oh so *that's* what people use "postman" for! I was wondering what all the fuss was about

Spare a thought for the real-life #postman instead folks. (As you #cURL up in your cozy console) 📮

I would of course never get any medals or recognition at all from anyone without the awesome friends and people in the Open Source universe.

I try to lead by example but I and #curl would not be where we are without the thousands of contributors.

I accept this medal, but know that you all helped me get it.

Thank you all. Let's improve the world, bit by bit the way we know.

I am awarded a gold medal by the Royal Swedish Academy of Sciences for my work on #curl

daniel.haxx.se/blog/2025/10/21…

A royal gold medal

The Royal Swedish Academy of Sciences (IVA, the same org that selects winners for three of the Nobel prize categories) awards me a gold medal 2025 for my work on curl.

^{daniel.haxx.se}

This reads like a warning. So is cURL like nuts? Are people allergic to cURL!?

@bagder my watch might contain your software, maybe. They aren't 100% sure though. 🤷 🤣

[Note to reader, it almost certainly does contain cURL. I would be shocked if it did not!]

#WristCheck #cURL

Welcome to #curl release candidate 2 of the pending 8.17.0 version.

curl.se/rc/

On this day twelve years ago, in 2013, #curl got its first ever CI jobs. On Travis CI.

Before that we only ran post-merge tests on a set of volunteers' machines.

Today, we have around 230 separate CI jobs and we have tripled the number of test cases since then.

time for a little #chart involving #curl: "which host, which protocol"

daniel.haxx.se/blog/2025/10/16…

chart: which host, which protocol

A flow chart describing some steps and decisions done within curl when a HTTP URL is provided. For hostnames, protocol and port numbers.

^{daniel.haxx.se}

A lovely follow-up to what is no longer any #curl license violation:

github.com/curl/curl/discussio…

Digital Extremes violate the cURL license · curl curl · Discussion #18474

Hi, I just want to let you know (and have there be a record) of the fact that Digital Extremes, a Canadian video-game-developer-turned-GaaS-developer, are using cURL (statically linked alongside Op...

^GitHub

I came across the root of the word "cirrus" en passant the other day. I rather like it because #curl is a major part of the cloud...

en.wiktionary.org/wiki/cirrus

cirrus - Wiktionary, the free dictionary

^Wiktionary

We're at 809 received #curl issues from "team AI tooling", out of which about 15% has turned into commits/fixes.

The false positive/we don't care rate went up significantly when the scan included tests and examples. We should simply exclude those parts from normal scans as they live by different rules.

Never a dull moment.

Random current stats from the #curl CI (the last 30 days):

Tests executed per day: 1400019.4

Time spent running tests per day: 1087073 sec./day (12.6 days/day)

Total clock time spent running tests: 32612201 sec. (377 days)

Average time spent running each test: 0.776 sec./test

Number of git commits tested: 306

If you're curious, here are 158 of Joshua's reported issues on #curl to give you an idea what we talk about.

We have manually gone trough them all and dismissed or addressed them. None of them has been deemed a security problem. Not all the PRs for the valid problems have been merged yet.

gist.github.com/bagder/d1fff7f…

round three from Joshua

round three from Joshua. GitHub Gist: instantly share code, notes, and snippets.

^Gist

On this day twenty-five years ago, the first ever CVE was reported against #curl:

curl.se/docs/CVE-2000-0973.htm…

Release candidate 1: #curl 8.17.0-rc1

curl.se/rc/

One of the recent AI generated bug reports for #curl quite impressively identifies mismatches between a function header's comment mentioning that an argument is optional, but the code uses it unconditionally.

This taking comments into account certainly allows for some extra magic the classic code analyzers can't do.

#curl October 9. The same number of commits done this year (2433) so far as the entire previous top-year with the most commits (2024).

We're not dead yet.

