'=' is the operator defined by POSIX, only bash supports '=='GitHub
Reproducible, static, curl binaries for Linux, macOS and Windows - curl/curl-for-winGitHub
#curl 8.17.0
Daniel talks about curl 8.17.0. The security advisories, the changes and some of the many bugfixes done in this release.YouTube
#curl 8.17 time
I'm Daniel Stenberg, maintainer and lead developer in the curl project. I stream curl related stuff. Release presentations, curl development and related topics.Twitch
The #curl release on GitHub is now marked as "immutable" and there's even something they call "release attestation" there now.
Just remember that the curl canonical releases are the signed tarballs uploaded by me. Reproducible, so you can verify them at will to not contain bad things. Signed to prove I did them.
Made with love and care, I promise.
#curl 8.17.0 is here.
Enjoy!
daniel.haxx.se/blog/2025/11/05…
Download curl from curl.se. Release presentation As per tradition, there will be a live-streamed release presentation on twitch at 09:00 UTC (10:00 CET) on the release day. Available on YouTube after the fact.daniel.haxx.se
I'm Daniel Stenberg, maintainer and lead developer in the curl project. I stream curl related stuff. Release presentations, curl development and related topics.Twitch
Yes really, #curl is still developed
daniel.haxx.se/blog/2025/11/04…
A lot! One of the most common reactions or questions I get about curl when I show up at conferences somewhere and do presentations: -- is curl still being actively developed? How many more protocols can there be? This of course being asked by people …daniel.haxx.se
curl.se, the domain itself, celebrates five years as home of #curl today.
I told the story back then:
daniel.haxx.se/blog/2020/11/04…
Good things come to those who wait? When I created and started hosting the first websites for curl I didn't care about the URL or domain names used for them, but after a few years I started to think that maybe it would be cool to register a curl doma…daniel.haxx.se
Fixes #19109 Problem GSSAPI authentication fails on macOS when curl is built with --with-openssl and --with-gssapi, producing the error: gss_init_sec_context() failed: An unsupported mechanism was ...GitHub
yeah, in the #curl case I hope and wish that the people making the curl packages for distros (or build curl for other purposes) do the reproducible check - so that they know for sure that the one doing the curl releases didn't smuggle anything in. It also usually also requires that a few people do it and can trigger the alarm if they would find something odd.
At least we make it possible.
I took the liberty to polish the #curl Wikipedia page a little. Give it a look and see what more we can improve there.
One way we work on making #curl code safer (with fewer mistakes) is by using more helper functions and fewer direct calls to *alloc() and mem/strcpy().
Since reported vulnerabilities generally are really old, we can't know yet for several years if it actually has the desired effect.
I plot the memory call density to see how it goes.
I just learned TIOBE has a "quality indicator" and #curl is ranked D out of an A to F scale where A is best.
No further comments on that.
ticsdemo.tiobe.com/tiobeweb/DE…()&metric=tqi
Hello people involved in distros and/or CVEs! Is CSAF something you care about? Should projects such as #curl bother about it and perhaps even provide CVE data in this format?
Unfortunately, the Chinese version of the Everything #curl book that launched five years ago is no longer available for purchase on Amazon.
daniel.haxx.se/blog/2020/10/29…
The other day we celebrated everything curl turning 5 years old, and not too long after that I got myself this printed copy of the Chinese translation in my hands! This version of the book is available for sale on Amazon and the translation was done …daniel.haxx.se
The other day we had our first ever chained AI tool success on the #curl factory floor:
- tool A found a possible flaw in code and reported it.
- using the plain English description from tool A, tool B could create a reproducible by itself that verified the finding
The sense of magic is strong in this.
Now us poor humans need to fix it. The AIs are still really lousy at writing patches.
if your product/service relies on #curl, consider taking our release candidate 3 on a spin and make sure no regression have slipped in!
"At Netflix we run a fleet of thousands of servers and we use #curl to transfer large amounts of data"
I think "large" in this context might be larger than in some other contexts.
Recognition - with Daniel Stenberg. A walk-through of awards, recognition and the medals Daniel has received during the years doing #curl and Open Source.
youtu.be/GwG0-eO4ZsQ?si=2av7Kb…
A walk-through of awards, recognition and the medals Daniel has received during the years doing curl and Open Source.YouTube
Was just using #curl to help debug some network configuration issues with a client.
Realised we'd need to fake a hostname mapping to a specific IP, as we haven't set up the DNS aliases yet.
And, because it's curl, not only is there a way to do it, there's several well documented options!
everything.curl.dev/usingcurl/…
Thanks, curl team!
everything there is to know about curl, libcurl and the cURL projecteverything.curl.dev
At: https://curl.se/windows/ Starting with 8.16.0_11. It's experimental. More details: #375 (comment)GitHub
Fixes #19228 The current code checks if a line starts with . which doesn't match the RFC spec. Per RFC 2449, the CAPA response terminator is a line containing only a single dot (plus CRLF). Whi...GitHub
