diff --git a/RELEASE-NOTES b/RELEASE-NOTES index d64e6e43e2..e0c6c0e902 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -11,14 +11,17 @@ This release includes the following changes: o build: make NTLM disabled by default [90] o cmake: drop support for CMake 3.17 and older [108] + o lib: add thread pool and queue [74] o lib: drop support for < c-ares 1.16.0 [64] o lib: make SMB support opt-in [18] + o multi.h: add CURLMNWC_CLEAR_ALL [127] o rtmp: drop support [91] This release includes the following bugfixes: o asyn-ares: drop orphaned variable references [86] o asyn-ares: fix HTTPS-lookup when not on port 443 [100] + o asyn-thrdd: fix clang-tidy unused value warning [125] o autotools: limit checksrc target to ignore non-repo test sources [12] o badwords-all: exit with correct code on errors [50] o badwords: combine the whitelisting into a single regex [1] @@ -34,6 +37,7 @@ This release includes the following bugfixes: o cmake: document functions used from Windows system DLLs [103] o cmake: resolve imported targets recursively when generating `libcurl.pc` [45] o cmake: rework binutils ld hack to not read `LOCATION` property [41] + o config2setopts: make --capath work in proxy disabled builds [113] o configure: fix `--with-ngtcp2=` option for crypto libs [26] o configure: fix LibreSSL ngtcp2 1.15.0+ crypto lib selection logic [3] o configure: prefer dependency-specific variables over `$withval` [35] @@ -42,6 +46,7 @@ This release includes the following bugfixes: o curl_ctype.h: fix spelling in a couple of locally used macros [28] o curl_get_line: error out on read errors [9] o curl_get_line: fix potential infinite loop when filename is a directory [46] + o curl_version_info.md: clarify age details [69] o CURLOPT_HAPROXY_CLIENT_IP.md: mention assuption on data format [96] o curlx_now(), prevent zero timestamp [93] o DEPRECATE: fix minor release number typo @@ -60,7 +65,9 @@ This release includes the following bugfixes: o ftp: reject PWD responses containing control characters [95] o gcc: guard `#pragma diagnostic` in core code for <4.6 [94] o generate.bat: remove extra % from VC11 and VC12 runs + o genserv.pl: make external calls safe [119] o getinfo: initialize `PureInfo` field `used_proxy` [43] + o gnutls: fix clang-tidy warning with !verbose [126] o hostip: clear the sockaddr_in6 structure before use [20] o http2: clear the h2 session at delete [99] o HTTP3.md: drop outdated mentions of OpenSSL-QUIC [2] @@ -73,10 +80,10 @@ This release includes the following bugfixes: o lib: always use Curl_1st_fatal instead of Curl_1st_err [89] o libssh2: fix error handling on quote errors [21] o libtest: drop duplicate include [111] - o md5/md4: enable unaligned access fast path on powerpc64 [65] o mk-ca-bundle.pl: make generated timestamps deterministic [44] o multi: improve wakeup and wait code [118] o netrc: find login-less password when user is given in URL [6] + o netrc: remove unused parsenetrc() macro for netrc-disabled [121] o netrc: skip malformed macdef lines [67] o openssl channel_binding: lookup digest algorithm without NID [117] o openssl: drop obsolete SSLv2 logic [27] @@ -103,10 +110,12 @@ This release includes the following bugfixes: o tool_cb_wrt: fix no-clobber error handling [39] o tool_cfgable: free the SSL signature algorithms [62] o tool_formparse: propagate my_get_line errors when reading headers [102] + o tool_getparam: use correct free function for libcurl memory [68] o tool_ipfs: accept IPFS gateway URL without set port number [13] o tool_msgs: avoid null pointer deref for early errors [98] o tool_operate: drop the scheme-guessing in the -G handling [54] o tool_operate: fix condition for