#curl adds parallel host control
daniel.haxx.se/blog/2025/08/01…
I'm convinced a lot of people have not yet figured out that curl has supported parallel downloads for six years already by now. Provided a practically unlimited number of URLs, curl can be asked to get them in a parallel fashion.daniel.haxx.se
This calm and lovely night, #curl got its 271st command line option merged and we call this baby --parallel-max-host
Enjoy!
github.com/curl/curl/pull/1805…
Where 'host' is protocol + hostname + portnumber.GitHub
Bring us your feedback on this idea and PR: make #curl output its cheat-sheet.
github.com/curl/curl/pull/1807…
Add a new argument "cheat-sheet" to -h, --help option that returns the content from the repo curl-cheat-sheet to the terminal.GitHub
Add defensive int overflow checking in the buffer queue allocation functions to prevent potential heap buffer overflows if large chunk sizes are ever used. The calculation sizeof(*chunk) + q->ch...GitHub
Option parsing in #curl. Something we can start using in two years or so.
daniel.haxx.se/blog/2025/07/31…
We have always had a custom command line option parser in curl. It is fast and uncomplicated and gives us the perfect mix of flexibility and function. It also saves us from importing or using code with another license.daniel.haxx.se
I'm happy to report that the glitches that could happen in #curl when you did more than 2.2 billion transfers in a single invoke are now history.
github.com/curl/curl/pull/1809…
Otherwise we could misbehave already at 2 billion URLs and we can't have that. A few of the counters are already correctly using the right type.GitHub
This change makes it possible to Append a DSN specification behind the MAIL and RCPT mail addresses in the smtp protocol. Currently, curl checks if these addresses start with a '<' or en...GitHub
Output nothing with #curl --out-null
daniel.haxx.se/blog/2025/07/30…
Downloading data from a remote URL is probably the single most common operation people do with curl. Often, users then add various additional options to the command line to extract information from that transfer but may also decide that the actually …daniel.haxx.se
Native Schannel TLS stack of #Windows was so unreliable it got axed from #curl:
* Never worked reliably under real‑world loads.
* Quirky, cumbersome API/architecture that broke integrations.
* Zero developer interest—nobody tested or maintained it.
* Pure maintenance drag with no real benefit.
So #Microsoft again shipped a built‑in that nobody uses, and projects ditch it entirely in favor of better third‑party alternatives.
daniel.haxx.se/blog/2025/07/29…
I hope that by now most readers of my blog have understood that curl, and libcurl specifically, is an architecture with a transfer core with a set of different backends plugged in. Backends powered by different third party libraries.daniel.haxx.se
Carving out msh3. #curl drops an HTTP/3 backend.
daniel.haxx.se/blog/2025/07/29…
I hope that by now most readers of my blog have understood that curl, and libcurl specifically, is an architecture with a transfer core with a set of different backends plugged in. Backends powered by different third party libraries.daniel.haxx.se
I got a #curl idea:
github.com/curl/curl/pull/1805…
Where 'host' is protocol + hostname + portnumber.GitHub
Specific to multiplexing with PIPEWAIT enabled - when a pending handle times out before its corresponding connecting handle, its timenode is erroneously inserted twice into the multi handle splay t...GitHub
Unconditionally enable _GNU_SOURCE when building on GNU/Hurd; this way it is possible to properly use/rely on GNU extensions e.g. accept4(), memrchr(), and the GNU strerror_r().GitHub
Ahmad Gani intercepts the sendto syscall to simulate short send, but curl incorrectly handles it. It keeps resending the version: sendto(4, "\x05", 1, MSG_NOSIGNAL, NULL, 0) = 1 sendt...GitHub
#curl creator mulls nixing bug bounty awards to stop AI slop
theregister.com/2025/07/15/cur…
: Maintainers struggle to handle growing flow of low-quality bug reports written by botsThomas Claburn (The Register)
#curl 8.15.0
Daniel walks through the changes done in 8.15.0, a whole bunch of his "favorite" bugfixes and then some of the upcoming new things that might be merged and i...YouTube
I'm Daniel Stenberg, maintainer and lead developer in the curl project. I stream curl related stuff. Release presentations, curl development and related topics.Twitch
My gut feeling says you need a new #curl release. So here is curl 8.15.0 just for you.
daniel.haxx.se/blog/2025/07/16…
Welcome to another curl release. A shorter cycle this time so we did not have time to merge many changes: there is just one logged. See below. This is the 269th release featuring 269 command line options.daniel.haxx.se
the accumulated work done with the help from more than 3460 individuals. 10474 days since that fine November day in 1996 when httpget first saw light.
9980 days since the first release we called #curl
Seven day embargo limit for #curl: git.hardenedbsd.org/shawn.webb…
It can take the #HardenedBSD project a full month to rebuild its package repos. And since we've built this software monoculture against libcurl, this will be FUN!
It was recently updated in this doc to seven, but there were *two* numbers mentioned and only one of them was updated leaving the paragraph quite confusing. Follow-up to 83c90e50472f32b74e388f6e524d...GitLab
Death by a thousand slops
daniel.haxx.se/blog/2025/07/14…
I have previously blogged about the relatively new trend of AI slop in vulnerability reports submitted to curl and how it hurts and exhausts us. This trend does not seem to slow down.daniel.haxx.se
How I do it.
Some words on how I work on #curl and lead the #curl project. Every day of the week. Year in, year out. It never ends.
daniel.haxx.se/blog/2025/07/13…
A while ago I received an email with this question. I've been subscribed to your weekly newsletter for a while now, receiving your weekly updates every Friday. I'm writing because I admire your consistency, focus, and perseverance.daniel.haxx.se
OpenSSL offers the following ML KEM hybrid algorithms. P256_ML_KEM_768 P384_ML_KEM_1024 X25519_ML_KEM_768 These algorithms are already supported by WolfSSL, but are not available for use by Curl. T...GitHub
Sponsor my laptop!
daniel.haxx.se/blog/2025/07/12…
For #curl of course. What else would I ever do?
I need to get myself a new laptop. My existing one is from 2017 and was already then not the most powerful one.daniel.haxx.se
Just fixing some typos using typosGitHub
Cybersecurity Risk Assessment Request
daniel.haxx.se/blog/2025/07/11…
With the new EU legislation Cyber Resiliency Act (CRA), there are new responsibilities and requirements put on manufacturers of digital products and services in Europe.daniel.haxx.se
More views on #curl vulnerabilities
daniel.haxx.se/blog/2025/07/10…
This is an intersection of two of my obsessions: graphs and vulnerability data for the curl project. In order to track and follow every imaginable angle of development, progression and (possible) improvements in the curl project we track and log lots…daniel.haxx.se
Started a curl discussion about adding an API call to retrieve information from a curl multi handle.
If you develop a libcurl application and you need information from a multi, please make your case.
#curl
github.com/curl/curl/discussio…
With the multi handle becoming the preferred way of operating curl for non-trivial applications, there are properties that an application is currently unable to observe and needs to deduce. The mos...GitHub
Follow-up to 4ccf3a3 #17783 Follow-up to b270fec #17858 Ref: #17857GitHub
