Digital Extremes violate the #cURL license?

github.com/curl/curl/discussio…

If they do, that's a shame but there's not a lot I can do. Anyone who can verify this claim? (probably by scanning the binaries for known names or similar)

Digital Extremes violate the cURL license · curl curl · Discussion #18474

Hi, I just want to let you know (and have there be a record) of the fact that Digital Extremes, a Canadian video-game-developer-turned-GaaS-developer, are using cURL (statically linked alongside Op...

^GitHub

Today is exactly twelve years ago since we created the lib/http2.c source file in the #curl source tree, and doing HTTP would never be the same again.

The paradigm shift going from one transfer per connection to possibly multiple transfers per connection was massive and took many years until most of the bugs were ironed out.

On September 28, I will speak at #EuroBSDCon in Zagreb Croatia.

But more importantly, I will bring #curl stickers.

2025.eurobsdcon.org/

Is it time for DANE support in #curl ?

curl.se/mail/lib-2025-09/0000.…

In the curl release after the next, there is a nice feature coming for event-based applications: notifications.

Some numbers on possible performance/cpu use improvements in the PR, ymmv.
#curl

github.com/curl/curl/pull/1843…

multi notifications by icing · Pull Request #18432 · curl/curl

An implementation of the discussion #17817, adding a "notification" feature to the multi handle. Notification types INFO_READ and EASY_DONE implemented Notification types expected to gro...

^GitHub

#curl is dropping support for OpenSSL 1.x soon

daniel.haxx.se/blog/2025/08/28…

Dropping old OpenSSL

curl added support for OpenSSL immediately when it was first released, as they switched away from SSLeay, in the late 1990s. We have since supported it over the decades as both OpenSSL and curl have developed.

^{daniel.haxx.se}

We are thirteen days away from next #curl release.

We have 17 changes and 225 bugfixes logged so far for this.

One low severity CVE will be published in sync with this release.

Thanks for flying curl.

Today we celebrate seven years of #curl shipping official Windows executables, thanks to @vsz's awesome work.

Blog post from back then:
daniel.haxx.se/blog/2018/08/27…

Blessed curl builds for Windows

The curl project is happy to introduce official and blessed curl builds for Windows for download on the curl web site. This means we have a set of recommended curl packages that we advice users on Windows to download.

^{daniel.haxx.se}

It took me 4 seconds to figure out that the grey elements are not partvof the graph (to indicate trends or something) but the curl logo.

#curl

"Yesterday, Wikipedia received over 45 million requests made with #curl, from 113 distinct curl releases."

gitlab.wikimedia.org/-/snippet…

20250826-webrequest-curl ($247) · Snippets · GitLab

GitLab Community Edition

^GitLab

Inspired by the BBC Tech report from @tdp_org, I looked at Wikipedia.

Yesterday, Wikipedia received over 45 million requests made with curl, from 113 distinct curl releases.

Of these, 32 million use the default UA (e.g. curl CLI). The other 13 million embed libcurl with a longer UA string containing curl (e.g. GuzzleHttp/PHP, PycURL, UnityPlayer)

At 12 million, most are curl/7.88.1.

Raw data, queries, and scrub/cleaning parameters:
gitlab.wikimedia.org/-/snippet…

#browserstats #curl #wikipedia

Very entertaining & educational keynote on #curl at #OSSummit

Amazing how much curl is involved in driving our modern world.

#Thanks Daniel Stenberg!

I have an open meeting setup this morning. Open for everyone. If you have any question, comment, thought about #curl or related subjects, or just want to hang out for a while. Join here:

meet.google.com/tun-hrxz-rud

Meet

Real-time meetings by Google. Using your browser, share your video, desktop, and presentations with teammates and customers.

^{meet.google.com}

Help me create quiz questions about #curl over here:

github.com/curl/quiz

GitHub - curl/quiz: Questions about curl for a quiz

Questions about curl for a quiz. Contribute to curl/quiz development by creating an account on GitHub.

^GitHub

Fun with `pthread_cancel()` in curl. How I got that working and what challenges I encountered.
#curl #dns #pthreads

eissing.org/icing/posts/pthrea…

Is there any reason we should keep support for #OpenSSL < v3 in #curl ?

curl.se/mail/lib-2025-08/0035.…

With PHP 8.5 we get Connection, DNS and SSL Sessions sharing across requests with cURL.

I made a video showing how this works and discuss the performance potential youtube.com/watch?v=wr_Jnrc2ha… - a short @mnapoli cameo included

#php #curl #php8 #php8_5

Share cURL Handle across PHP Requests (New in PHP 8.5)

Try our PHP Profiler: https://tideways.com/profiler/features?utm_source=yt&utm_campaign=yt-curl-shareSubscribe to my newsletter for PHP performance content: ...

^YouTube

"Pretend that a ping pong ball represents a single #curl installation somewhere in the world..."

(blog post from 2020)

daniel.haxx.se/blog/2020/08/20…

curl ping pong

Pretend that a ping pong ball represents a single curl installation somewhere in the world. Here's a picture of one to help you get an image in your head.

^{daniel.haxx.se}

curl disclosed on HackerOne: WebSocket Fragmentation DoS on Curl...

### Summary A malicious WebSocket server can send a fragmented message (FIN=0) followed by a flood of continuation frames, causing the client (curl) to continuously allocate memory while waiting...

^HackerOne

• slop (73%, 328 votes)
• not slop (26%, 119 votes)

Yesterday we saw 161 different versions of #curl make just over 1 million requests to www.bbc.co.uk & www.bbc.com.

The oldest version is 7.0.0 (1 request).
The newest version is 8.15.0 (18,969 requests).

I'd spotted a load of different cURL versions in something else so was curious how many versions we see.

Meanwhile, if you abuse the API and don't comply, asan might complain but that's not a #curl security problem.

hackerone.com/reports/3302518

curl disclosed on HackerOne: ## Title Heap Use-After-Free...

## Summary A **Use-After-Free (UAF)** vulnerability was discovered in `curl` at **`curl_trc.c:195`**. When processing specially crafted input, the code accesses memory after it has already been...

^HackerOne

The first release candidate for the pending #curl 8.16.0 release is up and if you have a chance, do try it out and report any and all issues you experience:

curl.se/rc/

IMHO it fits

1.) Both support tons of different inputs
2.) both are used in hundreds of different products, closed and open source.
3.) Both can be used from to CLI
4.) Both have a ton of CLI parameters.

I would say #ffmpeg has even more parameters you need to know by heart then #curl 🤣