curl and libcurl 8.7.0 Public curl releases: 255 Command line options: 258 curl_easy_setopt() options: 304 Public functions in libcurl: 93 Contributors: 3112 This release includes the following changes: o configure: add --disable-docs flag [16] o CURLINFO_USED_PROXY: return bool whether the proxy was used [24] o digest: support SHA-512/256 o DoH: add trace configuration [61] o write-out: add '%{proxy_used}' This release includes the following bugfixes: o _VARIABLES.md: improve the description [105] o ALTSVC.md: correct a typo [14] o asyn-ares: fix data race warning [88] o asyn-thread: use wakeup_close to close the read descriptor [1] o badwords: use hostname, not host name [46] o BINDINGS: add mcurl, the python binding [67] o bufq: writing into a softlimit queue cannot be partial [49] o c-hyper: add header collection writer in hyper builds [70] o cd2nroff: gen: make `\>` in input to render as plain '>' in output o cd2nroff: remove backticks from titles o checksrc.pl: fix handling .checksrc with CRLF [43] o cmake: add USE_OPENSSL_QUIC support [21] o cmake: add warning for using TLS libraries without 1.3 support [25] o cmake: enable `ENABLE_CURL_MANUAL` by default [112] o cmake: fix `CURL_WINDOWS_SSPI=ON` with Schannel disabled [117] o cmake: fix function description in comment [47] o cmake: fix install for older CMake versions [53] o cmake: fix libcurl.pc and curl-config library specifications [115] o cmdline-docs/Makefile: avoid using a fixed temp file name [5] o cmdline-docs: quote and angle bracket cleanup [45] o cmdline-opts/_EXITCODES: sync with libcurl-errors [80] o cmdline-opts/_VERSION: provide %VERSION correctly [87] o configure.ac: find libpsl with pkg-config [79] o configure: add warning for using TLS libraries without 1.3 support [26] o configure: build & install shell completions when enabled [85] o configure: do not link with nghttp3 unless necessary [7] o configure: Don't build shell completions when disabled [68] o configure: Don't make shell completions without perl [83] o connect.c: fix typo [17] o CONTRIBUTE: update the section on documentation format [96] o cookie.md: provide an example sending a fixed cookie [13] o cookie: if psl fails, reject the cookie [107] o curl: exit on config file parser errors [40] o curl: when allocating variables, add the name into the struct [37] o curl_setup.h: add curl_uint64_t internal type o curldown: fix email address in Copyright [89] o CURLOPT_POSTQUOTE.md: fix typo [36] o CURLOPT_SSL_CTX_FUNCTION.md: no promises of lifetime after return [104] o CURLOPT_WRITEFUNCTION.md: typo fix [41] o digest: add check for hashing error [111] o dist: make sure the http tests are in the tarball [29] o docs: add missing slashes to SChannel client certificate documentation [11] o docs: add necessary setup for nghttp3 [51] o docs: ascii version of manpage without nroff [121] o docs: dist curl*.1 and install without perl [64] o docs: make curldown do angle brackets like markdown [54] o docs: make sure curl.1 is included in dist tarballs [35] o docs: update minimal binary size in INSTALL.md o docs: use present tense [103] o examples: use present tense in comments [97] o file: use xfer buf for file:// transfers [23] o fopen: fix narrowing conversion warning on 32-bit Android [100] o form-string.md: correct the example [4] o ftp: do lineend conversions in client writer [32] o ftp: fix socket wait activity in ftp_domore_getsock [28] o ftp: tracing improvements [33] o ftp: treat a 226 arriving before data as a signal to read data [19] o gen.pl: make the "manpageification" faster [95] o gen: make `\>` in input to render as plain '>' in output [78] o getparam: make --ftp-ssl work again [90] o GIT-INFO: convert to markdown [114] o header.md: remove backslash, make nicer markdown [48] o HTTP/2: write response directly [12] o http2: fix push discard [124] o http2: push headers better cleanup [113] o HTTP3.md: adjust the OpenSSL QUIC install instructions [34] o http: better error message for HTTP/1.x response without status line [86] o http: move headers collecting to writer [71] o http_chunks: fix the accounting of consumed bytes [22] o http_chunks: remove unused 'endptr' variable [58] o https-proxy: use IP address and cert with ip in alt names [50] o hyper: implement unpausing via client reader [98] o lib582: remove code causing