Search
Items tagged with: curl
You can help #curl by testing this final release candidate, rc3, before the real release happens next week:
List support for SSL_CERT_FILE and SSL_CERT_DIR in TLS docs by bbodenmiller · Pull Request #16762 · curl/curl
List on TLS page as they are supported per https://curl.se/docs/manpage.htmlGitHub
how to do a #curl release has been viewed 27K times!
How to do a curl release - with Daniel Stenberg
Daniel makes the curl 8.12.0 release. Shows how a curl release is done. This is the 264th curl release. Shows the scripts, the procedures and the general pro...YouTube
Fix pluralization of seconds by dnicolson · Pull Request #16751 · curl/curl
This is similar to #16586. Can be tested with: curl --retry 2 xxx Before: curl: (6) Could not resolve host: xxx Warning: Problem : timeout. Will retry in 1 seconds. 2 retries left. curl: (6) Could...GitHub
A very common email reply to me:
"#curl is not deemed important enough for a support deal. I will instead submit a public issue/discussion item about [the discussed matter]"
CURLMOPT_SOCKETFUNCTION called with strange socket=0 · Issue #16799 · curl/curl
I did this I'm using a curl multi to to some http request, but I noticed the socket function is being called with weird socket fd=0 while fd 0 is not even managed by curl. I enabled trace with debu...GitHub
Two years ago we introduced the #libcurl header API, which also made it easier to extract headers with the #curl tool:
daniel.haxx.se/blog/2022/03/24…
Easier header-picking with curl
Okay you might ask, what's the news here? We've been able to get HTTP response headers with curl since virtually the stone age. Yes we have. Get the page and also show the headers: curl -i https://example.daniel.haxx.se
🛡️#Curl has been around for 26 years—and it’s still secure! How?
European Open Source Academy member, @bagder Stenberg, joined the latest episode of Security Weekly Productions, discussing how Curl and #libcurl have maintained security and reliability over decades.
A must-listen for #developers and #cybersecurity enthusiasts! 👨💻🔒
📺 Explore the episode : youtube.com/watch?v=0UavY_kKKic
👉 Learn more about the Academy : europeanopensource.academy/new…
#CyberSecurity #CurlProject #AppSec
Open Source in Europe Enters a New Era with a Successful First European Open Source Awards Ceremony | European Open Source Academy
A significant milestone for the European open source community was reached on January 30, 2025, when the European Open Source Awards (OSAwards 2025) celebrated the launch of the European Open Source Academy with the Inaugural Ceremony.europeanopensource.academy
Did you know that YOU can sponsor this year's #curl up? curl up is the annual curl developers meetup, this year taking place in May in Prague.
You can have your company name associated with the event while at the same time funding critical Internet infrastructure and one of the world's most widely used software components.
Just saying.
on this day, only twenty-five years ago, we shipped #curl 6.5 which introduced the fancy -w option
everything.curl.dev/usingcurl/…
Write out - everything curl
everything there is to know about curl, libcurl and the cURL projecteverything.curl.dev
I had forgotten this. Six years ago I researched the Refresh HTTP header field and came to the conclusion that #curl doesn't need to bother.
daniel.haxx.se/blog/2019/03/12…
Looking for the Refresh header
The other day someone filed a bug on curl that we don't support redirects with the Refresh header. This took me down a rabbit hole of Refresh header research and I've returned to share with you what I learned down there.daniel.haxx.se
We got another "critical vulnerability" on #curl reported. I figured you might enjoy it.
"The authentication mechanism in cURL does not properly restrict the number of failed authentication attempts, allowing an attacker to brute-force credentials"
Yawn. Away, away you go.
Two years since the big #curl 25 year celebration I'm looking at project numbers from back then and compare them with current ones.
19,800 more lines of code
23 additional man pages
428 new test cases
83 more CI jobs
229 new authors
30,800 USD more in bug bounties
18 new command line options
14 more operating systems
4557 commits more
We're not slowing down.
Raised an issue to discuss how to improve curl's MQTT message output.
github.com/curl/curl/issues/16…
Comments and insight requested to plan a possible PR as I can't see a way to fix it without it being a breaking change to current behaviour.
