git-market/curl-curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-11 12:01:42 +08:00
Code Issues Actions 14 Packages Projects Releases Wiki Activity

RELEASE-NOTES: synced

Browse Source
This commit is contained in:
Daniel Stenberg 2026-03-24 09:09:30 +01:00
parent 5023d2fe27
commit 949b1ff34e
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 34 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
RELEASE-NOTES
View File

@ -11,14 +11,17 @@ This release includes the following changes:
o build: make NTLM disabled by default [90] o build: make NTLM disabled by default [90]
o cmake: drop support for CMake 3.17 and older [108] o cmake: drop support for CMake 3.17 and older [108]
o lib: add thread pool and queue [74]
o lib: drop support for < c-ares 1.16.0 [64] o lib: drop support for < c-ares 1.16.0 [64]
o lib: make SMB support opt-in [18] o lib: make SMB support opt-in [18]
o multi.h: add CURLMNWC_CLEAR_ALL [127]
o rtmp: drop support [91] o rtmp: drop support [91]
This release includes the following bugfixes: This release includes the following bugfixes:
o asyn-ares: drop orphaned variable references [86] o asyn-ares: drop orphaned variable references [86]
o asyn-ares: fix HTTPS-lookup when not on port 443 [100] o asyn-ares: fix HTTPS-lookup when not on port 443 [100]
o asyn-thrdd: fix clang-tidy unused value warning [125]
o autotools: limit checksrc target to ignore non-repo test sources [12] o autotools: limit checksrc target to ignore non-repo test sources [12]
o badwords-all: exit with correct code on errors [50] o badwords-all: exit with correct code on errors [50]
o badwords: combine the whitelisting into a single regex [1] o badwords: combine the whitelisting into a single regex [1]
@ -34,6 +37,7 @@ This release includes the following bugfixes:
o cmake: document functions used from Windows system DLLs [103] o cmake: document functions used from Windows system DLLs [103]
o cmake: resolve imported targets recursively when generating `libcurl.pc` [45] o cmake: resolve imported targets recursively when generating `libcurl.pc` [45]
o cmake: rework binutils ld hack to not read `LOCATION` property [41] o cmake: rework binutils ld hack to not read `LOCATION` property [41]
o config2setopts: make --capath work in proxy disabled builds [113]
o configure: fix `--with-ngtcp2=<path>` option for crypto libs [26] o configure: fix `--with-ngtcp2=<path>` option for crypto libs [26]
o configure: fix LibreSSL ngtcp2 1.15.0+ crypto lib selection logic [3] o configure: fix LibreSSL ngtcp2 1.15.0+ crypto lib selection logic [3]
o configure: prefer dependency-specific variables over `$withval` [35] o configure: prefer dependency-specific variables over `$withval` [35]
@ -42,6 +46,7 @@ This release includes the following bugfixes:
o curl_ctype.h: fix spelling in a couple of locally used macros [28] o curl_ctype.h: fix spelling in a couple of locally used macros [28]
o curl_get_line: error out on read errors [9] o curl_get_line: error out on read errors [9]
o curl_get_line: fix potential infinite loop when filename is a directory [46] o curl_get_line: fix potential infinite loop when filename is a directory [46]
o curl_version_info.md: clarify age details [69]
o CURLOPT_HAPROXY_CLIENT_IP.md: mention assuption on data format [96] o CURLOPT_HAPROXY_CLIENT_IP.md: mention assuption on data format [96]
o curlx_now(), prevent zero timestamp [93] o curlx_now(), prevent zero timestamp [93]
o DEPRECATE: fix minor release number typo o DEPRECATE: fix minor release number typo
@ -60,7 +65,9 @@ This release includes the following bugfixes:
o ftp: reject PWD responses containing control characters [95] o ftp: reject PWD responses containing control characters [95]
o gcc: guard `#pragma diagnostic` in core code for <4.6 [94] o gcc: guard `#pragma diagnostic` in core code for <4.6 [94]
o generate.bat: remove extra % from VC11 and VC12 runs o generate.bat: remove extra % from VC11 and VC12 runs
o genserv.pl: make external calls safe [119]
