curl / News / Older News

Older events - things that happened earlier in the project

Stuff "gets moved here" from the news page, so some of the links on this page are more likely than others not to work anymore. I still think this page may be of value and I just want you to be aware of this fact. Use the search field to find working pages with similar info.

curl and libcurl 7.77.0 May 26 2021

The curl team proudly presents curl and libcurl version 7.77.0. See the full changelog.

Pay special attention to the three security vulnerabilities fixed in this version:

A new IRC channel May 20 2021

The curl project officially moved to the Libera.Chat IRC network into the #curl channel. The documentation on joining was updated accordingly.

curl and libcurl 7.76.1 April 14 2021

The curl team proudly presents curl and libcurl version 7.76.1. See the changelog.

curl and libcurl 7.76.0 March 31 2021

The curl team proudly presents curl and libcurl version 7.76.0. See the changelog.

Pay special attention to the two security vulnerabilities fixed in this version: CVE-2021-22876: Automatic referer leaks credentials and CVE-2021-22890: TLS 1.3 session ticket proxy host mixup.

curl and libcurl 7.75.0 February 3 2021

The curl team proudly presents curl and libcurl version 7.75.0. See the changelog.

curl and libcurl 7.74.0 December 9 2020

The curl team proudly presents curl and libcurl version 7.74.0. See the changelog.

Pay special attention to these security vulnerabilities fixed in this version: CVE-2020-8284: trusting FTP PASV responses, CVE-2020-8285: FTP wildcard stack overflow and CVE-2020-8286: Inferior OCSP verification.

curl.se moved to a new server 23 Oct 2020

The website curl.se and others were moved over to a new host today. No major problems or outages were discovered. A few minor breakages occurred but were fixed within shortly. A good transition! It was fifteen years since the previous host move!

curl and libcurl 7.73.0 October 14 2020

The curl team proudly presents curl and libcurl version 7.73.0. See the changelog.

curl and libcurl 7.72.0 August 19 2020

The curl team proudly presents curl and libcurl version 7.72.0. See the changelog.

Pay special attention to the security vulnerability fixed in this version: CVE-2020-8231: libcurl: wrong connect-only connection.

curl and libcurl 7.71.1 July 1 2020

The curl team proudly presents curl and libcurl version 7.71.1. See the changelog.

curl and libcurl 7.71.0 June 24 2020

The curl team proudly presents curl and libcurl version 7.71.0. See the changelog.

Pay special attention to the two security vulnerabilities fixed in this version: CVE-2020-8169: Partial password leak over DNS on HTTP redirect and CVE-2020-8177: curl overwrite local file with -J.

curl and libcurl 7.70.0 April 29 2020

The curl team proudly presents curl and libcurl version 7.70.0. See the changelog.

curl and libcurl 7.69.1 March 11 2020

The curl team proudly presents curl and libcurl version 7.69.1. See the changelog.

curl and libcurl 7.69.0 March 4 2020

The curl team proudly presents curl and libcurl version 7.69.0. See the changelog.

curl and libcurl 7.68.0 January 8 2020

The curl team proudly presents curl and libcurl version 7.68.0. See the changelog.

Pay special attention to the security vulnerability fixed in this version: CVE-2019-15601: SMB access smuggling via FILE URL on Windows .

curl and libcurl 7.67.0 November 6 2019

The curl team proudly presents curl and libcurl version 7.67.0. See the changelog.

curl and libcurl 7.66.0 September 11 2019

The curl team proudly presents curl and libcurl version 7.66.0. See the changelog.

Pay special attention to the two security vulnerabilities fixed in this version: CVE-2019-5481: ftp-krb double-free and CVE-2019-5482: TFTP heap buffer overflow.

curl and libcurl 7.65.3 July 19 2019

The curl team proudly presents curl and libcurl version 7.65.3. A patch release fixing a single but annoying regression. See the changelog.

curl and libcurl 7.65.2 July 17 2019

The curl team proudly presents curl and libcurl version 7.65.2. A patch release. All bug-fixes are documented in the changelog.

curl and libcurl 7.65.1 June 5 2019

The curl team proudly presents curl and libcurl version 7.65.1. A patch release. All bug-fixes are documented in the changelog.

curl and libcurl 7.65.0 May 22 2019

The curl team proudly presents curl and libcurl version 7.65.0. All changes and bug-fixes are documented in the changelog.