No way to parse multiple MQTT messages from the output stream · Issue #16633 · curl/curl
I did this I ran curl mqtt://test.mosquitto.org/curl/test --output test.out -N Then in a different terminal curl mqtt://test.mosquitto.org/curl/test -d "helloWorld" curl mqtt://test.mosquitto.org/c...GitHub
Remember: when you run #curl shipped by Apple with the --cacert flag it won't behave like #curl does everywhere else. As I wrote about last year. I think they're doing it wrong. They think its fine.
daniel.haxx.se/blog/2024/03/08…
the Apple curl security incident 12604
tldr: Apple thinks it is fine. I do not. On December 28 2023, bugreport 12604 was filed in the curl issue tracker. We get a lot issues filed most days so this fact alone was hardly anything out of the ordinary.daniel.haxx.se
#curl release candidate 1 for the pending release is here: curl.se/rc/
We'll appreciate if you take it for a spin and report any problems you find.
There was a question posed on the #curl IRC channel whether there's ever going to be a need to raise addressing or offsets from 64-bit to something larger, such as 128-bit.
I argue there is no need to do this. 64-bit can already address a very large amount of data. For example, many operating systems and filesystems have a limit of 2**64 for file sizes. But it is difficult to wrap your head around this; how much data can such a file really hold?
Some estimates (*) say that there's going to be around 181 ZB (zettabytes) of data in the world by the end of 2025.
This is only 9812 files if each file holds 2**64 bytes.
*) rivery.io/blog/big-data-statis…
Big data statistics: How much data is there in the world?
Data is growing at a faster rate than ever before. 90% percent of the world’s data was created in the last two years. And every two years, the volume of data across the world doubles in size.Kevin Bartley (Rivery)
Right now, we have less than ten open issues for the #curl project
Issues · curl/curl
A command line tool and library for transferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP...GitHub
#curl roadmap 2025
curl roadmap 2025 - with Daniel Stenberg
Things we may see added and done in curl during 2025.YouTube
At 21.4 days since the previous #curl release, we count merged in git since:
Bugfixes: 169 (7.91 per day)
Commit authors: 30, 12 new (total 1354)
Contributors: 42, 20 new (total 3363)
Commits: 262 (total 34545)
People are insane over here.
CURLWS_CONT bugfix by roberte777 · Pull Request #16512 · curl/curl
Currently, CURLWS_CONT does not function as specified by the docs. This is an attempt to modify its behavior to be more inline with documentation. This is my second attempt and attempts to implemen...GitHub
Fix pkcs11 uri checking for key files. by martxel · Pull Request #16591 · curl/curl
I have found this issue when trying to use the new PKCS#11 provider support in curl. I was getting the following error when trying to use a pkcs11 uri as a key, in curl 8.12.1: * crypto provider no...GitHub
The #curl roadmap 2025 webinar happens later today:
daniel.haxx.se/blog/2025/02/25…
The curl roadmap webinar 2025
On March 6 2025 at 18:00 UTC, I am doing a curl roadmap webinar, talking through a set of features and things I want to see happen in curl during 2025. Figure out my local time.daniel.haxx.se
Let me give you another peek into the everyday work of the #curl security team. A reported UAF we deem not a security problem:
curl disclosed on HackerOne: Use after free (read) in...
## Summary: [summary of the vulnerability] There is a use after free in `curl_multi_perform` when DoH resolver timeouts and `CURLOPT_PROXY` is used (see reproducer and stack trace) I found it via...HackerOne
request: clear sendbuf_hds_len when resetting request bufq by Aearsis · Pull Request #16573 · curl/curl
Without this, any usage of sendbuf_hds_len on a retried request is wrong. We noticed by getting debug callbacks with incorrect header len. We did not figure out how to trigger the retries in a test...GitHub
"Three generations in my family have used and loved #curl! That’s the kind of reliability you don’t see often in software." / Kalyani Pawar
💚
Three years ago today, the --json option shipped in a #curl release for the first time.
daniel.haxx.se/blog/2022/02/02…
curl dash-dash-json
The curl "cockpit" is yet again extended with a new command line option: --json. The 245th command line option.daniel.haxx.se
say hello to #curl's 268th command line option --upload-flags (just merged in master)
Use it to set properties for your IMAP upload: answered, deleted, draft, flagged, or seen