I learned to do a pie chart with gnuplot so let me introduce "#curl CVE severity distribution" .

curl.se/dashboard1.html#cve-pi…

User Group idea: cURL girls. a group for women dedicated to hacking the internet via the command line.

the name popped in my head, and thought it should exist. Someone should run with it.

#linux #curl #CLI #NameIdea

Current #curl bug-bounty stats (since April 2019).

Reports: 475
Confirmed security issues: 73 (15%)
Identified bugs (but not security problems): 92 (19%)
Invalid: 310 (65%)

We're changing the dates a little: we remove #hyper support from #curl already in the first release of 2025:

github.com/curl/curl/pull/1513…

Eight years ago I started collecting #curl credit screenshots, and it has grown into a pretty fun set:

daniel.haxx.se/blog/2016/10/03…

Twenty-two years ago on this day, we shipped #curl 7.10.

The first one using only the MIT license. Introduced --compressed. Certificate verification done by default. SOCKS5 support. A biggie.

Feels just like yesterday.

curl.se/ch/7.10.html

Some vulnerability scanner is now (again) saying that #curl in Windows is vulnerable to some CVE.

The fun never stops.

On this day, nine years ago, I launched my sub-project "everything curl". A free book about #curl.

Today it contains 114.000 words in 1,056 separate sections.

everything.curl.dev/

On this day, exactly twenty-three years ago, #curl was shipped bundled with macOS for the first time. It has been included in their install ever since.

That day, Mac OS X 10.1 was released, featuring curl 7.7.2

#curl 8.10.1

daniel.haxx.se/blog/2024/09/18…

Six years ago I tried to list the biggest #curl installations.

Today all of them are much larger.

daniel.haxx.se/blog/2018/09/17…

48 hours until #curl 8.10.1

At least another 19 bugfixes...

The top #curl sponsors September 2024:

Haxx, wolfSSL, Fastly, TeamViewer, GitHub, IBB, Kirei, elastic

Thank you!

curl.se/sponsors.html

Remember #curl --libcurl, one of my all time favorite options.

(blog post from two years ago)

daniel.haxx.se/blog/2022/09/12…

The #curl 8.10.0 release presentation

youtu.be/jO5qZ9VW0_k

Interesting episode of Focus On Linux on the #SovereignTechFund (@sovtechfund) with Daniel Stenberg (@bagder), who talks about how #Curl has been funded by the STF.

focusonlinux.podigee.io/113-so…

When will #curl integrate #AI to select the right command line parameters automatically?

😂

#curl provides this listing and collection of ALL past security vulnerabilities at curl.se/docs/security.html

I claim that curl does this better than, yeah, just about all other projects. Because we put a lot of effort into it. Because we believe our users deserve it.

#curl security advisory: CVE-2024-8096: OCSP stapling bypass with GnuTLS

curl.se/docs/CVE-2024-8096.htm…

#curl 8.10.0 is here. A larger update than in a while.

daniel.haxx.se/blog/2024/09/11…

At 08:00 UTC the curl release presentation is live-streamed here: twitch.tv/curlhacker

24 hours to the #curl release.

455 commits
245 bugfixes
57 contributors
42 days
27 authors
16 changes
1 CVE

The graph of number of graphs and plots on the #curl dashboard

curl.se/dashboard.html

(no it does not include itself because this graph is not present on the dashboard)

An unscientific search seems to indicate that more than 7% of the vulnerability reports we get in #curl concerns directory listings on the website.

That's about half the rate of the legitimate reports.

got another "security report" from someone who found a directory listing on the #curl site insisting it is an "information exposure" vulnerability

Even though the entire thing is also available in a public git repository.

Closed.

The first ever #curl version was called 4.0 and we shipped it 9667 days ago.

Time flies.

mastering the #curl command line

youtu.be/q_juztjhUlA?si=MhQehD…

In six hours, I will do this free #curl presentation live-streamed with a Q&A. What we sometimes call a #webinar. Join up. It should be fun!

daniel.haxx.se/blog/2024/09/02…