News

The curl team proudly presents curl and libcurl version 7.87.0. See the full changelog.

Pay special attention to the two security vulnerabilities fixed in this version.

The curl team proudly presents curl and libcurl version 7.86.0. See the full changelog.

Pay special attention to the four security vulnerabilities fixed in this version.

The curl team proudly presents curl and libcurl version 7.85.0. See the full changelog.

Pay special attention to the security vulnerability fixed in this version CVE-2022-35252: control code in cookie denial of service.

The curl team proudly presents curl and libcurl version 7.84.0. See the full changelog.

Pay special attention to these four security vulnerabilities fixed in this version:

• CVE-2022-32205: Set-Cookie denial of service
• CVE-2022-32206: HTTP compression denial of service
• CVE-2022-32207: Unpreserved file permissions
• CVE-2022-32208: FTP-KRB bad message verification

The curl team proudly presents curl and libcurl version 7.83.1. See the full changelog.

Pay special attention to these six security vulnerabilities fixed in this version:

• CVE-2022-27778: curl removes wrong file on error
• CVE-2022-27779: cookie for trailing dot TLD
• CVE-2022-27780: percent-encoded path separator in URL host
• CVE-2022-27781: CERTINFO never-ending busy-loop
• CVE-2022-27782: TLS and SSH connection too eager reuse
• CVE-2022-30115: HSTS bypass via trailing dot

The curl team proudly presents curl and libcurl version 7.83.0. See the full changelog.

Pay special attention to these four security vulnerabilities fixed in this version:

• CVE-2022-22576: OAUTH2 bearer bypass in connection re-use
• CVE-2022-27774: Credential leak on redirect
• CVE-2022-27775: Bad local IPv6 connection reuse
• CVE-2022-27776: Auth/cookie leak on redirect

The curl team proudly presents curl and libcurl version 7.82.0. See the full changelog.

The curl team proudly presents curl and libcurl version 7.81.0. See the full changelog.

The curl team proudly presents curl and libcurl version 7.80.0. See the full changelog.

The curl team proudly presents curl and libcurl version 7.79.1. See the full changelog.

The curl team proudly presents curl and libcurl version 7.79.0. See the full changelog.

Pay special attention to the three security vulnerabilities fixed in this version:

• CVE-2021-22945: UAF and double-free in MQTT sending
• CVE-2021-22946: Protocol downgrade required TLS bypassed
• CVE-2021-22947: STARTTLS protocol injection via MITM

The curl team proudly presents curl and libcurl version 7.78.0. See the full changelog.

Pay special attention to the five security vulnerabilities fixed in this version:

• CVE-2021-22922: Wrong content via metalink not discarded
• CVE-2021-22923: Metalink download sends credentials
• CVE-2021-22924: Bad connection reuse due to flawed path name checks
• CVE-2021-22925: TELNET stack contents disclosure again
• CVE-2021-22926: CURLOPT_SSLCERT mixup with Secure Transport

The curl team proudly presents curl and libcurl version 7.77.0. See the full changelog.

Pay special attention to the three security vulnerabilities fixed in this version:

• CVE-2021-22897: schannel cipher selection surprise
• CVE-2021-22898: TELNET stack contents disclosure
• CVE-2021-22901: TLS session caching disaster

The curl project officially moved to the Libera.Chat IRC network into the #curl channel. The documentation on joining was updated accordingly.

The curl team proudly presents curl and libcurl version 7.76.1. See the changelog.

The curl team proudly presents curl and libcurl version 7.76.0. See the changelog.

Pay special attention to the two security vulnerabilities fixed in this version: CVE-2021-22876: Automatic referer leaks credentials and CVE-2021-22890: TLS 1.3 session ticket proxy host mixup.

The curl team proudly presents curl and libcurl version 7.75.0. See the changelog.

The curl team proudly presents curl and libcurl version 7.74.0. See the changelog.

Pay special attention to these security vulnerabilities fixed in this version: CVE-2020-8284: trusting FTP PASV responses, CVE-2020-8285: FTP wildcard stack overflow and CVE-2020-8286: Inferior OCSP verification.

The website curl.se and others were moved over to a new host today. No major problems or outages were discovered. A few minor breakages occurred but were fixed within shortly. A good transition! It was fifteen years since the previous host move!

The curl team proudly presents curl and libcurl version 7.73.0. See the changelog.

The curl team proudly presents curl and libcurl version 7.72.0. See the changelog.

Pay special attention to the security vulnerability fixed in this version: CVE-2020-8231: libcurl: wrong connect-only connection.

The curl team proudly presents curl and libcurl version 7.71.1. See the changelog.

The curl team proudly presents curl and libcurl version 7.71.0. See the changelog.

Pay special attention to the two security vulnerabilities fixed in this version: CVE-2020-8169: Partial password leak over DNS on HTTP redirect and CVE-2020-8177: curl overwrite local file with -J.

The curl team proudly presents curl and libcurl version 7.70.0. See the changelog.

The curl team proudly presents curl and libcurl version 7.69.1. See the changelog.