Sometimes people think #curl is a simple little HTTP tool, while in reality there's a whole internet transfer machine in there supporting 28 protocols.
Daniel shows off the plumbing, related scripts and how to keep the #curl RELEASE-NOTES file in sync during development so that it is ready and in good shape at release time.
Daniel shows off the plumbing, related scripts and how to keep the curl RELEASE-NOTES file in sync during development so that it is ready and in good shape a...
I'm Daniel Stenberg, maintainer and lead developer in the curl project. I stream curl related stuff. Release presentations, curl development and related topics.
For educational purposes we disclose this recent hackerone report on #curl claiming its sprintf() implementation is bad because it can be made to deref a bad pointer when you use it incorrectly. You know, exactly how all sprintf() implementation work - by design.
This is not the first time we had this "flaw" reported. (I did not check the "AI slop" checkbox on this one)
## Summary:
A vulnerability has been identified in the curl library’s formatted output functions (specifically in curl_msnprintf and its related functions). When a malicious (attacker-controlled)...
Things did not work out the way we had planned. The 7.88.0 release that was supposed to be the last curl version 7 release contained a nasty bug that made us decide that we better ship an update once that is fixed. This is the update.
I have this nailed down as what I would like to get to during 2025 for #curl. I assume other things will happen as well. Some of these things will only happen given enough support/sponsorship.
Is there some magic making three times, or even pi, the number of times you need to write code for it to be good? So what am I talking about? Let's rewind and start with talking about writing code.
Après avoir passé la semaine dernière a installé #Linux Notre @uichelorraine nationale a passé la seconde et a contribué ce week-end pour #Curl sur un module expérimental nommé sobrement "quiche" Tous·tes ici prenez en de la graine.
But will it satisfy the world? I have blogged several times in the past about how OpenSSL decided to not ship the API for QUIC a long time ago, even though the entire HTTP world was hoping for it - or even expecting it.
The state of #QUIC support in #curl is not for the faint of hearts. The current API development is what I put in the lower part of the rightmost column.
Two documentation edits related to the following documentation pages:
CURLOPT_SSL_ENABLE_NPN
Issue:
The use of a full-stop breaks the redirection when rendered on a webpage
Action:
Removed the fu...
The Gemini protocol is a lightweight alternative to HTTP positioned as a spiritual successor to Gopher. One drawback is that without reuse of TCP connections, every navigation takes several seconds on geostationary satellite Internet.
There is again a pull-request submitted to the curl project to bring support for the Gemini protocol. It seems like a worthwhile effort that I support, even if it is also a lot of work involved and it might take some time before it reaches the state …
Hej allihopa!
Goda nyheter! Open Infra Forum firar 10 år, så den här gången slår vi på
stort!
Varmt välkomna till Biograf Skandia på Drottningatan 82 och
I'm Daniel Stenberg, maintainer and lead developer in the curl project. I stream curl related stuff. Release presentations, curl development and related topics.
This is a quick follow-up patch release due to the number of ugly regressions in the 8.12.0 release. Release presentation Live-streamed on twitch as always at 10:00 CET on the release day.
The venerable curl is one of the most fundamental pieces of code in the modern world. A seemingly simply utility - it enables other programs to interact with URls - it runs on millions of cars, is inside nearly every TV, used by billions of people, and is even in use on Mars.
And, as of last week, features a small contribution by…
The venerable curl is one of the most fundamental pieces of code in the modern world. A seemingly simply utility - it enables other programs to interact with URls - it runs on millions of cars, is inside nearly every TV, used by billions of people, a…
Hi friends, Due to a range of bad regressions in the curl 8.12.0 release, we are working on getting a patch release out. curl 8.12.1 ships on February 13 and contains a set of bugfixes. I'm sorry f...
curl is an internet transfer engine. A rather modular one too. Parts of curl's functionality is provided by selectable alternative implementations that we call backends.
Fixes #16269 - replaces .site domains and domain.com with valid example domains.
There may be other invalid examples, but these were the obvious ones I could find.
Please let me know if there are a...
Things to do in order to sleep well while having your C code in twenty billion installations. A talk about what the curl project does to minimize security ri...
I did this I updated my system and got curl 8.12.0, that caused a segfault in kodi when it tried to do https requests somewhere. Rebuild kodi for testing against curl 8.12.0 but that did not change...
Title: Potential Use-After-Free Vulnerability in cf_h2_proxy_ctx_free Function of libcurl
Vulnerability Overview: A potential Use-After-Free (UAF) vulnerability has been identified in the...
## Summary:
The fix for CVE-2024-11053 seems to be incomplete.The information leak problem could be reproduced again if use netrc in step1.
## Affected version
all
## Steps To Reproduce:
1....
https://www.youtube.com/watch?v=kCJmAyUr1j4 This is the video recording of my talk with this title, done at February 4, 2024 10:00 in the K1.105 room at FOSDEM 2024.
Daniel makes the curl 8.12.0 release. Shows how a curl release is done. This is the 264th curl release. Shows the scripts, the procedures and the general pro...
