Google Git
Sign in
android / platform / external / curl / 814dc4b24 / . / RELEASE-NOTES
blob: 6afc7fe4f6cf3d552b99a78a7c06a178fb735879 [file] [log] [blame]
curl and libcurl 8.3.0
Public curl releases: 251
Command line options: 257
curl_easy_setopt() options: 303
Public functions in libcurl: 92
Contributors: 2961
This release includes the following changes:
o curl: make %output{} in -w specify a file to write to [36]
o gskit: remove [71]
o lib: --disable-bindlocal builds curl without local binding support
o nss: remove support for this TLS library [10]
o tool: add "variable" support [1]
o trace: make tracing available in non-debug builds [41]
o url: change default value for CURLOPT_MAXREDIRS to 30 [46]
o urlapi: CURLU_PUNY2IDN - convert from punycode to IDN name [54]
o wolfssl: support loading system CA certificates [8]
This release includes the following bugfixes:
o bearssl: don't load CA certs when peer verification is disabled [33]
o bearssl: handshake fix, provide proper get_select_socks() implementation [99]
o build: streamline non-UWP wincrypt detections [87]
o c-hyper: adjust the hyper to curlcode conversion [52]
o cf-haproxy: make CURLOPT_HAPROXY_CLIENT_IP set the *source* IP [61]
o cf-socket: log successful interface bind [39]
o CI/cirrus: disable python install on FreeBSD [83]
o CI: add caching to many jobs [19]
o cmake: add GnuTLS option [103]
o cmake: add support for single libcurl compilation pass [21]
o cmake: allow `SHARE_LIB_OBJECT=ON` on all platforms [80]
o cmake: assume `wldap32` availability on Windows [81]
o cmake: cache more config and delete unused ones [4]
o cmake: detect `SSL_set0_wbio` in OpenSSL [22]
o cmake: drop `HAVE_LIBWINMM` and `HAVE_LIBWS2_32` feature checks [68]
o cmake: fix to use variable for the curl namespace [79]
o cmake: fixup H2 duplicate symbols for unity builds [23]
o cmake: support building static and shared libcurl in one go [17]
o cmdline-opts/docs: mention the negative option part [90]
o cmdline-opts/page-header: reorder, clean up [51]
o configure, cmake, lib: more form api deprecation [7]
o configure: use the pkg-config --libs-only-l flag for libssh2 [16]
o cookie-jar.d: emphasize that this option is ONLY writing cookies [72]
o crypto: ensure crypto initialization works [69]
o CURLINFO_CERTINFO.3: better explain curl_certinfo struct [64]
o CURLINFO_TLS_SSL_PTR.3: clarify a recommendation [75]
o CURLOPT_*TIMEOUT*: extend and clarify [101]
o CURLOPT_SSL_VERIFYPEER.3: mention it does not load CA certs when disabled [42]
o docs/cmdline-opts/gen.pl: hide "added in" before 7.50.0 [76]
o docs/cmdline-opts: spellfixes, typos and polish [9]
o docs/cmdline: add small "warning" to verbose options [59]
o docs/cmdline: remove repeated working for negotiate + ntlm [58]
o docs/HYPER.md: document a workaround for a link error [73]
o docs: link to the website versions instead of markdowns [3]
o easy: remove #ifdefs to make code easier on the eye [34]
o egd: delete feature detection and related source code [5]
o gen.pl: escape all dashes (ascii minus) to avoid unicode hyphens [50]
o gen.pl: replace all single quotes with aq [78]
o GHA: adding quiche workflow [35]
o headers: accept leading whitespaces on first response header [37]
o http2: avoid too early connection re-use/multiplexing [20]
o http2: cleanup trace messages [56]
o http2: disable asssertion blocking OSSFuzz testing [31]
o http2: fix in h2 proxy tunnel: progress in ingress on sending [32]
o http2: upgrade tests and add fix for non-existing stream [44]
o http3/ngtcp2: shorten handshake, trace cleanup [13]
o http3: quiche, handshake optimization, trace cleanup [63]
o http: do not require a user name when using CURLAUTH_NEGOTIATE [86]
o http: remove the p_pragma struct field [60]
o http: return error when receiving too large header set [43]
o imap: add a check for failing strdup()
o imap: remove the only sscanf() call in the IMAP code [84]
