git-market/curl-curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-11 12:01:42 +08:00
Code Issues Actions 14 Packages Projects Releases Wiki Activity

RELEASE-NOTES: synced

Browse Source
This commit is contained in:
Daniel Stenberg 2026-04-03 22:33:41 +02:00
parent 1bf663e32f
commit b1784ead8e
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 51 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
RELEASE-NOTES
View File

@ -4,8 +4,8 @@ curl and libcurl 8.20.0
Command line options: 273 Command line options: 273
curl_easy_setopt() options: 308 curl_easy_setopt() options: 308
Public functions in libcurl: 100 Public functions in libcurl: 100
Authors: 1460 Authors: 1461
Contributors: 3640 Contributors: 3643
This release includes the following changes: This release includes the following changes:
@ -20,6 +20,9 @@ This release includes the following changes:
This release includes the following bugfixes: This release includes the following bugfixes:
o altsvc: cap the list at 5,000 entries [183]
o altsvc: drop the prio field from the struct [185]
o altsvc: skip expired entries read from file [187]
o asyn-ares: drop orphaned variable references [86] o asyn-ares: drop orphaned variable references [86]
o asyn-ares: fix HTTPS-lookup when not on port 443 [100] o asyn-ares: fix HTTPS-lookup when not on port 443 [100]
o asyn-thrdd: fix clang-tidy unused value warning [125] o asyn-thrdd: fix clang-tidy unused value warning [125]
@ -42,6 +45,7 @@ This release includes the following bugfixes:
o cmake: add CMake Config-based dependency detection [87] o cmake: add CMake Config-based dependency detection [87]
o cmake: add CMake Config-based dependency detection for c-ares, wolfSSL [134] o cmake: add CMake Config-based dependency detection for c-ares, wolfSSL [134]
o cmake: document functions used from Windows system DLLs [103] o cmake: document functions used from Windows system DLLs [103]
o cmake: enable pthreads for BoringSSL/AWS-LC [196]
o cmake: resolve targets recursively when generating `libcurl.pc` [45] o cmake: resolve targets recursively when generating `libcurl.pc` [45]
o cmake: rework binutils ld hack to not read `LOCATION` property [41] o cmake: rework binutils ld hack to not read `LOCATION` property [41]
o cmake: silence bad library `Threads::Threads` warning [131] o cmake: silence bad library `Threads::Threads` warning [131]
@ -51,6 +55,7 @@ This release includes the following bugfixes:
o configure: fix LibreSSL ngtcp2 1.15.0+ crypto lib selection logic [3] o configure: fix LibreSSL ngtcp2 1.15.0+ crypto lib selection logic [3]
o configure: prefer dependency-specific variables over `$withval` [35] o configure: prefer dependency-specific variables over `$withval` [35]
o configure: remove superfluous experimental warning for HTTP/3 [169] o configure: remove superfluous experimental warning for HTTP/3 [169]
o cookie: fix rejection when tabs in value [189]
o curl-wolfssl.m4: fix to use the correct value for pkg-config directory [36] o curl-wolfssl.m4: fix to use the correct value for pkg-config directory [36]
o curl.h: replace macros with C++-friendly method to enforce 3 args [110] o curl.h: replace macros with C++-friendly method to enforce 3 args [110]
o curl_ctype.h: fix spelling in a couple of locally used macros [28] o curl_ctype.h: fix spelling in a couple of locally used macros [28]
@ -66,11 +71,13 @@ This release includes the following bugfixes:
o DEPRECATE: fix minor release number typo o DEPRECATE: fix minor release number typo
o digest: pass in the user name quoted (as well) [34] o digest: pass in the user name quoted (as well) [34]
