A lovely follow-up to what is no longer any #curl license violation:
github.com/curl/curl/discussio…
Hi, I just want to let you know (and have there be a record) of the fact that Digital Extremes, a Canadian video-game-developer-turned-GaaS-developer, are using cURL (statically linked alongside Op...GitHub
Description: This MR fixes an issue where the connection retry mechanism does not trigger when CONN_MAX_RETRIES + 1 attempts are reached, resulting in the error: The root cause is that the retry co...GitHub
I came across the root of the word "cirrus" en passant the other day. I rather like it because #curl is a major part of the cloud...
We're at 809 received #curl issues from "team AI tooling", out of which about 15% has turned into commits/fixes.
The false positive/we don't care rate went up significantly when the scan included tests and examples. We should simply exclude those parts from normal scans as they live by different rules.
Never a dull moment.
Random current stats from the #curl CI (the last 30 days):
Tests executed per day: 1400019.4
Time spent running tests per day: 1087073 sec./day (12.6 days/day)
Total clock time spent running tests: 32612201 sec. (377 days)
Average time spent running each test: 0.776 sec./test
Number of git commits tested: 306
If you're curious, here are 158 of Joshua's reported issues on #curl to give you an idea what we talk about.
We have manually gone trough them all and dismissed or addressed them. None of them has been deemed a security problem. Not all the PRs for the valid problems have been merged yet.
gist.github.com/bagder/d1fff7f…
round three from Joshua. GitHub Gist: instantly share code, notes, and snippets.Gist
One of the recent AI generated bug reports for #curl quite impressively identifies mismatches between a function header's comment mentioning that an argument is optional, but the code uses it unconditionally.
This taking comments into account certainly allows for some extra magic the classic code analyzers can't do.
#curl October 9. The same number of commits done this year (2433) so far as the entire previous top-year with the most commits (2024).
We're not dead yet.
The kerberos5 library Heimdal is one of three GSS libraries curl support. It has a memory leak triggered by the new test in #18917 and the project seems mostly abandoned. Drop support and steer use...GitHub
In the 28.7 days since the #curl release, we have merged 233 bugfixes (8.13 per day)
Yeah, its a little crazy here right now. Those kids with the new tools reporting problems... 😁
In the end we decided on *not* a #curl security issue, but it's not an easy one to make:
## Summary: In curl’s OpenSSL backend, `ossl_get_channel_binding` retains a new reference to the server’s X509 certificate via `SSL_get1_peer_certificate` and never releases it. When Negotiate...HackerOne
Mr @samueloph posted two videos on #wcurl and #curl in Debian:
"wcurl - one year later - DebConf 25" youtube.com/watch?v=RvnDvic2ea…
Short presentation about what happened since wcurl’s creation in May 17 2024 and what will happen next.
"curl maintainers BoF - DebConf 25" youtube.com/watch?v=OhTjgU7LIO…
curl maintainers meet-up to discuss HTTP3, GnuTLS, wcurl and other things.
curl maintainers meet-up to discuss HTTP3, GnuTLS, wcurl and other things.Presenter:Samuel Henrique "samueloph" is a software developer focused on Debian, Li...YouTube
libcurl notificiations are coming in curl 8.17.0 on November 5.
#curl
eissing.org/icing/posts/curl-n…
We just merged #18432 which adds a new feature to the curl API: notifications. This is not visible in the curl command line, only for applications using libcurl.icing's blog
"Don't Forget: Remote MCP Servers are Just #cURL Calls"
joshbeckman.org/blog/practicin…
You can call any streamable-http transport MCP (Model Context Protocol) server tool with any HTTP client - even cURL! And lots of things take cURL as example configuration (like Shopify Flow!), so it’s a good starting point for building things....Josh Beckman
AI has found 50 bugs in cURL. "AI-native SASTs work well"
#HackerNews #AI #cURL #bugs #SAST #cybersecurity #technology
Nyheter för dig som är verksam i den svenska elektronikbranschen som exempelvis tillverkare, konsult, distributör, finansiär, investerare, konstruktör eller tekniker.etn.se
Watched it and yes, DOT delivered another good introduction to a useful DX tool. I know it will make me use #cURL exponentially more.
