Top-5 #curl version distribution among requests done on haxproxy.org in June 2024:

curl/7.81.0 79.64%
curl/7.61.1 5.88%
curl/7.68.0 5.47%
curl/7.29.0 2.00%
curl/8.5.0 1.31%

mailarchive.ietf.org/arch/msg/…

Here's a user in the wild who was bitten by the Apple "backdoor" in #curl:

github.com/curl/curl/discussio…

Is there a feature to get intermediate certificates automatically? · curl curl · Discussion #14009

Question When studying certificate mechanisms, I discovered that curl requests do not encounter problems even without intermediate certificates. While web browsers automatically fetch intermediate ...

^GitHub

Here's another good idea coming from the #curl user survey:

Support "curl -h --insecure" etc to output the manpage section for the --insecure command line option in the terminal. Should be possible to work with either long or short versions of command line options.

github.com/curl/curl/pull/1399…

Open for grabs!

TODO: -h option by bagder · Pull Request #13990 · curl/curl

Support "curl -h --insecure" etc to output the manpage section for the --insecure command line option in the terminal. Should be possible to work with either long or short versions of command line ...

^GitHub

You asked, I heard you. #curl --resolve with wildcard support for port number:

github.com/curl/curl/pull/1398…

Let's you do this to redirect all host names against all ports used in the cmdline to 127.0.0.1:

curl --resolve *:*:127.0.0.1 example.com

CURLOPT_RESOLVE: support "*" for port number by bagder · Pull Request #13984 · curl/curl

Allow resolves for a hostname independent of port number, to a fixed address. Resolves to a fixed port number have priority. Also works if the hostname itself is using "*" to catch all hostnames. A...

^GitHub

Do you think we should create --show-headers the new name (alias) for #curl's --include option, to make it easier to remember and know what it does?

github.com/curl/curl/pull/1398…

tool_getparam: make --show-headers the same as --include by bagder · Pull Request #13987 · curl/curl

Simply a name alias that better explains what the option does.

^GitHub

Do you think #curl -O on a URL that ends with a trailing slash should pick a default file name to save the content in ?

github.com/curl/curl/pull/1398…

tool_operate: for -O, use "default" as filename when the URL has none by bagder · Pull Request #13988 · curl/curl

Instead of returning error. Add test 690 to verify

^GitHub

🎉 New episode of Changelog & Friends!

@bagder shares his guiding principles for BDFL’ing curl, gives us his perspective on the state of the internet, talks financial independence, ensuring curl won’t be the next XZ & more!

🎧 changelog.com/friends/49 #curl #podcast

Where DOESN’T curl run with curl BDFL Daniel Stenberg (Changelog & Friends #49)

Daniel Stenberg shares his guiding principles for BDFL’ing curl, gives us his perspective on the state of the internet, talks financial independence, ensuring curl won’t be the next XZ & more!

^Changelog

#curl is now in feature freeze now for 8.9.0 curl.se/mail/lib-2024-06/0051.…

Pending release notes: curl.se/dev/release-notes.html

MQTT in #Xojo

We can use our #RabbitMQ plugin/classes to connect to RabbitMQ server with MQTT Plugin.

Or use #CURL functions to connect directly to MQTT server and post new messages and subscribe to a topic.

Great way to automate something.

mbsplugins.de/archive/2024-06-…

Inside 22,734 Steam games

daniel.haxx.se/blog/2024/06/20…

#curl

Steamdb lists *more than* 10,000 titles on Steam that use #curl

steamdb.info/tech/SDK/cURL/

Not too shabby for a hobby.

Newly disclosed (and dismissed) #curl vulnerability reports

"HTTP headers eat all memory:"
hackerone.com/reports/2552192

"Incorrect conversion in hostname"
hackerone.com/reports/2552179

"Unicode-to-ASCII conversion in cmdlines on Windows lead to argument injection"
hackerone.com/reports/2550951

Transparency baby.

curl disclosed on HackerOne: Unicode-to-ASCII conversion on Windows...

Hello cURL team, I am splitline from DEVCORE Research Team. We recently found a vulnerability on cURL. We have reproduced the issues in the latest version of cURL (curl-8.8.0_1) and would like to...

^HackerOne

Next bike-shed opportunity in #curl: should it special case the .i2p TLD (as well)?

github.com/curl/curl/discussio…

Curl leaks .i2p hostnames in DNS · curl curl · Discussion #13964

Hello, I recently read the blog entry about curl no longer leaking .onion domains into the DNS, which is great. However, curl still leaks .i2p domains. Like Tor, I2P is a "darknet" or overlay netwo...

^GitHub

#curl user survey 2024 analysis

daniel.haxx.se/blog/2024/06/17…

63 pages and 14,800 words. Enjoy!

If you subscribe to my weekly #email, you will get a full nerd report every week about what I have been up to and will do next. Mostly about #curl, open source, networking and related stuff.

At no cost. No ads. No requirements. If you want to.

lists.haxx.se/listinfo/daniel

I usually toot new entries here on Mastodon.

I started a discussion (well, Friday afternoons are good for those) on the possiblity/benefits of a 'curl-agent'.

github.com/curl/curl/discussio…

#curl

curl-agent/curl-add idea · curl curl · Discussion #13954

This is an idea about using a resident agent to hold information where curl can store/retrieve information that is relevant for transfers. This should similar to ssh-agent (or maybe even use that, ...

^GitHub

The #curl website has been hosted by #Fastly CDN for over seven years now. I cannot ask for a better service and a friendlier company to help us.

Starting now they offer a free tier. fastly.com/pricing/

Here's my blog post from seven years ago: daniel.haxx.se/blog/2017/05/02…

Edge cloud pricing

Test up to $50 of traffic for free, no commitment required.

^{www.fastly.com}

On this day, exactly four years ago, #curl celebrated getting its 800th commit author.

Since then, 478 additional authors have contributed to the project. A 60% author growth in just four years.

The old blog post: daniel.haxx.se/blog/2020/06/12…

Why #curl closes PRs on #GitHub

daniel.haxx.se/blog/2024/06/11…

#HTTP3 in #curl mid 2024

daniel.haxx.se/blog/2024/06/10…

#curl now has 261 command line options, as --ip-tos and --mptcp were added for the pending 8.9.0 release:

curl.se/docs/manpage.html#--ip…

curl.se/docs/manpage.html#--mp…

Would you like a "num_retries" variable for #curl's --write-out format?

github.com/curl/curl/discussio…

num_retries variable for --write-out format · curl curl · Discussion #13901

It would be nice to expose the number of --retry retries that were required to complete a request: curl --retry 5 --retry-delay 2 --silent --write-out '%{num_retries} attempts\n' https://unreliable...

^GitHub

Some of the emails I get are truly sad reflections of the complicated and rather sorry state of things we are in. Like this.

(also, apparently #curl is used in another popular game)

"Rainbow 6 Siege Activation issue"

bagder.github.io/emails/2024/2…

The #curl feature window is now open.

curl.se/mail/lib-2024-06/0000.…

Because I was reminded. Remember when PowerShell went Open Source eight years ago and I submitted a PR the next day proposing to remove the #curl alias?

There is always another windmill to fight!

daniel.haxx.se/blog/2016/08/19…

#Windows users running stupid scanners now contact us for support regarding CVE-2023-46218 which the scanners say affects #curl 8.4.0 shipped by Microsoft.

It would, if their version was built to use #iibpsl, a prereq for this CVE, which #Microsoft does not.

Security scanners. A snake oil business.

curl.se/docs/CVE-2023-46218.ht…