In the end we decided on *not* a #curl security issue, but it's not an easy one to make:
## Summary: In curl’s OpenSSL backend, `ossl_get_channel_binding` retains a new reference to the server’s X509 certificate via `SSL_get1_peer_certificate` and never releases it. When Negotiate...HackerOne
Mr @samueloph posted two videos on #wcurl and #curl in Debian:
"wcurl - one year later - DebConf 25" youtube.com/watch?v=RvnDvic2ea…
Short presentation about what happened since wcurl’s creation in May 17 2024 and what will happen next.
"curl maintainers BoF - DebConf 25" youtube.com/watch?v=OhTjgU7LIO…
curl maintainers meet-up to discuss HTTP3, GnuTLS, wcurl and other things.
curl maintainers meet-up to discuss HTTP3, GnuTLS, wcurl and other things.Presenter:Samuel Henrique "samueloph" is a software developer focused on Debian, Li...YouTube
libcurl notificiations are coming in curl 8.17.0 on November 5.
#curl
eissing.org/icing/posts/curl-n…
We just merged #18432 which adds a new feature to the curl API: notifications. This is not visible in the curl command line, only for applications using libcurl.icing's blog
"Don't Forget: Remote MCP Servers are Just #cURL Calls"
joshbeckman.org/blog/practicin…
You can call any streamable-http transport MCP (Model Context Protocol) server tool with any HTTP client - even cURL! And lots of things take cURL as example configuration (like Shopify Flow!), so it’s a good starting point for building things....Josh Beckman
AI has found 50 bugs in cURL. "AI-native SASTs work well"
#HackerNews #AI #cURL #bugs #SAST #cybersecurity #technology
Nyheter för dig som är verksam i den svenska elektronikbranschen som exempelvis tillverkare, konsult, distributör, finansiär, investerare, konstruktör eller tekniker.etn.se
Watched it and yes, DOT delivered another good introduction to a useful DX tool. I know it will make me use #cURL exponentially more.
It also made me install #xh as a complement. Both because I like how colors make it easier to analyse, and for it providing a less complex command for basic stuff.
But also for its "--curl" option ;)
Go to https://sponsr.is/kinsta_devopstoolbox to get your first month of Managed WordPress Hosting for free and migrate your website over at no cost!---For ye...YouTube
A small post about the upcoming support for native Apple SecTrust in curl 8.17.0.
#curl #apple
eissing.org/icing/posts/curl-a…
Today we merged a new feature in curl: support for Apple SecTrust. This will become available in curl 8.17.0, due to be released on the 5th of November 2025.icing's blog
Also this Friday, look at this lovely #curl PR by @icing that we just merged:
github.com/curl/curl/pull/1870…
configure/cmake support for enabling the option supported in OpenSSL and GnuTLS backends when configured, Apple SecTrust is the default trust store for peer verification. When one of the CURLOPT_* ...GitHub
On this day nine years ago I started my collection: "screenshotted #curl credits"
daniel.haxx.se/blog/2016/10/03…
If you have more or better screenshots, please share! This shot is taken from the ending sequence of the PC version of the game Grand Theft Auto V. 44 minutes in! See the youtube version. Sky HD is a satellite TV box. This is a Philips TV.daniel.haxx.se
We're dropping support for OpenSSL-QUIC in #curl soon: github.com/curl/curl/pull/1882…
We're removing support for OpenSSL 1.1.1 from curl even sooner: github.com/curl/curl/pull/1882…
URL: https://curl.se/mail/lib-2025-10/0000.htmlGitHub
On this day in 2002, we shipped curl 7.10. The first #curl version that did certificate checks by default when speaking TLS unless specifically asked not to.
How I maintain release notes for #curl
daniel.haxx.se/blog/2025/10/01…
I believe a good product needs clear and thorough documentation. I think shipping a quality product requires you to provide detailed and informative release notes. I try to live up to this in the curl project, and this is how we do it. https://www.daniel.haxx.se
At exactly three weeks since the previous #curl release we have merged no less than 148 bugfixes already...
Daniel Stenberg - @bagder - is ready!
AI slop attacks on the curl project
We're all excited!
