mirror of
https://github.com/curl/curl.git
synced 2026-05-20 13:47:19 +03:00
207 lines
8.6 KiB
Text
207 lines
8.6 KiB
Text
curl and libcurl 8.21.0
|
|
|
|
Public curl releases: 275
|
|
Command line options: 273
|
|
curl_easy_setopt() options: 308
|
|
Public functions in libcurl: 100
|
|
Authors: 1473
|
|
Contributors: 3680
|
|
|
|
This release includes the following changes:
|
|
|
|
o curl: named globs in output file name for upload glob references [77]
|
|
o lib: drop support for CURLAUTH_DIGEST_IE [4]
|
|
o libssh: add support for SHA256 host public keys [57]
|
|
o tool_urlglob: add named globs [92]
|
|
|
|
This release includes the following bugfixes:
|
|
|
|
o asyn-thrdd: fix result processing without wakeup socketpair [2]
|
|
o cf-h2-proxy: drop interim responses [47]
|
|
o cmake: auto-select static nghttp2/nghttp3/ngtcp2 Config [8]
|
|
o cmake: export/forward `NGTCP2_CRYPTO_BACKEND` [99]
|
|
o cmake: fix zstd CMake config name [5]
|
|
o cookie: compare path case sensitively [52]
|
|
o cookie: simplify strstore(), remove outdated comment [12]
|
|
o cookie: trim trailing dots when checking PSL [39]
|
|
o creds: add sasl service name [75]
|
|
o curl_ntlm_core: fix nettle 4+ builds in certain MultiSSL combos [87]
|
|
o curl_ntlm_core: propagate DES `CryptEncrypt()` error [84]
|
|
o CURLOPT_ECH.md: simplify the description language [18]
|
|
o CURLOPT_HAPROXYPROTOCOL.md: only sent for newly setup connections [32]
|
|
o CURLOPT_MAXFILESIZE: clarify this also works for on-going transfers [78]
|
|
o CURLOPT_SHARE: warn about early remove [51]
|
|
o CURLOPT_SSH_HOSTKEYFUNCTION.md: for new connections only [48]
|
|
o delta: harden external command invocations [98]
|
|
o docs: end "...can be used several times..." sentences with period [34]
|
|
o docs: fix --follow doc typo [97]
|
|
o docs: fix a couple of typos [62]
|
|
o docs: fix grammar and wording in FAQ [66]
|
|
o ECH: cleanups [20]
|
|
o event: fix wakeup consumption [93]
|
|
o ftp: avoid accessing EPSV response one byte past the NULL [9]
|
|
o ftp: remove 2 Curl_resolv_blocking() calls [30]
|
|
o ftp: remove bits.ftp_use_control_ssl [28]
|
|
o gnutls: allow building with nettle 4.0 [96]
|
|
o gnutls: fix more nettle 4+ compatibility issues [94]
|
|
o gsasl: fix potential double free [56]
|
|
o gtls: fix some typos [15]
|
|
o hostip: remove unused MAX_HOSTCACHE_LEN and MAX_DNS_CACHE_SIZE [101]
|
|
o idn: replace header guards with forward declaration [100]
|
|
o ldap: fix minor leak on write callback error [24]
|
|
o ldap: fix to not leak `attribute` on OOM (WinLDAP) [79]
|
|
o lib678: fix to not be perma-skipped [10]
|
|
o lib: make `__STDC_VERSION__` literals `L` (where missing)
|
|
o lib: two minor typos [16]
|
|
o libcurl-easy.md: minor clarifications [19]
|
|
o mbedtls: null-terminate the private key blob [36]
|
|
o mqtt: validate PINGRESP and DISCONNECT have remaining_length == 0 [7]
|
|
o pythonlint.sh: make it fail on error, fix ruff warnings in pytest [67]
|
|
o rtsp: bump buf after rtsp_filter_rtp() [88]
|
|
o runner.pm: set `CURL_TESTNUM` for `precheck` commands [13]
|
|
o rustls: error on CURLOPT_CRLFILE with native CA store [59]
|
|
