Buy commercial curl support. We
help you work out your issues, debug your libcurl applications, use the API,
port to new platforms, add new features and more. With a team lead by the
curl founder Daniel himself.
Re: [oss-security] [SECURITY ADVISORY] curl: CVE-2025-10148: predictable WebSocket mask
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Daniel Stenberg via curl-users <curl-users_at_lists.haxx.se>
Date: Wed, 10 Sep 2025 14:22:51 +0200 (CEST)
On Wed, 10 Sep 2025, Emilio Pozuelo Monfort wrote:
> From what I can see, websocket support was introduced in 7.86 in [1], and
> later marked as supported/not-experimental in 8.11 [2]. If so, I think the
> above note (also in [3]) should say that it was experimental before 8.11.
Thank you. I don't know how I could get that wrong (as the introduced-in
commit is the right one), but you are entirely correct. Thank you.
I will update the CVE.
Date: Wed, 10 Sep 2025 14:22:51 +0200 (CEST)
On Wed, 10 Sep 2025, Emilio Pozuelo Monfort wrote:
> From what I can see, websocket support was introduced in 7.86 in [1], and
> later marked as supported/not-experimental in 8.11 [2]. If so, I think the
> above note (also in [3]) should say that it was experimental before 8.11.
Thank you. I don't know how I could get that wrong (as the introduced-in
commit is the right one), but you are entirely correct. Thank you.
I will update the CVE.
-- / daniel.haxx.se || https://rock-solid.curl.dev -- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2025-09-10