Download
Browse source Changelog tiny-curl
Documentation
Project   Bug Bounty FAQ   Help us   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Videos Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users Mailing lists Book: Everything curl Video presentations Report a bug Paid support
Development
Autobuilds Code review Code style Contribute Dashboard Deprecate Internals Release Notes Release Procedure Roadmap Run Tests Security Process Specifications Test curl
News
Changelog Release table
curl / News / Older News

Older events - things that happened earlier in the project

Stuff "gets moved here" from the news page, so some of the links on this page are more likely than others not to work anymore. I still think this page may be of value and I just want you to be aware of this fact. Use the search field to find working pages with similar info.

curl and libcurl 7.58.0 January 24 2018

The curl team proudly presents curl and libcurl version 7.58.0. All changes are documented in the changelog.

Pay special attention to the two security vulnerabilities fixed in this version: CVE-2018-1000005 and CVE-2018-1000007

curl and libcurl 7.57.0 November 29 2017

The curl team proudly presents curl and libcurl version 7.57.0. All changes are documented in the changelog.

Pay special attention to the three security vulnerabilities fixed in this version: CVE-2017-8816, CVE-2017-8817 and CVE-2017-8818.

curl and libcurl 7.56.1 October 23 2017

The curl team proudly presents curl and libcurl version 7.56.1. All changes are documented in the changelog.

Pay special attention to the CVE-2017-1000257 security vulnerability we fixed.

curl and libcurl 7.56.0 October 4 2017

The curl team proudly presents curl and libcurl version 7.56.0. All changes are documented in the changelog.

Pay special attention to the CVE-2017-1000254 security vulnerability we fixed.

curl and libcurl 7.55.1 August 14 2017

The curl team proudly presents curl and libcurl version 7.55.1. All changes are documented in the changelog.

curl and libcurl 7.54.1 June 14 2017

The curl team proudly presents curl and libcurl version 7.54.1. The bug fixes are documented in the changelog.

Pay special attention to the CVE-2017-9502 security vulnerability we fixed.

curl and libcurl 7.54.0 April 19 2017

The curl team proudly presents curl and libcurl version 7.54.0. The bug fixes are documented in the changelog.

Pay special attention to the CVE-2017-7468 security vulnerability we fixed.

curl and libcurl 7.53.1 February 24 2017

The curl team proudly presents curl and libcurl version 7.53.1. The bug fixes are documented in the changelog.

We did this patch release this soon after our previous version primarily to address a build error that caused people on Windows some annoyances.

curl and libcurl 7.53.0 February 22 2017

The curl team proudly presents curl and libcurl version 7.53.0. The bug fixes are documented in the changelog.

Pay special attention to the CVE-2017-2629 security vulnerability we fixed.

curl and libcurl 7.52.1 December 23 2016

The curl team proudly presents curl and libcurl version 7.52.1. The bug fixes are documented in the changelog.

We hurried out this release due to the security vulnerability we found in 7.52.0.

curl and libcurl 7.52.0 December 21 2016

The curl team proudly presents curl and libcurl version 7.52.0. All changes and bug fixes are documented in the changelog.

Pay special attention to the new security vulnerabilities.

curl and libcurl 7.51.0 November 2 2016

The curl team proudly presents curl and libcurl version 7.51.0. All changes and bug fixes are documented in the changelog.

Pay special attention to the new security vulnerabilities.

curl and libcurl 7.50.3 September 14 2016

The curl team proudly presents curl and libcurl version 7.50.3. All changes and bug fixes are documented in the changelog.

Pay special attention to the new security vulnerability CVE-2016-7167.

curl and libcurl 7.50.2 September 7 2016

The curl team proudly presents curl and libcurl version 7.50.2. All changes and bug fixes are documented in the changelog.

curl and libcurl 7.50.1 August 3 2016

The curl team proudly presents curl and libcurl version 7.50.1. All changes and bug fixes are documented in the changelog. Pay special attention to the three new security vulnerabilities mentioned there.

curl and libcurl 7.50.0 July 21 2016

The curl team proudly presents curl and libcurl version 7.50.0. All changes and bug fixes are documented in the changelog.

Windows DLL hijacking May 30 2016

curl and libcurl are vulnerable to a Windows DLL hijacking (known as CVE-2016-4802). Affecting versions running on Microsoft Windows.

curl and libcurl 7.49.1 May 30 2016

The curl team proudly presents curl and libcurl version 7.49.1. All changes and bug fixes are documented in the changelog.

curl and libcurl 7.49.0 May 18 2016

The curl team proudly presents curl and libcurl version 7.49.0. All changes and bug fixes are documented in the changelog.

