curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

[RELEASE] curl 8.7.0

From: Daniel Stenberg via curl-library <curl-library_at_lists.haxx.se>
Date: Wed, 27 Mar 2024 07:57:52 +0100 (CET)

Hello friends!

I'm happy to announce another curl release! Get it as always from
https://curl.se

Also: see the four separate security advisories we announce in association
with this release.

curl and libcurl 8.7.0

  Public curl releases: 255
  Command line options: 258
  curl_easy_setopt() options: 304
  Public functions in libcurl: 93
  Contributors: 3134

This release includes the following changes:

  o configure: add --disable-docs flag [16]
  o CURLINFO_USED_PROXY: return bool whether the proxy was used [24]
  o digest: support SHA-512/256 [118]
  o DoH: add trace configuration [61]
  o write-out: add '%{proxy_used}' [24]

This release includes the following bugfixes:

  o ALTSVC.md: correct a typo [14]
  o asyn-ares: fix data race warning [88]
  o asyn-thread: use wakeup_close to close the read descriptor [1]
  o badwords: use hostname, not host name [46]
  o BINDINGS: add mcurl, the python binding [67]
  o bufq: writing into a softlimit queue cannot be partial [49]
  o c-hyper: add header collection writer in hyper builds [70]
  o cd2nroff: gen: make `\>` in input to render as plain '>' in output
  o cd2nroff: remove backticks from titles
  o checksrc.pl: fix handling .checksrc with CRLF [43]
  o cmake: add USE_OPENSSL_QUIC support [21]
  o cmake: add warning for using TLS libraries without 1.3 support [25]
  o cmake: enable `ENABLE_CURL_MANUAL` by default [112]
  o cmake: fix `CURL_WINDOWS_SSPI=ON` with Schannel disabled [117]
  o cmake: fix function description in comment [47]
  o cmake: fix install for older CMake versions [53]
  o cmake: fix libcurl.pc and curl-config library specifications [115]
  o cmdline-docs/Makefile: avoid using a fixed temp file name [5]
  o cmdline-docs: quote and angle bracket cleanup [45]
  o cmdline-opts/_EXITCODES: sync with libcurl-errors [80]
  o cmdline-opts/_VARIABLES.md: improve the description [105]
  o cmdline-opts/_VERSION: provide %VERSION correctly [87]
  o cmdline-opts: shorter help texts [148]
  o configure: add pkg-config support to rustls detection [151]
  o configure: add warning for using TLS libraries without 1.3 support [26]
  o configure: build & install shell completions when enabled [85]
  o configure: do not link with nghttp3 unless necessary [7]
  o configure: Don't build shell completions when disabled [68]
  o configure: Don't make shell completions without perl [83]
  o configure: find libpsl with pkg-config [79]
  o connect.c: fix typo [17]
  o CONTRIBUTE: update the section on documentation format [96]
  o cookie.md: provide an example sending a fixed cookie [13]
  o cookie: if psl fails, reject the cookie [107]
  o curl: exit on config file parser errors [40]
  o curl: make --libcurl output better CURLOPT_*SSLVERSION [127]
  o curl: when allocating variables, add the name into the struct [37]
  o curl_setup.h: add curl_uint64_t internal type
  o curldown: fix email address in Copyright [89]
  o CURLMOPT_MAX*: mention what happens if changed mid-transfer [154]
  o CURLOPT_INTERFACE.md: remove spurious amp, add see-also [137]
  o CURLOPT_POSTQUOTE.md: fix typo [36]
  o CURLOPT_SSL_CTX_FUNCTION.md: no promises of lifetime after return [104]
  o CURLOPT_WRITEFUNCTION.md: typo fix [41]
  o digest: add check for hashing error [111]
  o dist: make sure the http tests are in the tarball [29]
  o DISTROS: add document with distro pointers [144]
  o docs/libcurl: add TLS backend info for all TLS options [155]
  o docs/libcurl: generate PROTOCOLS from meta-data [153]
  o docs: add missing slashes to SChannel client certificate documentation [11]
  o docs: add necessary setup for nghttp3 [51]
  o docs: ascii version of manpage without nroff [121]
  o docs: dist curl*.1 and install without perl [64]
  o docs: make curldown do angle brackets like markdown [54]
  o docs: make each libcurl man specify protocol(s) [157]
  o docs: make sure curl.1 is included in dist tarballs [35]
  o docs: update minimal binary size in INSTALL.md
  o docs: use present tense [103]
  o examples: use present tense in comments [97]
  o file: use xfer buf for file:// transfers [23]
  o fopen: fix narrowing conversion warning on 32-bit Android [100]
  o form-string.md: correct the example [4]
  o ftp: do lineend conversions in client writer [32]
  o ftp: fix socket wait activity in ftp_domore_getsock [28]
  o ftp: tracing improvements [33]
  o ftp: treat a 226 arriving before data as a signal to read data [19]
  o gen.pl: make the "manpageification" faster [95]
  o gen: make `\>` in input to render as plain '>' in output [78]
  o getparam: make --ftp-ssl work again [90]
  o GHA/linux: add sysctl trick to work-around GitHub runner issue [129]
  o GIT-INFO: convert to markdown [114]
  o GOVERNANCE: document the core team [133]