warning that is never run [38] o lib: add `void *ctx` to reader/writer instances [122] o lib: convert Curl_get_line to use dynbuf [42] o lib: Curl_read/Curl_write clarifications [101] o lib: enhance client reader resume + rewind [92] o lib: initialize output pointers to NULL before calling strto[ff,l,ul] [63] o lib: remove curl_mimepart object when CURL_DISABLE_MIME [72] o libcurl-docs: cleanups o libcurl-security.md: Active FTP passes on the local IP address [6] o libssh/libssh2: return error on too big range [75] o MANUAL.md: fix typo [66] o mbedtls: fix building when MBEDTLS_X509_REMOVE_INFO flag is defined [27] o mbedtls: use mbedtls_ssl_conf_{min|max}_tls_version [59] o md4: include strdup.h for the memdup proto [10] o mime: add client reader [126] o misc: fix typos in docs and lib [84] o mkhelp: simplify the generated hugehelp program [120] o mprintf: fix format prefix I32/I64 for windows compilers [77] o multi: add xfer_buf to multi handle [30] o multi: fix multi_sock handling of select_bits [81] o multi: make add_handle free any multi_easy [102] o ngtcp2: no recvbuf for stream [108] o ntml_wb: fix buffer type typo [2] o OpenSSL QUIC: adapt to v3.3.x [65] o openssl-quic: check on Windows that socket conv to int is possible [8] o openssl-quic: fix BIO leak and Windows warning [93] o openssl-quic: fix unity build, casing, indentation [94] o OS400: avoid using awk in the build scripts [20] o paramhlp: fix CRLF-stripping files with "-d @file" [116] o proxy1.0.md: fix example [15] o pytest: adapt to API change [106] o rustls: make curl compile with 0.12.0 [73] o schannel: fix hang on unexpected server close [57] o scripts: fix cijobs.pl for Azure and GHA o sendf: ignore response body to HEAD [18] o setopt: fix check for CURLOPT_PROXY_TLSAUTH_TYPE value [76] o setopt: fix disabling all protocols [99] o sha512_256: add support for GnuTLS and OpenSSL [110] o smtp: fix STARTTLS [91] o strtoofft: fix the overflow check [74] o test1165: improve pattern matching [60] o tests: support setting/using blank content env variables o TIMER_STARTTRANSFER: set the same for everyone [82] o tool_cb_hdr: only parse etag + content-disposition for 2xx [9] o tool_operate: change precedence of server Retry-After time [44] o tool_operate: do not set CURLOPT_QUICK_EXIT in debug builds [3] o trace-config.md: remove the mutexed options list [119] o transfer.c: break receive loop in speed limited transfers [125] o transfer: improve Windows SO_SNDBUF update limit [56] o urldata: move authneg bit from conn to Curl_easy [69] o version: allow building with ancient libpsl [52] o vtls: fix tls proxy peer verification [55] o vtls: revert "receive max buffer" + add test case [39] o websocket: fix curl_ws_recv() [62] o write-out.md: clarify error handling details [31] This release includes the following known bugs: o see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html) Planned upcoming removals include: o support for space-separated NOPROXY patterns See https://curl.se/dev/deprecate.html for details This release would not have looked like this without help, code, reports and advice from friends like these: 5533asdg on github, Andreas Kiefer, av223119 on github, Boris Verkhovskiy, Brett Buddin, Chris Webb, Dan Fandrich, Daniel Gustafsson, Daniel Stenberg, Daniel Szmulewicz, dependabot[bot], Dirk Hünniger, Dmitry Karpov, Dmitry Tretyakov, edmcln on github, Erik Schnetter, Evgeny Grin (Karlson2k), Fabian Vogt, Fabrice Fontaine, Faraz Fallahi, Gisle Vanem, Harry Sintonen, HsiehYuho on github, Jan Macku, Jiawen Geng, Joel Depooter, Jon Rumsey, Jordan Brown, Karthikdasari0423, Konstantin Vlasov, kpcyrd, Lars Kellogg-Stedman, LeeRiva, Louis Solofrizzo, Lukáš Zaoral, Marcel Raad, Michael Forney, Michael Kaufmann, Michał Antoniak, Nikita Taranov, Patrick Monnerat, Paweł Witas, Peter Krefting, RainRat, Ramiro Garcia, Ray Satiro, Richard Levitte, Robert Moreton, Rudi Heitbaum, Ryan Carsten Schmidt, Scott Mutter, Scott Talbert, Sebastian Neubauer, Sergey Bronnikov, Simon K, Stefan Eissing, Tal Regev, Viktor Szakats, vulnerabilityspotter on hackerone (59 contributors) References to bug reports and discussions on issues: [1] = https://curl.se/bug/?i=12836 [2] = https://curl.se/bug/?i=12825 [3] = https://curl.se/bug/?i=12834 [4] = https://curl.se/bug/?i=12822 [5] = https://curl.se/bug/?i=12829 [6] = https://curl.se/bug/?i=12867 [7] = https://curl.se/bug/?i=12833 [8] = https://curl.se/bug/?i=12861 [9] = https://curl.se/bug/?i=12866 [10] = https://curl.se/bug/?i=12849 [11] = https://curl.se/bug/?i=12854 [12] = https://curl.se/bug/?i=12828 [13] = https://curl.se/bug/?i=12868 [14] = https://curl.se/bug/?i=12852 [15] = https://curl.se/bug/?i=12856 [16] = https://curl.se/bug/?i=12832 [17] = https://curl.se/bug/?i=12858 [18] = https://curl.se/mail/lib-2024-02/0000.html [19] = https://curl.se/bug/?i=12823 [20] = https://curl.se/bug/?i=12826 [21] = https://curl.se/bug/?i=13034 [22] = https://curl.se/bug/?i=12937 [23] = https://curl.se/bug/?i=12750 [24] = https://curl.se/bug/?i=12719 [25] = https://curl.se/bug/?i=12900 [26] = https://curl.se/bug/?i=12900 [27] = https://curl.se/bug/?i=12904 [28] = https://curl.se/bug/?i=12901 [29] = https://curl.se/bug/?i=12914 [30] = https://curl.se/bug/?i=12805 [31] = https://curl.se/bug/?i=12909 [32] = https://curl.se/bug/?i=12878 [33] = https://curl.se/bug/?i=12902 [34] = https://curl.se/bug/?i=12896 [35] = https://curl.se/bug/?i=12892 [36] = https://curl.se/bug/?i=12926 [37] = https://curl.se/bug/?i=12891 [38] = https://curl.se/bug/?i=12890 [39] = https://curl.se/bug/?i=12885 [40] = https://curl.se/mail/archive-2024-02/0008.html [41] = https://curl.se/bug/?i=12889 [42] = https://curl.se/bug/?i=12846 [43] = https://curl.se/bug/?i=12924 [44] = https://curl.se/mail/archive-2024-01/0022.html [45] = https://curl.se/bug/?i=12884 [46] = https://curl.se/bug/?i=12888 [47] = https://curl.se/bug/?i=12879 [48] = https://curl.se/bug/?i=12877 [49] = https://curl.se/bug/?i=13020 [50] = https://curl.se/bug/?i=12838 [51] = https://curl.se/bug/?i=12859 [52] = https://curl.se/mail/archive-2024-02/0004.html [53] = https://curl.se/bug/?i=12920 [54] = https://curl.se/bug/?i=12869 [55] = https://curl.se/bug/?i=12831 [56] = https://curl.se/bug/?i=12911 [57] = https://curl.se/bug/?i=12894 [58] = https://curl.se/bug/?i=12996 [59] = https://curl.se/bug/?i=12905 [60] = https://curl.se/bug/?i=12903 [61] = https://curl.se/bug/?i=12411 [62] = https://curl.se/bug/?i=12945 [63] = https://curl.se/bug/?i=12995 [64] = https://curl.se/bug/?i=12921 [65] = https://curl.se/bug/?i=12933 [66] = https://curl.se/bug/?i=12965 [67] = https://curl.se/bug/?i=12962 [68] = https://curl.se/bug/?i=13027 [69] = https://curl.se/bug/?i=12949 [70] = https://curl.se/bug/?i=12880 [71] = https://curl.se/bug/?i=12880 [72] = https://curl.se/bug/?i=12948 [73] = https://curl.se/bug/?i=12989 [74] = https://curl.se/bug/?i=12990 [75] = https://curl.se/bug/?i=12983 [76] = https://curl.se/bug/?i=12981 [77] = https://curl.se/bug/?i=12944 [78] = https://curl.se/bug/?i=12977 [79] = https://curl.se/bug/?i=12947 [80] = https://curl.se/bug/?i=13015 [81] = https://curl.se/bug/?i=12971 [82] = https://curl.se/bug/?i=13052 [83] = https://curl.se/bug/?i=13022 [84] = https://curl.se/bug/?i=13019 [85] = https://curl.se/bug/?i=12906 [86] = https://curl.se/bug/?i=13045 [87] = https://curl.se/bug/?i=13008 [88] = https://curl.se/bug/?i=13065 [89] = https://curl.se/bug/?i=12997 [90] = https://curl.se/bug/?i=13006 [91] = https://curl.se/bug/?i=13048 [92] = https://curl.se/bug/?i=13026 [93] = https://curl.se/bug/?i=13043 [94] = https://curl.se/bug/?i=13044 [95] = https://curl.se/bug/?i=13041 [96] = https://curl.se/bug/?i=13046 [97] = https://curl.se/bug/?i=13003 [98] = https://curl.se/bug/?i=13075 [99] = https://curl.se/bug/?i=13004 [100] = https://curl.se/bug/?i=12998 [101] = https://curl.se/bug/?i=12964 [102] = https://curl.se/bug/?i=12992 [103] = https://curl.se/bug/?i=13001 [104] = https://curl.se/bug/?i=12999 [105] = https://curl.se/bug/?i=13040 [106] = https://curl.se/bug/?i=13037 [107] = https://curl.se/bug/?i=13033 [108] = https://curl.se/bug/?i=13073 [110] = https://curl.se/bug/?i=13070 [111] = https://curl.se/bug/?i=13072 [112] = https://curl.se/bug/?i=13028 [113] = https://curl.se/bug/?i=13054 [114] = https://curl.se/bug/?i=13074 [115] = https://curl.se/bug/?i=6169 [116] = https://curl.se/bug/?i=13063 [117] = https://curl.se/bug/?i=13061 [119] = https://curl.se/bug/?i=13031 [120] = https://curl.se/bug/?i=13047 [121] = https://curl.se/bug/?i=13047 [122] = https://curl.se/bug/?i=13035 [124] = https://curl.se/bug/?i=13055 [125] = https://curl.se/mail/lib-2024-03/0001.html [126] = https://curl.se/bug/?i=13039