loading `curl-ca-bundle.crt` (Windows) [79] + o tool_operate: fix memory-leak on failed uploads [124] o tool_operate: fix minor memory-leak on early error [23] o tool_operhlp: fix `add_file_name_to_url()` result on OOM [32] o tool_operhlp: propagate low-level OOM in `add_file_name_to_url()` [112] @@ -116,10 +125,12 @@ This release includes the following bugfixes: o transfer: enhance secure check [10] o url: use the socks type for socks proxy [47] o url: use URL for url even in comments [52] + o urlapi: fix handling of "file:///" [122] o urlapi: make dedotdotify handle leading dots correctly [97] o urlapi: verify the last letter of a scheme when set explicitly [16] o urldata: connection bit ipv6_ip is wrong [59] o urldata: import port types and conn destination format [57] + o urldata: make hstslist only present in HSTS builds [120] o urldata: make speeder_c uint32 [37] o urldata: remove trailers_state [17] o wolfssl: fix handling of abrupt connection close [24] @@ -137,6 +148,9 @@ For all changes ever done in curl: Planned upcoming removals include: + o local crypto implementations + o NTLM + o SMB o TLS-SRP support See https://curl.se/dev/deprecate.html @@ -144,15 +158,15 @@ Planned upcoming removals include: This release would not have looked like this without help, code, reports and advice from friends like these: - am-perip on hackerone, Carlos Henrique Lima Melara, crawfordxx, + am-perip on hackerone, Carlos Henrique Lima Melara, crawfordxx, Dan Fandrich, Daniel Stenberg, Ercan Ermis, fds242 on github, Flavio Amieiro, Harry Sintonen, Henrique Pereira, James Fuller, Jason Stangroome, Kai Pastor, - lg_oled77c5pua on hackerone, m777m0 on hackerone, Martin Dürrmeier, - Michael Hendricks, Michael Kaufmann, Orgad Shaneh, Otis Cui Lei, Ray Satiro, - renovate[bot], Richard Tollerton, Rob Crittenden, Scott Boudreaux, - Sergey Fedorov, Stefan Eissing, Viktor Szakats, Vladimír Marek, - Yoshiro Yoneya - (29 contributors) + lg_oled77c5pua on hackerone, m777m0 on hackerone, Marcel Raad, + Martin Dürrmeier, Michael Hendricks, Michael Kaufmann, Orgad Shaneh, + Otis Cui Lei, Ray Satiro, renovate[bot], Richard Tollerton, Rob Crittenden, + Scott Boudreaux, Sergey Fedorov, Stefan Eissing, Viktor Szakats, + Vladimír Marek, Yoshiro Yoneya + (31 contributors) References to bug reports and discussions on issues: @@ -219,13 +233,15 @@ References to bug reports and discussions on issues: [62] = https://curl.se/bug/?i=20915 [63] = https://curl.se/bug/?i=21057 [64] = https://curl.se/bug/?i=20911 - [65] = https://curl.se/bug/?i=20985 [66] = https://curl.se/bug/?i=20787 [67] = https://curl.se/bug/?i=21049 + [68] = https://curl.se/bug/?i=21075 + [69] = https://curl.se/bug/?i=21052 [70] = https://curl.se/bug/?i=21007 [71] = https://curl.se/bug/?i=21006 [72] = https://curl.se/bug/?i=21003 [73] = https://curl.se/bug/?i=21005 + [74] = https://curl.se/bug/?i=20916 [75] = https://curl.se/bug/?i=21001 [76] = https://curl.se/bug/?i=21053 [77] = https://curl.se/bug/?i=21050 @@ -262,7 +278,16 @@ References to bug reports and discussions on issues: [110] = https://curl.se/bug/?i=20709 [111] = https://curl.se/bug/?i=21046 [112] = https://curl.se/bug/?i=21011 + [113] = https://curl.se/bug/?i=21063 [115] = https://curl.se/bug/?i=21041 [116] = https://curl.se/bug/?i=20864 [117] = https://curl.se/bug/?i=20590 [118] = https://curl.se/bug/?i=20832 + [119] = https://curl.se/bug/?i=20971 + [120] = https://curl.se/bug/?i=21068 + [121] = https://curl.se/bug/?i=21067 + [122] = https://curl.se/bug/?i=21070 + [124] = https://curl.se/bug/?i=21062 + [125] = https://curl.se/bug/?i=21061 + [126] = https://curl.se/bug/?i=21060 + [127] = https://curl.se/bug/?i=20968