  o header.md: remove backslash, make nicer markdown [48]
  o HTTP/2: write response directly [12]
  o http2, http3: return CURLE_PARTIAL_FILE when bytes were received [160]
  o http2: fix push discard [124]
  o http2: memory errors in the push callbacks are fatal [132]
  o http2: minor tweaks to optimize two struct sizes [130]
  o http2: push headers better cleanup [113]
  o http2: remove the third (unused) argument from http2_data_done() [159]
  o HTTP3.md: adjust the OpenSSL QUIC install instructions [34]
  o http: better error message for HTTP/1.x response without status line [86]
  o http: improve response header handling, save cpu cycles [138]
  o http: move headers collecting to writer [71]
  o http: remove stale comment about rewindbeforesend [136]
  o http: separate response parsing from response action [158]
  o http_chunks: fix the accounting of consumed bytes [22]
  o http_chunks: remove unused 'endptr' variable [58]
  o https-proxy: use IP address and cert with ip in alt names [50]
  o hyper: implement unpausing via client reader [98]
  o ipv6.md: mention IPv4 mapped addresses [147]
  o KNOWN_BUGS: POP3 issue when reading small chunks [134]
  o lib1598: fix `CURLOPT_POSTFIELDSIZE` usage [128]
  o lib582: remove code causing warning that is never run [38]
  o lib: add `void *ctx` to reader/writer instances [122]
  o lib: convert Curl_get_line to use dynbuf [42]
  o lib: Curl_read/Curl_write clarifications [101]
  o lib: enhance client reader resume + rewind [92]
  o lib: initialize output pointers to NULL before calling strto[ff,l,ul] [63]
  o lib: keep conn IP information together [109]
  o lib: move 'done' parameter to SingleRequests [142]
  o lib: remove curl_mimepart object when CURL_DISABLE_MIME [72]
  o libcurl-docs: cleanups
  o libcurl-security.md: Active FTP passes on the local IP address [6]
  o libssh/libssh2: return error on too big range [75]
  o MANUAL.md: fix typo [66]
  o mbedtls: fix building when MBEDTLS_X509_REMOVE_INFO flag is defined [27]
  o mbedtls: fix pytest for newer versions [146]
  o mbedtls: properly cleanup the thread-shared entropy [140]
  o mbedtls: use mbedtls_ssl_conf_{min|max}_tls_version [59]
  o md4: include strdup.h for the memdup proto [10]
  o mime: add client reader [126]
  o misc: fix typos in docs and lib [84]
  o mkhelp: simplify the generated hugehelp program [120]
  o mprintf: fix format prefix I32/I64 for windows compilers [77]
  o multi: add xfer_buf to multi handle [30]
  o multi: fix multi_sock handling of select_bits [81]
  o multi: make add_handle free any multi_easy [102]
  o ngtcp2: no recvbuf for stream [108]
  o ntml_wb: fix buffer type typo [2]
  o OpenSSL QUIC: adapt to v3.3.x [65]
  o openssl-quic: check on Windows that socket conv to int is possible [8]
  o openssl-quic: fix BIO leak and Windows warning [93]
  o openssl-quic: fix unity build, casing, indentation [94]
  o OS400: avoid using awk in the build scripts [20]
  o paramhlp: fix CRLF-stripping files with "-d _at_file" [116]
  o proxy1.0.md: fix example [15]
  o pytest: adapt to API change [106]
  o request: clarify message when request has been sent off [143]
  o rustls: make curl compile with 0.12.0 [73]
  o schannel: fix hang on unexpected server close [57]
  o scripts: fix cijobs.pl for Azure and GHA
  o sendf: ignore response body to HEAD [18]
  o setopt: fix check for CURLOPT_PROXY_TLSAUTH_TYPE value [76]
  o setopt: fix disabling all protocols [99]
  o sha512_256: add support for GnuTLS and OpenSSL [110]
  o smtp: fix STARTTLS [91]
  o SPONSORS: describe the basics [131]
  o strtoofft: fix the overflow check [74]
  o test 1541: verify getinfo values on first header callback [149]
  o test1165: improve pattern matching [60]
  o tests: support setting/using blank content env variables
  o TIMER_STARTTRANSFER: set the same for everyone [82]
  o TLS: start shutdown only when peer did not already close [150]
  o TODO: update 13.11 with more information [152]
  o tool_cb_hdr: only parse etag + content-disposition for 2xx [9]
  o tool_getparam: accept a blank -w "" [139]
  o tool_getparam: handle non-existing (out of range) short-options [141]
  o tool_operate: change precedence of server Retry-After time [44]
  o tool_operate: do not set CURLOPT_QUICK_EXIT in debug builds [3]
  o trace-config.md: remove the mutexed options list [119]
  o transfer.c: break receive loop in speed limited transfers [125]
  o transfer: improve Windows SO_SNDBUF update limit [56]
  o urldata: move authneg bit from conn to Curl_easy [69]
  o version: allow building with ancient libpsl [52]
  o vquic-tls: fix the error code returned for bad CA file [135]
  o vtls: fix tls proxy peer verification [55]
  o vtls: revert "receive max buffer" + add test case [39]
  o VULN-DISCLOSURE-POLICY.md: update detail about CVE requests [123]
  o websocket: fix curl_ws_recv() [62]
  o wolfSSL: do not call the stub function wolfSSL_BIO_set_init() [145]
  o write-out.md: clarify error handling details [31]