#EuroBSDCon #ebc25 #ebc2025 #curl
everything there is to know about curl, libcurl and the cURL projecteverything.curl.dev
"A conversation with Daniel Stenberg, creator and maintainer of #curl, one of the most widely used networking tools on the internet. We talk about Daniel’s journey through decades of protocol work, the story of curl, what keeps him going, and how he balances open source with real life."
Interviews, monologues, and deep dives into Rust and modern networking systems.netstack.fm
@bagder Interesting. Was AI slop difficult to spot back in 2023?
## Summary: Hello security team, Hope you are doing well :) I would like to report a potential security vulnerability in the WebSocket handling code of the curl library. The issue is related to...HackerOne
Reminding the businesses that CRA compliance is not a problem with #curl
daniel.haxx.se/blog/2025/09/22…
As the Cyber Resilience Act (CRA) is getting closer and companies wanting to sell digital services in goods within the EU need to step up, tighten their procedures, improve their documentation and get control over their dependencies I feel it could b…daniel.haxx.se
Bye bye Kerberos FTP (in #curl)
daniel.haxx.se/blog/2025/09/19…
We are dropping support for this feature in curl 8.17.0. Kerberos5 FTP to be exact. The last Kerberos support we had for FTP.daniel.haxx.se
Working on adding Apple SecTrust support to curl (e.g. the native macOS and other Apple *OS system certificates store) and reaching out to the Homebrew/Macports people if they'd like that too or have other needs.
#curl
github.com/curl/curl/discussio…
In the general discussion about curl's handling of a "native CA" and our addition of support for using Apple's SecTrust directly, the question arose how homebrew and macports can/wont make use of t...GitHub
From suspicion to published #curl #CVE. The process.
daniel.haxx.se/blog/2025/09/18…
Every curl security report starts out with someone submitting an issue to us on https://hackerone.com/curl. The reporter tells us what they suspect and what they think the problem is.daniel.haxx.se
In this interview, Daniel Stenberg, lead developer of #cURL, discusses how the widely used tool remains secure across billions of devices, from cloud services to IoT. He shares insights into cURL’s decades-long journey of testing, reviewing, and refining its code to minimize risks.
Stenberg also explains the team’s approach to handling vulnerabilities, ensuring transparency, and maintaining trust in the open-source ecosystem.
helpnetsecurity.com/2025/09/18…
Explore how the cURL project keeps billions of devices secure, from vulnerability handling to best practices and updates.Mirko Zorz (Help Net Security)
Compare fwrite result to nmemb (items), not cb (bytes). In every case at the moment, size == 1, so this doesn't have any real functional change.GitHub
Time to drop support for Kerberos5 FTP in #curl
github.com/curl/curl/pull/1857…
It was accidentally broken in commit 0f4c439, shipped since 8.8.0 (May 2024) and yet not a single person has noticed or reported, indicating that we might as well drop support for FTP Kerberos. Krb...GitHub
literally the dumbest thing I've ever read
youtube.com/watch?v=-uxF4KNdTj…
#curl
Please stop.https://hackerone.com/reports/3340109🏫 MY COURSESSign-up for my FREE 3-Day C Course: https://lowlevel.academy🧙♂️ HACK YOUR CAREERWanna learn t...YouTube
RIP pthread_cancel() in curl. It was an interesting adventure.
#curl
eissing.org/icing/posts/rip_pt…
I posted about adding pthread_cancel use in curl about three weeks ago, we released this in curl 8.16.0 and it blew up right in our faces. Now, with #18540 we are ripping it out again.icing's blog
#curl 8.16.0
Daniel presents the security vulnerabilities, the changes, bugfixes in 8.16.0 and what might possibly be coming next.YouTube
#curl 8.16.0 was just released:
daniel.haxx.se/blog/2025/09/10…
I will live-stream a release presentation at 10:00 CEST on twitch
Welcome to one of the more feature-packed curl releases we have had in a while. Exactly eight weeks since we shipped 8.15.0.daniel.haxx.se
if there ever is a major incident in #curl, we now have a documented approach on how to work through it
daniel.haxx.se/blog/2025/09/09…
One of these mantras I keep repeating is how we in the curl project keep improving, keep polishing and keep tightening every bolt there is.daniel.haxx.se
