curl/RELEASE-NOTES
Karlson2k e6af5652ec
RELEASE-NOTES: corrected
Corrected link for item 118

Closes #13157
2024-03-21 08:07:03 +01:00

333 lines
15 KiB
Plaintext

curl and libcurl 8.7.0
Public curl releases: 255
Command line options: 258
curl_easy_setopt() options: 304
Public functions in libcurl: 93
Contributors: 3115
This release includes the following changes:
o configure: add --disable-docs flag [16]
o CURLINFO_USED_PROXY: return bool whether the proxy was used [24]
o digest: support SHA-512/256 [118]
o DoH: add trace configuration [61]
o write-out: add '%{proxy_used}' [24]
This release includes the following bugfixes:
o ALTSVC.md: correct a typo [14]
o asyn-ares: fix data race warning [88]
o asyn-thread: use wakeup_close to close the read descriptor [1]
o badwords: use hostname, not host name [46]
o BINDINGS: add mcurl, the python binding [67]
o bufq: writing into a softlimit queue cannot be partial [49]
o c-hyper: add header collection writer in hyper builds [70]
o cd2nroff: gen: make `\>` in input to render as plain '>' in output
o cd2nroff: remove backticks from titles
o checksrc.pl: fix handling .checksrc with CRLF [43]
o cmake: add USE_OPENSSL_QUIC support [21]
o cmake: add warning for using TLS libraries without 1.3 support [25]
o cmake: enable `ENABLE_CURL_MANUAL` by default [112]
o cmake: fix `CURL_WINDOWS_SSPI=ON` with Schannel disabled [117]
o cmake: fix function description in comment [47]
o cmake: fix install for older CMake versions [53]
o cmake: fix libcurl.pc and curl-config library specifications [115]
o cmdline-docs/Makefile: avoid using a fixed temp file name [5]
o cmdline-docs: quote and angle bracket cleanup [45]
o cmdline-opts/_EXITCODES: sync with libcurl-errors [80]
o cmdline-opts/_VARIABLES.md: improve the description [105]
o cmdline-opts/_VERSION: provide %VERSION correctly [87]
o configure.ac: find libpsl with pkg-config [79]
o configure: add warning for using TLS libraries without 1.3 support [26]
o configure: build & install shell completions when enabled [85]
o configure: do not link with nghttp3 unless necessary [7]
o configure: Don't build shell completions when disabled [68]
o configure: Don't make shell completions without perl [83]
o connect.c: fix typo [17]
o CONTRIBUTE: update the section on documentation format [96]
o cookie.md: provide an example sending a fixed cookie [13]
o cookie: if psl fails, reject the cookie [107]
o curl: exit on config file parser errors [40]
o curl: make --libcurl output better CURLOPT_*SSLVERSION [127]
o curl: when allocating variables, add the name into the struct [37]
o curl_setup.h: add curl_uint64_t internal type
o curldown: fix email address in Copyright [89]
o CURLOPT_POSTQUOTE.md: fix typo [36]
o CURLOPT_SSL_CTX_FUNCTION.md: no promises of lifetime after return [104]
o CURLOPT_WRITEFUNCTION.md: typo fix [41]
o digest: add check for hashing error [111]
o dist: make sure the http tests are in the tarball [29]
o docs: add missing slashes to SChannel client certificate documentation [11]
o docs: add necessary setup for nghttp3 [51]
o docs: ascii version of manpage without nroff [121]
o docs: dist curl*.1 and install without perl [64]
o docs: make curldown do angle brackets like markdown [54]
o docs: make sure curl.1 is included in dist tarballs [35]
o docs: update minimal binary size in INSTALL.md
o docs: use present tense [103]
o examples: use present tense in comments [97]
o file: use xfer buf for file:// transfers [23]
o fopen: fix narrowing conversion warning on 32-bit Android [100]
o form-string.md: correct the example [4]
o ftp: do lineend conversions in client writer [32]
o ftp: fix socket wait activity in ftp_domore_getsock [28]