o getinfo: initialize `PureInfo` field `used_proxy` [43] o getinfo: initialize `PureInfo` field `used_proxy` [43]
o gnutls: fix clang-tidy warning with !verbose [126]
o hostip: clear the sockaddr_in6 structure before use [20] o hostip: clear the sockaddr_in6 structure before use [20]
o http2: clear the h2 session at delete [99] o http2: clear the h2 session at delete [99]
o HTTP3.md: drop outdated mentions of OpenSSL-QUIC [2] o HTTP3.md: drop outdated mentions of OpenSSL-QUIC [2]
@ -73,10 +80,10 @@ This release includes the following bugfixes:
o lib: always use Curl_1st_fatal instead of Curl_1st_err [89] o lib: always use Curl_1st_fatal instead of Curl_1st_err [89]
o libssh2: fix error handling on quote errors [21] o libssh2: fix error handling on quote errors [21]
o libtest: drop duplicate include [111] o libtest: drop duplicate include [111]
o md5/md4: enable unaligned access fast path on powerpc64 [65]
o mk-ca-bundle.pl: make generated timestamps deterministic [44] o mk-ca-bundle.pl: make generated timestamps deterministic [44]
o multi: improve wakeup and wait code [118] o multi: improve wakeup and wait code [118]
o netrc: find login-less password when user is given in URL [6] o netrc: find login-less password when user is given in URL [6]
o netrc: remove unused parsenetrc() macro for netrc-disabled [121]
o netrc: skip malformed macdef lines [67] o netrc: skip malformed macdef lines [67]
o openssl channel_binding: lookup digest algorithm without NID [117] o openssl channel_binding: lookup digest algorithm without NID [117]
o openssl: drop obsolete SSLv2 logic [27] o openssl: drop obsolete SSLv2 logic [27]
@ -103,10 +110,12 @@ This release includes the following bugfixes:
o tool_cb_wrt: fix no-clobber error handling [39] o tool_cb_wrt: fix no-clobber error handling [39]
o tool_cfgable: free the SSL signature algorithms [62] o tool_cfgable: free the SSL signature algorithms [62]
o tool_formparse: propagate my_get_line errors when reading headers [102] o tool_formparse: propagate my_get_line errors when reading headers [102]
o tool_getparam: use correct free function for libcurl memory [68]
o tool_ipfs: accept IPFS gateway URL without set port number [13] o tool_ipfs: accept IPFS gateway URL without set port number [13]
o tool_msgs: avoid null pointer deref for early errors [98] o tool_msgs: avoid null pointer deref for early errors [98]
o tool_operate: drop the scheme-guessing in the -G handling [54] o tool_operate: drop the scheme-guessing in the -G handling [54]
o tool_operate: fix condition for loading `curl-ca-bundle.crt` (Windows) [79] o tool_operate: fix condition for loading `curl-ca-bundle.crt` (Windows) [79]
o tool_operate: fix memory-leak on failed uploads [124]
o tool_operate: fix minor memory-leak on early error [23] o tool_operate: fix minor memory-leak on early error [23]
o tool_operhlp: fix `add_file_name_to_url()` result on OOM [32] o tool_operhlp: fix `add_file_name_to_url()` result on OOM [32]
o tool_operhlp: propagate low-level OOM in `add_file_name_to_url()` [112] o tool_operhlp: propagate low-level OOM in `add_file_name_to_url()` [112]
@ -116,10 +125,12 @@ This release includes the following bugfixes:
o transfer: enhance secure check [10] o transfer: enhance secure check [10]
o url: use the socks type for socks proxy [47] o url: use the socks type for socks proxy [47]
o url: use URL for url even in comments [52] o url: use URL for url even in comments [52]
o urlapi: fix handling of "file:///" [122]
o urlapi: make dedotdotify handle leading dots correctly [97] o urlapi: make dedotdotify handle leading dots correctly [97]
o urlapi: verify the last letter of a scheme when set explicitly [16] o urlapi: verify the last letter of a scheme when set explicitly [16]
o urldata: connection bit ipv6_ip is wrong [59] o urldata: connection bit ipv6_ip is wrong [59]
o urldata: import port types and conn destination format [57] o urldata: import port types and conn destination format [57]
o urldata: make hstslist only present in HSTS builds [120]