o schannel: enforce Extended Key Usage for custom CA roots [29]
|
|
o schannel_verify: avoid out of blob access [11]
|
|
o setopt: changing the proxy port is also a proxy change [23]
|
|
o setopt: fix to honor `CURLOPT_PROXY_CAINFO_BLOB` over Native CA [26]
|
|
o setopt: gate a few proxy TLS options by checking backend support [35]
|
|
o setopt: more careful cleanup of the HSTS cache [45]
|
|
o show-headers.md: mention bold headers and --no-styled-output [17]
|
|
o snpego_sspi: preserve distinction btw policy-only and uncond delegation [74]
|
|
o spnego_sspi: honor CURLOPT_GSSAPI_DELEGATION for Windows SSPI [89]
|
|
o src: fix comment typos [83]
|
|
o SSLCERTS: document 8.19.0 default Native CA builds (Windows) [14]
|
|
o tests: fix unit1636 with --disable-progress-meter [37]
|
|
o tftp: stricter option name checks [90]
|
|
o tool_formparse.c: fix two minor comment typos [25]
|
|
o tool_formparse: polish error message + make two functions static [1]
|
|
o tool_formparse: tool2curlparts is no longer recursive [33]
|
|
o tool_urlglob: avoid overflow at end of range [22]
|
|
o tool_urlglob: better 'Duplicate glob name' position [82]
|
|
o tool_urlglob: make globbing error reported for correct position [91]
|
|
o unix-sockets: ignore proxy settings [6]
|
|
o url: compare full origin when setting credentials [42]
|
|
o url: fix connection reuse for starttls protocols [27]
|
|
o url: keep the question mark for empty queries [73]
|
|
o url: remove ssh_config_matches [31]
|
|
o url: url_match_destination fix [43]
|
|
o urlapi: change more lowercase percent-encoded to uppercase [71]
|
|
o urlapi: consume trailing dots after IPv4 numerical addresses [50]
|
|
o urlapi: deny hostnames with more than one trailing dot [58]
|
|
o urlapi: handle redirect without set scheme with default-scheme [38]
|
|
o user-agent.md: mention double quotes too [3]
|
|
o windows: update MS SDK versions in comments [60]
|
|
o x509asn1: fix DH public key parameter extraction [44]
|
|
o x509asn1: fix operator order in do_pubkey [21]
|
|
|
|
This release includes the following known bugs:
|
|
|
|
See https://curl.se/docs/knownbugs.html
|
|
|
|
For all changes ever done in curl:
|
|
|
|
See https://curl.se/changes.html
|
|
|
|
Planned upcoming removals include:
|
|
|
|
o local crypto implementations
|
|
o NTLM
|
|
o SMB
|
|
o TLS-SRP support
|
|
|
|
See https://curl.se/dev/deprecate.html
|
|
|
|
This release would not have looked like this without help, code, reports and
|
|
advice from friends like these:
|
|
|
|
0xN3R3K3, Alan De Smet, amitbidlan, Andrei Rybak, Andrew Nesbitt,
|
|
Bastian Jesuiter, Bill Mill, chrizilla on github, Dan Fandrich,
|
|
Daniel Stenberg, dependabot[bot], Earnestly on github, Elise Vance,
|
|
Emanuel Krollmann, Fabian Keil, jeffhuang, Jeremy Nicoll, Joshua Rogers,
|
|
Kai Pastor, mulan_dh on hackerone, parasol-aser, Raymond Steen,
|
|
renovate[bot], Sergio Correia, Sollace on github, Song X. Gao,
|
|
Stefan Eissing, Tim Martin, Viktor Szakats, Xi Ruoyao, x-xiang on github
|
|
(31 contributors)
|
|
|
|
References to bug reports and discussions on issues:
|
|
|
|
[1] = https://curl.se/bug/?i=21510
|
|
[2] = https://curl.se/bug/?i=21476