TLS certificate check bypass with mbedTLS/PolarSSL May 18 2016

curl and libcurl are vulnerable to a TLS certificate check bypass (known as CVE-2016-3739) when built to use mbedTLS or PolarSSL.

curl and libcurl 7.48.0 March 23 2016

The curl team proudly presents yet another version in the never ending train of curl releases. curl and libcurl version 7.48.0 is out. Read up on all the changes and bug fixes in the changelog.

curl and libcurl 7.47.1 February 8 2016

The curl team proudly presents curl and libcurl version 7.47.1. Read up on all the changes and bug fixes in the changelog.

git repo moved on github February 3 2016

The git repositories on github for the source and the web site have now been moved over to its new home there: the curl organization.

web site over HTTPS January 29 2016

The curl web site is now served over HTTPS and with HTTP/2 - with certificates from Let's Encrypt. Starting February 3, the curl site automatically redirects all http accesses to its https version. No more HTTP accesses to contents.

curl and libcurl 7.47.0 January 27 2016

The curl team proudly presents curl and libcurl version 7.47.0. Read up on all the changes and bug fixes in the changelog.

This release comes bundled with two security advisories: CVE-2016-0754: local drive traversal when saving file on Windows and CVE-2016-0755: NTLM credentials not-checked for proxy connection re-use.

curl and libcurl 7.46.0 December 2 2015

The curl team proudly presents curl and libcurl version 7.46.0. Read up on all the changes and bug fixes in the changelog.

This is the 150th release counted from the beginning!

curl and libcurl 7.45.0 October 7 2015

The curl team proudly presents the best release ever: curl and libcurl version 7.45.0. Read up on all the changes and bug fixes in the changelog.

curl HTTP cheat sheet September 24 2015

As a little side-project, a curl cheat sheet is being worked on, as a small page showing the most commonly used curl HTTP options.

Help us improve it! It will most probably move into the curl site umbrella at some point.

curl and libcurl 7.44.0 August 12 2015

The curl team proudly presents curl and libcurl version 7.44.0. Read up on all the changes and bug fixes in the changelog.

[SECURITY NOTICE] libidn with bad UTF8 input June 29 2015

A recent security review of libcurl showed that a remote attacker can abuse libcurl's support for international domain names to disclose memory of a libcurl application or cause other unintended behaviors by passing in a malformed unicode string in the URL parameter.

The entire libidn notice

Release archives over HTTPS June 29 2015

As long as the main curl site is still on HTTP only, we now offer HTTPS downloads of the source archives over HTTPS from github. We also modified the look of the release archives list slightly.

Enjoy!

ISP blacklisted by Spamhaus June 18 2015

Right now a large amount of mail servers in the world refuse to accept mails from our primary mail server since Spamhaus deems our ISP to be irresponsible and blacklists us.

We have a fixed IP and we've done nothing wrong here, but apparently collective punishment is a method.

daniel weekly 37 June 17 2015

curl and libcurl 7.43.0 June 17 2015

The curl team proudly presents curl and libcurl version 7.43.0. Read up on all the changes and bug fixes in the changelog.

This release comes bundled with two security advisories: CVE-2015-3236: lingering HTTP credentials in connection re-use and CVE-2015-3237: SMB send off unrelated memory contents.

daniel weekly 36 June 9 2015

daniel weekly 35 June 3 2015

curl user poll 2015 analysis May 26 2015

The 30 page document with all details and analyses of the curl user poll 2015 is now available. It shows details of all the questions, most of them with a comparison with last year’s survey. The write-ins are also full of good advice, wisdom and some signs of ignorance or unawareness.

curl and libcurl 7.42.1 April 29 2015

The curl team proudly presents another curl and libcurl release: version 7.42.1. Read up on all the changes and bug fixes in the changelog.

This release comes bundled another security advisory: CVE-2015-3153: sensitive HTTP server headers also sent to proxies.

curl and libcurl 7.42.0 April 22 2015

The curl team proudly presents another curl and libcurl release: version 7.42.0. Read up on all the changes and bug fixes in the changelog.

This release comes bundled with no less than four different security advisories:

becoming more github friendly March 2 2015

We're trying to lower barriers and friction for newcomers. We have a new positive attitude to pull requests and issues filed directly at github. Welcome!