o urldata: make speeder_c uint32 [37] o urldata: make speeder_c uint32 [37]
o urldata: remove trailers_state [17] o urldata: remove trailers_state [17]
o wolfssl: fix handling of abrupt connection close [24] o wolfssl: fix handling of abrupt connection close [24]
@ -137,6 +148,9 @@ For all changes ever done in curl:
Planned upcoming removals include: Planned upcoming removals include:
o local crypto implementations
o NTLM
o SMB
o TLS-SRP support o TLS-SRP support
See https://curl.se/dev/deprecate.html See https://curl.se/dev/deprecate.html
@ -144,15 +158,15 @@ Planned upcoming removals include:
This release would not have looked like this without help, code, reports and This release would not have looked like this without help, code, reports and
advice from friends like these: advice from friends like these:
am-perip on hackerone, Carlos Henrique Lima Melara, crawfordxx, am-perip on hackerone, Carlos Henrique Lima Melara, crawfordxx, Dan Fandrich,
Daniel Stenberg, Ercan Ermis, fds242 on github, Flavio Amieiro, Daniel Stenberg, Ercan Ermis, fds242 on github, Flavio Amieiro,
Harry Sintonen, Henrique Pereira, James Fuller, Jason Stangroome, Kai Pastor, Harry Sintonen, Henrique Pereira, James Fuller, Jason Stangroome, Kai Pastor,
lg_oled77c5pua on hackerone, m777m0 on hackerone, Martin Dürrmeier, lg_oled77c5pua on hackerone, m777m0 on hackerone, Marcel Raad,
Michael Hendricks, Michael Kaufmann, Orgad Shaneh, Otis Cui Lei, Ray Satiro, Martin Dürrmeier, Michael Hendricks, Michael Kaufmann, Orgad Shaneh,
renovate[bot], Richard Tollerton, Rob Crittenden, Scott Boudreaux, Otis Cui Lei, Ray Satiro, renovate[bot], Richard Tollerton, Rob Crittenden,
Sergey Fedorov, Stefan Eissing, Viktor Szakats, Vladimír Marek, Scott Boudreaux, Sergey Fedorov, Stefan Eissing, Viktor Szakats,
Yoshiro Yoneya Vladimír Marek, Yoshiro Yoneya
(29 contributors) (31 contributors)
References to bug reports and discussions on issues: References to bug reports and discussions on issues:
@ -219,13 +233,15 @@ References to bug reports and discussions on issues:
[62] = https://curl.se/bug/?i=20915 [62] = https://curl.se/bug/?i=20915
[63] = https://curl.se/bug/?i=21057 [63] = https://curl.se/bug/?i=21057
[64] = https://curl.se/bug/?i=20911 [64] = https://curl.se/bug/?i=20911
[65] = https://curl.se/bug/?i=20985
[66] = https://curl.se/bug/?i=20787 [66] = https://curl.se/bug/?i=20787
[67] = https://curl.se/bug/?i=21049 [67] = https://curl.se/bug/?i=21049
[68] = https://curl.se/bug/?i=21075
[69] = https://curl.se/bug/?i=21052
[70] = https://curl.se/bug/?i=21007 [70] = https://curl.se/bug/?i=21007
[71] = https://curl.se/bug/?i=21006 [71] = https://curl.se/bug/?i=21006
[72] = https://curl.se/bug/?i=21003 [72] = https://curl.se/bug/?i=21003
[73] = https://curl.se/bug/?i=21005 [73] = https://curl.se/bug/?i=21005
[74] = https://curl.se/bug/?i=20916
[75] = https://curl.se/bug/?i=21001 [75] = https://curl.se/bug/?i=21001
[76] = https://curl.se/bug/?i=21053 [76] = https://curl.se/bug/?i=21053
[77] = https://curl.se/bug/?i=21050 [77] = https://curl.se/bug/?i=21050
@ -262,7 +278,16 @@ References to bug reports and discussions on issues:
[110] = https://curl.se/bug/?i=20709 [110] = https://curl.se/bug/?i=20709
[111] = https://curl.se/bug/?i=21046 [111] = https://curl.se/bug/?i=21046
[112] = https://curl.se/bug/?i=21011 [112] = https://curl.se/bug/?i=21011
[113] = https://curl.se/bug/?i=21063
[115] = https://curl.se/bug/?i=21041 [115] = https://curl.se/bug/?i=21041
[116] = https://curl.se/bug/?i=20864 [116] = https://curl.se/bug/?i=20864
[117] = https://curl.se/bug/?i=20590 [117] = https://curl.se/bug/?i=20590
[118] = https://curl.se/bug/?i=20832 [118] = https://curl.se/bug/?i=20832
[119] = https://curl.se/bug/?i=20971
[120] = https://curl.se/bug/?i=21068
[121] = https://curl.se/bug/?i=21067
[122] = https://curl.se/bug/?i=21070
[124] = https://curl.se/bug/?i=21062
[125] = https://curl.se/bug/?i=21061
[126] = https://curl.se/bug/?i=21060
[127] = https://curl.se/bug/?i=20968