o dnscache: own source file, improvements [116] o dnscache: own source file, improvements [116]
o docs/cmdline-opts: tidy up retry-connrefused [190]
o docs/lib: fix typos [53] o docs/lib: fix typos [53]
o docs: enable more compiler warnings for C snippets, fix 3 finds [71] o docs: enable more compiler warnings for C snippets, fix 3 finds [71]
o docs: list more dependencies for running Python HTTP tests [123] o docs: list more dependencies for running Python HTTP tests [123]
o docs: mention more zip bomb precautions [166] o docs: mention more zip bomb precautions [166]
o docs: minor wording tweaks o docs: minor wording tweaks
o docs: SSH host verification is done at connect time [197]
o doh: fix memory-leak when doing a second DoH resolve [55] o doh: fix memory-leak when doing a second DoH resolve [55]
o examples/websocket: fix to sleep more on Windows [92] o examples/websocket: fix to sleep more on Windows [92]
o examples: drop warning silencers no longer hit [14] o examples: drop warning silencers no longer hit [14]
@ -86,6 +93,9 @@ This release includes the following bugfixes:
o getinfo: initialize `PureInfo` field `used_proxy` [43] o getinfo: initialize `PureInfo` field `used_proxy` [43]
o gnutls: fix clang-tidy warning with !verbose [126] o gnutls: fix clang-tidy warning with !verbose [126]
o hostip: clear the sockaddr_in6 structure before use [20] o hostip: clear the sockaddr_in6 structure before use [20]
o HSTS: cap the list [177]
o hsts: make the HSTS read callback handle name dupes [141]
o hsts: skip expired HSTS entries read from file [188]
o hsts: when a dupe host adds subdomains, use that [130] o hsts: when a dupe host adds subdomains, use that [130]
o http2: clear the h2 session at delete [99] o http2: clear the h2 session at delete [99]
o http2: prevent secure schemes pushed over insecure connections [181] o http2: prevent secure schemes pushed over insecure connections [181]
@ -95,12 +105,16 @@ This release includes the following bugfixes:
o http: make Curl_compareheader handle multiple commas in header o http: make Curl_compareheader handle multiple commas in header
o imap: reset the UIDVALIDITY state between transfers [7] o imap: reset the UIDVALIDITY state between transfers [7]
o include: drop 'will' from public headers [73] o include: drop 'will' from public headers [73]
o INSTALL.md: update Cygwin instructions [198]
o keylog.h: replace literal number with macro in declaration [171] o keylog.h: replace literal number with macro in declaration [171]
o keylog: drop unused/redundant includes and guards [172] o keylog: drop unused/redundant includes and guards [172]
o ldap: drop duplicate `ldap_set_option()` on Windows [42] o ldap: drop duplicate `ldap_set_option()` on Windows [42]
o ldap: fix to initialize cleartext connection on Windows [49] o ldap: fix to initialize cleartext connection on Windows [49]
o lib: accept larger input to md5/hmac/sha256/sha512 functions [194]
o lib: always use Curl_1st_fatal instead of Curl_1st_err [89] o lib: always use Curl_1st_fatal instead of Curl_1st_err [89]
o lib: make resolving HTTPS DNS records reliable: [176]
o libssh2: fix error handling on quote errors [21] o libssh2: fix error handling on quote errors [21]
o libssh: path length precaution [164]
o libssh: propagate error back in SFTP function [178] o libssh: propagate error back in SFTP function [178]
o libtest: drop duplicate include [111] o libtest: drop duplicate include [111]
o location/follow: mention netrc [138] o location/follow: mention netrc [138]
@ -133,17 +147,20 @@ This release includes the following bugfixes:
o sha256: support delegating to wolfSSL API [148] o sha256: support delegating to wolfSSL API [148]
