Curl and libcurl 7.48.0 Public curl releases: 153 Command line options: 179 curl_easy_setopt() options: 221 Public functions in libcurl: 61 Contributors: 1364 This release includes the following changes: o configure: --with-ca-fallback: use built-in TLS CA fallback [2] o TFTP: add --tftp-no-options to expose CURLOPT_TFTP_NO_OPTIONS [22] o getinfo: CURLINFO_TLS_SSL_PTR supersedes CURLINFO_TLS_SESSION [25] o added CODE_STYLE.md [47] This release includes the following bugfixes: o Proxy-Connection: stop sending this header by default [1] o os400: sync ILE/RPG definitions with latest public header files o cookies: allow spaces in cookie names, cut of trailing spaces [3] o tool_urlglob: Allow reserved dos device names (Windows) [4] o openssl: remove most BoringSSL #ifdefs [5] o tool_doswin: Support for literal path prefix \\?\ o mbedtls: fix ALPN usage segfault [6] o mbedtls: fix memory leak when destroying SSL connection data [7] o nss: do not count enabled cipher-suites o examples/cookie_interface.c: add cleanup call o examples: adhere to curl code style o curlx_tvdiff: handle 32bit time_t overflows [8] o dist: ship buildconf.bat too o curl.1: --disable-{eprt,epsv} are ignored for IPv6 hosts [9] o generate.bat: Fix comment bug by removing old comments [10] o test1604: Add to Makefile.inc so it gets run o gtls: fix for builds lacking encrypted key file support [11] o SCP: use libssh2_scp_recv2 to support > 2GB files on windows [12] o CURLOPT_CONNECTTIMEOUT_MS.3: Fix example to use milliseconds option [13] o cookie: do not refuse cookies to localhost [14] o openssl: avoid direct PKEY access with OpenSSL 1.1.0 [15] o http: Don't break the header into chunks if HTTP/2 [16] o http2: don't decompress gzip decoding automatically [17] o curlx.c: i2s_ASN1_IA5STRING() clashes with an openssl function o curl.1: add a missing dash o curl.1: HTTP headers for --cookie must be Set-Cookie style [18] o CURLOPT_COOKIEFILE.3: HTTP headers must be Set-Cookie style [18] o curl_sasl: Fix memory leak in digest parser [19] o src/Makefile.m32: add CURL_{LD,C}FLAGS_EXTRAS support [20] o CURLOPT_DEBUGFUNCTION.3: Fix example o runtests: Fixed usage of %PWD on MinGW64 [21] o tests/sshserver.pl: use RSA instead of DSA for host auth [23] o multi_remove_handle: keep the timeout list until after disconnect [24] o Curl_read: check for activated HTTP/1 pipelining, not only requested o configure: warn on invalid ca bundle or path [26] o file: try reading from files with no size [27] o getinfo: Add support for mbedTLS TLS session info o formpost: fix memory leaks in AddFormData error branches [28] o makefile.m32: allow to pass .dll/.exe-specific LDFLAGS [29] o url: if Curl_done is premature then pipeline not in use [30] o cookie: remove redundant check [31] o cookie: Don't expire session cookies in remove_expired [32] o makefile.m32: fix to allow -ssh2-winssl combination [33] o checksrc.bat: Fixed cannot find perl if installed but not in path o build-openssl.bat: Fixed cannot find perl if installed but not in path o mbedtls: fix user-specified SSL protocol version o makefile.m32: add missing libs for static -winssl-ssh2 builds [34] o test46: change cookie expiry date [35] o pipeline: Sanity check pipeline pointer before accessing it [36] o openssl: use the correct OpenSSL/BoringSSL/LibreSSL in messages o ftp_done: clear tunnel_state when secondary socket closes [37] o opt-docs: fix heading macros [38] o imap/pop3/smtp: Fixed connections upgraded with TLS are not reused [39] o curl_multi_wait: never return -1 in 'numfds' [40] o url.c: fix clang warning: no newline at end of file o krb5: improved type handling to avoid clang compiler warnings o cookies: first n/v pair in Set-Cookie: is the cookie, then parameters [41] o multi: avoid blocking during CURLM_STATE_WAITPROXYCONNECT [42] o multi hash: ensure modulo performed on curl_socket_t [43] o curl: glob_range: no need to check unsigned variable for negative o easy: add check to malloc() when running event-based o CURLOPT_SSLENGINE.3: Only for OpenSSL built with engine support [44] o version: thread safety o openssl: verbose: show matching SAN pattern o openssl: adapt to OpenSSL 1.1.0 API breakage in ERR_remove_thread_state() o formdata.c: Fixed compilation warning o configure: use cpp -P when needed [45] o imap.c: Fixed compilation warning with /Wall enabled o config-w32.h: Fixed compilation warning when /Wall enabled o ftp/imap/pop3/smtp: Fixed compilation warning when /Wall enabled o build: Added missing Visual Studio filter files for VC10 onwards o easy: Remove poll failure check in easy_transfer o mbedtls: fix compiler warning o build-wolfssl: Update VS properties for wolfSSL v3.9.0 o Fixed various compilation warnings when verbose strings disabled This release includes the following known bugs: o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html) This release would not have looked like this without help, code, reports and advice from friends like these: Anders Bakken, Brad Fitzpatrick, Clint Clayton, Dan Fandrich, Daniel Stenberg, David Benjamin, David Byron, Emil Lerner, Eric S. Raymond, Gisle Vanem, Jaime Fullaondo, Jeffrey Walton, Jesse Tan, Justin Ehlert, Kamil Dudka, Kazuho Oku, Ludwig Nussel, Maksim Kuzevanov, Michael König, Oliver Graute, Patrick Monnerat, Rafael Antonio, Ray Satiro, Seth Mos, Shine Fan, Steve Holme, Tatsuhiro Tsujikawa, Timotej Lazar, Tim Rühsen, Viktor Szakáts, (30 contributors) Thanks! (and sorry if I forgot to mention someone) References to bug reports and discussions on issues: [1] = https://curl.haxx.se/bug/?i=633 [2] = https://curl.haxx.se/bug/?i=569 [3] = https://curl.haxx.se/bug/?i=639 [4] = https://github.com/curl/curl/commit/4520534#commitcomment-15954863 [5] = https://curl.haxx.se/bug/?i=640 [6] = https://curl.haxx.se/bug/?i=642 [7] = https://curl.haxx.se/bug/?i=626 [8] = https://curl.haxx.se/bug/?i=646 [9] = https://bugzilla.redhat.com/1305970 [10] = https://curl.haxx.se/bug/?i=649 [11] = https://curl.haxx.se/bug/?i=651 [12] = https://curl.haxx.se/bug/?i=451 [13] = https://curl.haxx.se/bug/?i=653 [14] = https://curl.haxx.se/bug/?i=658 [15] = https://curl.haxx.se/bug/?i=650 [16] = https://curl.haxx.se/bug/?i=659 [17] = https://curl.haxx.se/bug/?i=661 [18] = https://curl.haxx.se/bug/?i=666 [19] = https://curl.haxx.se/bug/?i=667 [20] = https://curl.haxx.se/bug/?i=670 [21] = https://curl.haxx.se/bug/?i=672 [22] = https://curl.haxx.se/bug/?i=481 [23] = https://curl.haxx.se/bug/?i=676 [24] = https://curl.haxx.se/mail/lib-2016-02/0097.html [25] = https://curl.haxx.se/libcurl/c/CURLINFO_TLS_SSL_PTR.html [26] = https://curl.haxx.se/bug/?i=404 [27] = https://curl.haxx.se/bug/?i=681 [28] = https://curl.haxx.se/bug/?i=688 [29] = https://curl.haxx.se/bug/?i=689 [30] = https://curl.haxx.se/bug/?i=690 [31] = https://curl.haxx.se/bug/?i=695 [32] = https://curl.haxx.se/bug/?i=697 [33] = https://curl.haxx.se/bug/?i=692 [34] = https://curl.haxx.se/bug/?i=693 [35] = https://curl.haxx.se/bug/?i=697 [36] = https://curl.haxx.se/bug/?i=704 [37] = https://curl.haxx.se/bug/?i=701 [38] = https://curl.haxx.se/bug/?i=705 [39] = https://curl.haxx.se/bug/?i=422 [40] = https://curl.haxx.se/bug/?i=707 [41] = https://curl.haxx.se/bug/?i=709 [42] = https://curl.haxx.se/bug/?i=703 [43] = https://curl.haxx.se/bug/?i=712 [44] = https://curl.haxx.se/mail/lib-2016-03/0150.html [45] = https://curl.haxx.se/bug/?i=719 [47] = https://curl.haxx.se/dev/code-style.html