In the 28.7 days since the #curl release, we have merged 233 bugfixes (8.13 per day)

Yeah, its a little crazy here right now. Those kids with the new tools reporting problems... 😁

In the end we decided on *not* a #curl security issue, but it's not an easy one to make:

hackerone.com/reports/3373640

curl disclosed on HackerOne: OpenSSL backend: X509 peer certificate...

## Summary: In curl’s OpenSSL backend, `ossl_get_channel_binding` retains a new reference to the server’s X509 certificate via `SSL_get1_peer_certificate` and never releases it. When Negotiate...

^HackerOne

Mr @samueloph posted two videos on #wcurl and #curl in Debian:

"wcurl - one year later - DebConf 25" youtube.com/watch?v=RvnDvic2ea…

Short presentation about what happened since wcurl’s creation in May 17 2024 and what will happen next.

"curl maintainers BoF - DebConf 25" youtube.com/watch?v=OhTjgU7LIO…

curl maintainers meet-up to discuss HTTP3, GnuTLS, wcurl and other things.

curl maintainers BoF - DebConf25

curl maintainers meet-up to discuss HTTP3, GnuTLS, wcurl and other things.Presenter:Samuel Henrique "samueloph" is a software developer focused on Debian, Li...

^YouTube

libcurl notificiations are coming in curl 8.17.0 on November 5.
#curl

eissing.org/icing/posts/curl-n…

"Don't Forget: Remote MCP Servers are Just #cURL Calls"

joshbeckman.org/blog/practicin…

Don't Forget: Remote MCP Servers are Just cURL Calls

You can call any streamable-http transport MCP (Model Context Protocol) server tool with any HTTP client - even cURL! And lots of things take cURL as example configuration (like Shopify Flow!), so it’s a good starting point for building things....

^{Josh Beckman}

AI has found 50 bugs in cURL. "AI-native SASTs work well"

etn.se/72494

#HackerNews #AI #cURL #bugs #SAST #cybersecurity #technology

Say hello to #curl's brand new command line option number 273: --knownhosts.

curl.se/docs/manpage.html#--kn…

Watched it and yes, DOT delivered another good introduction to a useful DX tool. I know it will make me use #cURL exponentially more.

It also made me install #xh as a complement. Both because I like how colors make it easier to analyse, and for it providing a less complex command for basic stuff.

But also for its "--curl" option ;)

A small post about the upcoming support for native Apple SecTrust in curl 8.17.0.
#curl #apple

eissing.org/icing/posts/curl-a…

Also this Friday, look at this lovely #curl PR by @icing that we just merged:

github.com/curl/curl/pull/1870…

ssl: support Apple SecTrust configurations by icing · Pull Request #18703 · curl/curl

configure/cmake support for enabling the option supported in OpenSSL and GnuTLS backends when configured, Apple SecTrust is the default trust store for peer verification. When one of the CURLOPT_* ...

^GitHub

"Daniel Stenberg, Swedish Internet protocol expert and founder and lead developer of the #Curl project, speaks with SE Radio host Gavin Henry about removing Rust from Curl. They discuss why #Hyper was removed from curl, why the last five percent of making it a success was difficult"

se-radio.net/2025/10/se-radio-…

On this day nine years ago I started my collection: "screenshotted #curl credits"

daniel.haxx.se/blog/2016/10/03…

screenshotted curl credits

If you have more or better screenshots, please share! This shot is taken from the ending sequence of the PC version of the game Grand Theft Auto V. 44 minutes in! See the youtube version. Sky HD is a satellite TV box. This is a Philips TV.

^{daniel.haxx.se}

We're dropping support for OpenSSL-QUIC in #curl soon: github.com/curl/curl/pull/1882…

We're removing support for OpenSSL 1.1.1 from curl even sooner: github.com/curl/curl/pull/1882…

DEPRECATE.md: We remove the OpenSSL-QUIC backend in March 2026 by bagder · Pull Request #18820 · curl/curl

URL: https://curl.se/mail/lib-2025-10/0000.html

^GitHub