One of the recent AI generated bug reports for #curl quite impressively identifies mismatches between a function header's comment mentioning that an argument is optional, but the code uses it unconditionally.
This taking comments into account certainly allows for some extra magic the classic code analyzers can't do.
The kerberos5 library Heimdal is one of three GSS libraries curl support.
It has a memory leak triggered by the new test in #18917 and the project
seems mostly abandoned.
Drop support and steer use...
## Summary:
In curl’s OpenSSL backend, `ossl_get_channel_binding` retains a new reference to the server’s X509 certificate via `SSL_get1_peer_certificate` and never releases it. When Negotiate...
curl maintainers meet-up to discuss HTTP3, GnuTLS, wcurl and other things.Presenter:Samuel Henrique "samueloph" is a software developer focused on Debian, Li...
We just merged #18432 which adds a new feature to the curl API: notifications. This is not visible in the curl command line, only for applications using libcurl.
As of now, I am no longer the author of more than half the lines added to the #curl repository. The "others" have overtaken me. I have now added less than half the lines.
You can call any streamable-http transport MCP (Model Context Protocol) server tool with any HTTP client - even cURL!
And lots of things take cURL as example configuration (like Shopify Flow!), so it’s a good starting point for building things....
Nyheter för dig som är verksam i den svenska elektronikbranschen som exempelvis tillverkare, konsult, distributör, finansiär, investerare, konstruktör eller tekniker.
Watched it and yes, DOT delivered another good introduction to a useful DX tool. I know it will make me use #cURL exponentially more.
It also made me install #xh as a complement. Both because I like how colors make it easier to analyse, and for it providing a less complex command for basic stuff.
Go to https://sponsr.is/kinsta_devopstoolbox to get your first month of Managed WordPress Hosting for free and migrate your website over at no cost!---For ye...
Today we merged a new feature in curl: support for Apple SecTrust. This will become available in curl 8.17.0, due to be released on the 5th of November 2025.
configure/cmake support for enabling the option
supported in OpenSSL and GnuTLS backends
when configured, Apple SecTrust is the default trust store for peer verification. When one of the CURLOPT_* ...
"Daniel Stenberg, Swedish Internet protocol expert and founder and lead developer of the #Curl project, speaks with SE Radio host Gavin Henry about removing Rust from Curl. They discuss why #Hyper was removed from curl, why the last five percent of making it a success was difficult"
If you have more or better screenshots, please share! This shot is taken from the ending sequence of the PC version of the game Grand Theft Auto V. 44 minutes in! See the youtube version. Sky HD is a satellite TV box. This is a Philips TV.
On this day in 2002, we shipped curl 7.10. The first #curl version that did certificate checks by default when speaking TLS unless specifically asked not to.
I believe a good product needs clear and thorough documentation. I think shipping a quality product requires you to provide detailed and informative release notes. I try to live up to this in the curl project, and this is how we do it. https://www.
"A conversation with Daniel Stenberg, creator and maintainer of #curl, one of the most widely used networking tools on the internet. We talk about Daniel’s journey through decades of protocol work, the story of curl, what keeps him going, and how he balances open source with real life."
## Summary:
Hello security team,
Hope you are doing well :)
I would like to report a potential security vulnerability in the WebSocket handling code of the curl library. The issue is related to...
As the Cyber Resilience Act (CRA) is getting closer and companies wanting to sell digital services in goods within the EU need to step up, tighten their procedures, improve their documentation and get control over their dependencies I feel it could b…
Working on adding Apple SecTrust support to curl (e.g. the native macOS and other Apple *OS system certificates store) and reaching out to the Homebrew/Macports people if they'd like that too or have other needs. #curl
In the general discussion about curl's handling of a "native CA" and our addition of support for using Apple's SecTrust directly, the question arose how homebrew and macports can/wont make use of t...
Every curl security report starts out with someone submitting an issue to us on https://hackerone.com/curl. The reporter tells us what they suspect and what they think the problem is.
In this interview, Daniel Stenberg, lead developer of #cURL, discusses how the widely used tool remains secure across billions of devices, from cloud services to IoT. He shares insights into cURL’s decades-long journey of testing, reviewing, and refining its code to minimize risks.
Stenberg also explains the team’s approach to handling vulnerabilities, ensuring transparency, and maintaining trust in the open-source ecosystem.
It was accidentally broken in commit 0f4c439, shipped since 8.8.0 (May 2024) and yet not a single person has noticed or reported, indicating that we might as well drop support for FTP Kerberos.
Krb...
Please stop.https://hackerone.com/reports/3340109🏫 MY COURSESSign-up for my FREE 3-Day C Course: https://lowlevel.academy🧙♂️ HACK YOUR CAREERWanna learn t...
I posted about adding pthread_cancel use in curl about three weeks ago, we released this in curl 8.16.0 and it blew up right in our faces. Now, with #18540 we are ripping it out again.
