c10kday - #curl turns 10,000 days old
daniel.haxx.se/blog/2025/08/05…
From March 20, 1998 when the first curl release was published, to this day August 5, 2025 is exactly 10,000 days. We call it the curl-10000-day. Or just c10kday. c ten K day. We want to celebrate this occasion by collecting and sharing stories.daniel.haxx.se
On August 5 2025, it is exactly 10,000 days since March 20 1998 when the first curl release was done. For this occasion we want to collect fun, exciting, or interesting stories that involve curl an...GitHub
First commit changes this: long val; secs2ms(&val, "1.23456"); // val = 1234 // ok secs2ms(&val, "1.234567"); // val = 1023 // should be 1234 secs2ms(&val, "...GitHub
Makes curl follow redirects an act on the response code and change a custom method accordingly, contrary to --location. Potential future command line to send QUERY and following a redirect accordin...GitHub
Even happier eyeballs
#curl's connection racing goes next level
daniel.haxx.se/blog/2025/08/04…
Back in 2012, the Happy Eyeballs RFC 6555 was published. It details how a sensible Internet client should proceed when connecting to a server.daniel.haxx.se
I spent over three hours yesterday debugging the latest #curl hackerone report. I think I understand it now.
Next tricky step is now to assess the security impact. Is there one?
Ubuntu Server 25.10 removes wget from its default installation, in favour of wcurl, a wrapper included with curl.
omgubuntu.co.uk/2025/08/ubuntu…
Ubuntu Server 25.10 removes wget from its default installation, in favour of the wcurl tool. Here's why the change was made and if it'll affect you.Joey Sneddon (OMG! Ubuntu!)
So I'm thinking of adding support for %time{} in #curl's -w function.
One reason for doing this is for users who use -w for logging and want to include the time of the event (post-transfer) in a convenient way.
github.com/curl/curl/pull/1811…
Feel free to share your opinion!
Output the current UTC time using strftime format. %f is an extra curl specific flag to output the microsecond fraction of the current second. TODO decide if we want this at all is the strftime ...GitHub
#curl adds parallel host control
daniel.haxx.se/blog/2025/08/01…
I'm convinced a lot of people have not yet figured out that curl has supported parallel downloads for six years already by now. Provided a practically unlimited number of URLs, curl can be asked to get them in a parallel fashion.daniel.haxx.se
On this day 26 years ago, the #curl website premiered on the host "curl.haxx.nu", as it moved over from having been hosted on my personal [company]/~dast/curl sub page previously.
Less than a year later we switched again to curl.haxx.se. We could not use the .se domain earlier because of limits in the TLD ruleset before that point.
We would then stay on that hostname for some twenty years.
This calm and lovely night, #curl got its 271st command line option merged and we call this baby --parallel-max-host
Enjoy!
github.com/curl/curl/pull/1805…
Where 'host' is protocol + hostname + portnumber.GitHub
Bring us your feedback on this idea and PR: make #curl output its cheat-sheet.
github.com/curl/curl/pull/1807…
Add a new argument "cheat-sheet" to -h, --help option that returns the content from the repo curl-cheat-sheet to the terminal.GitHub
Add defensive int overflow checking in the buffer queue allocation functions to prevent potential heap buffer overflows if large chunk sizes are ever used. The calculation sizeof(*chunk) + q->ch...GitHub
Option parsing in #curl. Something we can start using in two years or so.
daniel.haxx.se/blog/2025/07/31…
We have always had a custom command line option parser in curl. It is fast and uncomplicated and gives us the perfect mix of flexibility and function. It also saves us from importing or using code with another license.daniel.haxx.se
I'm happy to report that the glitches that could happen in #curl when you did more than 2.2 billion transfers in a single invoke are now history.
github.com/curl/curl/pull/1809…
Otherwise we could misbehave already at 2 billion URLs and we can't have that. A few of the counters are already correctly using the right type.GitHub
The "good" people at Emerson for some reason couldn't think for themselves when I responded to them on behalf of #curl and instead continue and send the same questions to the #libssh2 project with the same "demands".
"This is a gentle reminder regarding our earlier request for your input on the cybersecurity risk assessment of the software component “libssh2” version 1.11.0, as part of our compliance efforts with the EU Cyber Resilience Act (CRA)."
This change makes it possible to Append a DSN specification behind the MAIL and RCPT mail addresses in the smtp protocol. Currently, curl checks if these addresses start with a '<' or en...GitHub
Output nothing with #curl --out-null
daniel.haxx.se/blog/2025/07/30…
Downloading data from a remote URL is probably the single most common operation people do with curl. Often, users then add various additional options to the command line to extract information from that transfer but may also decide that the actually …daniel.haxx.se
Native Schannel TLS stack of #Windows was so unreliable it got axed from #curl:
* Never worked reliably under real‑world loads.
* Quirky, cumbersome API/architecture that broke integrations.
* Zero developer interest—nobody tested or maintained it.
* Pure maintenance drag with no real benefit.
So #Microsoft again shipped a built‑in that nobody uses, and projects ditch it entirely in favor of better third‑party alternatives.
daniel.haxx.se/blog/2025/07/29…
I hope that by now most readers of my blog have understood that curl, and libcurl specifically, is an architecture with a transfer core with a set of different backends plugged in. Backends powered by different third party libraries.daniel.haxx.se
Carving out msh3. #curl drops an HTTP/3 backend.
daniel.haxx.se/blog/2025/07/29…
I hope that by now most readers of my blog have understood that curl, and libcurl specifically, is an architecture with a transfer core with a set of different backends plugged in. Backends powered by different third party libraries.daniel.haxx.se
--out-null is #curl's 270th command line option.
Discard all response output of a transfer silently. This is the more efficient
and portable version of
curl host.example -o /dev/null
The transfer is done in full, all data is received and checked, but the bytes are not written anywhere. --out-null is associated with a single URL. Use it once per URL when you use several URLs in a command line.
I got a #curl idea:
github.com/curl/curl/pull/1805…
Where 'host' is protocol + hostname + portnumber.GitHub
Specific to multiplexing with PIPEWAIT enabled - when a pending handle times out before its corresponding connecting handle, its timenode is erroneously inserted twice into the multi handle splay t...GitHub
Unconditionally enable _GNU_SOURCE when building on GNU/Hurd; this way it is possible to properly use/rely on GNU extensions e.g. accept4(), memrchr(), and the GNU strerror_r().GitHub
Ahmad Gani intercepts the sendto syscall to simulate short send, but curl incorrectly handles it. It keeps resending the version: sendto(4, "\x05", 1, MSG_NOSIGNAL, NULL, 0) = 1 sendt...GitHub
take a guess if the same company now emailed the exact same CRA compliance questionnaire they sent to the #curl project last week, to the libssh2 project!
Correct. They did.
#curl creator mulls nixing bug bounty awards to stop AI slop
theregister.com/2025/07/15/cur…
: Maintainers struggle to handle growing flow of low-quality bug reports written by botsThomas Claburn (The Register)
#curl 8.15.0
Daniel walks through the changes done in 8.15.0, a whole bunch of his "favorite" bugfixes and then some of the upcoming new things that might be merged and i...YouTube
I'm Daniel Stenberg, maintainer and lead developer in the curl project. I stream curl related stuff. Release presentations, curl development and related topics.Twitch
My gut feeling says you need a new #curl release. So here is curl 8.15.0 just for you.
daniel.haxx.se/blog/2025/07/16…
Welcome to another curl release. A shorter cycle this time so we did not have time to merge many changes: there is just one logged. See below. This is the 269th release featuring 269 command line options.daniel.haxx.se
