RELEASE-NOTES 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287
  1. curl and libcurl 7.87.1
  2. Public curl releases: 213
  3. Command line options: 250
  4. curl_easy_setopt() options: 302
  5. Public functions in libcurl: 91
  6. Contributors: 2802
  7. This release includes the following changes:
  8. o curl.h: add CURL_HTTP_VERSION_3ONLY [82]
  9. o share: add sharing of HSTS cache among handles [7]
  10. o src: add --http3-only [81]
  11. o tool_operate: share HSTS between handles
  12. o urlapi: add CURLU_PUNYCODE [25]
  13. This release includes the following bugfixes:
  14. o cf-socket: fix build when not HAVE_GETPEERNAME [89]
  15. o cf-socket: keep sockaddr local in the socket filters [69]
  16. o cfilters:Curl_conn_get_select_socks: use the first non-connected filter [24]
  17. o CI: add a workflow to automatically label pull requests [102]
  18. o CI: add pytest github workflow to CI test/tests-httpd on a HTTP/3 setup [109]
  19. o cmake: bump requirement to 3.7 [23]
  20. o cmake: check for sendmsg [39]
  21. o cmake: delete redundant macro definition `SECURITY_WIN32` [91]
  22. o cmake: fix the snprintf detection [5]
  23. o cmake: remove deprecated symbols check [96]
  24. o cmake: set SOVERSION also for macOS [68]
  25. o cmake: use list APPEND syntax for CMAKE_REQUIRED_DEFINITIONS [94]
  26. o connect: fix access of pointer before NULL check [83]
  27. o connect: fix build when not ENABLE_IPV6 [88]
  28. o connect: fix strategy testing for attempts, timeouts and happy-eyeball [110]
  29. o cookies: fp is always not NULL [104]
  30. o copyright.pl: cease doing year verifications [74]
  31. o copyright: update all copyright lines and remove year ranges [35]
  32. o curl.h: allow up to 10M buffer size [76]
  33. o curl.h: mark CURLSSLBACKEND_MESALINK as deprecated [52]
  34. o curl: output warning at --verbose output for debug-enabled version [80]
  35. o curl_free.3: fix return type of `curl_free` [113]
  36. o curl_global_sslset.3: clarify the openssl situation [53]
  37. o curl_log: for failf/infof and debug logging implementations [87]
  38. o curl_version_info.3: fix typo [100]
  39. o CURLOPT_HEADERDATA.3: warn DLL users must set write function [45]
  40. o CURLOPT_READFUNCTION.3: the callback 'size' arg is always 1 [73]
  41. o dict: URL decode the entire path always [120]
  42. o docs/DEPRECATE.md: deprecate gskit [36]
  43. o docs: add link to GitHub Discussions [49]
  44. o docs: mention indirect effects of --insecure [19]
  45. o docs: POSTFIELDSIZE must be set to -1 with read function [97]
  46. o easyoptions: fix header printing in generation script [84]
  47. o escape: hex decode with a lookup-table [107]
  48. o escape: use table lookup when adding %-codes to output [105]
  49. o examples: remove the curlgtk.c example [48]
  50. o ftpserver: lower the normal DATA connect timeout to speed up torture tests [27]
  51. o GHA: add job on Slackware 15.0 [58]
  52. o GHA: move the quiche job here from zuul [75]
  53. o GHA: use designated ngtcp2 and its dependencies versions [77]
  54. o haxproxy: send before TLS handhshake [34]
  55. o hsts.d: explain hsts more [78]
  56. o hsts: handle adding the same host name again
  57. o http2: fix compiler warning due to uninitialized variable
  58. o http2: when using printf %.*s, the length arg must be 'int' [41]
  59. o HTTP3: mention what needs to be in place to remove EXPERIMENTAL label [31]
  60. o http: add additional condition for including stdint.h [54]
  61. o http: decode transfer encoding first [51]