o include/curl/mprintf.h: add __attribute__ for the prototypes [38]
o lib: build fixups when built with most things disabled [97]
o lib: fix a few *printf() flag mistakes [47]
o lib: move mimepost data from ->req.p.http to ->state [94]
o list-only.d: mention SFTP as supported protocol [55]
o macOS: fix target detection more [11]
o misc: fix various typos [18]
o openssl: auto-detect `SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED` [65]
o openssl: make aws-lc version support OCSP [48]
o openssl: Support async cert verify callback [24]
o openssl: switch to modern init for LibreSSL 2.7.0+ [70]
o openssl: use `SSL_CTX_set_ciphersuites` with LibreSSL 3.4.1 [66]
o openssl: use `SSL_CTX_set_keylog_callback` with LibreSSL 3.5.0 [67]
o os400: do not check translatable options at build time [95]
o page-footer: QLOGDIR works with ngtcp2 and quiche [62]
o page-header: move up a URL paragraph from GLOBBING to URL
o quiche: adjust quiche `QUIC_IDLE_TIMEOUT` to 60s
o quiche: enable quiche to handle timeout events [82]
o resolve: use PF_INET6 family lookups when CURL_IPRESOLVE_V6 is set [2]
o Revert "schannel: reverse the order of certinfo insertions" [14]
o schannel: fix user-set legacy algorithms in Windows 10 & 11 [53]
o schannel: verify hostname independent of verify cert [74]
o sectransp: prevent CFRelease() of NULL [26]
o test1304: build and skip without netrc support
o test1554: check translatable string options in OS400 wrapper [96]
o test1608: make it build and get skipped without shuffle DNS support
o test687/688: two more basic --xattr tests [89]
o tests/tftpd+mqttd: make variables static to silence picky warnings [57]
o tests: add 'large-time' as a testable feature [92]
o tests: ensure `libcurl.def` contains all exports [45]
o tests: fix h3 server check and parallel instances [6]
o tests: TLS session sharing test [100]
o tool: make the length argument an int for printf()-.* flags [49]
o tool_cb_wrt: fix invalid unicode for windows console [25]
o tool_operate: allow both SSL_CERT_FILE and SSL_CERT_DIR [12]
o tool_urlglob: use the correct format specifier for curl_off_t in msnprintf [88]
o transfer: don't set TIMER_STARTTRANSFER on first send [77]
o unit2600: fix build warning if built without verbose messages
o url: remove infof() output for "still name resolving" [28]
o urlapi: fix heap buffer overflow [30]
o urlapi: make sure zoneid is also duplicated in curl_url_dup [29]
o urlapi: return CURLUE_BAD_HOSTNAME if puny2idn encoding fails [102]
o vquic: show stringified messages for errno [40]
o vtls: clarify "ALPN: offers" message [27]
o winbuild: improve check for static zlib [15]
o workflows/macos.yml: disable zstd and alt-svc in the http-only build [98]
o write-out.d: clarify %{time_starttransfer}
This release includes the following known bugs:
o see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html)
Planned upcoming removals include:
o support for space-separated NOPROXY patterns
o support for the original legacy mingw version 1
See https://curl.se/dev/deprecate.html for details
This release would not have looked like this without help, code, reports and
advice from friends like these:
Alexander Jaeger, balikalina on Github, Dan Fandrich, Daniel Gustafsson,
Daniel Stenberg, Dan Jacobson, Derzsi Dániel, Douglas R. Reno,
ed0d2b2ce19451f2, Emanuele Torre, Enrico Scholz, eppesuig, FC Stegerman,
Gabriel Corona, Gisle Vanem, Goro FUJI, Graham Campbell, Guillaume Algis,
Jacob Mealey, JazJas on github, Joseph Tharayil, junsik on github,
kyled-dell on github, Lukas Tribus, Maksim Arhipov, Maksim Sciepanienka,
Marcel Raad, Marin Hannache, Markus Sommer, Martin Galvan, Mathew Benson,
Maurício Meneghini Fauth, Nathan Moinvaziri, Niall McGee,
Nicholas Nethercote, Pablo Busse, Patrick Monnerat,
Philippe Antoine on HackerOne, Ray Satiro, Richard W.M. Jones,
Rutger Broekhoff, Ryan Schmidt, Samuel Chiang, Sergey, Stefan Eissing,
