Most notable the security advisory:
http://curl.haxx.se/docs/adv_20130412.html

added "tcpkeepalive on Mac OS X"

I noticed that aria2's SecureTransport code disables insecure ciphers such
as NULL, anonymous, IDEA, and weak-key ciphers used by SSLv3 and later.
That's a good idea, and now we do the same thing in order to prevent curl
from accessing a "secure" site that only negotiates insecure ciphersuites.

3 more bug fixes, 6 more contributors

More changes, bugfixes and contributors!

I found out that ECC doesn't work as of OS X 10.8.3, so those ciphers are
turned off until the next point release of OS X.

The flag can be used in pycurl-based applications where using the multi
interface would not be acceptable because of the performance lost caused
by implementing the select() loop in python.

Bug: http://curl.haxx.se/bug/view.cgi?id=1168
Downstream Bug: https://bugzilla.redhat.com/919127

8 more bugfixes, one change and a bunch of contributors

With all the recent imap changes it wasn't clear what new features and
fixes should be included in the release notes.

The option needs to be set on the SSL socket.  Setting it on the model
takes no effect.  Note that the non-blocking mode is still not enabled
for the handshake because the code is not yet ready for that.

8 more bug fixes mentioned

Added recent additions and fixes following the changes to imap, pop3
and smtp. Additionally added another contributor that helped to test
the imap sasl changes.

Even though he's a fine dude, once is enough for this time!

Added missing imap fix as per commit 709b3506.

Do not use the error messages from NSS for errors not occurring in NSS.

This commit fixes a regression introduced in 052a08ff.

NSS caches certs/keys returned by the SSL_GetClientAuthDataHook callback
and if we connect second time to the same server, the cached cert/key
pair is used.  If we use multiple client certificates for different
paths on the same server, we need to clear the session cache to force
NSS to call the hook again.  The commit 052a08ff prevented the session
cache from being cleared if a client certificate from file was used.

The condition is now fixed to cover both cases: consssl->client_nickname
is not NULL if a client certificate from the NSS database is used and
connssl->obj_clicert is not NULL if a client certificate from file is
used.

Review by: Kai Engert

Although it is not explicitly stated in the documentation, NSS uses
*pRetCert and *pRetKey even if the client authentication hook returns
a failure.  Namely, if we destroy *pRetCert without clearing *pRetCert
afterwards, NSS destroys the certificate once again, which causes a
double free.

Reported by: Bob Relyea

Bug: http://curl.haxx.se/mail/lib-2012-11/0095.html