  62. o http: remove the trace message "Mark bundle... multiuse" [6]
  63. o http_proxy: do not assign data->req.p.http use local copy [59]
  64. o INSTALL: document how to use multiple TLS backends [103]
  65. o lib670: make test.h the first include [56]
  66. o lib: connect/h2/h3 refactor [57]
  67. o lib: fix typos [99]
  68. o lib: fix typos in comments which repeat a word [67]
  69. o libssh2: try sha2 algos for hostkey methods [2]
  70. o Linux CI: update some dependecies to latest tag [44]
  71. o Makefile.mk: fix wolfssl and mbedtls default paths [21]
  72. o md4: fix build with GnuTLS + OpenSSL v1 [12]
  73. o misc: fix grammar and spelling [14]
  74. o misc: reduce struct and struct field sizes [65]
  75. o msh3: add support for request payload [28]
  76. o msh3: update to v0.5 Release [17]
  77. o msh3: update to v0.6 [60]
  78. o multihandle: turn bool struct fields into bits [26]
  79. o ngtcp2: add CURLOPT_SSL_CTX_FUNCTION support for openssl+wolfssl [62]
  80. o ngtcp2: fix the build without 'sendmsg' [38]
  81. o noproxy: support for space-separated names is deprecated [66]
  82. o nss: implement data_pending method [43]
  83. o openssl: adapt to boringssl's error code type [118]
  84. o openssl: don't ignore CA paths when using Windows CA store (redux) [101]
  85. o openssl: don't log raw record headers [93]
  86. o openssl: make the BIO_METHOD a local variable in the connection filter [79]
  87. o openssl: only use CA_BLOB if verifying peer [112]
  88. o openssl: remove attached easy handles from SSL instances [29]
  89. o os400: fixes to make-lib.sh and initscript.sh [71]
  90. o release-notes.pl: check fixes/closes lines better
  91. o Revert "x509asn1: avoid freeing unallocated pointers" [37]
  92. o runtest.pl: add expected fourth return value [40]
  93. o runtests: also tear down http2/http3 servers when https server is stopped [8]
  94. o runtests: consider warnings fatal and error on them [32]
  95. o runtests: fix detection of TLS backends [50]
  96. o runtests: make 'mbedtls' a testable feature
  97. o scripts: fix Appveyor job detection in cijobs.pl
  98. o scripts: set file mode +x on all perl and shell scripts [63]
  99. o sectransp: fix for incomplete read/writes [61]
  100. o SECURITY-PROCESS.md: document severity levels [20]
  101. o setopt: move the SHA256 opt within #ifdef libssh2 [42]
  102. o socketpair: allow localhost MITM sniffers [30]
  103. o strdup: name it Curl_strdup [16]
  104. o system.h: assume OS400 is always built with ILEC compiler [95]
  105. o test1560: use a UTF8-using locale when run [46]
  106. o tests-httpd: basic infra to run curl against an apache httpd [72]
  107. o tests: add 3 new HTTP/2 test cases, plus https: support for nghttpx [9]
  108. o tests: avoid use of sha1 in certificates [4]
  109. o tool_getparam: fix hiding of command line secrets [85]
  110. o tool_operate: fix `CURLOPT_SOCKS5_GSSAPI_NEC` type [1]
  111. o tool_operate: fix headerfile writing [64]
  112. o tool_operate: repair --rate [119]
  113. o transfer: break the read loop when RECV is cleared [22]
  114. o typecheck: accept expressions for option/info parameters [3]
  115. o urldata: cease storing TLS auth type [55]
  116. o urldata: make 'ftp_create_missing_dirs' depend on FTP || SFTP [13]
  117. o urldata: make set.http200aliases conditional on HTTP being present [11]
  118. o urldata: move the cookefilelist to the 'set' struct [15]
  119. o urldata: remove unused struct fields, made more conditional [10]
  120. o vtls: fix hostname handling in filters [98]
  121. o vtls: manage current easy handle in nested cfilter calls [90]