o share: concurrency handling, easy updates [104] o share: concurrency handling, easy updates [104]
o socks: reject zero-length GSSAPI/SSPI tokens from proxy [157] o socks: reject zero-length GSSAPI/SSPI tokens from proxy [157]
o spelling: fix typos [173]
o src: use ftruncate() unconditionally [128] o src: use ftruncate() unconditionally [128]
o sshserver.pl: harden more `system()` calls [81] o sshserver.pl: harden more `system()` calls [81]
o sshserver.pl: pass command-line to `system()` safely [82] o sshserver.pl: pass command-line to `system()` safely [82]
o strerr: correct the strerror_s() return code condition [25] o strerr: correct the strerror_s() return code condition [25]
o sws: fix potential OOB write [80] o sws: fix potential OOB write [80]
o synctime: fix off-by-one read and write to a read-only buffer (Windows) [85] o synctime: fix off-by-one read and write to a read-only buffer (Windows) [85]
o test 766: flag as timing-dependent [136]
o test459: switch to mode="warn" for stderr check [5] o test459: switch to mode="warn" for stderr check [5]
o testcurl.pl: replace shell commands with Perl `rmtree()` [76] o testcurl.pl: replace shell commands with Perl `rmtree()` [76]
o tests/unit/README: describe how to unit test static functions [60] o tests/unit/README: describe how to unit test static functions [60]
o tool: check for curlinfo->age when determining if ssh backend [77] o tool: check for curlinfo->age when determining if ssh backend [77]
o tool: fix memory mixups [106] o tool: fix memory mixups [106]
o tool: fix retries in parallel mode [137]
o tool: fix two more allocator mismatches [155] o tool: fix two more allocator mismatches [155]
o tool_cb_hdr: only truncate etags output when regular file [129] o tool_cb_hdr: only truncate etags output when regular file [129]
o tool_cb_rea: make waitfd() return void [168] o tool_cb_rea: make waitfd() return void [168]
@ -168,6 +185,8 @@ This release includes the following bugfixes:
o transfer: enable custom methods again on next transfer [30] o transfer: enable custom methods again on next transfer [30]
o transfer: enhance secure check [10] o transfer: enhance secure check [10]
o url: do not reuse a non-tls starttls connection if new requires TLS [145] o url: do not reuse a non-tls starttls connection if new requires TLS [145]
o url: improve connection reuse on negotiate [160]
o url: init req.no_body in DO so that it works for h2 push [161]
o url: use the socks type for socks proxy [47] o url: use the socks type for socks proxy [47]
o url: use URL for url even in comments [52] o url: use URL for url even in comments [52]
o urlapi: fix handling of "file:///" [122] o urlapi: fix handling of "file:///" [122]
@ -204,17 +223,19 @@ Planned upcoming removals include:
This release would not have looked like this without help, code, reports and This release would not have looked like this without help, code, reports and
advice from friends like these: advice from friends like these:
am-perip on hackerone, Arkadi Vainbrand, Carlos Henrique Lima Melara, Alex Hamilton, am-perip on hackerone, Arkadi Vainbrand,
crawfordxx, Dan Fandrich, Daniel Stenberg, dependabot[bot], Dexter Gerig, BlackFuffey on github, Carlos Henrique Lima Melara, crawfordxx, Dan Fandrich,
Ercan Ermis, fds242 on github, Flavio Amieiro, Greg Kroah-Hartman, Daniel Stenberg, dependabot[bot], Dexter Gerig, Ercan Ermis,
Harry Sintonen, Henrique Pereira, James Fuller, Jason Stangroome, Kai Pastor, fds242 on github, Flavio Amieiro, Geeknik Labs, Greg Kroah-Hartman,
Kaixuan Li, lg_oled77c5pua on hackerone, M42kL33 on hackerone, Harry Sintonen, Henrique Pereira, Izan on hackerone, James Fuller,
