From ca6f0a56ca7b86ae697e156472b9a6cc8a601715 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 8 Apr 2016 13:21:52 +0200
Subject: [PATCH] KNOWN_BUGS: 11.1 Curl leaks .onion hostnames in DNS

Closes #543
---
 docs/KNOWN_BUGS | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/docs/KNOWN_BUGS b/docs/KNOWN_BUGS
index ec2a6e4e65..6e99ef7000 100644
--- a/docs/KNOWN_BUGS
+++ b/docs/KNOWN_BUGS
@@ -71,6 +71,9 @@ problems may have been fixed or changed somewhat since this was written!
  10.3 FTPS over SOCKS
  10.4 active FTP over a SOCKS
 
+ 11. Internals
+ 11.1 Curl leaks .onion hostnames in DNS
+
 ==============================================================================
 
 1. HTTP
@@ -393,3 +396,14 @@ problems may have been fixed or changed somewhat since this was written!
 10.4 active FTP over a SOCKS
 
  libcurl doesn't support active FTP over a SOCKS proxy
+
+
+11. Internals
+
+11.1 Curl leaks .onion hostnames in DNS
+
+ Curl sends DNS requests for hostnames with a .onion TLD. This leaks
+ information about what the user is attempting to access, and violates this
+ requirement of RFC7686: https://tools.ietf.org/html/rfc7686
+
+ Issue: https://github.com/curl/curl/issues/543
-- 
GitLab