This release includes the following known bugs:

  o see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html)

Planned upcoming removals include:

  o support for space-separated NOPROXY patterns

  See https://curl.se/dev/deprecate.html for details

This release would not have looked like this without help, code, reports and
advice from friends like these:

   5533asdg on github, Alan Coopersmith, Andreas Kiefer, Andrew Kaster,
   Andy Fiddaman, Arjan van de Ven, av223119 on github, awesomekosm on github,
   Boris Verkhovskiy, Brett Buddin, Brian Clemens, chensong1211 on github,
   Chris Webb, chrysos349 on github, Dan Fandrich, Daniel Gustafsson,
   Daniel Stenberg, Daniel Szmulewicz, Dan McDonald, DasKutti on github,
   dependabot[bot], Dexter Gerig, dfdity on github, Dirk Hünniger,
   Dmitry Karpov, Dmitry Tretyakov, edmcln on github, Erik Schnetter,
   Evgeny Grin (Karlson2k), Fabian Keil, Fabian Vogt, Fabrice Fontaine,
   Faraz Fallahi, Gaelan Steele, Geeknik Labs, Gisle Vanem, graywolf on github,
   Harry Sintonen, HsiehYuho on github, Jan Macku, Jiawen Geng, Jiří Bok,
   Joel Depooter, John Marshall, Jonathan Perkin, Jon Rumsey, Jordan Brown,
   Josh Soref, Karthikdasari0423, Karthikdasari0423 on github, Kevin Daudt,
   Konstantin Vlasov, kpcyrd, Lars Kellogg-Stedman, LeeRiva, Louis Solofrizzo,
   Lukáš Zaoral, Marcel Raad, Marcus Müller, Matt Jolly, Michael Forney,
   Michael Kaufmann, Michał Antoniak, Michał Górny, Mohammadreza Hendiani,
   Nikita Taranov, Outvi V, Patrick Monnerat, Paweł Witas, Pēteris Caune,
   Peter Krefting, RainRat, Ramiro Garcia, Ray Satiro, Richard Levitte,
   Robert Moreton, Ross Burton, Rudi Heitbaum, Ryan Carsten Schmidt,
   Scott Mutter, Scott Talbert, Sean Molenaar, Sebastian Neubauer,
   Sergey Bronnikov, Simon K, Stefan Eissing, Tal Regev, Thomas Pyle,
   Till Wegmüller, Viktor Szakats, vulnerabilityspotter on hackerone,
   Winni Neessen
   (92 contributors)

