mastodon - Link to source

daniel:// stenberg://

1 year ago

daniel:// stenberg://
1 year ago

#curl 8.6.0 is released. 7 changes, 150+ bugfixes, 1 security advisory.

daniel.haxx.se/blog/2024/01/31…

curl 8.6.0 | daniel.haxx.se

^{daniel.haxx.se}

#curl

in reply to daniel:// stenberg://

mastodon - Link to source

daniel:// stenberg://

in reply to daniel:// stenberg:// 1 year ago

Learn about CVE-2024-0853 "OCSP verification bypass with TLS session reuse" here:

curl.se/docs/CVE-2024-0853.htm…

curl - OCSP verification bypass with TLS session reuse - CVE-2024-0853

^curl.se

in reply to daniel:// stenberg://

mastodon - Link to source

daniel:// stenberg://

in reply to daniel:// stenberg:// 1 year ago

come watch the release presentation live on twitch, today at 09:00 UTC: twitch.tv/curlhacker (in less than two hours)

curlhacker - Twitch

I'm Daniel Stenberg, maintainer and lead developer in the curl project. I stream curl related stuff. Release presentations, curl development and related topics.

^Twitch

in reply to daniel:// stenberg://

mastodon - Link to source

Jim Fuller

in reply to daniel:// stenberg:// 1 year ago

and official curl container built, tested and scanned - pushed to quay.io and docker.io ... try it out yourself > podman run quay.io/curl/curl:8.6.0 -V

daniel:// stenberg:// reshared this.

in reply to daniel:// stenberg://

mastodon - Link to source

daniel:// stenberg://

in reply to daniel:// stenberg:// 1 year ago

the original #hackerone report for CVE-2024-0853 is now public: hackerone.com/reports/2298922

curl disclosed on HackerOne: CVE-2024-0853: OCSP verification...

## Summary: In version 8.5.0, cURL has inadvertently established a pathway for accepting revoked certificates. As a result of [this...

^HackerOne

#hackerone

in reply to daniel:// stenberg://

mastodon - Link to source

Aaron Kulbe

in reply to daniel:// stenberg:// 1 year ago

Are there any distros that keep up with your release cadence and have $CURRENT or do you need to build it yourself if you want that?

in reply to Aaron Kulbe

mastodon - Link to source

daniel:// stenberg://

in reply to Aaron Kulbe 1 year ago

@pdxmisfit lots of them do, but you then need to use that flavor. Like Debian unstable for example

@Aaron Kulbe

in reply to daniel:// stenberg://

mastodon - Link to source

daniel:// stenberg://

in reply to daniel:// stenberg:// 1 year ago

curl 8.6.0 release video: youtu.be/x7exfUbjdxQ

curl 8.6.0 with Daniel Stenberg

7 changes, 150+ bugfixes and one security fix.

^YouTube

in reply to daniel:// stenberg://

mastodon - Link to source

manchicken moved!

in reply to daniel:// stenberg:// 1 year ago

outstanding graphics

in reply to daniel:// stenberg://

mastodon - Link to source

fanf42

in reply to daniel:// stenberg:// 1 year ago

nice DIY release image, much, oh so much better than an ai generated one :) Thank you also for that!

in reply to fanf42

mastodon - Link to source

daniel:// stenberg://

in reply to fanf42 1 year ago

@fanf42 thanks!! I'm glad it is appreciated. I intend to keep at it. Using my wooden tiles, stickers and imagination.

@fanf42

⇧