  122. o vtls: use ALPN HTTP/1.0 when HTTP/1.0 is used
  123. o winbuild: document that arm64 is supported [92]
  124. o workflows/linux.yml: merge 3 common packages [18]
  125. o write-out.d: clarify Windows % symbol escaping [86]
  126. o writeout: add %{certs} and %{num_certs} [33]
  127. o ws: fix autoping handling [70]
  128. o ws: remove bad assert [117]
  129. o ws: unstick connect-only shutdown [116]
  130. o x509asn1: fix compile errors and warnings [47]
  131. o zuul: stop using this CI service [114]
  132. This release includes the following known bugs:
  133. o see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html)
  134. Planned upcoming removals include:
  135. o gskit
  136. o NSS
  137. o Support for systems without 64 bit data types
  138. See https://curl.se/dev/deprecate.html for details
  139. This release would not have looked like this without help, code, reports and
  140. advice from friends like these:
  141. Alexey Savchuk, Andrei Rybak, Andy Alt, Brian Green, Cameron Blomquist,
  142. Dan Fandrich, Daniel Gustafsson, Daniel Stenberg, dekerser on github,
  143. Divy Le Ray, Esdras de Morais da Silva, Fujii Hironori, Hannah Schierling,
  144. Harry Sintonen, Hide Ishikawa, highmtworks on github, Jakob Hirsch,
  145. John Bampton, John Sherrill, Jon Rumsey, Josh Brobst, Kvarec Lezki,
  146. Marc Aldorasi, Marcel Raad, Mark Roszko, Martin Waleczek, Michael Osipov,
  147. Muhammad Hussein Ammari, Nick Banks, nick-telia on github,
  148. norbertmm on github, odek86 on github, Patrick Monnerat, Paul Groke,
  149. Paul Howarth, Peter Wu, Philip Heiduck, Radek Brich, Radu Hociung,
  150. RanBarLavie on github, Ray Satiro, Ryan Schmidt, Sébastien Helleu,
  151. Sergey Bronnikov, Sergio-IME on github, sergio-nsk on github,
  152. SerusDev on github, Stanley Wucw, Stefan Eissing, Stefan Talpalaru,
  153. Stephan Guilloux, Tatsuhiro Tsujikawa, Thomas1664 on github, Thomas Klausner,
  154. Timmy Schierling, Viktor Szakats, violetlige on github, William Tang,
  155. Yurii Rashkovskii
  156. (59 contributors)
  157. References to bug reports and discussions on issues:
  158. [1] = https://curl.se/bug/?i=10124
  159. [2] = https://curl.se/bug/?i=10143
  160. [3] = https://curl.se/bug/?i=10148
  161. [4] = https://curl.se/bug/?i=10135
  162. [5] = https://curl.se/bug/?i=10155
  163. [6] = https://curl.se/bug/?i=10159
  164. [7] = https://curl.se/bug/?i=10138
  165. [8] = https://curl.se/bug/?i=10114
  166. [9] = https://curl.se/bug/?i=10114
  167. [10] = https://curl.se/bug/?i=10147
  168. [11] = https://curl.se/bug/?i=10140
  169. [12] = https://curl.se/bug/?i=10110
  170. [13] = https://curl.se/bug/?i=10139
  171. [14] = https://curl.se/bug/?i=10137
  172. [15] = https://curl.se/bug/?i=10133
  173. [16] = https://curl.se/bug/?i=10132
  174. [17] = https://curl.se/bug/?i=10125
  175. [18] = https://curl.se/bug/?i=10071
  176. [19] = https://curl.se/bug/?i=10126
  177. [20] = https://curl.se/bug/?i=10118
  178. [21] = https://curl.se/bug/?i=10164
  179. [22] = https://curl.se/bug/?i=10172
  180. [23] = https://curl.se/bug/?i=10128
  181. [24] = https://curl.se/bug/?i=10157
  182. [25] = https://curl.se/bug/?i=10109
  183. [26] = https://curl.se/bug/?i=10179
  184. [27] = https://curl.se/bug/?i=10178
  185. [28] = https://curl.se/bug/?i=10136
  186. [29] = https://curl.se/bug/?i=10151
  187. [30] = https://curl.se/bug/?i=10144
  188. [31] = https://curl.se/bug/?i=10168
  189. [32] = https://curl.se/bug/?i=10208
  190. [33] = https://curl.se/bug/?i=10019
  191. [34] = https://curl.se/bug/?i=10165