Pay special attention to the two security vulnerabilities fixed in this version: CVE-2019-5435 and CVE-2019-5436. Both with severity low.

curl and libcurl 7.64.1 March 27 2019

The curl team proudly presents curl and libcurl version 7.64.1. A patch release. All bug-fixes are documented in the changelog.

curl and libcurl 7.64.0 February 6 2019

The curl team proudly presents curl and libcurl version 7.64.0. All bug-fixes are documented in the changelog.

Pay special attention to three security vulnerabilities fixed in this version: CVE-2018-16890, CVE-2019-3822w and CVE-2019-3823.

curl and libcurl 7.63.0 December 12 2018

The curl team proudly presents curl and libcurl version 7.63.0. All bug-fixes are documented in the changelog.

curl and libcurl 7.62.0 October 31 2018

The curl team proudly presents curl and libcurl version 7.62.0. All bug-fixes are documented in the changelog.

Pay special attention to two security vulnerabilities fixed in this version: CVE-2018-16839 and CVE-2018-16840.

curl and libcurl 7.61.1 September 5 2018

The curl team proudly presents curl and libcurl version 7.61.1. All bug-fixes are documented in the changelog.

Pay special attention to the security vulnerability fixed in this version: CVE-2018-14618.

curl and libcurl 7.61.0 July 11 2018

The curl team proudly presents curl and libcurl version 7.61.0. All changes are documented in the changelog.

Pay special attention to the security vulnerability fixed in this version: CVE-2018-0500.

curl and libcurl 7.60.0 May 16 2018

The curl team proudly presents curl and libcurl version 7.60.0. All changes are documented in the changelog.

Pay special attention to the two security vulnerabilities fixed in this version: CVE-2018-1000300 and CVE-2018-1000301

curl and libcurl 7.59.0 March 14 2018

The curl team proudly presents curl and libcurl version 7.59.0. All changes are documented in the changelog.

Pay special attention to the three security vulnerabilities fixed in this version: CVE-2018-1000120, CVE-2018-1000121 and CVE-2018-1000122

curl and libcurl 7.58.0 January 24 2018

The curl team proudly presents curl and libcurl version 7.58.0. All changes are documented in the changelog.

Pay special attention to the two security vulnerabilities fixed in this version: CVE-2018-1000005 and CVE-2018-1000007

curl and libcurl 7.57.0 November 29 2017

The curl team proudly presents curl and libcurl version 7.57.0. All changes are documented in the changelog.

Pay special attention to the three security vulnerabilities fixed in this version: CVE-2017-8816, CVE-2017-8817 and CVE-2017-8818.

curl and libcurl 7.56.1 October 23 2017

The curl team proudly presents curl and libcurl version 7.56.1. All changes are documented in the changelog.

Pay special attention to the CVE-2017-1000257 security vulnerability we fixed.

curl and libcurl 7.56.0 October 4 2017

The curl team proudly presents curl and libcurl version 7.56.0. All changes are documented in the changelog.

Pay special attention to the CVE-2017-1000254 security vulnerability we fixed.

curl and libcurl 7.55.1 August 14 2017

The curl team proudly presents curl and libcurl version 7.55.1. All changes are documented in the changelog.

curl and libcurl 7.54.1 June 14 2017

The curl team proudly presents curl and libcurl version 7.54.1. The bug fixes are documented in the changelog.

Pay special attention to the CVE-2017-9502 security vulnerability we fixed.

curl and libcurl 7.54.0 April 19 2017

The curl team proudly presents curl and libcurl version 7.54.0. The bug fixes are documented in the changelog.

Pay special attention to the CVE-2017-7468 security vulnerability we fixed.

curl and libcurl 7.53.1 February 24 2017

The curl team proudly presents curl and libcurl version 7.53.1. The bug fixes are documented in the changelog.

We did this patch release this soon after our previous version primarily to address a build error that caused people on Windows some annoyances.

curl and libcurl 7.53.0 February 22 2017

The curl team proudly presents curl and libcurl version 7.53.0. The bug fixes are documented in the changelog.

Pay special attention to the CVE-2017-2629 security vulnerability we fixed.

curl and libcurl 7.52.1 December 23 2016

The curl team proudly presents curl and libcurl version 7.52.1. The bug fixes are documented in the changelog.

We hurried out this release due to the security vulnerability we found in 7.52.0.

curl and libcurl 7.52.0 December 21 2016

The curl team proudly presents curl and libcurl version 7.52.0. All changes and bug fixes are documented in the changelog.