|
|
[3] = https://curl.se/mail/archive-2026-04/0029.html
|
|
[4] = https://curl.se/bug/?i=21486
|
|
[5] = https://curl.se/bug/?i=21538
|
|
[6] = https://curl.se/bug/?i=21630
|
|
[7] = https://hackerone.com/reports/3702718
|
|
[8] = https://curl.se/bug/?i=21470
|
|
[9] = https://curl.se/bug/?i=21545
|
|
[10] = https://curl.se/bug/?i=21641
|
|
[11] = https://curl.se/bug/?i=21543
|
|
[12] = https://curl.se/bug/?i=21541
|
|
[13] = https://curl.se/bug/?i=21640
|
|
[14] = https://curl.se/bug/?i=21634
|
|
[15] = https://curl.se/bug/?i=21498
|
|
[16] = https://curl.se/bug/?i=21496
|
|
[17] = https://curl.se/bug/?i=21495
|
|
[18] = https://curl.se/bug/?i=21536
|
|
[19] = https://curl.se/bug/?i=21491
|
|
[20] = https://curl.se/bug/?i=21532
|
|
[21] = https://curl.se/bug/?i=21533
|
|
[22] = https://curl.se/bug/?i=21529
|
|
[23] = https://curl.se/bug/?i=21485
|
|
[24] = https://curl.se/bug/?i=21530
|
|
[25] = https://curl.se/bug/?i=21480
|
|
[26] = https://curl.se/bug/?i=21631
|
|
[27] = https://curl.se/bug/?i=21522
|
|
[28] = https://curl.se/bug/?i=21521
|
|
[29] = https://curl.se/bug/?i=21629
|
|
[30] = https://curl.se/bug/?i=21512
|
|
[31] = https://curl.se/bug/?i=21519
|
|
[32] = https://curl.se/bug/?i=21517
|
|
[33] = https://curl.se/bug/?i=21518
|
|
[34] = https://curl.se/bug/?i=21644
|
|
[35] = https://curl.se/bug/?i=21514
|
|
[36] = https://curl.se/bug/?i=21515
|
|
[37] = https://curl.se/bug/?i=21500
|
|
[38] = https://curl.se/bug/?i=21632
|
|
[39] = https://curl.se/bug/?i=21636
|
|
[42] = https://curl.se/bug/?i=21575
|
|
[43] = https://curl.se/bug/?i=21573
|
|
[44] = https://curl.se/bug/?i=21595
|
|
[45] = https://curl.se/bug/?i=21615
|
|
[47] = https://curl.se/bug/?i=21626
|
|
[48] = https://curl.se/bug/?i=21606
|
|
[50] = https://curl.se/bug/?i=21635
|
|
[51] = https://curl.se/bug/?i=21633
|
|
[52] = https://curl.se/bug/?i=21616
|
|
[56] = https://curl.se/bug/?i=21609
|
|
[57] = https://curl.se/bug/?i=21605
|
|
[58] = https://curl.se/bug/?i=21622
|
|
[59] = https://curl.se/bug/?i=21614
|
|
[60] = https://curl.se/bug/?i=21621
|
|
[62] = https://curl.se/bug/?i=21617
|
|
[66] = https://curl.se/bug/?i=21593
|
|
[67] = https://curl.se/bug/?i=21597
|
|
[71] = https://curl.se/bug/?i=21592
|
|
[73] = https://curl.se/bug/?i=21544
|
|
[74] = https://curl.se/bug/?i=21583
|
|
[75] = https://curl.se/bug/?i=21585
|
|
[77] = https://curl.se/bug/?i=21407
|
|
[78] = https://curl.se/bug/?i=21582
|
|
[79] = https://curl.se/bug/?i=21576
|
|
[82] = https://curl.se/bug/?i=21567
|
|
[83] = https://curl.se/bug/?i=21570
|
|
[84] = https://curl.se/bug/?i=21569
|
|
[87] = https://curl.se/bug/?i=21562
|
|
[88] = https://curl.se/bug/?i=21563
|
|
[89] = https://curl.se/bug/?i=21528
|
|
[90] = https://curl.se/bug/?i=21560
|
|
[91] = https://curl.se/bug/?i=21561
|
|
[92] = https://curl.se/bug/?i=21409
|
|
[93] = https://curl.se/bug/?i=21547
|
|
[94] = https://curl.se/bug/?i=21557
|
|
[96] = https://curl.se/bug/?i=21169
|
|
[97] = https://curl.se/bug/?i=21553
|
|
[98] = https://curl.se/bug/?i=21104
|
|
[99] = https://curl.se/bug/?i=21523
|
|
[100] = https://curl.se/bug/?i=21551
|
|
[101] = https://curl.se/bug/?i=21550
|