o ftp: tracing improvements [33]
o ftp: treat a 226 arriving before data as a signal to read data [19]
o gen.pl: make the "manpageification" faster [95]
o gen: make `\>` in input to render as plain '>' in output [78]
o getparam: make --ftp-ssl work again [90]
o GHA/linux: add sysctl trick to work-around GitHub runner issue [129]
o GIT-INFO: convert to markdown [114]
o GOVERNANCE: document the core team [133]
o header.md: remove backslash, make nicer markdown [48]
o HTTP/2: write response directly [12]
o http2: fix push discard [124]
o http2: memory errors in the push callbacks are fatal [132]
o http2: minor tweaks to optimize two struct sizes [130]
o http2: push headers better cleanup [113]
o HTTP3.md: adjust the OpenSSL QUIC install instructions [34]
o http: better error message for HTTP/1.x response without status line [86]
o http: move headers collecting to writer [71]
o http_chunks: fix the accounting of consumed bytes [22]
o http_chunks: remove unused 'endptr' variable [58]
o https-proxy: use IP address and cert with ip in alt names [50]
o hyper: implement unpausing via client reader [98]
o KNOWN_BUGS: POP3 issue when reading small chunks [134]
o lib1598: fix `CURLOPT_POSTFIELDSIZE` usage [128]
o lib582: remove code causing warning that is never run [38]
o lib: add `void *ctx` to reader/writer instances [122]
o lib: convert Curl_get_line to use dynbuf [42]
o lib: Curl_read/Curl_write clarifications [101]
o lib: enhance client reader resume + rewind [92]
o lib: initialize output pointers to NULL before calling strto[ff,l,ul] [63]
o lib: keep conn IP information together [109]
o lib: move 'done' parameter to SingleRequests [142]
o lib: remove curl_mimepart object when CURL_DISABLE_MIME [72]
o libcurl-docs: cleanups
o libcurl-security.md: Active FTP passes on the local IP address [6]
o libssh/libssh2: return error on too big range [75]
o MANUAL.md: fix typo [66]
o mbedtls: fix building when MBEDTLS_X509_REMOVE_INFO flag is defined [27]
o mbedtls: properly cleanup the thread-shared entropy [140]
o mbedtls: use mbedtls_ssl_conf_{min|max}_tls_version [59]
o md4: include strdup.h for the memdup proto [10]
o mime: add client reader [126]
o misc: fix typos in docs and lib [84]
o mkhelp: simplify the generated hugehelp program [120]
o mprintf: fix format prefix I32/I64 for windows compilers [77]
o multi: add xfer_buf to multi handle [30]
o multi: fix multi_sock handling of select_bits [81]
o multi: make add_handle free any multi_easy [102]
o ngtcp2: no recvbuf for stream [108]
o ntml_wb: fix buffer type typo [2]
o OpenSSL QUIC: adapt to v3.3.x [65]
o openssl-quic: check on Windows that socket conv to int is possible [8]
o openssl-quic: fix BIO leak and Windows warning [93]
o openssl-quic: fix unity build, casing, indentation [94]
o OS400: avoid using awk in the build scripts [20]
o paramhlp: fix CRLF-stripping files with "-d @file" [116]
o proxy1.0.md: fix example [15]
o pytest: adapt to API change [106]
o request: clarify message when request has been sent off [143]
o rustls: make curl compile with 0.12.0 [73]
o schannel: fix hang on unexpected server close [57]
o scripts: fix cijobs.pl for Azure and GHA
o sendf: ignore response body to HEAD [18]
o setopt: fix check for CURLOPT_PROXY_TLSAUTH_TYPE value [76]
o setopt: fix disabling all protocols [99]
o sha512_256: add support for GnuTLS and OpenSSL [110]
o smtp: fix STARTTLS [91]
o SPONSORS: describe the basics [131]
o strtoofft: fix the overflow check [74]
o test1165: improve pattern matching [60]
o tests: support setting/using blank content env variables
o TIMER_STARTTRANSFER: set the same for everyone [82]
o tool_cb_hdr: only parse etag + content-disposition for 2xx [9]
