Skip to content
  1. Mar 02, 2009
    • Daniel Stenberg's avatar
      - David Kierznowski notified us about a security flaw · 042cc1f6
      Daniel Stenberg authored
        (http://curl.haxx.se/docs/adv_20090303.html also known as CVE-2009-0037) in
        which previous libcurl versions (by design) can be tricked to access an
        arbitrary local/different file instead of a remote one when
        CURLOPT_FOLLOWLOCATION is enabled. This flaw is now fixed in this release
        together this the addition of two new setopt options for controlling this
        new behavior:
      
        o CURLOPT_REDIR_PROTOCOLS controls what protocols libcurl is allowed to
        follow to when CURLOPT_FOLLOWLOCATION is enabled. By default, this option
        excludes the FILE and SCP protocols and thus you nee to explicitly allow
        them in your app if you really want that behavior.
      
        o CURLOPT_PROTOCOLS controls what protocol(s) libcurl is allowed to fetch
        using the primary URL option. This is useful if you want to allow a user or
        other outsiders control what URL to pass to libcurl and yet not allow all
        protocols libcurl may have been built to support.
      curl-7_19_4
      042cc1f6
    • Daniel Stenberg's avatar
      7.19.4 won't get anything else · 90b804d3
      Daniel Stenberg authored
      90b804d3
    • Daniel Stenberg's avatar
      the Eiffel binding · 4bc603a0
      Daniel Stenberg authored
      4bc603a0
  2. Mar 01, 2009
  3. Feb 28, 2009
  4. Feb 27, 2009
  5. Feb 25, 2009
  6. Feb 24, 2009
  7. Feb 23, 2009
  8. Feb 20, 2009
  9. Feb 19, 2009
  10. Feb 18, 2009
  11. Feb 17, 2009