m777m0 on hackerone, Marcel Raad, Martin Dürrmeier, Michael Hendricks, Jason Stangroome, John Haugabook, Kai Pastor, Kaixuan Li,
Michael Kaufmann, Orgad Shaneh, Otis Cui Lei, Patrick Monnerat, Ray Satiro, lg_oled77c5pua on hackerone, M42kL33 on hackerone, m777m0 on hackerone,
renovate[bot], Richard Tollerton, Rob Crittenden, Scott Boudreaux, Marcel Raad, Martin Dürrmeier, Michael Hendricks, Michael Kaufmann,
Orgad Shaneh, Otis Cui Lei, Patrick Monnerat, Ray Satiro, renovate[bot],
Richard Tollerton, Rob Crittenden, Samuel Henrique, Scott Boudreaux,
Sergey Fedorov, Stefan Eissing, Viktor Szakats, Vladimír Marek, Sergey Fedorov, Stefan Eissing, Viktor Szakats, Vladimír Marek,
xkilua on hackerone, Yoshiro Yoneya xkilua on hackerone, Yoshiro Yoneya
(39 contributors) (45 contributors)
References to bug reports and discussions on issues: References to bug reports and discussions on issues:
@ -352,9 +373,12 @@ References to bug reports and discussions on issues:
[132] = https://curl.se/bug/?i=21167 [132] = https://curl.se/bug/?i=21167
[133] = https://curl.se/bug/?i=21097 [133] = https://curl.se/bug/?i=21097
[134] = https://curl.se/bug/?i=21098 [134] = https://curl.se/bug/?i=21098
[136] = https://curl.se/bug/?i=21155
[137] = https://curl.se/bug/?i=20669
[138] = https://curl.se/bug/?i=21091 [138] = https://curl.se/bug/?i=21091
[139] = https://curl.se/bug/?i=21093 [139] = https://curl.se/bug/?i=21093
[140] = https://curl.se/bug/?i=21096 [140] = https://curl.se/bug/?i=21096
[141] = https://curl.se/bug/?i=21201
[143] = https://curl.se/bug/?i=21084 [143] = https://curl.se/bug/?i=21084
[144] = https://curl.se/bug/?i=20936 [144] = https://curl.se/bug/?i=20936
[145] = https://curl.se/bug/?i=21082 [145] = https://curl.se/bug/?i=21082
@ -370,7 +394,10 @@ References to bug reports and discussions on issues:
[157] = https://curl.se/bug/?i=21159 [157] = https://curl.se/bug/?i=21159
[158] = https://curl.se/bug/?i=21144 [158] = https://curl.se/bug/?i=21144
[159] = https://curl.se/bug/?i=21135 [159] = https://curl.se/bug/?i=21135
[160] = https://curl.se/bug/?i=21203
[161] = https://curl.se/bug/?i=21194
[163] = https://curl.se/bug/?i=21134 [163] = https://curl.se/bug/?i=21134
[164] = https://curl.se/bug/?i=21193
[165] = https://curl.se/bug/?i=21152 [165] = https://curl.se/bug/?i=21152
[166] = https://curl.se/bug/?i=21143 [166] = https://curl.se/bug/?i=21143
[167] = https://curl.se/bug/?i=21147 [167] = https://curl.se/bug/?i=21147
@ -379,9 +406,22 @@ References to bug reports and discussions on issues:
[170] = https://curl.se/bug/?i=21136 [170] = https://curl.se/bug/?i=21136
[171] = https://curl.se/bug/?i=21141 [171] = https://curl.se/bug/?i=21141
[172] = https://curl.se/bug/?i=21137 [172] = https://curl.se/bug/?i=21137
[173] = https://curl.se/bug/?i=21198
[176] = https://curl.se/bug/?i=21175
[177] = https://curl.se/bug/?i=21190
[178] = https://curl.se/bug/?i=21122 [178] = https://curl.se/bug/?i=21122
[179] = https://curl.se/bug/?i=21123 [179] = https://curl.se/bug/?i=21123
[180] = https://curl.se/bug/?i=21121 [180] = https://curl.se/bug/?i=21121
[181] = https://curl.se/bug/?i=21113 [181] = https://curl.se/bug/?i=21113
[183] = https://curl.se/bug/?i=21183
[184] = https://curl.se/bug/?i=21119 [184] = https://curl.se/bug/?i=21119
[185] = https://curl.se/bug/?i=21188
[186] = https://curl.se/bug/?i=21112 [186] = https://curl.se/bug/?i=21112
[187] = https://curl.se/bug/?i=21187
[188] = https://curl.se/bug/?i=21186
[189] = https://curl.se/bug/?i=21185
[190] = https://curl.se/bug/?i=21182
[194] = https://curl.se/bug/?i=21174
[196] = https://curl.se/bug/?i=21168
[197] = https://curl.se/bug/?i=21173
[198] = https://curl.se/bug/?i=20995