Pay special attention to the new security vulnerabilities.

curl and libcurl 7.51.0 November 2 2016

The curl team proudly presents curl and libcurl version 7.51.0. All changes and bug fixes are documented in the changelog.

Pay special attention to the new security vulnerabilities.

curl and libcurl 7.50.3 September 14 2016

The curl team proudly presents curl and libcurl version 7.50.3. All changes and bug fixes are documented in the changelog.

Pay special attention to the new security vulnerability CVE-2016-7167.

curl and libcurl 7.50.2 September 7 2016

The curl team proudly presents curl and libcurl version 7.50.2. All changes and bug fixes are documented in the changelog.

curl and libcurl 7.50.1 August 3 2016

The curl team proudly presents curl and libcurl version 7.50.1. All changes and bug fixes are documented in the changelog. Pay special attention to the three new security vulnerabilities mentioned there.

curl and libcurl 7.50.0 July 21 2016

The curl team proudly presents curl and libcurl version 7.50.0. All changes and bug fixes are documented in the changelog.

Windows DLL hijacking May 30 2016

curl and libcurl are vulnerable to a Windows DLL hijacking (known as CVE-2016-4802). Affecting versions running on Microsoft Windows.

curl and libcurl 7.49.1 May 30 2016

The curl team proudly presents curl and libcurl version 7.49.1. All changes and bug fixes are documented in the changelog.

curl and libcurl 7.49.0 May 18 2016

The curl team proudly presents curl and libcurl version 7.49.0. All changes and bug fixes are documented in the changelog.

TLS certificate check bypass with mbedTLS/PolarSSL May 18 2016

curl and libcurl are vulnerable to a TLS certificate check bypass (known as CVE-2016-3739) when built to use mbedTLS or PolarSSL.

curl and libcurl 7.48.0 March 23 2016

The curl team proudly presents yet another version in the never ending train of curl releases. curl and libcurl version 7.48.0 is out. Read up on all the changes and bug fixes in the changelog.

curl and libcurl 7.47.1 February 8 2016

The curl team proudly presents curl and libcurl version 7.47.1. Read up on all the changes and bug fixes in the changelog.

git repo moved on github February 3 2016

The git repositories on github for the source and the web site have now been moved over to its new home there: the curl organization.

web site over HTTPS January 29 2016

The curl web site is now served over HTTPS and with HTTP/2 - with certificates from Let's Encrypt. Starting February 3, the curl site automatically redirects all http accesses to its https version. No more HTTP accesses to contents.

curl and libcurl 7.47.0 January 27 2016

The curl team proudly presents curl and libcurl version 7.47.0. Read up on all the changes and bug fixes in the changelog.

This release comes bundled with two security advisories: CVE-2016-0754: local drive traversal when saving file on Windows and CVE-2016-0755: NTLM credentials not-checked for proxy connection re-use.

curl and libcurl 7.46.0 December 2 2015

The curl team proudly presents curl and libcurl version 7.46.0. Read up on all the changes and bug fixes in the changelog.

This is the 150th release counted from the beginning!

curl and libcurl 7.45.0 October 7 2015

The curl team proudly presents the best release ever: curl and libcurl version 7.45.0. Read up on all the changes and bug fixes in the changelog.

curl HTTP cheat sheet September 24 2015

As a little side-project, a curl cheat sheet is being worked on, as a small page showing the most commonly used curl HTTP options.

Help us improve it! It will most probably move into the curl site umbrella at some point.

curl and libcurl 7.44.0 August 12 2015

The curl team proudly presents curl and libcurl version 7.44.0. Read up on all the changes and bug fixes in the changelog.

[SECURITY NOTICE] libidn with bad UTF8 input June 29 2015

A recent security review of libcurl showed that a remote attacker can abuse libcurl's support for international domain names to disclose memory of a libcurl application or cause other unintended behaviors by passing in a malformed unicode string in the URL parameter.

The entire libidn notice

Release archives over HTTPS June 29 2015

As long as the main curl site is still on HTTP only, we now offer HTTPS downloads of the source archives over HTTPS from github. We also modified the look of the release archives list slightly.

Enjoy!

ISP blacklisted by Spamhaus June 18 2015

Right now a large amount of mail servers in the world refuse to accept mails from our primary mail server since Spamhaus deems our ISP to be irresponsible and blacklists us.

We have a fixed IP and we've done nothing wrong here, but apparently collective punishment is a method.

daniel weekly 37 June 17 2015

curl and libcurl 7.43.0 June 17 2015

The curl team proudly presents curl and libcurl version 7.43.0. Read up on all the changes and bug fixes in the changelog.

