From e8442e4ffcecf3e290c7e26c44e4aa313e016f9a Mon Sep 17 00:00:00 2001 From: Jay Satiro Date: Tue, 16 Jul 2019 03:35:54 -0400 Subject: libcurl: Restrict redirect schemes (follow-up) - Allow FTPS on redirect. - Update default allowed redirect protocols in documentation. Follow-up to 6080ea0. Ref: https://github.com/curl/curl/pull/4094 Closes https://github.com/curl/curl/pull/4115 --- docs/cmdline-opts/proto-redir.d | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'docs/cmdline-opts') diff --git a/docs/cmdline-opts/proto-redir.d b/docs/cmdline-opts/proto-redir.d index c9eeeab1d..a1205dd03 100644 --- a/docs/cmdline-opts/proto-redir.d +++ b/docs/cmdline-opts/proto-redir.d @@ -11,7 +11,8 @@ Example, allow only HTTP and HTTPS on redirect: curl --proto-redir -all,http,https http://example.com -By default curl will allow all protocols on redirect except several disabled -for security reasons: Since 7.19.4 FILE and SCP are disabled, and since 7.40.0 -SMB and SMBS are also disabled. Specifying \fIall\fP or \fI+all\fP enables all -protocols on redirect, including those disabled for security. +By default curl will allow HTTP, HTTPS, FTP and FTPS on redirect (7.65.2). +Older versions of curl allowed all protocols on redirect except several +disabled for security reasons: Since 7.19.4 FILE and SCP are disabled, and +since 7.40.0 SMB and SMBS are also disabled. Specifying \fIall\fP or \fI+all\fP +enables all protocols on redirect, including those disabled for security. -- cgit v1.2.3