Newer
Older
Command line options: 220
curl_easy_setopt() options: 265
This release includes the following changes:
o http: Implement trailing headers for chunked transfers [7]
o http: added options for allowing HTTP/0.9 responses [10]
o timeval: Use high resolution timestamps on Windows [19]
This release includes the following bugfixes:
o CVE-2018-16890: NTLM type-2 out-of-bounds buffer read [67]
o CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow [68]
o CVE-2019-3823: SMTP end-of-response out-of-bounds read [66]
o FAQ: remove mention of sourceforge for github [22]
o OS400: handle memory error in list conversion [4]
o Revert http_negotiate: do not close connection [31]
o THANKS: added several missing names from year <= 2000
o build: make 'tidy' target work for metalink builds
o cmake: added checks for variadic macros [47]
o cmake: updated check for HAVE_POLL_FINE to match autotools [39]
o cmake: use lowercase for function name like the rest of the code [20]
o configure: detect xlclang separately from clang [41]
o configure: fix recv/send/select detection on Android [53]
o conncache_unlock: avoid indirection by changing input argument type
o cookies: allow secure override when done over HTTPS [34]
o cookies: extend domain checks to non psl builds [12]
o cookies: skip custom cookies when redirecting cross-site [36]
o curl --xattr: strip credentials from any URL that is stored [33]
o curl -J: refuse to append to the destination file [14]
o curl/urlapi.h: include "curl.h" first [30]
o curl_multi_remove_handle() don't block terminating c-ares requests [32]
o darwinssl: accept setting max-tls with default min-tls [6]
o disconnect: separate connections and easy handles better [18]
o disconnect: set conn->data for protocol disconnect
o docs: use $(INSTALL_DATA) to install man page [64]
o docs: use meaningless port number in CURLOPT_LOCALPORT example [58]
o gopher: always include the entire gopher-path in request [5]
o http2: clear pause stream id if it gets closed [8]
o if2ip: remove unused function Curl_if_is_interface_name [9]
o libssh: do not let libssh create socket [63]
o libssh: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh [62]
o libssh: free sftp_canonicalize_path() data correctly [17]
o multi: set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time [57]
o ntlm_sspi: add support for channel binding [54]
o openssl: adapt to 3.0.0, OpenSSL_version_num() is deprecated [46]
o openssl: fix the SSL_get_tlsext_status_ocsp_resp call [40]
o openvms: fix OpenSSL discovery on VAX [21]
o openvms: fix typos in documentation
o os400: add a missing closing bracket [50]
o os400: fix extra parameter syntax error [50]
o pingpong: change default response timeout to 120 seconds
o pingpong: ignore regular timeout in disconnect phase [16]
o runtests.pl: Fix perl call to include srcdir [65]
o schannel: preserve original certificate path parameter [52]
o schannel: stop calling it "winssl" [56]
o sigpipe: if mbedTLS is used, ignore SIGPIPE [59]
o smb: fix incorrect path in request if connection reused [13]
o ssh: log the libssh2 error message when ssh session startup fails [55]
o test1558: verify CURLINFO_PROTOCOL on file:// transfer [51]
o tests: move objnames-* from lib into tests [42]
o timeval: Disable MSVC Analyzer GetTickCount warning [60]
o tool_cb_prg: avoid integer overflow [49]
o travis: added cmake build for osx [43]
o urlapi: Fix port parsing of eol colon [1]
o urlapi: distinguish possibly empty query [5]
o urldata: rename easy_conn to just conn [48]
o winbuild: conditionally use /DZLIB_WINAPI [45]
o spnego_sspi: add support for channel binding [69]
This release includes the following known bugs:
o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html)
This release would not have looked like this without help, code, reports and
advice from friends like these:
Alessandro Ghedini, Andrei Neculau, Archangel SDY, Ayoub Boudhar, Ben Kohler,
Bernhard M. Wiedemann, Brad Spencer, Brian Carpenter, Claes Jakobsson,
Daniel Gustafsson, Daniel Stenberg, David Garske, dnivras on github,
Eric Rosenquist, Etienne Simard, Felix Hädicke, Florian Pritz,
Frank Gevaerts, Giorgos Oikonomou, Gisle Vanem, GitYuanQu on github,
Haibo Huang, Harry Sintonen, Helge Klein, Huzaifa Sidhpurwala,
jasal82 on github, Jeremie Rapin, Jeroen Ooms, Joel Depooter, John Marshall,
jonrumsey on github, Julian Z, Kamil Dudka, Katsuhiko YOSHIDA, Kees Dekker,
Ladar Levison, Leonardo Taccari, Marcel Raad, Markus Moeller,
masbug on github, Matus Uzak, Michael Kujawa, Patrick Monnerat, Pavel Pavlov,
Peng Li, Ray Satiro, Rikard Falkeborn, Ruslan Baratov, Sergei Nikulov,
Shlomi Fish, Tobias Lindgren, Tom van der Woerdt, Viktor Szakats,
Wenxiang Qian, William A. Rowe Jr, Zhao Yisha,
(56 contributors)
Thanks! (and sorry if I forgot to mention someone)
References to bug reports and discussions on issues:
[1] = https://curl.haxx.se/bug/?i=3365
[2] = https://curl.haxx.se/bug/?i=3368
[3] = https://curl.haxx.se/bug/?i=2956
[4] = https://curl.haxx.se/bug/?i=3372
[5] = https://curl.haxx.se/bug/?i=3369
[6] = https://curl.haxx.se/bug/?i=3367
[7] = https://curl.haxx.se/bug/?i=3350
[8] = https://curl.haxx.se/bug/?i=3392
[9] = https://curl.haxx.se/bug/?i=3401
[10] = https://curl.haxx.se/bug/?i=2873
[11] = https://curl.haxx.se/bug/?i=3395
[12] = https://curl.haxx.se/bug/?i=2964
[13] = https://curl.haxx.se/bug/?i=3388
[14] = https://curl.haxx.se/bug/?i=3380
[15] = https://curl.haxx.se/bug/?i=3376
[16] = https://curl.haxx.se/bug/?i=3264
[17] = https://curl.haxx.se/bug/?i=3402
[18] = https://curl.haxx.se/bug/?i=3400
[19] = https://curl.haxx.se/bug/?i=3318
[20] = https://curl.haxx.se/bug/?i=3196
[21] = https://curl.haxx.se/bug/?i=3407
[22] = https://curl.haxx.se/bug/?i=3410
[23] = https://curl.haxx.se/bug/?i=3406
[24] = https://curl.haxx.se/bug/?i=3411
[25] = https://curl.haxx.se/bug/?i=3286
[26] = https://curl.haxx.se/bug/?i=3432
[27] = https://curl.haxx.se/mail/lib-2019-01/0000.html
[28] = https://curl.haxx.se/bug/?i=3426
[29] = https://curl.haxx.se/bug/?i=3435
[30] = https://curl.haxx.se/bug/?i=3438
[31] = https://curl.haxx.se/bug/?i=3384
[32] = https://curl.haxx.se/bug/?i=3371
[33] = https://curl.haxx.se/bug/?i=3423
[34] = https://curl.haxx.se/bug/?i=3445
[35] = https://curl.haxx.se/bug/?i=3436
[36] = https://curl.haxx.se/bug/?i=3417
[37] = https://curl.haxx.se/bug/?i=3449
[38] = https://curl.haxx.se/bug/?i=3443
[39] = https://curl.haxx.se/bug/?i=3292
[40] = https://curl.haxx.se/bug/?i=3477
[41] = https://curl.haxx.se/bug/?i=3474
[42] = https://curl.haxx.se/bug/?i=3470
[43] = https://curl.haxx.se/bug/?i=3468
[44] = https://curl.haxx.se/bug/?i=3469
[45] = https://curl.haxx.se/bug/?i=3133
[46] = https://curl.haxx.se/bug/?i=3462
[47] = https://curl.haxx.se/bug/?i=3459
[48] = https://curl.haxx.se/bug/?i=3442
[49] = https://curl.haxx.se/bug/?i=3456
[50] = https://curl.haxx.se/bug/?i=3453
[51] = https://curl.haxx.se/bug/?i=3447
[52] = https://curl.haxx.se/bug/?i=3480
[53] = https://curl.haxx.se/bug/?i=3484
[54] = https://curl.haxx.se/bug/?i=3280
[55] = https://curl.haxx.se/bug/?i=3481
[56] = https://curl.haxx.se/bug/?i=3504
[57] = https://curl.haxx.se/mail/lib-2019-01/0073.html
[58] = https://curl.haxx.se/bug/?i=3513
[59] = https://curl.haxx.se/bug/?i=3502
[60] = https://curl.haxx.se/bug/?i=3437
[61] = https://curl.haxx.se/bug/?i=3497
[62] = https://curl.haxx.se/bug/?i=3493
[63] = https://curl.haxx.se/bug/?i=3491
[64] = https://curl.haxx.se/bug/?i=3518
[65] = https://curl.haxx.se/bug/?i=3496
[66] = https://curl.haxx.se/docs/CVE-2019-3823.html
[67] = https://curl.haxx.se/docs/CVE-2018-16890.html
[68] = https://curl.haxx.se/docs/CVE-2019-3822.html
[69] = https://curl.haxx.se/bug/?i=3503