o tool_getparam: handle non-existing (out of range) short-options [141]
o tool_operate: change precedence of server Retry-After time [44]
o tool_operate: do not set CURLOPT_QUICK_EXIT in debug builds [3]
o trace-config.md: remove the mutexed options list [119]
o transfer.c: break receive loop in speed limited transfers [125]
o transfer: improve Windows SO_SNDBUF update limit [56]
o urldata: move authneg bit from conn to Curl_easy [69]
o version: allow building with ancient libpsl [52]
o vquic-tls: fix the error code returned for bad CA file [135]
o vtls: fix tls proxy peer verification [55]
o vtls: revert "receive max buffer" + add test case [39]
o VULN-DISCLOSURE-POLICY.md: update detail about CVE requests [123]
o websocket: fix curl_ws_recv() [62]
o write-out.md: clarify error handling details [31]
This release includes the following known bugs:
o see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html)
Planned upcoming removals include:
o support for space-separated NOPROXY patterns
See https://curl.se/dev/deprecate.html for details
This release would not have looked like this without help, code, reports and
advice from friends like these:
5533asdg on github, Andreas Kiefer, av223119 on github,
awesomekosm on github, Boris Verkhovskiy, Brett Buddin, Chris Webb,
Dan Fandrich, Daniel Gustafsson, Daniel Stenberg, Daniel Szmulewicz,
DasKutti on github, dependabot[bot], Dexter Gerig, Dirk Hünniger,
Dmitry Karpov, Dmitry Tretyakov, edmcln on github, Erik Schnetter,
Evgeny Grin (Karlson2k), Fabian Vogt, Fabrice Fontaine, Faraz Fallahi,
Geeknik Labs, Gisle Vanem, Harry Sintonen, HsiehYuho on github, Jan Macku,
Jiawen Geng, Joel Depooter, Jon Rumsey, Jordan Brown, Karthikdasari0423,
Karthikdasari0423 on github, Konstantin Vlasov, kpcyrd, Lars Kellogg-Stedman,
LeeRiva, Louis Solofrizzo, Lukáš Zaoral, Marcel Raad, Michael Forney,
Michael Kaufmann, Michał Antoniak, Nikita Taranov, Patrick Monnerat,
Paweł Witas, Peter Krefting, RainRat, Ramiro Garcia, Ray Satiro,
Richard Levitte, Robert Moreton, Rudi Heitbaum, Ryan Carsten Schmidt,
Scott Mutter, Scott Talbert, Sebastian Neubauer, Sergey Bronnikov, Simon K,
Stefan Eissing, Tal Regev, Viktor Szakats, vulnerabilityspotter on hackerone
(64 contributors)
References to bug reports and discussions on issues:
[1] = https://curl.se/bug/?i=12836
[2] = https://curl.se/bug/?i=12825
[3] = https://curl.se/bug/?i=12834
[4] = https://curl.se/bug/?i=12822
[5] = https://curl.se/bug/?i=12829
[6] = https://curl.se/bug/?i=12867
[7] = https://curl.se/bug/?i=12833
[8] = https://curl.se/bug/?i=12861
[9] = https://curl.se/bug/?i=12866
[10] = https://curl.se/bug/?i=12849
[11] = https://curl.se/bug/?i=12854
[12] = https://curl.se/bug/?i=12828
[13] = https://curl.se/bug/?i=12868
[14] = https://curl.se/bug/?i=12852
[15] = https://curl.se/bug/?i=12856
[16] = https://curl.se/bug/?i=12832
[17] = https://curl.se/bug/?i=12858
[18] = https://curl.se/mail/lib-2024-02/0000.html
[19] = https://curl.se/bug/?i=12823
[20] = https://curl.se/bug/?i=12826
[21] = https://curl.se/bug/?i=13034
[22] = https://curl.se/bug/?i=12937
[23] = https://curl.se/bug/?i=12750
[24] = https://curl.se/bug/?i=12719
[25] = https://curl.se/bug/?i=12900
[26] = https://curl.se/bug/?i=12900
[27] = https://curl.se/bug/?i=12904
[28] = https://curl.se/bug/?i=12901
[29] = https://curl.se/bug/?i=12914
[30] = https://curl.se/bug/?i=12805
[31] = https://curl.se/bug/?i=12909
[32] = https://curl.se/bug/?i=12878
[33] = https://curl.se/bug/?i=12902
[34] = https://curl.se/bug/?i=12896
[35] = https://curl.se/bug/?i=12892
[36] = https://curl.se/bug/?i=12926
[37] = https://curl.se/bug/?i=12891
[38] = https://curl.se/bug/?i=12890
[39] = https://curl.se/bug/?i=12885
