- o SECURITY VULNERABILITY: curl_easy_unescape() may parse data beyond the end
- of the input buffer [26]
-
- o FTP: access files in root dir correctly [1]
- o configure: try pthread_create without -lpthread [2]
- o FTP: handle a 230 welcome response [3]
- o curl-config: don't output static libs when they are disabled
- o CURL_CHECK_CA_BUNDLE: don't check for paths when cross-compiling [4]
- o Various documentation updates
- o getinfo.c: reset timecond when clearing session-info variables [5]
- o FILE: prevent an artificial timeout event due to stale speed-check data [6]
- o ftp_state_pasv_resp: connect through proxy also when set by env [7]
- o sshserver: disable StrictHostKeyChecking
- o ftpserver: Fixed imap logout confirmation data
- o curl_easy_init: use less mallocs
- o smtp: Fixed unknown percentage complete in progress bar
- o smtp: Fixed sending of double CRLF caused by first in EOB
- o bindlocal: move brace out of #ifdef [9]
- o winssl: Fixed invalid memory access during SSL shutdown [11]
- o OS X framework: fix invalid symbolic link
- o OpenSSL: allow empty server certificate subject [12]
- o axtls: prevent memleaks on SSL handshake failures
- o cookies: only consider full path matches
- o Revert win32 MemoryTracking: wcsdup() _wcsdup() and _tcsdup() [13]
- o Curl_cookie_add: handle IPv6 hosts [14]
- o ossl_send: SSL_write() returning 0 is an error too
- o ossl_recv: SSL_read() returning 0 is an error too
- o Digest auth: escape user names with \ or " in them [15]
- o curl_formadd.3: fixed wrong "end-marker" syntax [16]
- o libcurl-tutorial.3: fix incorrect backslash [17]
- o curl_multi_wait: reduce timeout if the multi handle wants to [18]
- o tests/Makefile: typo in the perlcheck target [19]
- o axtls: honor disabled VERIFYHOST
- o OpenSSL: avoid double free in the PKCS12 certificate code [20]
- o multi_socket: reduce timeout inaccuracy margin [21]
- o digest: support auth-int for empty entity body [22]
- o axtls: now done non-blocking
- o lib1900: use tutil_tvnow instead of gettimeofday
- o curl_easy_perform: avoid busy-looping [23]
- o CURLOPT_COOKIELIST: take cookie share lock [24]
- o multi_socket: react on socket close immediately [25]