Items tagged with: cURL

Search

Items tagged with: cURL

Working on adding Apple SecTrust support to curl (e.g. the native macOS and other Apple *OS system certificates store) and reaching out to the Homebrew/Macports people if they'd like that too or have other needs.
#curl

github.com/curl/curl/discussio…


Apple Native CA and homebrew/macports · curl curl · Discussion #18597

In the general discussion about curl's handling of a "native CA" and our addition of support for using Apple's SecTrust directly, the question arose how homebrew and macports can/wont make use of t...
GitHub
#curl

#curl #cve

In this interview, Daniel Stenberg, lead developer of #cURL, discusses how the widely used tool remains secure across billions of devices, from cloud services to IoT. He shares insights into cURL’s decades-long journey of testing, reviewing, and refining its code to minimize risks.

Stenberg also explains the team’s approach to handling vulnerabilities, ensuring transparency, and maintaining trust in the open-source ecosystem.

helpnetsecurity.com/2025/09/18…


Behind the scenes of cURL with its founder: Releases, updates, and security - Help Net Security

Explore how the cURL project keeps billions of devices secure, from vulnerability handling to best practices and updates.
Mirko Zorz (Help Net Security)
#curl

#curl

Starting now, the #curl man page is rendered to use the long form only of the command line options in text, instead of like before insist on mentioning both the short AND long option.

This should make the text easier on the eye. I could make it this way after having fixed so that the long-option-only also renders appropriate links in the web version.

A tiny step forward.

#curl

The plain ASCII version of the #curl man page consists of 37,720 words right now
#curl

#curl

#curl

#AI #ki #curl #slug

Feel free to point me to a piece of #curl documentation that is unclear whenever you fall over it and I'll try to improve it
#curl

2025 is already now the second busiest year ever in #curl history, when counting commits per year.
a bar graph showing commits per year, 2025 has 2105 which is the second most ever, 2024 had 2433.
#curl

#curl

sure, I'm game for #curl diving.
#curl

Coverity updated so I got to start the morning with 34 brand new false positives in #curl from the static code analyzer. ignore ignore ignore...
#curl

At some point I think it will only be fair to require --insecure for #curl to do an unauthenticated protocol transfer (unless it is localhost). For clear text http:// etc.
#curl

#curl

#curl

#curl

#curl

There's going to be more speak about AIs finding genuine security problems soon.

Google Big Sleep found one in #curl that we reveal tomorrow.... in about eight hours. (but no, we don't know how much was AI and how much was human or how many false positives they had to wade through to get there etc maybe they will let us know later?)

#curl

#curl

#curl

48 hours to #curl release

At **4** open issues: github.com/curl/curl/issues


curl/curl

A command line tool and library for transferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP...
GitHub
#curl

#curl

#curl #websocket

#curl @Jim Fuller

Five days to #curl release...
#curl

In this newly disclosed #curl security report it is painfully obvious how the user's "clever" idea of using an AI to write the report made the report into a impenetrable wall of text instead of simply stating the problem in a few coherent paragraphs.

hackerone.com/reports/3324901


curl disclosed on HackerOne: libcurl: Host-Only Cookies Leak to...

libcurl canonicalizes numeric IPv4 hostnames during URL parsing and redirect handling (example: 127.000.000.001 to 127.0.0.1). When a host-only cookie (no Domain= attribute) is set, it is stored in...
HackerOne
#curl

Having ongoing discussions about URL parsing differences as a basis for a #curl security vulnerability report made me check when I wrote my "my URL isn't your URL" blog post.

*Nine years ago*. And we have not made a single move towards a solution in all this time.

daniel.haxx.se/blog/2016/05/11…


My URL isn’t your URL

When I started the precursor to the curl project, httpget, back in 1996, I wrote my first URL parser. Back then, the universal address was still called URL: Uniform Resource Locators. That spec was published by the IETF in 1994.
daniel.haxx.se
#curl

Digital Extremes violate the #cURL license?

github.com/curl/curl/discussio…

If they do, that's a shame but there's not a lot I can do. Anyone who can verify this claim? (probably by scanning the binaries for known names or similar)


Digital Extremes violate the cURL license · curl curl · Discussion #18474

Hi, I just want to let you know (and have there be a record) of the fact that Digital Extremes, a Canadian video-game-developer-turned-GaaS-developer, are using cURL (statically linked alongside Op...
GitHub
#curl

Today is exactly twelve years ago since we created the lib/http2.c source file in the #curl source tree, and doing HTTP would never be the same again.

The paradigm shift going from one transfer per connection to possibly multiple transfers per connection was massive and took many years until most of the bugs were ironed out.

#curl

#curl

it will be great to meet you there. And also for the #curl stickers, of course 🙂
#curl

#curl #eurobsdcon

#curl

#curl

Today we count *exactly* 3,500 named contributors to #curl
A graph showing number of contributors in the curl project from 1998 until today, starting at 1 up to 3,500 today
#curl

#curl

I did my first Linux install in years. I got to use #curl for the first time that I was aware of. It worked very well. Thank you for your service.
#curl

520 Wikipedia downloads per second are done with #curl
#curl