Existing hackers: consider clicking 'watch' on that repo to get notified.

curl and libcurl 7.41.0 February 25 2015

The curl team proudly presents another curl and libcurl release: version 7.41.0. Read up on all the changes and bug fixes in the changelog.

Enhanced vulnerability overview January 9 2015

The vulnerability table on the web site has gotten an overhaul. It is the complete list of all published curl vulnerabilities together with which curl versions that are vulnerable.

The new layout is much smaller HTML, and it now features links to specific summaries for each individual curl release through the history. Each summarizing its own vulnerability situation.

For example, you can look at the vulnerability situation for curl 7.37.0 as well as all the others - back to 6.0, released in 1999.

curl and libcurl 7.40.0 January 8 2015

The curl team proudly presents another curl and libcurl release: version 7.40.0. Read up on all the changes and bug fixes on the changes page.

We also publish two security advisories in association with this release. See CVE-2014-8151 and CVE-2014-8150 for all the details.

videos on curl front page November 28 2014

The front page is now slightly modified to provide a fixed slot for the weekly (or so) videos made by Daniel.

Thanks page remake November 6 2014

The THANKS page,crediting all the people that have helped out in the project, has just gotten a little overhaul and now features a completely new look. We also made some extra efforts and removed some duplicate names from it, which explains why the amount of names went down somewhat.

Of course, if you think you are wrongly missing from the list of names, please tell us. We truly believe in giving proper credit!

curl and libcurl 7.39.0 November 5 2014

The curl team proudly presents another curl and libcurl release: version 7.39.0. Read up on all the changes and bug fixes on the changes page.

We also publish a security advisory in association with this release. See CVE-2014-3707.

curl is no POODLE October 17 2014

curl is not affected by the POODLE attack. Described further in Daniel's blog post: curl is no POODLE

Random curl info October 10 2014

Recent posts (off-site) by Daniel about curl and libcurl stuff:

Daniel Youtubes about curl September 15 2014

Daniel (curl project leader) is doing a video series about what he's working on at the moment. They are 5-7 minutes each, are posted weekly and include lots of details of what's been happening in the curl project.

curl and libcurl 7.38.0 September 10 2014

The curl team proudly presents a new and shiny curl and libcurl release: version 7.38.0. Read up on all the changes and bug fixes on the changes page.

This time we also publish two HTTP cookie related security advisories in association with this release. See CVE-2014-3613 and CVE-2014-3620.

RSA-1024 cacert cleanups September 5 2014

Mozilla has recently removed weak certs from the CA certs bundle. Weak, in the meaning that they used 1024 bit RSA.

If you download the latest cacert bundle from the link above right now, you'll see that s3.amazonaws.com sites no longer gets verified fine. I guess that it goes for a few other sites too.

Read more.

curl and libcurl 7.37.1 July 16 2014

Another eight week cycle loops and the curl team proudly presents a new and shiny curl and libcurl release: version 7.37.1. Read up on all the changes and bug fixes on the changes page.

curl and libcurl survey results June 13 2014

The results from the 2014 survey is now published.

These are the "raw" numbers, analysis and conclusions drawn from this are left to do. Join in and tell us what you think this means!

poll: curl and libcurl usage and project details June 2 2014

The curl project runs the curl and libcurl 2014 poll, asking for your input and feedback on a set of questions around the project, its present and its future.

Feel free to share this link to others who may have a relevant opinion.

The poll is open until midnight June 11th (central European time).

curl and libcurl 7.37.0 May 21 2014

The curl team proudly presents another new and shiny curl and libcurl release: version 7.37.0. Read up on all the changes and bug fixes on the changes page.

CA bundle over HTTPS May 8 2014

Our CA extract service is very popular to download Mozilla's CA cert bundle in PEM format. Starting now, we also provide a proper HTTPS download link for users who want to be sure there's no foul play going on during the download.

The HTTPS download is provided via github so it will also provide an alternative hosting site for cases where one or the other has problems. Since there's a chicken-and-egg problem with TLS and CA certs, we still offer the same download URL as before over plain HTTP as well.

Thank you for flying curl.

a curl wiki April 25 2014

To enhance everyone's ability to contribute with docs, examples, good ideas and other curl related information we've enabled a curl wiki over at github.

It is a bit of a test. Is there user interest enough to add content and provide info here?

curl and proxy headers April 8 2014

curl and libcurl offer options to specify HTTP proxy headers separate from origin server headers in next version.

curl and libcurl 7.36.0 - and four security advisories! March 26 2014

The curl team proudly presents curl and libcurl 7.36.0. Read up on all the changes and bug fixes on the changes page.

