curl/RELEASE-NOTES
2026-07-01 23:16:12 +02:00

136 lines
5.5 KiB
Text

curl and libcurl 8.21.1
Public curl releases: 276
Command line options: 274
curl_easy_setopt() options: 308
Public functions in libcurl: 100
Authors: 1493
Contributors: 3741
This release includes the following changes:
This release includes the following bugfixes:
o autotools: minor fixes and improvements [33]
o build: always use local `inet_pton()`/`inet_ntop()` implementations [56]
o build: drop superfluous `STDC_HEADERS` macro [51]
o build: enable thread-safe `getaddrinfo()` for OpenBSD [35]
o cf-ngtcp2-cmn: initialize new callback ptr for ngtcp2 1.24.0+ [52]
o cmake: dedupe expressions into local vars in `cmake_uninstall.in.cmake` [9]
o cmake: fix not to build `tunits` when `BUILD_CURL_EXE=OFF` [7]
o cmake: flatten build tree, tidy up base dir variables [12]
o cmake: minor improvements to `cmake_uninstall.in.cmake` [54]
o cmake: replace `remove` command with `rm` and pass arg safely [11]
o cmake: robustify base path in local file reference [15]
o cmake: stop probing unused `float.h` for `STDC_HEADERS` [10]
o conncache: connection alive checks intervals [20]
o content_encoding: give a clear error on multi-member gzip [46]
o CREDENTIALS.md: remove comment about emtpy user/pass [50]
o curl_ws_meta.md: polish and better vocabulary [19]
o CURLOPT_SSH_*_KEYFILE: used for setting up, then no more [48]
o CURLSHOPT_(UN)SHARE.md: do not modify shares while in use [44]
o gopher: reject CR and LF in the selector [1]
o http: trim custom header name before the Authorization drop [17]
o INSTALL.md: add building-from-source overview section [29]
o ldap: support insecure mode for Windows native LDAP [3]
o lib1587: fix gcc `-Wconversion` with LibreSSL on Windows, test in CI [6]
o lib: fix 'ns' -> 'us' in trace messages [57]
o mbedtls: replace `memset()` with `psa_hash_operation_init()` [28]
o mod_curltest: fix compiler warnings [49]
o mqtt: reject control bytes in the topic [43]
o multi: forbid curl_easy_pause from within multi socket callback [22]
o openldap: handle Curl_sasl_continue() returns better [45]
o openssl+sectrust: fix session reuse [4]
o openssl: drop unused pre-OpenSSL3 `ctx_option_t` typedef [8]
o openssl: prefer modern API flavors for `EVP_MD_CTX` new/free [47]
o openssl: replace stray legacy API variant with `EVP_DigestInit_ex()` [27]
o runtests: restore `-k` option and actively process as no-op [32]
o sasl: fix zero-length response encoding [36]
o schannel: shut off experimental TLS 1.3 support for Win 10 [25]
o scripts: use end-of-options marker in `cd`, `mkdir`, `mv`, `sha256sum` commands [34]
o smtp: reject CR and LF in the envelope address [37]
o sws: allow connection-monitor to log all disconnects [2]
o test 1560: test RFC4291 style IPv6 IPv4-mapped addresses [40]
o tool: do not flush on out-null [38]
o tool: init progress bar on demand [39]
o tool_cb_hdr: de-duplicate filename setter [24]
o tool_operate: remove call to abort() [23]
o urlapi: do not keep an internal port string [31]
o VULN-DISCLOSURE-POLICY.md: issues that should be found by tests are LOW [5]
This release includes the following known bugs:
See https://curl.se/docs/knownbugs.html
For all changes ever done in curl:
See https://curl.se/changes.html
Planned upcoming removals include:
o local crypto implementations
o NTLM
o SMB
o TLS-SRP support
See https://curl.se/dev/deprecate.html
This release would not have looked like this without help, code, reports and
advice from friends like these:
Alhuda Khan, Bigtang on hackerone, Dan Fandrich, Daniel Stenberg,
dependabot[bot], ed0d2b2ce19451f2 on github, Emmanuel Ugwu, Eunsoo Kim,
Hendrik Hübner, HwangRock, Memduh Çelik, Patrick Monnerat, Ray Satiro,
renovate[bot], Roger Leigh, Sam James, Samuel Dainard,
smaeljaish on hackerone, Stefan Eissing, stze on hackerone, Viktor Szakats
(21 contributors)
References to bug reports and discussions on issues:
[1] = https://curl.se/bug/?i=22116
[2] = https://curl.se/bug/?i=22158
[3] = https://curl.se/bug/?i=22152
[4] = https://curl.se/bug/?i=22235
[5] = https://curl.se/bug/?i=22190
[6] = https://curl.se/bug/?i=22195
[7] = https://curl.se/bug/?i=22198
[8] = https://curl.se/bug/?i=22197
[9] = https://curl.se/bug/?i=22194
[10] = https://curl.se/bug/?i=22191
[11] = https://curl.se/bug/?i=22193
[12] = https://curl.se/bug/?i=22192
[15] = https://curl.se/bug/?i=22187
[17] = https://curl.se/bug/?i=22178
[19] = https://curl.se/bug/?i=22233
[20] = https://curl.se/bug/?i=22169
[22] = https://curl.se/bug/?i=22179
[23] = https://curl.se/bug/?i=22182
[24] = https://curl.se/bug/?i=22232
[25] = https://curl.se/bug/?i=22231
[27] = https://curl.se/bug/?i=22222
[28] = https://curl.se/bug/?i=22220
[29] = https://curl.se/bug/?i=22113
[31] = https://curl.se/bug/?i=22167
[32] = https://curl.se/bug/?i=22100
[33] = https://curl.se/bug/?i=22154
[34] = https://curl.se/bug/?i=22150
[35] = https://curl.se/bug/?i=22148
[36] = https://curl.se/bug/?i=22218
[37] = https://curl.se/bug/?i=22119
[38] = https://curl.se/bug/?i=22165
[39] = https://curl.se/bug/?i=22164
[40] = https://curl.se/bug/?i=22136
[43] = https://curl.se/bug/?i=22112
[44] = https://curl.se/bug/?i=22217
[45] = https://curl.se/bug/?i=22213
[46] = https://curl.se/bug/?i=22156
[47] = https://curl.se/bug/?i=22219
[48] = https://curl.se/bug/?i=22211
[49] = https://curl.se/bug/?i=22214
[50] = https://curl.se/bug/?i=22212
[51] = https://curl.se/bug/?i=22206
[52] = https://curl.se/bug/?i=22205
[54] = https://curl.se/bug/?i=22201
[56] = https://curl.se/bug/?i=22170
[57] = https://curl.se/bug/?i=22200