References to bug reports and discussions on issues:

  [1] = https://curl.se/bug/?i=12836
  [2] = https://curl.se/bug/?i=12825
  [3] = https://curl.se/bug/?i=12834
  [4] = https://curl.se/bug/?i=12822
  [5] = https://curl.se/bug/?i=12829
  [6] = https://curl.se/bug/?i=12867
  [7] = https://curl.se/bug/?i=12833
  [8] = https://curl.se/bug/?i=12861
  [9] = https://curl.se/bug/?i=12866
  [10] = https://curl.se/bug/?i=12849
  [11] = https://curl.se/bug/?i=12854
  [12] = https://curl.se/bug/?i=12828
  [13] = https://curl.se/bug/?i=12868
  [14] = https://curl.se/bug/?i=12852
  [15] = https://curl.se/bug/?i=12856
  [16] = https://curl.se/bug/?i=12832
  [17] = https://curl.se/bug/?i=12858
  [18] = https://curl.se/mail/lib-2024-02/0000.html
  [19] = https://curl.se/bug/?i=12823
  [20] = https://curl.se/bug/?i=12826
  [21] = https://curl.se/bug/?i=13034
  [22] = https://curl.se/bug/?i=12937
  [23] = https://curl.se/bug/?i=12750
  [24] = https://curl.se/bug/?i=12719
  [25] = https://curl.se/bug/?i=12900
  [26] = https://curl.se/bug/?i=12900
  [27] = https://curl.se/bug/?i=12904
  [28] = https://curl.se/bug/?i=12901
  [29] = https://curl.se/bug/?i=12914
  [30] = https://curl.se/bug/?i=12805
  [31] = https://curl.se/bug/?i=12909
  [32] = https://curl.se/bug/?i=12878
  [33] = https://curl.se/bug/?i=12902
  [34] = https://curl.se/bug/?i=12896
  [35] = https://curl.se/bug/?i=12892
  [36] = https://curl.se/bug/?i=12926
  [37] = https://curl.se/bug/?i=12891
  [38] = https://curl.se/bug/?i=12890
  [39] = https://curl.se/bug/?i=12885
  [40] = https://curl.se/mail/archive-2024-02/0008.html
  [41] = https://curl.se/bug/?i=12889
  [42] = https://curl.se/bug/?i=12846
  [43] = https://curl.se/bug/?i=12924
  [44] = https://curl.se/mail/archive-2024-01/0022.html
  [45] = https://curl.se/bug/?i=12884
  [46] = https://curl.se/bug/?i=12888
  [47] = https://curl.se/bug/?i=12879
  [48] = https://curl.se/bug/?i=12877
  [49] = https://curl.se/bug/?i=13020
  [50] = https://curl.se/bug/?i=12838
  [51] = https://curl.se/bug/?i=12859
  [52] = https://curl.se/mail/archive-2024-02/0004.html
  [53] = https://curl.se/bug/?i=12920
  [54] = https://curl.se/bug/?i=12869
  [55] = https://curl.se/bug/?i=12831
  [56] = https://curl.se/bug/?i=12911
  [57] = https://curl.se/bug/?i=12894
  [58] = https://curl.se/bug/?i=12996
  [59] = https://curl.se/bug/?i=12905
  [60] = https://curl.se/bug/?i=12903
  [61] = https://curl.se/bug/?i=12411
  [62] = https://curl.se/bug/?i=12945
  [63] = https://curl.se/bug/?i=12995
  [64] = https://curl.se/bug/?i=12921
  [65] = https://curl.se/bug/?i=12933
  [66] = https://curl.se/bug/?i=12965
  [67] = https://curl.se/bug/?i=12962
  [68] = https://curl.se/bug/?i=13027
  [69] = https://curl.se/bug/?i=12949
  [70] = https://curl.se/bug/?i=12880
  [71] = https://curl.se/bug/?i=12880
  [72] = https://curl.se/bug/?i=12948
  [73] = https://curl.se/bug/?i=12989
  [74] = https://curl.se/bug/?i=12990
  [75] = https://curl.se/bug/?i=12983
  [76] = https://curl.se/bug/?i=12981
  [77] = https://curl.se/bug/?i=12944
  [78] = https://curl.se/bug/?i=12977
  [79] = https://curl.se/bug/?i=12947
  [80] = https://curl.se/bug/?i=13015
  [81] = https://curl.se/bug/?i=12971
  [82] = https://curl.se/bug/?i=13052