This release comes bundled with two security advisories: CVE-2015-3236: lingering HTTP credentials in connection re-use and CVE-2015-3237: SMB send off unrelated memory contents.

daniel weekly 36 June 9 2015

daniel weekly 35 June 3 2015

curl user poll 2015 analysis May 26 2015

The 30 page document with all details and analyses of the curl user poll 2015 is now available. It shows details of all the questions, most of them with a comparison with last year’s survey. The write-ins are also full of good advice, wisdom and some signs of ignorance or unawareness.

curl and libcurl 7.42.1 April 29 2015

The curl team proudly presents another curl and libcurl release: version 7.42.1. Read up on all the changes and bug fixes in the changelog.

This release comes bundled another security advisory: CVE-2015-3153: sensitive HTTP server headers also sent to proxies.

curl and libcurl 7.42.0 April 22 2015

The curl team proudly presents another curl and libcurl release: version 7.42.0. Read up on all the changes and bug fixes in the changelog.

This release comes bundled with no less than four different security advisories:

becoming more github friendly March 2 2015

We're trying to lower barriers and friction for newcomers. We have a new positive attitude to pull requests and issues filed directly at github. Welcome!

Existing hackers: consider clicking 'watch' on that repo to get notified.

curl and libcurl 7.41.0 February 25 2015

The curl team proudly presents another curl and libcurl release: version 7.41.0. Read up on all the changes and bug fixes in the changelog.

Enhanced vulnerability overview January 9 2015

The vulnerability table on the web site has gotten an overhaul. It is the complete list of all published curl vulnerabilities together with which curl versions that are vulnerable.

The new layout is much smaller HTML, and it now features links to specific summaries for each individual curl release through the history. Each summarizing its own vulnerability situation.

For example, you can look at the vulnerability situation for curl 7.37.0 as well as all the others - back to 6.0, released in 1999.

curl and libcurl 7.40.0 January 8 2015

The curl team proudly presents another curl and libcurl release: version 7.40.0. Read up on all the changes and bug fixes on the changes page.

We also publish two security advisories in association with this release. See CVE-2014-8151 and CVE-2014-8150 for all the details.

videos on curl front page November 28 2014

The front page is now slightly modified to provide a fixed slot for the weekly (or so) videos made by Daniel.

Thanks page remake November 6 2014

The THANKS page,crediting all the people that have helped out in the project, has just gotten a little overhaul and now features a completely new look. We also made some extra efforts and removed some duplicate names from it, which explains why the amount of names went down somewhat.

Of course, if you think you are wrongly missing from the list of names, please tell us. We truly believe in giving proper credit!

curl and libcurl 7.39.0 November 5 2014

The curl team proudly presents another curl and libcurl release: version 7.39.0. Read up on all the changes and bug fixes on the changes page.

We also publish a security advisory in association with this release. See CVE-2014-3707.

curl is no POODLE October 17 2014

curl is not affected by the POODLE attack. Described further in Daniel's blog post: curl is no POODLE

Random curl info October 10 2014

Recent posts (off-site) by Daniel about curl and libcurl stuff:

internal timers and timeouts of libcurl - It is time to take a deep dive into the libcurl internals and see how it handles timeouts and timers.

Coverity scan defect density: 0.00 - I cleared off all the pending issues and we're now at zero defects left reported.

A day in the curl project - An overview and look to what I spend all the time on in the curl project.

Video: daniel.haxx.se episode 5 - my continued series of weekly updates of my doings in the open source world.

Daniel Youtubes about curl September 15 2014

Daniel (curl project leader) is doing a video series about what he's working on at the moment. They are 5-7 minutes each, are posted weekly and include lots of details of what's been happening in the curl project.

curl and libcurl 7.38.0 September 10 2014

The curl team proudly presents a new and shiny curl and libcurl release: version 7.38.0. Read up on all the changes and bug fixes on the changes page.

This time we also publish two HTTP cookie related security advisories in association with this release. See CVE-2014-3613 and CVE-2014-3620.

RSA-1024 cacert cleanups September 5 2014

Mozilla has recently removed weak certs from the CA certs bundle. Weak, in the meaning that they used 1024 bit RSA.

