Skip to main content


Items tagged with: CURL

Over the last five years of #curl's bug-bounty we have received 489 submissions. For these 489 submissions the *median* first-response time has been, as calculated by Hackerone: 0 (zero) hours. If this does not ooze of awesomeness from a security team I don't know what does.

I presume they round or truncate to the nearest integer hour. Still means more than half of them got answered within an hour. Whenever or from wherever they were filed.

We take security seriously.


"#curl is being used by several hundred projects around the European Commission"

curl is everywhere for everyone

Not bad for a "hobby"!


Welcome Johann Sebastian Schicho as #curl commit author 1265:

Awesome, so much to learn wrt. libcurl! 😍 Posting links below in case anyone is looking for them ✨

📺 Getting started with libcurl

📺 Mastering libcurl

#curl #libcurl

In 10 days (at #curl up 2024) I will do this presentation - out of which I seem to already have about 100 slides prepared...

with all due respect this sounds like a confusing cli argument design. I am the one doing it wrong :’) I personally can never remember all the #curl arguments, only the most commonly used ones, and -X is one that is easy to remember and can be used for many occasions. Maybe the solution should be to prefer -X always and a separate argument for whether the redirects should follow explicitly given method

Welcome Gusted as #curl commit author 1264:

bonus graph: fixed/introduced vulnerabilities in #curl over time:

Today we celebrate the five year anniversary of #curl's bug-bounty. It has resulted in 69 reported vulnerabilities and almost 80,000 USD payouts. Out of a total of 439 submissions. 86 of them were considered "informative", which mostly means they were handled as normal bugs.

Submit your suspected curl securirty issue here:


Welcome Abdullah Alyan as #curl commit author 1263:

Apparently San Francisco gets to enjoy #curl command lines in ads...

They fit excellently on the #curl cheat sheet coaster...

This box landed on my doorstep. The #curl up 2024 preparations continue!

If you use brew’s curl on macOS, are you really using it? I installed and had curl setup a couple of years ago. Today it appears that curl was now pointing to Apple’s version, which has this issue ( Looks like brew doesn’t add a symlink for curl to /opt/homebrew/bin. Running `ln -s /opt/homebrew/opt/curl/bin/curl /opt/homebrew/bin` resolved the issue.

#macos #curl #security

#TLS #EncryptedClientHello #ECH support has been merged in #curl!

and in case you missed it: with the new addition of --ech, #curl now supports 259 command line options

Welcome Jiwoo Park as #curl commit author 1262:

Recent additions to the #CURL project from me

Anyone can contribute to an open source project. It is some effort, but you can push changes you make locally back to the project to improve it and make your improvements a part of the project.


Welcome daniel-j-h as #curl commit author 1261:

I think it is worth for #hyper and the #rust ecosystem to work as #curl backend but not other way around. The only reason for curl to support hyper is to validate that the backend api is flexible enough and to have another "validator" for such interface. But probably it is one of those piece of code that maintainers are happy to push to third parties 😅

Today I want to mention how nice #opensource can be! Look at this #cURL issue nice developers chatting on their own time about code and features with reproducible code and respect in mind! 😭 this is what I am here for!

Welcome to Stephen Farrell as #curl commit author 1260:

Support for RFC 9421 - HTTP Message Signatures in #curl ?


I wonder if @bagder is aware that millions of Garmin users are carrying a #curl licence credit on their wrists

Welcome blankie as #curl commit author 1259:

#curl sometimes fails to access some servers. In most situations the problem is not in curl itself but on the server side. Example:

1. Fails: curl

2. Works: curl -A 'Mozilla/5.0 xx Chrome/119'

3. Fails: curl -A 'Mozilla/5.0 xx Chrome/118'

4. Fails, too: curl -A 'Mozilla/5.0 xx Chrome/1189'

Perhaps they perform #filtering to obtain improved #security? It's hard to tell, but any serious attacker surely knows how to spoof the user agent string and bypass such simple #regex

I was reminded of the great #Cisco security fix of 2019


On this day twenty-six years ago, we shipped #curl 4.2

It introduced HTTPS support (powered by SSLeay) and the -T command line option.

As a bonus, a look at the original cURL logo:


Let's kick this fine Monday morning off with a #curl issue filed against curl 7.37.0, released in May 2014...


The #curl #git repository is cloned on average once every 6 seconds.
#git #curl

Today I found a TUI frontend for curl! 🔥

🌀**cute**: TUI HTTP client with API/auth key management and request history/storage.

🌐 Supports importing Postman collections!

🦀 Written in Rust & built with @ratatui_rs

⭐ GitHub:

#rustlang #ratatui #tui #curl #http #request #api #auth

Found another Curl resource; that always makes me giddy.
It's a set of command line cheat sheets accessible through super simple curl requests.



On this day, eleven years ago, we shipped #curl 7.30.0 which among lots of things introduced support for STARTTLS with imap, pop3 and smtp.


Welcome Toon Claes as #curl commit author 1258:

Welcome Colin Leroy-Mira as #curl commit author 1257: