| curl and libcurl 7.65.0 |
| |
| Public curl releases: 181 |
| Command line options: 221 |
| curl_easy_setopt() options: 268 |
| Public functions in libcurl: 80 |
| Contributors: 1929 |
| |
| This release includes the following changes: |
| |
| o CURLOPT_DNS_USE_GLOBAL_CACHE: removed [25] |
| o CURLOPT_MAXAGE_CONN: set the maximum allowed age for conn reuse [37] |
| o pipelining: removed [10] |
| |
| This release includes the following bugfixes: |
| |
| o --config: clarify that initial : and = might need quoting [17] |
| o AppVeyor: enable testing for WinSSL build [23] |
| o CURLMOPT_TIMERFUNCTION.3: warn about the recursive risk [52] |
| o CURLOPT_ADDRESS_SCOPE: fix range check and more [32] |
| o CURLOPT_CAINFO.3: with Schannel, you want Windows 8 or later [75] |
| o CURLOPT_CHUNK_BGN_FUNCTION.3: document the struct and time value [51] |
| o CURLOPT_READFUNCTION.3: see also CURLOPT_UPLOAD_BUFFERSIZE [71] |
| o CURL_MAX_INPUT_LENGTH: largest acceptable string input size [44] |
| o Curl_disconnect: treat all CONNECT_ONLY connections as "dead" [39] |
| o INTERNALS: Add code highlighting [47] |
| o OS400/ccsidcurl: replace use of Curl_vsetopt [50] |
| o OpenSSL: Report -fips in version if OpenSSL is built with FIPS [55] |
| o README.md: fix no-consecutive-blank-lines Codacy warning [22] |
| o VC15 project: remove MinimalRebuild |
| o VS projects: use Unicode for VC10+ [16] |
| o WRITEFUNCTION: add missing set_in_callback around callback [60] |
| o altsvc: Fix building with cookies disabled [38] |
| o auth: Rename the various authentication clean up functions [61] |
| o base64: build conditionally if there are users |
| o build-openssl.bat: lots of improvements and polish |
| o build: fix "clarify calculation precedence" warnings [63] |
| o checksrc.bat: ignore snprintf warnings in docs/examples [67] |
| o cirrus: Customize the disabled tests per FreeBSD version |
| o cmake: avoid linking executable for some tests with cmake 3.6+ [18] |
| o cmake: clear CMAKE_REQUIRED_LIBRARIES after each use [19] |
| o cmake: rename CMAKE_USE_DARWINSSL to CMAKE_USE_SECTRANSP [46] |
| o cmake: set SSL_BACKENDS [12] |
| o configure: avoid unportable `==' test(1) operator [1] |
| o configure: error out if OpenSSL wasn't detected when asked for [74] |
| o configure: fix default location for fish completions [13] |
| o cookie: Guard against possible NULL ptr deref [42] |
| o curl_easy_getinfo.3: fix minor formatting mistake |
| o curlver.h: use parenthesis in CURL_VERSION_BITS macro [45] |
| o docs/BUG-BOUNTY: bug bounty time [48] |
| o docs/INSTALL: fix broken link [62] |
| o documentation: Fix several typos [7] |
| o doh: acknowledge CURL_DISABLE_DOH |
| o doh: disable DOH for the cases it doesn't work [66] |
| o ftplistparser: fix LGTM alert "Empty block without comment" [14] |
| o http: Ignore HTTP/2 prior knowledge setting for HTTP proxies [54] |
| o http: acknowledge CURL_DISABLE_HTTP_AUTH |
| o http: mark bundle as not for multiuse on < HTTP/2 response [41] |
| o http_digest: Don't expose functions when HTTP and Crypto Auth are disabled [65] |
| o http_negotiate: do not treat failure of gss_init_sec_context() as fatal [53] |
| o http_ntlm: Corrected the name of the include guard [64] |
| o lib509: add missing include for strdup [22] |
| o lib557: initialize variables [22] |
| o makedebug: Fix ERRORLEVEL detection after running where.exe [58] |
| o mime: acknowledge CURL_DISABLE_MIME |
| o multi: improved HTTP_1_1_REQUIRED handling [2] |
| o nss: allow fifos and character devices for certificates [56] |
| o nss: provide more specific error messages on failed init [43] |
| o ntlm: Fix misaligned function comments for Curl_auth_ntlm_cleanup [70] |
| o ntlm: Support the NT response in the type-3 when OpenSSL doesn't include MD4 |
| o openssl: mark connection for close on TLS close_notify [36] |
| o openvms: Remove pre-processor for SecureTransport [40] |
| o openvms: Remove pre-processors for Windows [40] |
| o parse_proxy: use the URL parser API [72] |
| o parsedate: disabled on CURL_DISABLE_PARSEDATE |
| o pingpong: disable more when no pingpong protocols are enabled |
| o polarssl_threadlock: remove conditionally unused code [22] |
| o proxy: acknowledge DISABLE_PROXY more |
| o resolve: apply Happy Eyeballs philosophy to parallel c-ares queries [3] |
| o revert "multi: support verbose conncache closure handle" [69] |
| o sasl: Don't send authcid as authzid for the PLAIN mechanism as per RFC 4616 |
| o sasl: only enable if there's a protocol enabled using it |
| o scripts: fix typos |
| o singleipconnect: show port in the verbose "Trying ..." message |
| o smtp: fix compiler warning [15] |
| o socks5: user name and passwords must be shorter than 256 [8] |
| o socks: fix error message |
| o socksd: new SOCKS 4+5 server for tests [31] |
| o spnego_gssapi: fix return code on gss_init_sec_context() failure [53] |
| o ssh: define USE_SSH if SSH is enabled (any backend) [57] |
| o test1002: correct the name |
| o test2100: Fix typos in test description |
| o tests/server/util: fix Windows Unicode build [21] |
| o tests: Run global cleanup at end of tests [29] |
| o tests: make Impacket (SMB server) Python 3 compatible [11] |
| o tool_cb_wrt: fix bad-function-cast warning [5] |
| o tool_help: Warn if curl and libcurl versions do not match [28] |
| o tool_help: include <strings.h> for strcasecmp [4] |
| o transfer: fix LGTM alert "Comparison is always true" [14] |
| o travis: allow builds on branches named "ci" |
| o travis: install dependencies only when needed [24] |
| o travis: update some builds do Xenial [30] |
| o travis: updated mesalink builds [35] |
| o url: always clone the CUROPT_CURLU handle [26] |
| o urlapi: add CURLUPART_ZONEID to set and get [59] |
| o urlapi: require a non-zero host name length when parsing URL [73] |
| o urlapi: stricter CURLUPART_PORT parsing [33] |
| o urlapi: strip off zone id from numerical IPv6 addresses [49] |
| o urlapi: urlencode characters above 0x7f correctly [9] |
| o vauth/cleartext: update the PLAIN login to match RFC 4616 [27] |
| o vauth/oauth2: Fix OAUTHBEARER token generation [6] |
| o vauth: Fix incorrect function description for Curl_auth_user_contains_domain [68] |
| o vtls: fix potential ssl_buffer stack overflow [76] |
| o wildcard: disable from build when FTP isn't present |
| o winbuild: Support MultiSSL builds [34] |
| o xattr: skip unittest on unsupported platforms [20] |
| |
| This release includes the following known bugs: |
| |
| o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html) |
| |
| This release would not have looked like this without help, code, reports and |
| advice from friends like these: |
| |
| Aron Bergman, Brad Spencer, cclauss on github, Dan Fandrich, |
| Daniel Gustafsson, Daniel Stenberg, Eli Schwartz, Even Rouault, |
| Frank Gevaerts, Gisle Vanem, Isaiah Norton, Jakub Zakrzewski, Jan Ehrhardt, |
| Jeroen Ooms, Jonathan Cardoso Machado, Jonathan Moerman, |
| Joombalaya on github, Kamil Dudka, Kristoffer Gleditsch, l00p3r on Hackerone, |
| Leonardo Taccari, Marcel Raad, Mert Yazıcıoğlu, nevv on HackerOne/curl, |
| niner on github, Paolo Mossino, Patrick Monnerat, Po-Chuan Hsieh, |
| Poul T Lomholt, Ray Satiro, Reed Loden, Ricardo Gomes, Ricky Leverence, |
| Rikard Falkeborn, Roy Bellingan, Simon Warta, Steve Holme, Taiyu Len, |
| Tim Rühsen, Tom van der Woerdt, Tseng Jun, Viktor Szakats, Wenchao Li, |
| Wyatt O'Day, XmiliaH on github, Yiming Jing, |
| (46 contributors) |
| |
| Thanks! (and sorry if I forgot to mention someone) |
| |
| References to bug reports and discussions on issues: |
| |
| [1] = https://curl.haxx.se/bug/?i=3709 |
| [2] = https://curl.haxx.se/bug/?i=3707 |
| [3] = https://curl.haxx.se/bug/?i=3699 |
| [4] = https://curl.haxx.se/bug/?i=3715 |
| [5] = https://curl.haxx.se/bug/?i=3718 |
| [6] = https://curl.haxx.se/bug/?i=2487 |
| [7] = https://curl.haxx.se/bug/?i=3724 |
| [8] = https://curl.haxx.se/bug/?i=3737 |
| [9] = https://curl.haxx.se/bug/?i=3741 |
| [10] = https://curl.haxx.se/bug/?i=3651 |
| [11] = https://curl.haxx.se/bug/?i=3731 |
| [12] = https://curl.haxx.se/bug/?i=3736 |
| [13] = https://curl.haxx.se/bug/?i=3723 |
| [14] = https://curl.haxx.se/bug/?i=3732 |
| [15] = https://curl.haxx.se/bug/?i=3729 |
| [16] = https://curl.haxx.se/bug/?i=3720 |
| [17] = https://curl.haxx.se/bug/?i=3738 |
| [18] = https://curl.haxx.se/bug/?i=3744 |
| [19] = https://curl.haxx.se/bug/?i=3743 |
| [20] = https://curl.haxx.se/bug/?i=3759 |
| [21] = https://curl.haxx.se/bug/?i=3758 |
| [22] = https://curl.haxx.se/bug/?i=3739 |
| [23] = https://curl.haxx.se/bug/?i=3725 |
| [24] = https://curl.haxx.se/bug/?i=3721 |
| [25] = https://curl.haxx.se/bug/?i=3654 |
| [26] = https://curl.haxx.se/bug/?i=3753 |
| [27] = https://curl.haxx.se/bug/?i=3757 |
| [28] = https://curl.haxx.se/bug/?i=3774 |
| [29] = https://curl.haxx.se/bug/?i=3783 |
| [30] = https://curl.haxx.se/bug/?i=3777 |
| [31] = https://curl.haxx.se/bug/?i=3752 |
| [32] = https://curl.haxx.se/bug/?i=3713 |
| [33] = https://curl.haxx.se/bug/?i=3762 |
| [34] = https://curl.haxx.se/bug/?i=3772 |
| [35] = https://curl.haxx.se/bug/?i=3823 |
| [36] = https://curl.haxx.se/bug/?i=3750 |
| [37] = https://curl.haxx.se/bug/?i=3782 |
| [38] = https://curl.haxx.se/bug/?i=3717 |
| [39] = https://curl.haxx.se/mail/lib-2019-04/0052.html |
| [40] = https://curl.haxx.se/bug/?i=3768 |
| [41] = https://curl.haxx.se/bug/?i=3813 |
| [42] = https://curl.haxx.se/bug/?i=3820 |
| [43] = https://curl.haxx.se/bug/?i=3808 |
| [44] = https://curl.haxx.se/bug/?i=3805 |
| [45] = https://curl.haxx.se/bug/?i=3809 |
| [46] = https://curl.haxx.se/bug/?i=3769 |
| [47] = https://curl.haxx.se/bug/?i=3801 |
| [48] = https://curl.haxx.se/bug/?i=3488 |
| [49] = https://curl.haxx.se/bug/?i=3817 |
| [50] = https://curl.haxx.se/bug/?i=3833 |
| [51] = https://curl.haxx.se/bug/?i=3829 |
| [52] = https://curl.haxx.se/bug/?i=3537 |
| [53] = https://curl.haxx.se/bug/?i=3726 |
| [54] = https://curl.haxx.se/bug/?i=3570 |
| [55] = https://curl.haxx.se/bug/?i=3771 |
| [56] = https://curl.haxx.se/bug/?i=3807 |
| [57] = https://curl.haxx.se/bug/?i=3846 |
| [58] = https://curl.haxx.se/bug/?i=3838 |
| [59] = https://curl.haxx.se/bug/?i=3834 |
| [60] = https://curl.haxx.se/bug/?i=3837 |
| [61] = https://curl.haxx.se/bug/?i=3869 |
| [62] = https://curl.haxx.se/bug/?i=3818 |
| [63] = https://curl.haxx.se/bug/?i=3866 |
| [64] = https://curl.haxx.se/bug/?i=3867 |
| [65] = https://curl.haxx.se/bug/?i=3861 |
| [66] = https://curl.haxx.se/bug/?i=3850 |
| [67] = https://curl.haxx.se/bug/?i=3862 |
| [68] = https://curl.haxx.se/bug/?i=3860 |
| [69] = https://curl.haxx.se/bug/?i=3856 |
| [70] = https://curl.haxx.se/bug/?i=3858 |
| [71] = https://curl.haxx.se/bug/?i=3885 |
| [72] = https://curl.haxx.se/bug/?i=3878 |
| [73] = https://curl.haxx.se/bug/?i=3880 |
| [74] = https://curl.haxx.se/bug/?i=3824 |
| [75] = https://curl.haxx.se/bug/?i=3711 |
| [76] = https://curl.haxx.se/bug/?i=3863 |