Items tagged with: cURL

Search

Items tagged with: cURL


Working on adding Apple SecTrust support to curl (e.g. the native macOS and other Apple *OS system certificates store) and reaching out to the Homebrew/Macports people if they'd like that too or have other needs.
#curl

github.com/curl/curl/discussio…

#curl


#curl #cve


In this interview, Daniel Stenberg, lead developer of #cURL, discusses how the widely used tool remains secure across billions of devices, from cloud services to IoT. He shares insights into cURL’s decades-long journey of testing, reviewing, and refining its code to minimize risks.

Stenberg also explains the team’s approach to handling vulnerabilities, ensuring transparency, and maintaining trust in the open-source ecosystem.

helpnetsecurity.com/2025/09/18…

#curl


#curl


Starting now, the #curl man page is rendered to use the long form only of the command line options in text, instead of like before insist on mentioning both the short AND long option.

This should make the text easier on the eye. I could make it this way after having fixed so that the long-option-only also renders appropriate links in the web version.

A tiny step forward.

#curl


The plain ASCII version of the #curl man page consists of 37,720 words right now
#curl


#curl


#curl


#AI #ki #curl #slug


Feel free to point me to a piece of #curl documentation that is unclear whenever you fall over it and I'll try to improve it
#curl


2025 is already now the second busiest year ever in #curl history, when counting commits per year.
#curl


#curl


Coverity updated so I got to start the morning with 34 brand new false positives in #curl from the static code analyzer. ignore ignore ignore...
#curl


At some point I think it will only be fair to require --insecure for #curl to do an unauthenticated protocol transfer (unless it is localhost). For clear text http:// etc.
#curl


#curl


#curl


#curl


There's going to be more speak about AIs finding genuine security problems soon.

Google Big Sleep found one in #curl that we reveal tomorrow.... in about eight hours. (but no, we don't know how much was AI and how much was human or how many false positives they had to wade through to get there etc maybe they will let us know later?)

#curl


#curl


48 hours to #curl release

At **4** open issues: github.com/curl/curl/issues

#curl


#curl



In this newly disclosed #curl security report it is painfully obvious how the user's "clever" idea of using an AI to write the report made the report into a impenetrable wall of text instead of simply stating the problem in a few coherent paragraphs.

hackerone.com/reports/3324901

#curl


Having ongoing discussions about URL parsing differences as a basis for a #curl security vulnerability report made me check when I wrote my "my URL isn't your URL" blog post.

*Nine years ago*. And we have not made a single move towards a solution in all this time.

daniel.haxx.se/blog/2016/05/11…

#curl


Digital Extremes violate the #cURL license?

github.com/curl/curl/discussio…

If they do, that's a shame but there's not a lot I can do. Anyone who can verify this claim? (probably by scanning the binaries for known names or similar)

#curl


Today is exactly twelve years ago since we created the lib/http2.c source file in the #curl source tree, and doing HTTP would never be the same again.

The paradigm shift going from one transfer per connection to possibly multiple transfers per connection was massive and took many years until most of the bugs were ironed out.

#curl


#curl


it will be great to meet you there. And also for the #curl stickers, of course 🙂
#curl


#curl


Today we count *exactly* 3,500 named contributors to #curl
#curl


#curl


I did my first Linux install in years. I got to use #curl for the first time that I was aware of. It worked very well. Thank you for your service.
#curl


520 Wikipedia downloads per second are done with #curl
#curl