- David Kierznowski notified us about a security flaw

(http://curl.haxx.se/docs/adv_20090303.html also known as CVE-2009-0037) in which previous libcurl versions (by design) can be tricked to access an arbitrary local/different file instead of a remote one when CURLOPT_FOLLOWLOCATION is enabled. This flaw is now fixed in this release together this the addition of two new setopt options for controlling this new behavior: o CURLOPT_REDIR_PROTOCOLS controls what protocols libcurl is allowed to follow to when CURLOPT_FOLLOWLOCATION is enabled. By default, this option excludes the FILE and SCP protocols and thus you nee to explicitly allow them in your app if you really want that behavior. o CURLOPT_PROTOCOLS controls what protocol(s) libcurl is allowed to fetch using the primary URL option. This is useful if you want to allow a user or other outsiders control what URL to pass to libcurl and yet not allow all protocols libcurl may have been built to support.
author: Daniel Stenberg <daniel@haxx.se> 2009-03-02 23:05:31 +0000
committer: Daniel Stenberg <daniel@haxx.se> 2009-03-02 23:05:31 +0000
commit: 042cc1f69ec0878f542667cb684378869f859911 (patch)
tree: c906f85632eb6018fadb153a4c5cdd2fe48072a5 /docs/libcurl/symbols-in-versions
parent: 90b804d3fa74e9d4fe260c889e9ccebdb7aaa3b1 (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/docs/libcurl/symbols-in-versions b/docs/libcurl/symbols-in-versions
index 7184ecc6a..e429f2e98 100644
--- a/docs/libcurl/symbols-in-versions
+++ b/docs/libcurl/symbols-in-versions
@@ -191,6 +191,7 @@ CURLOPT_PRIVATE                 7.10.3
 CURLOPT_PROGRESSDATA            7.1
 CURLOPT_PROGRESSFUNCTION        7.1
 CURLOPT_PROGRESSMODE            7.1           -           7.9.2
+CURLOPT_PROTOCOLS               7.19.4
 CURLOPT_PROXY                   7.1
 CURLOPT_PROXYAUTH               7.10.7
 CURLOPT_PROXYPASSWORD           7.19.1
@@ -205,6 +206,7 @@ CURLOPT_RANDOM_FILE             7.7
 CURLOPT_RANGE                   7.1
 CURLOPT_READDATA                7.9.7
 CURLOPT_READFUNCTION            7.1
+CURLOPT_REDIR_PROTOCOLS         7.19.4
 CURLOPT_REFERER                 7.1
 CURLOPT_RESUME_FROM             7.1
 CURLOPT_RESUME_FROM_LARGE       7.11.0
@@ -261,6 +263,19 @@ CURLOPT_VERBOSE                 7.1
 CURLOPT_WRITEDATA               7.9.7
 CURLOPT_WRITEFUNCTION           7.1
 CURLOPT_WRITEHEADER             7.1
+CURLPROTO_ALL                   7.19.4
+CURLPROTO_DICT                  7.19.4
+CURLPROTO_FILE                  7.19.4
+CURLPROTO_FTP                   7.19.4
+CURLPROTO_FTPS                  7.19.4
+CURLPROTO_HTTP                  7.19.4
+CURLPROTO_HTTPS                 7.19.4
+CURLPROTO_LDAP                  7.19.4
+CURLPROTO_LDAPS                 7.19.4
+CURLPROTO_SCP                   7.19.4
+CURLPROTO_SFTP                  7.19.4
+CURLPROTO_TELNET                7.19.4
+CURLPROTO_TFTP                  7.19.4
 CURLPROXY_HTTP                  7.10
 CURLPROXY_HTTP_1_0              7.19.4
 CURLPROXY_SOCKS4                7.10
author	Daniel Stenberg <daniel@haxx.se>	2009-03-02 23:05:31 +0000
committer	Daniel Stenberg <daniel@haxx.se>	2009-03-02 23:05:31 +0000
commit	042cc1f69ec0878f542667cb684378869f859911 (patch)
tree	c906f85632eb6018fadb153a4c5cdd2fe48072a5 /docs/libcurl/symbols-in-versions
parent	90b804d3fa74e9d4fe260c889e9ccebdb7aaa3b1 (diff)