Thomas M. DuBuisson, trrui-huawei, Viktor Szakats, wangzhikun,
Wilhelm von Thiele, yushicheng7788 on github, zhihaoy on github
(52 contributors)
References to bug reports and discussions on issues:
[1] = https://curl.se/bug/?i=11346
[2] = https://curl.se/bug/?i=11564
[3] = https://github.com/curl/curl-www/issues/272
[4] = https://curl.se/bug/?i=11551
[5] = https://curl.se/bug/?i=11556
[6] = https://curl.se/bug/?i=11553
[7] = https://curl.se/bug/?i=9621
[8] = https://curl.se/bug/?i=11452
[9] = https://curl.se/bug/?i=11562
[10] = https://curl.se/bug/?i=11459
[11] = https://curl.se/bug/?i=11502
[12] = https://curl.se/bug/?i=11325
[13] = https://curl.se/bug/?i=11609
[14] = https://curl.se/bug/?i=11536
[15] = https://curl.se/bug/?i=11521
[16] = https://curl.se/bug/?i=11538
[17] = https://curl.se/bug/?i=11505
[18] = https://curl.se/bug/?i=11561
[19] = https://curl.se/bug/?i=11532
[20] = https://curl.se/mail/lib-2023-07/0045.html
[21] = https://curl.se/bug/?i=11546
[22] = https://curl.se/bug/?i=11555
[23] = https://curl.se/bug/?i=11550
[24] = https://curl.se/bug/?i=11499
[25] = https://curl.se/bug/?i=9841
[26] = https://curl.se/bug/?i=9194
[27] = https://curl.se/mail/lib-2023-07/0041.html
[28] = https://curl.se/bug/?i=11394
[29] = https://curl.se/mail/lib-2023-07/0047.html
[30] = https://curl.se/bug/?i=11560
[31] = https://curl.se/bug/?i=11500
[32] = https://curl.se/bug/?i=11527
[33] = https://curl.se/bug/?i=11457
[34] = https://curl.se/bug/?i=11525
[35] = https://curl.se/bug/?i=11517
[36] = https://curl.se/bug/?i=11416
[37] = https://curl.se/bug/?i=11605
[38] = https://curl.se/bug/?i=11589
[39] = https://curl.se/bug/?i=11608
[40] = https://curl.se/bug/?i=11584
[41] = https://curl.se/bug/?i=11421
[42] = https://curl.se/bug/?i=11606
[43] = https://curl.se/bug/?i=11582
[44] = https://curl.se/bug/?i=11563
[45] = https://curl.se/bug/?i=11570
[46] = https://curl.se/bug/?i=11581
[47] = https://curl.se/bug/?i=11579
[48] = https://curl.se/bug/?i=11568
[49] = https://curl.se/bug/?i=11578
[50] = https://curl.se/bug/?i=11635
[51] = https://curl.se/bug/?i=11638
[52] = https://curl.se/bug/?i=11621
[53] = https://curl.se/bug/?i=10741
[54] = https://curl.se/bug/?i=11655
[55] = https://curl.se/bug/?i=11628
[56] = https://curl.se/bug/?i=11592
[57] = https://curl.se/bug/?i=11594
[58] = https://curl.se/bug/?i=11597
[59] = https://curl.se/bug/?i=11596
[60] = https://curl.se/bug/?i=11681
[61] = https://curl.se/bug/?i=11619
[62] = https://curl.se/bug/?i=11631
[63] = https://curl.se/bug/?i=11618
[64] = https://curl.se/bug/?i=11666
[65] = https://curl.se/bug/?i=11617
[66] = https://curl.se/bug/?i=11616
[67] = https://curl.se/bug/?i=11615
[68] = https://curl.se/bug/?i=11612
[69] = https://curl.se/bug/?i=11614
[70] = https://curl.se/bug/?i=11611
[71] = https://curl.se/bug/?i=11460
[72] = https://curl.se/bug/?i=11661
[73] = https://curl.se/bug/?i=11653
[74] = https://curl.haxx.se/mail/lib-2018-10/0113.html
[75] = https://curl.se/bug/?i=11665
[76] = https://curl.se/bug/?i=11651
[77] = https://curl.se/bug/?i=11669
[78] = https://curl.se/bug/?i=11645
[79] = https://curl.se/bug/?i=1199308
[80] = https://curl.se/bug/?i=11627
[81] = https://curl.se/bug/?i=11624
[82] = https://curl.se/bug/?i=11654
[83] = https://curl.se/bug/?i=11705
[84] = https://curl.se/bug/?i=11673
[86] = https://sourceforge.net/p/curl/bugs/440/
[87] = https://curl.se/bug/?i=11657
[88] = https://curl.se/bug/?i=11698
[89] = https://curl.se/bug/?i=11697
[90] = https://curl.se/bug/?i=11695
[92] = https://curl.se/bug/?i=11696
[94] = https://curl.se/bug/?i=11680
[95] = https://curl.se/bug/?i=11650
[96] = https://curl.se/bug/?i=11650
[97] = https://curl.se/bug/?i=11687
[98] = https://curl.se/bug/?i=11683
[99] = https://curl.se/bug/?i=11675
[100] = https://curl.se/bug/?i=11675
[101] = https://curl.se/bug/?i=11686
[102] = https://curl.se/bug/?i=11674
[103] = https://curl.se/bug/?i=11685