diff options
-rw-r--r-- | docs/libcurl/libcurl-security.3 | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/docs/libcurl/libcurl-security.3 b/docs/libcurl/libcurl-security.3 index 0cfdddea8..cdb97915c 100644 --- a/docs/libcurl/libcurl-security.3 +++ b/docs/libcurl/libcurl-security.3 @@ -5,7 +5,7 @@ .\" * | (__| |_| | _ <| |___ .\" * \___|\___/|_| \_\_____| .\" * -.\" * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. +.\" * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. .\" * .\" * This software is licensed as described in the file COPYING, which .\" * you should have received as part of this distribution. The terms @@ -97,8 +97,8 @@ Never ever switch off certificate verification. The \fICURLOPT_FOLLOWLOCATION(3)\fP option automatically follows HTTP redirects sent by a remote server. These redirects can refer to any kind of URL, not just HTTP. libcurl restricts the protocols allowed to be used in -redirects for security reasons: FILE, SCP, SMB and SMBS are disabled by -default. Applications are encouraged to restrict that set further. +redirects for security reasons: only HTTP, HTTPS and FTP are enabled by +default. Applications may opt to restrict thus set further. A redirect to a file: URL would cause the libcurl to read (or write) arbitrary files from the local filesystem. If the application returns the data back to |