Security advisories released today:

http2 and --next in curl March 15 2014

A few days ago, Daniel blogged about http2 in curl, how it works, what to expect and more. Also, a separate explanation of the upcoming new --next option.

curl and libcurl 7.35.0 January 29 2014

The curl team proudly presents the first release of the year: curl and libcurl 7.35.0. Read up on all the changes and bug fixes on the changes page.

Extra attention should be put on the security advisory we announce today.

curl and libcurl 7.34.0 December 17 2013

The curl team proudly presents curl and libcurl 7.34.0. Read up on all the changes and bug fixes on the changes page.

Extra attention should be put on the security advisory we announce today.

SECURITY ADVISORY: libcurl cert name check ignore November 15 2013

libcurl is vulnerable to a case of missing out the checking of the certificate CN or SAN name field when the digital signature verification is turned off. Read the full Project curl Security Advisory for CVE-2013-4545.

curl in Mac OS X Mavericks 10.9 October 23 2013

Apple released Mac OS X Mavericks 10.9 the other day and in that they ship an updated curl with some noteworthy changes. Graciously brought to us by Nick Zitzmann.

curl and libcurl 7.33.0 October 14 2013

The curl team proudly presents curl and libcurl 7.33.0. Read up on all the changes and bug fixes on the changes page.

curl and libcurl 7.32.0 August 12 2013

The curl team proudly presents curl and libcurl 7.32.0. Read up on all the changes and bug fixes on the changes page.

dotdot removal in libcurl July 30 2013

Daniel posted an article on the upcoming change in libcurl when it will start doing dotdot removal. It is a feature of the upcoming libcurl 7.32.0 release.

curl and libcurl 7.31.0 June 22 2013

The curl team proudly presents curl and libcurl 7.31.0. Read up on all the changes and bug fixes on the changes page.

Extra attention should be put on the libcurl URL decode buffer boundary flaw security advisory we've announced today.

curl and libcurl 7.30.0 April 12 2013

The curl team proudly presents curl and libcurl 7.30.0. Read up on all the changes and bug fixes on the changes page.

Extra attention should be put on the libcurl cookie domain tailmatch security advisory we've announced today.

Using libcurl in MSVC document updated March 30 2013

Andrei Jakab has provided an update to his popular Using libcurl with SSH support in Visual Studio 2010 PDF.

Why no curl 8 March 23 2013

In this little piece I'll explain why there won't be any version 8 of curl and libcurl in a long time. I won't rule out that it might happen at some point in the future. Just that it won't happen anytime soon and explain the reasons why.

Why no curl 8 (takes you to Daniel's blog)

curl and libcurl 7.29.0 February 6 2013

The curl team proudly presents curl and libcurl 7.29.0. Read up on all the changes and bug fixes on the changes page.

Extra attention should be put on the libcurl SASL buffer overflow vulnerability advisory we've announced today.

internally we are all multi now! January 18 2013

In his blog post, Daniel explains how internally, we're all multi now

mk-ca-bundle man page January 5 2013

It has been around for a long time in the source tree but today we finally made it available on an own web page online for users to find it and learn about how to use it. The mk-ca-bundle man page.

The curl year 2012 December 23 2012

The biggest events in the curl project during the year, summed up by your humble maintainer on his blog.

Refreshed bug-tracker! December 13 2012

The bug-tracker on Sourceforge that we've been using for well over a decade has been a subject of annoyance basically since day 1. It has now gotten a facelift and looks slightly better and possibly also works better.

The bug number sequence is modified, the mail notifications are different, the comments are threaded etc.

Submit your bug reports and your comments to see for yourself!

curl and libcurl 7.28.1 November 20 2012

The curl team proudly presents curl and libcurl 7.28.1. Read up on all the changes and bug fixes on the changes page.

curl and libcurl 7.28.0 October 10 2012

The curl team proudly presents curl and libcurl 7.28.0. Read up on all the changes and bug fixes on the changes page.

New guide to building libcurl with Visual Studio 2010 August 12 2012

Skip over to the libcurl C interface page to find the link.

curl and libcurl 7.27.0 July 27 2012

The curl team proudly presents curl and libcurl 7.27.0. Read up on all the changes and bug fixes on the changes page.

curl and libcurl 7.26.0 May 24 2012

The curl team proudly presents curl and libcurl 7.26.0. Read up on all the changes and bug fixes on the changes page.

curl and libcurl 7.25.0 March 22 2012

The curl team proudly presents curl and libcurl 7.25.0 just two days after curl's 14th birthday. Read about the large amount of changes and bug fixes on the changes page.

win32 download site down February 23 2012

The site gknw.net which faithfully has hosted curl binaries for Windows for ages have died the death of broken hardware and its owner has not yet been able to bring it back.