If you download the latest cacert bundle from the link above right now, you'll see that s3.amazonaws.com sites no longer gets verified fine. I guess that it goes for a few other sites too.

curl and libcurl 7.37.1 July 16 2014

Another eight week cycle loops and the curl team proudly presents a new and shiny curl and libcurl release: version 7.37.1. Read up on all the changes and bug fixes on the changes page.

curl and libcurl survey results June 13 2014

The results from the 2014 survey is now published.

These are the "raw" numbers, analysis and conclusions drawn from this are left to do. Join in and tell us what you think this means!

poll: curl and libcurl usage and project details June 2 2014

The curl project runs the curl and libcurl 2014 poll, asking for your input and feedback on a set of questions around the project, its present and its future.

Feel free to share this link to others who may have a relevant opinion.

The poll is open until midnight June 11th (central European time).

curl and libcurl 7.37.0 May 21 2014

The curl team proudly presents another new and shiny curl and libcurl release: version 7.37.0. Read up on all the changes and bug fixes on the changes page.

CA bundle over HTTPS May 8 2014

Our CA extract service is very popular to download Mozilla's CA cert bundle in PEM format. Starting now, we also provide a proper HTTPS download link for users who want to be sure there's no foul play going on during the download.

The HTTPS download is provided via github so it will also provide an alternative hosting site for cases where one or the other has problems. Since there's a chicken-and-egg problem with TLS and CA certs, we still offer the same download URL as before over plain HTTP as well.

Thank you for flying curl.

a curl wiki April 25 2014

To enhance everyone's ability to contribute with docs, examples, good ideas and other curl related information we've enabled a curl wiki over at github.

It is a bit of a test. Is there user interest enough to add content and provide info here?

curl and proxy headers April 8 2014

curl and libcurl offer options to specify HTTP proxy headers separate from origin server headers in next version.

curl and libcurl 7.36.0 - and four security advisories! March 26 2014

The curl team proudly presents curl and libcurl 7.36.0. Read up on all the changes and bug fixes on the changes page.

Security advisories released today:

http2 and --next in curl March 15 2014

A few days ago, Daniel blogged about http2 in curl, how it works, what to expect and more. Also, a separate explanation of the upcoming new --next option.

curl and libcurl 7.35.0 January 29 2014

The curl team proudly presents the first release of the year: curl and libcurl 7.35.0. Read up on all the changes and bug fixes on the changes page.

Extra attention should be put on the security advisory we announce today.

curl and libcurl 7.34.0 December 17 2013

The curl team proudly presents curl and libcurl 7.34.0. Read up on all the changes and bug fixes on the changes page.

Extra attention should be put on the security advisory we announce today.

SECURITY ADVISORY: libcurl cert name check ignore November 15 2013

libcurl is vulnerable to a case of missing out the checking of the certificate CN or SAN name field when the digital signature verification is turned off. Read the full Project curl Security Advisory for CVE-2013-4545.

curl in Mac OS X Mavericks 10.9 October 23 2013

Apple released Mac OS X Mavericks 10.9 the other day and in that they ship an updated curl with some noteworthy changes. Graciously brought to us by Nick Zitzmann.

curl and libcurl 7.33.0 October 14 2013

The curl team proudly presents curl and libcurl 7.33.0. Read up on all the changes and bug fixes on the changes page.

curl and libcurl 7.32.0 August 12 2013

The curl team proudly presents curl and libcurl 7.32.0. Read up on all the changes and bug fixes on the changes page.

dotdot removal in libcurl July 30 2013

Daniel posted an article on the upcoming change in libcurl when it will start doing dotdot removal. It is a feature of the upcoming libcurl 7.32.0 release.

curl and libcurl 7.31.0 June 22 2013

The curl team proudly presents curl and libcurl 7.31.0. Read up on all the changes and bug fixes on the changes page.

Extra attention should be put on the libcurl URL decode buffer boundary flaw security advisory we've announced today.

curl and libcurl 7.30.0 April 12 2013

The curl team proudly presents curl and libcurl 7.30.0. Read up on all the changes and bug fixes on the changes page.

Extra attention should be put on the libcurl cookie domain tailmatch security advisory we've announced today.

Using libcurl in MSVC document updated March 30 2013

Andrei Jakab has provided an update to his popular Using libcurl with SSH support in Visual Studio 2010 PDF.

Why no curl 8 March 23 2013

In this little piece I'll explain why there won't be any version 8 of curl and libcurl in a long time. I won't rule out that it might happen at some point in the future. Just that it won't happen anytime soon and explain the reasons why.

Why no curl 8 (takes you to Daniel's blog)