1 Curl and libcurl 7.36.0
3 Public curl releases: 138
4 Command line options: 161
5 curl_easy_setopt() options: 206
6 Public functions in libcurl: 58
7 Known libcurl bindings: 42
10 This release includes the following SECURITY ADVISORIES:
12 o wrong re-use of connections [16]
13 o IP address wildcard certificate validation [17]
14 o not verifying certs for TLS to IP address / Darwinssl [18]
15 o not verifying certs for TLS to IP address / Winssl [19]
17 This release includes the following changes:
19 o ntlm: Added support for NTLMv2 [2]
20 o tool: Added support for URL specific options [3]
21 o openssl: add ALPN support
22 o gtls: add ALPN support
23 o nss: add ALPN and NPN support
24 o added CURLOPT_EXPECT_100_TIMEOUT_MS [7]
25 o tool: add --no-alpn and --no-npn
26 o added CURLOPT_SSL_ENABLE_NPN and CURLOPT_SSL_ENABLE_ALPN
27 o winssl: enable TLSv1.1 and TLSv1.2 by default
28 o winssl: TLSv1.2 disables certificate signatures using MD5 hash
29 o winssl: enable hostname verification of IP address using SAN or CN [11]
30 o darwinssl: Don't omit CN verification when an IP address is used [12]
31 o http2: build with current nghttp2 version
32 o polarssl: dropped support for PolarSSL < 1.3.0
33 o openssl: info message with SSL version used
35 This release includes the following bugfixes:
37 o nss: allow to use ECC ciphers if NSS implements them [1]
38 o netrc: Fixed a memory leak in an OOM condition
39 o ftp: fixed a memory leak on wildcard error path
40 o pipeline: Fixed a NULL pointer dereference on OOM
41 o nss: prefer highest available TLS version
42 o 100-continue: fix timeout condition [4]
43 o ssh: Fixed a NULL pointer dereference on OOM condition
44 o formpost: use semicolon in multipart/mixed [5]
45 o --help: add missing --tlsv1.x options
46 o formdata: Fixed memory leak on OOM condition
47 o ConnectionExists: reusing possible HTTP+NTLM connections better [6]
48 o mingw32: fix compilation
49 o chunked decoder: track overflows correctly [8]
50 o curl_easy_setopt.3: add CURL_HTTP_VERSION_2_0
51 o dict: fix memory leak in OOM exit path
52 o valgrind: added suppression on optimized code
53 o curl: output protocol headers using binary mode
54 o tool: Added URL index to password prompt for multiple operations
55 o ConnectionExists: re-use non-NTLM connections better [9]
56 o axtls: call ssl_read repeatedly
57 o multi: make MAXCONNECTS default 4 x number of easy handles function
58 o configure: Fix the --disable-crypto-auth option
59 o multi: ignore SIGPIPE internally
60 o curl.1: update the description of --tlsv1
61 o SFTP: skip reading the dir when NOBODY=1 [10]
62 o easy: Fixed a memory leak on OOM condition
63 o tool: Fixed incorrect return code when setting HTTP request fails
64 o configure: Tiny fix to honor POSIX
65 o tool: Do not output libcurl source for the information only parameters
66 o Rework Open Watcom make files to use standard Wmake features
67 o x509asn: moved out Curl_verifyhost from NSS builds
68 o configure: call it GSS-API
69 o hostcheck: Curl_cert_hostcheck is not used by NSS builds
70 o multi_runsingle: move timestamp into INIT [13]
71 o remote_port: allow connect to port 0
72 o parse_remote_port: error out on illegal port numbers better
73 o ssh: Pass errors from libssh2_sftp_read up the stack
74 o docs: remove documentation on setting up krb4 support
75 o polarssl: build fixes to work with PolarSSL 1.3.x
76 o polarssl: fix possible handshake timeout issue in multi
77 o nss: allow to enable/disable cipher-suites better
78 o ssh: prevent a logic error that could result in an infinite loop
79 o http2: free resources on disconnect
80 o polarssl: avoid extra newlines in debug messages
81 o rtsp: parse "Session:" header properly [14]
82 o trynextip: don't store 'ai' on failed connects
83 o Curl_cert_hostcheck: strip trailing dots in host name and wildcard
85 This release includes the following known bugs:
87 o see docs/KNOWN_BUGS (http://curl.haxx.se/docs/knownbugs.html)
89 This release would not have looked like this without help, code, reports and
90 advice from friends like these:
92 Adam Sampson, Arvid Norberg, Brad Spencer, Colin Hogben, Dan Fandrich,
93 Daniel Stenberg, David Ryskalczyk, Fabian Frank, Gaƫl PORTAY, Gisle Vanem,
94 Hubert Kario, Jeff King, Jiri Malak, Kamil Dudka, Maks Naumov, Marc Hoersken,
95 Michael Osipov, Mike Hasselberg, Nick Zitzmann, Patrick Monnerat, Prash Dush,
96 Remi Gacogne, Rob Davies, Romulo A. Ceccon, Shao Shuchao, Steve Holme,
97 Tatsuhiro Tsujikawa, Thomas Braun, Tiit Pikma, Yehezkel Horowitz,
99 Thanks! (and sorry if I forgot to mention someone)
101 References to bug reports and discussions on issues:
103 [1] = https://bugzilla.redhat.com/1058776
104 [2] = http://curl.haxx.se/mail/lib-2014-01/0183.html
105 [3] = http://curl.haxx.se/mail/archive-2013-11/0006.html
106 [4] = http://curl.haxx.se/bug/view.cgi?id=1334
107 [5] = http://curl.haxx.se/bug/view.cgi?id=1333
108 [6] = http://curl.haxx.se/mail/lib-2014-02/0100.html
109 [7] = http://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTEXPECT100TIMEOUTMS
110 [8] = http://curl.haxx.se/mail/lib-2014-02/0097.html
111 [9] = http://thread.gmane.org/gmane.comp.version-control.git/242213
112 [10] = http://curl.haxx.se/mail/lib-2014-02/0155.html
113 [11] = http://curl.haxx.se/mail/lib-2014-02/0243.html
114 [12] = https://github.com/bagder/curl/pull/93
115 [13] = http://curl.haxx.se/mail/lib-2014-02/0036.html
116 [14] = http://curl.haxx.se/mail/lib-2014-03/0134.html
117 [15] = http://curl.haxx.se/bug/view.cgi?id=1337
118 [16] = http://curl.haxx.se/docs/adv_20140326A.html
119 [17] = http://curl.haxx.se/docs/adv_20140326B.html
120 [18] = http://curl.haxx.se/docs/adv_20140326C.html
121 [19] = http://curl.haxx.se/docs/adv_20140326D.html
projects / platform / upstream / curl.git / blob