Skip to main content

Search

Items tagged with: curl


If you're just Saturday Mastodoning and missed it before, we ship #curl 8.4.0 on Wednesday including a high severity vulnerability fix.

github.com/curl/curl/discussio…

#curl


#cURL: Infos zu "schlimmster Sicherheitslücke seit Langem" kommen am 11. Oktober | Security heise.de/news/cURL-Infos-zu-sc…
#curl


#curl has awarded peeps more than 63,000 USD in bug bounties so far - excluding the upcoming new CVE which alone will get the new curl record bug-bounty of 4,600 USD

This is one reason why #curl gets so much scrutiny.

#curl


I think an entry on curl.se/news.html should notify about the upcoming important release.

I originally went there to find out at which time on October the fix will be released. Can you at least name a time window?

#curl

#curl


If you've seen in the PR for #ECH in #curl and been curious what it is? github.com/curl/curl/pull/1192…

The browsers go all-in on it. Now #Firefox:
blog.mozilla.org/en/products/f…


Welcome Eduard Strehlau as #curl committer 1200 (!) github.com/curl/curl/pull/1202…
#curl


Here's a canonical URL for the little info there is about the pending #curl security announcements: github.com/curl/curl/discussio…
#curl


Interview With #curl Founder Daniel Stenberg
nordicapis.com/interview-with-…
#curl


Today might be a good day to remind everyone that I can work on #curl full-time thanks to customers paying for support.

curl.se/support.html

#curl


Today in my #inbox: someone emailed me the full #curl license text. With nothing extra. Just the exact text also found here: github.com/curl/curl/blob/mast…

Thank you!


Mastering the #curl command line has now surpassed 7,000 views.
youtu.be/V5vZWHP-RqU
#curl


#curl 8.4.0 will be released out of schedule due to serious #security #vulnerability CVE-2023-38545. This release will also fix another, less critical vulnerability CVE-2023-38546. Tentative release date is planned for 2023-10-11. The curl security process it is described here: curl.se/dev/vuln-disclosure.ht…


The Internet Bug Bounty is the organization that funds all #curl bounties.

hackerone.com/internet-bug-bou…

#curl


At this point, it would be easier to create a list of devices that are _NOT_ using #curl 😆
#curl


To date, I have made 163 videos that almost all are about #curl and #libcurl and you find them here: youtube.com/c/DanielStenberg


Ubuntu broke their #curl package for a while but seems to be fine again: github.com/curl/curl/issues/11…
#curl


This is the #curl 8.2.0 release video: youtu.be/eMSD1GOCABc
#curl


I'll live-stream the #curl release presentation today, starting in ~90 minutes (10:00 CEST) over on twitch: twitch.tv/curlhacker
#curl


Welcome Derzsi Dániel as #curl committer 1170: github.com/curl/curl/pull/1144…
#curl


I plan to do the definite "learning #curl the command line tool" video class on August 31: gist.github.com/bagder/253a236…

The agenda is still work in progress. I hope there's nothing obvious missing there?

#curl


I closed the #gemini PR for #curl just now with no action, but I'm encouraging a new one to get filed later on when ready for the next step: github.com/curl/curl/pull/1117…


I'm looking for someone who wants to implement this callback for #curl #websocket support: github.com/curl/curl/issues/11…

It might be the last missing feature before we can enable it (the websocket API) by default.


Welcome Ondřej Koláček as #curl committer 1168: github.com/curl/curl/pull/1142…
#curl


@loke I know we are far from alone - I expect this to happen to virtually everyone. But as I work on #curl and it is a problem for us, I try to educate our audience in how this works.

I very much doubt that any CVSS change can fix this. It's an NVD problem rather than anything else as I see it.


"Alert: if you look up curl CVEs in public sources like NVD you will find they use inflated severity levels and CVSS scores. They think they know better and override our assessments. This is a systemic error that we unfortunately cannot fix. Feel free to complain to them - we keep doing it to no use - and consider using our material as the canonical sources for curl issues. "

Quote from curl.se/docs/security.html #curl

#curl


Welcome Pontakorn Prasertsuk as #curl committer 1167: github.com/curl/curl/pull/1142…
#curl


If you are looking for a basic first thing to implement for #curl, maybe this could be it?
"Allow --write-out output to be written to a file" ?

github.com/curl/curl/discussio…

#curl


Welcome Juan Cruz Viotti as #curl committer 1163: github.com/curl/curl/pull/1140…
#curl