/bug/?i=22265
|
|
[42] = https://curl.se/bug/?i=22300
|
|
[43] = https://curl.se/bug/?i=22112
|
|
[44] = https://curl.se/bug/?i=22217
|
|
[45] = https://curl.se/bug/?i=22213
|
|
[46] = https://curl.se/bug/?i=22156
|
|
[47] = https://curl.se/bug/?i=22219
|
|
[48] = https://curl.se/bug/?i=22211
|
|
[49] = https://curl.se/bug/?i=22214
|
|
[50] = https://curl.se/bug/?i=22212
|
|
[51] = https://curl.se/bug/?i=22206
|
|
[52] = https://curl.se/bug/?i=22205
|
|
[53] = https://curl.se/bug/?i=22296
|
|
[54] = https://curl.se/bug/?i=22201
|
|
[55] = https://curl.se/bug/?i=22273
|
|
[56] = https://curl.se/bug/?i=22170
|
|
[57] = https://curl.se/bug/?i=22200
|
|
[58] = https://curl.se/bug/?i=22280
|
|
[59] = https://curl.se/bug/?i=22277
|
|
[60] = https://curl.se/bug/?i=22294
|
|
[63] = https://curl.se/bug/?i=22286
|
|
[68] = https://curl.se/bug/?i=22253
|
|
[70] = https://curl.se/bug/?i=22236
|
|
[71] = https://curl.se/bug/?i=21965
|
|
[72] = https://curl.se/bug/?i=22052
|
|
[73] = https://curl.se/bug/?i=22257
|
|
[74] = https://curl.se/bug/?i=22256
|
|
[75] = https://curl.se/bug/?i=22255
|
|
[76] = https://curl.se/bug/?i=22254
|
|
[77] = https://curl.se/bug/?i=22250
|
|
[79] = https://curl.se/bug/?i=22251
|
|
[80] = https://curl.se/bug/?i=22225
|
|
[82] = https://curl.se/bug/?i=22248
|
|
[83] = https://curl.se/bug/?i=22243
|
|
[84] = https://curl.se/bug/?i=22245
|