It also made me install #xh as a complement. Both because I like how colors make it easier to analyse, and for it providing a less complex command for basic stuff.
But also for its "--curl" option ;)
Go to https://sponsr.is/kinsta_devopstoolbox to get your first month of Managed WordPress Hosting for free and migrate your website over at no cost!---For ye...YouTube
A small post about the upcoming support for native Apple SecTrust in curl 8.17.0.
#curl #apple
eissing.org/icing/posts/curl-a…
Today we merged a new feature in curl: support for Apple SecTrust. This will become available in curl 8.17.0, due to be released on the 5th of November 2025.icing's blog
Also this Friday, look at this lovely #curl PR by @icing that we just merged:
github.com/curl/curl/pull/1870…
configure/cmake support for enabling the option supported in OpenSSL and GnuTLS backends when configured, Apple SecTrust is the default trust store for peer verification. When one of the CURLOPT_* ...GitHub
On this day nine years ago I started my collection: "screenshotted #curl credits"
daniel.haxx.se/blog/2016/10/03…
If you have more or better screenshots, please share! This shot is taken from the ending sequence of the PC version of the game Grand Theft Auto V. 44 minutes in! See the youtube version. Sky HD is a satellite TV box. This is a Philips TV.daniel.haxx.se
We're dropping support for OpenSSL-QUIC in #curl soon: github.com/curl/curl/pull/1882…
We're removing support for OpenSSL 1.1.1 from curl even sooner: github.com/curl/curl/pull/1882…
URL: https://curl.se/mail/lib-2025-10/0000.htmlGitHub
On this day in 2002, we shipped curl 7.10. The first #curl version that did certificate checks by default when speaking TLS unless specifically asked not to.
How I maintain release notes for #curl
daniel.haxx.se/blog/2025/10/01…
I believe a good product needs clear and thorough documentation. I think shipping a quality product requires you to provide detailed and informative release notes. I try to live up to this in the curl project, and this is how we do it. https://www.daniel.haxx.se
At exactly three weeks since the previous #curl release we have merged no less than 148 bugfixes already...
Daniel Stenberg - @bagder - is ready!
AI slop attacks on the curl project
We're all excited!
#EuroBSDCon #ebc25 #ebc2025 #curl
everything there is to know about curl, libcurl and the cURL projecteverything.curl.dev
"A conversation with Daniel Stenberg, creator and maintainer of #curl, one of the most widely used networking tools on the internet. We talk about Daniel’s journey through decades of protocol work, the story of curl, what keeps him going, and how he balances open source with real life."
Interviews, monologues, and deep dives into Rust and modern networking systems.netstack.fm
@bagder Interesting. Was AI slop difficult to spot back in 2023?
## Summary: Hello security team, Hope you are doing well :) I would like to report a potential security vulnerability in the WebSocket handling code of the curl library. The issue is related to...HackerOne
Reminding the businesses that CRA compliance is not a problem with #curl
daniel.haxx.se/blog/2025/09/22…
As the Cyber Resilience Act (CRA) is getting closer and companies wanting to sell digital services in goods within the EU need to step up, tighten their procedures, improve their documentation and get control over their dependencies I feel it could b…daniel.haxx.se
Bye bye Kerberos FTP (in #curl)
daniel.haxx.se/blog/2025/09/19…
We are dropping support for this feature in curl 8.17.0. Kerberos5 FTP to be exact. The last Kerberos support we had for FTP.daniel.haxx.se
Working on adding Apple SecTrust support to curl (e.g. the native macOS and other Apple *OS system certificates store) and reaching out to the Homebrew/Macports people if they'd like that too or have other needs.
#curl
github.com/curl/curl/discussio…
In the general discussion about curl's handling of a "native CA" and our addition of support for using Apple's SecTrust directly, the question arose how homebrew and macports can/wont make use of t...GitHub