  [83] = https://curl.se/bug/?i=13022
  [84] = https://curl.se/bug/?i=13019
  [85] = https://curl.se/bug/?i=12906
  [86] = https://curl.se/bug/?i=13045
  [87] = https://curl.se/bug/?i=13008
  [88] = https://curl.se/bug/?i=13065
  [89] = https://curl.se/bug/?i=12997
  [90] = https://curl.se/bug/?i=13006
  [91] = https://curl.se/bug/?i=13048
  [92] = https://curl.se/bug/?i=13026
  [93] = https://curl.se/bug/?i=13043
  [94] = https://curl.se/bug/?i=13044
  [95] = https://curl.se/bug/?i=13041
  [96] = https://curl.se/bug/?i=13046
  [97] = https://curl.se/bug/?i=13003
  [98] = https://curl.se/bug/?i=13075
  [99] = https://curl.se/bug/?i=13004
  [100] = https://curl.se/bug/?i=12998
  [101] = https://curl.se/bug/?i=12964
  [102] = https://curl.se/bug/?i=12992
  [103] = https://curl.se/bug/?i=13001
  [104] = https://curl.se/bug/?i=12999
  [105] = https://curl.se/bug/?i=13040
  [106] = https://curl.se/bug/?i=13037
  [107] = https://curl.se/bug/?i=13033
  [108] = https://curl.se/bug/?i=13073
  [109] = https://curl.se/bug/?i=13084
  [110] = https://curl.se/bug/?i=13070
  [111] = https://curl.se/bug/?i=13072
  [112] = https://curl.se/bug/?i=13028
  [113] = https://curl.se/bug/?i=13054
  [114] = https://curl.se/bug/?i=13074
  [115] = https://curl.se/bug/?i=6169
  [116] = https://curl.se/bug/?i=13063
  [117] = https://curl.se/bug/?i=13061
  [118] = https://curl.se/bug/?i=12897
  [119] = https://curl.se/bug/?i=13031
  [120] = https://curl.se/bug/?i=13047
  [121] = https://curl.se/bug/?i=13047
  [122] = https://curl.se/bug/?i=13035
  [123] = https://curl.se/bug/?i=13088
  [124] = https://curl.se/bug/?i=13055
  [125] = https://curl.se/mail/lib-2024-03/0001.html
  [126] = https://curl.se/bug/?i=13039
  [127] = https://curl.se/bug/?i=13127
  [128] = https://curl.se/bug/?i=13085
  [129] = https://curl.se/bug/?i=13124
  [130] = https://curl.se/bug/?i=13082
  [131] = https://curl.se/bug/?i=13119
  [132] = https://curl.se/bug/?i=13081
  [133] = https://curl.se/bug/?i=13118
  [134] = https://curl.se/bug/?i=12063
  [135] = https://curl.se/bug/?i=13115
  [136] = https://curl.se/bug/?i=13187
  [137] = https://curl.se/bug/?i=13149
  [138] = https://curl.se/bug/?i=13143
  [139] = https://curl.se/bug/?i=13144
  [140] = https://curl.se/bug/?i=11919
  [141] = https://curl.se/bug/?i=13101
  [142] = https://curl.se/bug/?i=13096
  [143] = https://curl.se/bug/?i=13093
  [144] = https://curl.se/bug/?i=13178
  [145] = https://curl.se/bug/?i=13164
  [146] = https://curl.se/bug/?i=13132
  [147] = https://curl.se/bug/?i=13112
  [148] = https://curl.se/bug/?i=13169
  [149] = https://curl.se/bug/?i=13128
  [150] = https://curl.se/bug/?i=10290
  [151] = https://curl.se/bug/?i=13179
  [152] = https://curl.se/bug/?i=13173
  [153] = https://curl.se/bug/?i=13175
  [154] = https://curl.se/bug/?i=13176
  [155] = https://curl.se/bug/?i=13168
  [157] = https://curl.se/bug/?i=13166
  [158] = https://curl.se/bug/?i=13134
  [159] = https://curl.se/bug/?i=13154
  [160] = https://curl.se/bug/?i=13151

-- 
  / daniel.haxx.se
  | Commercial curl support up to 24x7 is available!
  | Private help, bug fixes, support, ports, new features
  | https://curl.se/support.html


-- 
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html
Received on 2024-03-27