diff options
author | Daniel Stenberg <daniel@haxx.se> | 2014-03-25 22:57:47 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2014-03-26 00:29:43 +0100 |
commit | 4f041c9d6e61829310eb0715d8edb2a232478123 (patch) | |
tree | 4338de12d2b5f209b9458131536d337254b54df2 | |
parent | 4d06b27921bde6d0caba0c84c1e50f8495ed48ee (diff) |
RELEASE-NOTES: 7.36.0
-rw-r--r-- | RELEASE-NOTES | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES index a3d6d00b6..72468a993 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -7,6 +7,13 @@ Curl and libcurl 7.36.0 Known libcurl bindings: 42 Contributors: 1123 +This release includes the following SECURITY ADVISORIES: + + o wrong re-use of connections [16] + o IP address wildcard certificate validation [17] + o not verifying certs for TLS to IP address / Darwinssl [18] + o not verifying certs for TLS to IP address / Winssl [19] + This release includes the following changes: o ntlm: Added support for NTLMv2 [2] @@ -73,6 +80,7 @@ This release includes the following bugfixes: o polarssl: avoid extra newlines in debug messages o rtsp: parse "Session:" header properly [14] o trynextip: don't store 'ai' on failed connects + o Curl_cert_hostcheck: strip trailing dots in host name and wildcard This release includes the following known bugs: @@ -107,3 +115,7 @@ References to bug reports and discussions on issues: [13] = http://curl.haxx.se/mail/lib-2014-02/0036.html [14] = http://curl.haxx.se/mail/lib-2014-03/0134.html [15] = http://curl.haxx.se/bug/view.cgi?id=1337 + [16] = http://curl.haxx.se/docs/adv_20140326A.html + [17] = http://curl.haxx.se/docs/adv_20140326B.html + [18] = http://curl.haxx.se/docs/adv_20140326C.html + [19] = http://curl.haxx.se/docs/adv_20140326D.html |