- o SECURITY ADVISORY: re-use of wrong HTTP NTLM connection [25]
-
- o curl_easy_setopt: Fixed OAuth 2.0 Bearer option name [1]
- o pop3: Fixed APOP being determined by CAPA response rather than by timestamp
- o Curl_pp_readresp: zero terminate line [2]
- o FILE: don't wait due to CURLOPT_MAX_RECV_SPEED_LARGE [3]
- o docs: mention CURLOPT_MAX_RECV/SEND_SPEED_LARGE don't work for FILE://
- o pop3: Fixed auth preference not being honored when CAPA not supported
- o imap: Fixed auth preference not being honored when CAPABILITY not supported
- o threaded resolver: Use pthread_t * for curl_thread_t [4]
- o FILE: we don't support paused transfers using this protocol [5]
- o connect: Try all addresses in first connection attempt [6]
- o curl_easy_setopt.3: Added SMTP information to CURLOPT_INFILESIZE_LARGE
- o OpenSSL: Fix forcing SSLv3 connections [7]
- o openssl: allow explicit sslv2 selection [8]
- o FTP parselist: fix "total" parser [9]
- o conncache: fix possible dereference of null pointer
- o multi.c: fix possible dereference of null pointer
- o mk-ca-bundle: introduces -d and warns about using this script
- o ConnectionExists: fix NTLM check for new connection [10]
- o trynextip: fix build for non-IPV6 capable systems [11]
- o Curl_updateconninfo: don't do anything for UDP "connections" [12]
- o darwinssl: un-break Leopard build after PKCS#12 change [13]
- o threaded-resolver: never use NULL hints with getaddrinf [14]
- o multi_socket: remind app if timeout didn't run
- o OpenSSL: deselect weak ciphers by default [15]
- o error message: Sensible message on timeout when transfer size unknown [16]
- o curl_easy_setopt.3: mention how to unset CURLOPT_INFILESIZE*
- o win32: Fixed use of deprecated function 'GetVersionInfoEx' for VC12 [17]
- o configure: fix gssapi linking on HP-UX [18]
- o chunked-parser: abort on overflows, allow 64 bit chunks
- o chunked parsing: relax the CR strictness [19]
- o cookie: max-age fixes [20]
- o progress bar: always update when at 100%
- o progress bar: increase update frequency to 10Hz
- o tool: Fixed incorrect return code if command line parser runs out of memory
- o tool: Fixed incorrect return code if password prompting runs out of memory
- o HTTP POST: omit Content-Length if data size is unknown [21]
- o GnuTLS: disable insecure ciphers
- o GnuTLS: honor --slv2 and the --tlsv1[.N] switches
- o multi: Fixed a memory leak on OOM condition
- o netrc: Fixed a memory and file descriptor leak on OOM
- o getpass: fix password parsing from console [22]
- o TFTP: fix crash on time-out [23]
- o hostip: don't remove DNS entries that are in use [24]
- o tests: lots of tests fixed to pass the OOM torture tests
+ o openldap: check ldap_get_attribute_ber() results for NULL before using [50]
+ o FTP: reject path components with control codes [51]
+ o readwrite: make sure excess reads don't go beyond buffer end [52]
+ o lib555: drop text conversion and encode data as ascii codes [1]
+ o lib517: make variable static to avoid compiler warning
+ o lib544: sync ascii code data with textual data [1]
+ o GSKit: restore pinnedpubkey functionality [2]
+ o darwinssl: Don't import client certificates into Keychain on macOS [3]
+ o parsedate: fix date parsing for systems with 32 bit long [4]
+ o openssl: fix pinned public key build error in FIPS mode [5]
+ o SChannel/WinSSL: Implement public key pinning [6]
+ o cookies: remove verbose "cookie size:" output
+ o progress-bar: don't use stderr explicitly, use bar->out [7]
+ o Fixes for MSDOS
+ o build: open VC15 projects with VS 2017
+ o curl_ctype: private is*() type macros and functions [8]
