#curl 8.7.0 is here! Some new stuff. 160+ bugfixes. 4 CVEs announced (low and medium severity)
https://daniel.haxx.se/blog/2024/03/27/curl-8-7-0/
⇧
#curl 8.7.0 is here! Some new stuff. 160+ bugfixes. 4 CVEs announced (low and medium severity)
https://daniel.haxx.se/blog/2024/03/27/curl-8-7-0/
daniel:// stenberg://
in reply to daniel:// stenberg:// • • •curlhacker - Twitch
Twitchdaniel:// stenberg://
in reply to daniel:// stenberg:// • • •We announce four new CVEs, none of them a "C mistake".
They are the top four ones in the table we provide here: https://curl.se/docs/security.html
curl - CVEs
curl.segigantos
in reply to daniel:// stenberg:// • • •depends what you mean by "C mistake".
When you use the type system to make it impossible to generate invalid combinations of arguments, you also remove a lot of issues.
Unfortunately the focus currently is to talk about memory safety when arguing against C. I find type safety much more important and would claim that would fix more CVEs than memory safety.
Of course, no language enforces this, so it does require the designer of an API to enforce it. But C doesn't even allow it.
daniel:// stenberg://
in reply to daniel:// stenberg:// • • •daniel:// stenberg://
in reply to daniel:// stenberg:// • • •Pyte
in reply to daniel:// stenberg:// • • •daniel:// stenberg://
in reply to Pyte • • •Natanael Copa
in reply to daniel:// stenberg:// • • •Styx
in reply to daniel:// stenberg:// • • •Never believe an X.X.0 release 😂 !
Great job and good luck on everything to come. You're a model to many, even in failure
Ondřej Surý
in reply to daniel:// stenberg:// • • •Jim Fuller
in reply to daniel:// stenberg:// • • •daniel:// stenberg:// reshared this.