[40] = https://curl.se/mail/archive-2024-02/0008.html
[41] = https://curl.se/bug/?i=12889
[42] = https://curl.se/bug/?i=12846
[43] = https://curl.se/bug/?i=12924
[44] = https://curl.se/mail/archive-2024-01/0022.html
[45] = https://curl.se/bug/?i=12884
[46] = https://curl.se/bug/?i=12888
[47] = https://curl.se/bug/?i=12879
[48] = https://curl.se/bug/?i=12877
[49] = https://curl.se/bug/?i=13020
[50] = https://curl.se/bug/?i=12838
[51] = https://curl.se/bug/?i=12859
[52] = https://curl.se/mail/archive-2024-02/0004.html
[53] = https://curl.se/bug/?i=12920
[54] = https://curl.se/bug/?i=12869
[55] = https://curl.se/bug/?i=12831
[56] = https://curl.se/bug/?i=12911
[57] = https://curl.se/bug/?i=12894
[58] = https://curl.se/bug/?i=12996
[59] = https://curl.se/bug/?i=12905
[60] = https://curl.se/bug/?i=12903
[61] = https://curl.se/bug/?i=12411
[62] = https://curl.se/bug/?i=12945
[63] = https://curl.se/bug/?i=12995
[64] = https://curl.se/bug/?i=12921
[65] = https://curl.se/bug/?i=12933
[66] = https://curl.se/bug/?i=12965
[67] = https://curl.se/bug/?i=12962
[68] = https://curl.se/bug/?i=13027
[69] = https://curl.se/bug/?i=12949
[70] = https://curl.se/bug/?i=12880
[71] = https://curl.se/bug/?i=12880
[72] = https://curl.se/bug/?i=12948
[73] = https://curl.se/bug/?i=12989
[74] = https://curl.se/bug/?i=12990
[75] = https://curl.se/bug/?i=12983
[76] = https://curl.se/bug/?i=12981
[77] = https://curl.se/bug/?i=12944
[78] = https://curl.se/bug/?i=12977
[79] = https://curl.se/bug/?i=12947
[80] = https://curl.se/bug/?i=13015
[81] = https://curl.se/bug/?i=12971
[82] = https://curl.se/bug/?i=13052
[83] = https://curl.se/bug/?i=13022
[84] = https://curl.se/bug/?i=13019
[85] = https://curl.se/bug/?i=12906
[86] = https://curl.se/bug/?i=13045
[87] = https://curl.se/bug/?i=13008
[88] = https://curl.se/bug/?i=13065
[89] = https://curl.se/bug/?i=12997
[90] = https://curl.se/bug/?i=13006
[91] = https://curl.se/bug/?i=13048
[92] = https://curl.se/bug/?i=13026
[93] = https://curl.se/bug/?i=13043
[94] = https://curl.se/bug/?i=13044
[95] = https://curl.se/bug/?i=13041
[96] = https://curl.se/bug/?i=13046
[97] = https://curl.se/bug/?i=13003
[98] = https://curl.se/bug/?i=13075
[99] = https://curl.se/bug/?i=13004
[100] = https://curl.se/bug/?i=12998
[101] = https://curl.se/bug/?i=12964
[102] = https://curl.se/bug/?i=12992
[103] = https://curl.se/bug/?i=13001
[104] = https://curl.se/bug/?i=12999
[105] = https://curl.se/bug/?i=13040
[106] = https://curl.se/bug/?i=13037
[107] = https://curl.se/bug/?i=13033
[108] = https://curl.se/bug/?i=13073
[109] = https://curl.se/bug/?i=13084
[110] = https://curl.se/bug/?i=13070
[111] = https://curl.se/bug/?i=13072
[112] = https://curl.se/bug/?i=13028
[113] = https://curl.se/bug/?i=13054
[114] = https://curl.se/bug/?i=13074
[115] = https://curl.se/bug/?i=6169
[116] = https://curl.se/bug/?i=13063
[117] = https://curl.se/bug/?i=13061
[118] = https://curl.se/bug/?i=12897
[119] = https://curl.se/bug/?i=13031
[120] = https://curl.se/bug/?i=13047
[121] = https://curl.se/bug/?i=13047
[122] = https://curl.se/bug/?i=13035
[123] = https://curl.se/bug/?i=13088
[124] = https://curl.se/bug/?i=13055
[125] = https://curl.se/mail/lib-2024-03/0001.html
[126] = https://curl.se/bug/?i=13039
[127] = https://curl.se/bug/?i=13127
[128] = https://curl.se/bug/?i=13085
[129] = https://curl.se/bug/?i=13124
[130] = https://curl.se/bug/?i=13082
[131] = https://curl.se/bug/?i=13119
[132] = https://curl.se/bug/?i=13081
[133] = https://curl.se/bug/?i=13118
[134] = https://curl.se/bug/?i=12063
[135] = https://curl.se/bug/?i=13115
[140] = https://curl.se/bug/?i=11919
[141] = https://curl.se/bug/?i=13101
[142] = https://curl.se/bug/?i=13096
[143] = https://curl.se/bug/?i=13093