Some of the win32 downloads are now hosted by curl.se as a temporary mirror until Gunter is able to bring the site back in all its glory.

Please remember that we rely on and are thankful to the individuals who voluntarily help us build and offer binary packages.

curl and libcurl 7.24.0 January 24 2012

The curl team proudly presents curl and libcurl 7.24.0. Read about the large amount of changes and bug fixes on the changes page.

Note especially that 7.24.0 fixes two separate security vulnerabilities: data injection attack for certain protocols and SSL CBC IV vulnerability when built to use OpenSSL

curl and libcurl 7.23.1 November 17 2011

The curl team proudly presents curl and libcurl 7.23.1. Read about the single Windows-only fix on the changes page.

Yes, if you're already on 7.23.0 this upgrade only makes sense if you're using the curl tool on windows.

curl and libcurl 7.23.0 November 15 2011

The curl team proudly presents curl and libcurl 7.23.0. Read about the news, the fixes and the changes on the changes page.

curl meetup at FOSDEM 4-5 Feb 2012 September 15 2011

We hope to be having our first ever curl meetup at the big FOSDEM conference in Brussels Belgium 4-5 February 2012.

Read the full announcement on Daniel's blog

Please speak up if you want to come!

curl and libcurl 7.22.0 September 13 2011

The curl team proudly presents curl and libcurl 7.22.0. Read about the news, the fixes and the changes on the changes page.

curl and libcurl 7.21.7 June 23 2011

The curl team proudly presents curl and libcurl 7.21.7. Read about the news, the fixes and the changes on the changes page.

Also note this security advisory!

curl and libcurl 7.21.6 April 22 2011

Due to the rather serious bug that was introduced in version 7.21.5 we have hurried up to put together another release: curl and libcurl 7.21.6. Read about the news, the fixes and the changes.

HTTPS over HTTP proxy bug - in 7.21.5 April 20 2011

It has been confirmed that curl and libcurl 7.21.5 cannot speak HTTPS over a HTTP proxy. This bug is a regression since the previous version, and you can fix it by patching the source code using a diff from commit c2c89481909d

Thanks to Josue Andrade Gomes for reporting this

curl and libcurl 7.21.5 April 17 2011

Keeping up with the tradition of bi-monthly releases, the curl team yet again proudly presents a release: curl and libcurl 7.21.5. Read about the news, the fixes and the changes.

curl and libcurl 7.21.4 February 17 2011

The never-resting hackers in the curl team proudly present yet another release: curl and libcurl 7.21.4. Read about the news, the fixes and the changes.

curl and libcurl 7.21.3 December 15 2010

The curl team proudly presents curl and libcurl 7.21.3. Read about the news, the fixes and the changes on the changes page.

curl and libcurl 7.21.2 October 13 2010

The curl team proudly presents curl and libcurl 7.21.2. Read about the news, the fixes and the changes on the changes page.

Brand new Development section October 9 2010

The information about development details and specific docs for curl hackers were previously scattered all over this web site in sometimes rather illogical ways.

Starting now, we have Development section of this web site that is dedicated for all curl and libcurl hackers that work on improving our project.

As a consequence, we've also moved a bunch of pages into the dev section to make the "users" sections (for the curl tool and for libcurl) cleaner and more focused on what I suspect web users are looking for.

If you find errors or other things you think we should do to make this even better, just speak up!

curl and libcurl 7.21.1 August 11 2010

The curl team proudly presents curl and libcurl 7.21.1. Read about the news, the fixes and the changes on the changes page.

curl and libcurl 7.21.0 June 16 2010

Another two months are up, and the curl team again proudly presents a new curl release to download: curl and libcurl 7.21.0. Read about the news, the fixes and the changes on the changes page.

The minor number bump was made because of the many protocol-related improvements this time: added support for RTMP, improved TELNET ability, added support for FTP wildcard matching, brand new LDAP code and more.

curl and libcurl 7.20.1 April 14 2010

The curl team proudly presents curl and libcurl 7.20.1. Read about the news, the fixes and the changes on the changes page.

Twelve years old and time for git March 20 2010

Our project is now officially 12 years old.

We switched to using git for source code control. The transition is not yet complete and the old CVS repository is still around and even possible to commit to, but development has started on the git repo now.