Welcome to another curl release. Release presentation At 8:00 UTC (10:00 CEST), I do a live-streamed release presentation over at Twitch where I talk about all that is new in this release.
I chatted with @bagder about #Curl and the recent #AI happenings
It's always fun talking to Daniel, and I think there's a lot of good ideas in this one, especially on how to approach AI fueled contributions that aren't slop. And even suggestions on how to deal with slop contributions :)
Daniel Stenberg, the maintainer of Curl, discusses the increase in AI security reports that are wasting the time of maintainers. We discuss Curl’s new policy of banning the bad actors while establishing some pretty sane AI usage guidelines.
Had a small photo session to get some new material for the #curl release slide set for the release presentation tomorrow. Daisy the cat was not impressed.
Daniel makes the curl 8.12.0 release. Shows how a curl release is done. This is the 264th curl release. Shows the scripts, the procedures and the general pro...
**Update: För att kunna leverera mat och dryck så är registreringen nu tyvärr stängd. Varmt välkomna alla ni 139 som registrerat er och ser fram emot att s
In the 2015 time frame I had come to the conclusion that the curl logo could use modernization and I was toying with ideas of how it could be changed. The original had served us well, but it definitely had a 1990s era feel to it.
Yes! curl user survey 2025 The time has come for you to once again do your curl community duty. Run over and fill in the curl user survey and tell us about how you use curl etc.
SFTP, the SSH File Transfer Protocol, is a misleading name. It gives you the impression that it might be something like a secure version of FTP, perhaps something like FTPS but modeled over SSH instead of SSL.
I frequently drive past this mailbox and think of @bagder and #curl. I like to imagine the owners contacting Daniel for random plumbing issues after finding the curl license in their home owners insurance policy.
Yes! curl user survey 2025 The time has come for you to once again do your curl community duty. Run over and fill in the curl user survey and tell us about how you use curl etc.
**Update: För att kunna leverera mat och dryck så är registreringen nu tyvärr stängd. Varmt välkomna alla ni 139 som registrerat er och ser fram emot att s
@bagder Essentially, #curl commit 0ae0abbe72514a75c10bfc4108d9f254f594c086 broke updating #HardenedBSD packages for certain users who use HardenedBSD behind a fully Tor-ified network (a network that uses transparent Tor proxying).
Those users were unable to update their HardenedBSD systems since the package manager uses libcurl behind-the-scenes. Some of these users live in malicious environments (malicious to human life), with actively-exploited applications.
So, this prohibition had a real negative impact, putting our users in harm's way.
If curl had a way to bypass the prohibition, we would've been able to keep our users safe.
This is why I mention #Radicle: they, too, do not support the .onion TLD by default, but can be configured to provide that support.
Radicle has three options:
Default: No support, .onion domain lookups will fail.
SOCKS support where .onion lookups succeed.
Explicit transparent proxying support, so .onion lookups succeed
#curl build updates: curl-for-win Windows builds are now signed with cosign. Download page now includes links to these and to GPG signatures. The latest build uses zlib-ng instead of classic zlib as an experiment. curl.se/windows Daily builds (also for Linux and macOS) are also signed now with GPG and cosign: github.com/curl/curl-for-win/a…
On the completely impossible situation of blocking the Tor .onion TLD to avoid leaks, but at the same time not block it to make users able to do what they want.
This PR removes some guards around IDN which were causing punycode encoded domains starting with www (or anything other than xn-- to fail the conversion. Removing the if statement allows libcurl to...
In a recent educational trick, curl contributor James Fuller submitted a pull-request to the project in which he suggested a larger cleanup of a set of scripts.
Tor has introduced this new cool tool they call oniux. On the page announcing it they show off a #curl command line that hasn't worked for two years... since curl nowadays refuses to resolve .onion names like RFC 7686 says.
Introducing oniux: Kernel-level Tor isolation for any Linux app. This torsocks alternative uses namespaces to isolate Linux applications over the Tor network and eliminate data leaks.
It's been a while but here's a new graph I'm testing. Getting the complexity for every function in #curl then assigning that complexity for all lines in that function. This gives an "average complexity per source code line".
The other week we shipped the 266th curl release. This counter is perhaps a little inflated since it also includes the versions we did before we renamed it to curl, but still, there are hundreds of them.
yeah #curl has just 16 open issues. I'm a firm believer in not having a lot of open issues so we in fact never do. We work really hard on that. A project philosophy.
Instead of adding this information in another document, I now created a new one to maybe make it easier to find, discuss and to link.
At a later point we should probably merge it into the CONTRIBUT...
We have a CI job to spot unwanted utf8 letters in #curl PRs as we have noticed that GitHub will gladly show the for example (identical) Cyrillic version of a letter next to the Latin version in a diff and it is yes, entirely impossible for a human to spot the diff. I mean the diff is shown, but the significance of it is not.
Changing just a single letter like that in a URL hostname opens up for a world of grief.
Live the bleeding edge life, help out the #curl project and test the fresh 8.14.0-rc2 build: curl.se/rc/
(Do not use release candidates in production. They are work in progress. Use them for testing and verification only. Use actual releases in production.)