+ o configure: set PATH_SEPARATOR to colon for PATH w/o separator [9]
+ o winbuild: make linker generate proper PDB [11]
+ o curl_easy_reset: clear digest auth state [12]
+ o curl/curl.h: fix comment typo for CURLOPT_DNS_LOCAL_IP6 [14]
+ o range: commonize FTP and FILE range handling [15]
+ o progress-bar docs: update to match implementation [16]
+ o fnmatch: do not match the empty string with a character set
+ o fnmatch: accept an alphanum to be followed by a non-alphanum in char set [17]
+ o build: fix termios issue on android cross-compile [18]
+ o getdate: return -1 for out of range [19]
+ o formdata: use the mime-content type function [20]
+ o time-cond: fix reading the file modification time on Windows [21]
+ o build-openssl.bat: Extend VC15 support to include Enterprise and Professional
+ o build-wolfssl.bat: Extend VC15 support to include Enterprise and Professional
+ o openssl: Don't add verify locations when verifypeer==0
+ o fnmatch: optimize processing of consecutive *s and ?s pattern characters [22]
+ o schannel: fix compiler warnings [23]
+ o content_encoding: Add "none" alias to "identity" [24]
+ o get_posix_time: only check for overflows if they can happen
+ o http_chunks: don't write chunks twice with CURLOPT_HTTP_TRANSFER_DECODING [25]
+ o README: language fix [26]
+ o sha256: build with OpenSSL < 0.9.8 [27]
+ o smtp: fix processing of initial dot in data [28]
+ o --tlsauthtype: works only if libcurl is built with TLS-SRP support [29]
+ o tests: new tests for http raw mode [30]
+ o libcurl-security.3: man page discussion security concerns when using libcurl
+ o curl_gssapi: make sure this file too uses our *printf()
+ o BINDINGS: fix curb link (and remove ruby-curl-multi)
+ o nss: use PK11_CreateManagedGenericObject() if available [31]
+ o travis: add build with iconv enabled [32]
+ o ssh: add two missing state names [33]
+ o CURLOPT_HEADERFUNCTION.3: mention folded headers
+ o http: fix the max header length detection logic [34]
+ o header callback: don't chop headers into smaller pieces [35]
+ o CURLOPT_HEADER.3: clarify problems with different data sizes
+ o curl --version: show PSL if the run-time lib has it enabled
+ o examples/sftpuploadresume: resume upload via CURLOPT_APPEND [36]
+ o Return error if called recursively from within callbacks [38]
+ o sasl: prefer PLAIN mechanism over LOGIN
+ o winbuild: Use CALL to run batch scripts [40]
+ o curl_share_setopt.3: connection cache is shared within multi handles
+ o winbuild: Use macros for the names of some build utilities [41]
+ o projects/README: remove reference to dead IDN link/package [42]
+ o lib655: silence compiler warning [43]
+ o configure: Fix version check for OpenSSL 1.1.1
+ o docs/MANUAL: formfind.pl is not accessible on the site anymore [44]
+ o unit1309: fix warning on Windows x64 [45]
+ o unit1307: proper cleanup on OOM to fix torture tests
+ o curl_ctype: fix macro redefinition warnings
+ o build: get CFLAGS (including -werror) used for examples and tests [46]
+ o NO_PROXY: fix for IPv6 numericals in the URL [47]
+ o krb5: use nondeprecated functions [48]
+ o winbuild: prefer documented zlib library names [49]
+ o http2: mark the connection for close on GOAWAY [53]
+ o limit-rate: kick in even before "limit" data has been received [54]
+ o HTTP: allow "header;" to replace an internal header with a blank one [55]
+ o http2: verbose output new MAX_CONCURRENT_STREAMS values
+ o SECURITY: distros' max embargo time is 14 days
+ o curl tool: accept --compressed also if Brotli is enabled and zlib is not
+ o WolfSSL: adding TLSv1.3 [56]
+ o checksrc.pl: add -i and -m options
+ o CURLOPT_COOKIEFILE.3: "-" as file name means stdin