  192. [35] = https://curl.se/bug/?i=10205
  193. [36] = https://curl.se/bug/?i=10201
  194. [37] = https://curl.se/bug/?i=10163
  195. [38] = https://curl.se/bug/?i=10210
  196. [39] = https://curl.se/bug/?i=10211
  197. [40] = https://curl.se/bug/?i=10206
  198. [41] = https://curl.se/bug/?i=10203
  199. [42] = https://curl.se/bug/?i=10255
  200. [43] = https://curl.se/bug/?i=10225
  201. [44] = https://curl.se/bug/?i=10195
  202. [45] = https://curl.se/bug/?i=10233
  203. [46] = https://curl.se/bug/?i=10193
  204. [47] = https://curl.se/bug/?i=10238
  205. [48] = https://curl.se/bug/?i=10197
  206. [49] = https://curl.se/bug/?i=10171
  207. [50] = https://curl.se/bug/?i=10236
  208. [51] = https://curl.se/bug/?i=10187
  209. [52] = https://curl.se/bug/?i=10189
  210. [53] = https://curl.se/bug/?i=10188
  211. [54] = https://curl.se/bug/?i=10185
  212. [55] = https://curl.se/bug/?i=10181
  213. [56] = https://curl.se/bug/?i=10182
  214. [57] = https://curl.se/bug/?i=10141
  215. [58] = https://curl.se/bug/?i=10230
  216. [59] = https://curl.se/bug/?i=10194
  217. [60] = https://curl.se/bug/?i=10192
  218. [61] = https://curl.se/bug/?i=10227
  219. [62] = https://curl.se/bug/?i=10222
  220. [63] = https://curl.se/bug/?i=10219
  221. [64] = https://curl.se/bug/?i=10224
  222. [65] = https://curl.se/bug/?i=10186
  223. [66] = https://curl.se/bug/?i=10209
  224. [67] = https://curl.se/bug/?i=10220
  225. [68] = https://curl.se/bug/?i=10214
  226. [69] = https://curl.se/bug/?i=10213
  227. [70] = https://curl.se/bug/?i=10289
  228. [71] = https://curl.se/bug/?i=10266
  229. [72] = https://curl.se/bug/?i=10175
  230. [73] = https://curl.se/bug/?i=10328
  231. [74] = https://curl.se/bug/?i=10345
  232. [75] = https://curl.se/bug/?i=10241
  233. [76] = https://curl.se/bug/?i=10256
  234. [77] = https://curl.se/bug/?i=10257
  235. [78] = https://curl.se/bug/?i=10258
  236. [79] = https://curl.se/bug/?i=10285
  237. [80] = https://curl.se/bug/?i=10278
  238. [81] = https://curl.se/bug/?i=10264
  239. [82] = https://curl.se/bug/?i=10264
  240. [83] = https://curl.se/bug/?i=10284
  241. [84] = https://curl.se/bug/?i=10275
  242. [85] = https://curl.se/bug/?i=10276
  243. [86] = https://curl.se/bug/?i=10323
  244. [87] = https://curl.se/bug/?i=10271
  245. [88] = https://curl.se/bug/?i=10344
  246. [89] = https://curl.se/bug/?i=10343
  247. [90] = https://curl.se/bug/?i=10336
  248. [91] = https://curl.se/bug/?i=10341
  249. [92] = https://curl.se/bug/?i=10332
  250. [93] = https://curl.se/bug/?i=10299
  251. [94] = https://curl.se/bug/?i=10272
  252. [95] = https://curl.se/bug/?i=10305
  253. [96] = https://curl.se/bug/?i=10314
  254. [97] = https://curl.se/bug/?i=10313
  255. [98] = https://curl.se/bug/?i=10273
  256. [99] = https://curl.se/bug/?i=10307
  257. [100] = https://curl.se/bug/?i=10306
  258. [101] = https://curl.se/bug/?i=10244
  259. [102] = https://curl.se/bug/?i=10326
  260. [103] = https://curl.se/bug/?i=10321
  261. [104] = https://curl.se/bug/?i=10383
  262. [105] = https://curl.se/bug/?i=10377
  263. [107] = https://curl.se/bug/?i=10376
  264. [109] = https://curl.se/bug/?i=10317
  265. [110] = https://curl.se/bug/?i=10312
  266. [112] = https://curl.se/mail/lib-2023-01/0070.html
  267. [113] = https://curl.se/bug/?i=10373
  268. [114] = https://curl.se/bug/?i=10368
  269. [116] = https://curl.se/bug/?i=10366
  270. [117] = https://curl.se/bug/?i=10347
  271. [118] = https://curl.se/bug/?i=10360
  272. [119] = https://curl.se/bug/?i=10357
  273. [120] = https://curl.se/bug/?i=10298