We're at 809 received #curl issues from "team AI tooling", out of which about 15% has turned into commits/fixes.
The false positive/we don't care rate went up significantly when the scan included tests and examples. We should simply exclude those parts from normal scans as they live by different rules.
If you're curious, here are 158 of Joshua's reported issues on #curl to give you an idea what we talk about.
We have manually gone trough them all and dismissed or addressed them. None of them has been deemed a security problem. Not all the PRs for the valid problems have been merged yet.
One of the recent AI generated bug reports for #curl quite impressively identifies mismatches between a function header's comment mentioning that an argument is optional, but the code uses it unconditionally.
This taking comments into account certainly allows for some extra magic the classic code analyzers can't do.
The kerberos5 library Heimdal is one of three GSS libraries curl support.
It has a memory leak triggered by the new test in #18917 and the project
seems mostly abandoned.
Drop support and steer use...
## Summary:
In curl’s OpenSSL backend, `ossl_get_channel_binding` retains a new reference to the server’s X509 certificate via `SSL_get1_peer_certificate` and never releases it. When Negotiate...
curl maintainers meet-up to discuss HTTP3, GnuTLS, wcurl and other things.Presenter:Samuel Henrique "samueloph" is a software developer focused on Debian, Li...
We just merged #18432 which adds a new feature to the curl API: notifications. This is not visible in the curl command line, only for applications using libcurl.
As of now, I am no longer the author of more than half the lines added to the #curl repository. The "others" have overtaken me. I have now added less than half the lines.
You can call any streamable-http transport MCP (Model Context Protocol) server tool with any HTTP client - even cURL!
And lots of things take cURL as example configuration (like Shopify Flow!), so it’s a good starting point for building things....
Nyheter för dig som är verksam i den svenska elektronikbranschen som exempelvis tillverkare, konsult, distributör, finansiär, investerare, konstruktör eller tekniker.
Watched it and yes, DOT delivered another good introduction to a useful DX tool. I know it will make me use #cURL exponentially more.
It also made me install #xh as a complement. Both because I like how colors make it easier to analyse, and for it providing a less complex command for basic stuff.
Go to https://sponsr.is/kinsta_devopstoolbox to get your first month of Managed WordPress Hosting for free and migrate your website over at no cost!---For ye...
Today we merged a new feature in curl: support for Apple SecTrust. This will become available in curl 8.17.0, due to be released on the 5th of November 2025.
configure/cmake support for enabling the option
supported in OpenSSL and GnuTLS backends
when configured, Apple SecTrust is the default trust store for peer verification. When one of the CURLOPT_* ...
"Daniel Stenberg, Swedish Internet protocol expert and founder and lead developer of the #Curl project, speaks with SE Radio host Gavin Henry about removing Rust from Curl. They discuss why #Hyper was removed from curl, why the last five percent of making it a success was difficult"
If you have more or better screenshots, please share! This shot is taken from the ending sequence of the PC version of the game Grand Theft Auto V. 44 minutes in! See the youtube version. Sky HD is a satellite TV box. This is a Philips TV.
On this day in 2002, we shipped curl 7.10. The first #curl version that did certificate checks by default when speaking TLS unless specifically asked not to.
If you incorrectly use -H 'Foo=bar' instead of -H 'Foo: bar', #Curl will ignore it and not send the header field. Really unexpected and error inducing, I would expect it to validate the parameter and fail.
I believe a good product needs clear and thorough documentation. I think shipping a quality product requires you to provide detailed and informative release notes. I try to live up to this in the curl project, and this is how we do it. https://www.
@kytta primarily that #curl is C89 compliant so we can't rely on C99 types so we have our own, and we actually only have a signed version atm. Mostly out of laziness.
