aboutsummaryrefslogtreecommitdiff
path: root/RELEASE-NOTES
blob: b8194c93307ae57e802be3178f774997d88b9ec5 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
curl and libcurl 7.63.0

 Public curl releases:         178
 Command line options:         219
 curl_easy_setopt() options:   262
 Public functions in libcurl:  80
 Contributors:                 1829

This release includes the following changes:

 o curl: add %{stderr} and %{stdout} for --write-out [24]
 o curl: add undocumented option --dump-module-paths for win32 [19]
 o setopt: add CURLOPT_CURLU [27]

This release includes the following bugfixes:

 o (lib)curl.rc: fixup for minor bugs [63]
 o CURLINFO_REDIRECT_URL: extract the Location: header field unvalidated [73]
 o CURLOPT_HEADERFUNCTION.3: match 'nitems' name in synopsis and description [45]
 o CURLOPT_WRITEFUNCTION.3: spell out that it gets called many times
 o Curl_follow: accept non-supported schemes for "fake" redirects [9]
 o KNOWN_BUGS: add --proxy-any connection issue [28]
 o NTLM: Remove redundant ifdef USE_OPENSSL [41]
 o NTLM: force the connection to HTTP/1.1 [67]
 o OS400: add URL API ccsid wrappers and sync ILE/RPG bindings
 o SECURITY-PROCESS: bountygraph shuts down again [50]
 o TODO: Have the URL API offer IDN decoding [22]
 o ares: remove fd from multi fd set when ares is about to close the fd [42]
 o axtls: removed [1]
 o checksrc: add COPYRIGHTYEAR check [62]
 o cmake: fix MIT/Heimdal Kerberos detection [53]
 o configure: include all libraries in ssl-libs fetch [55]
 o configure: show CFLAGS, LDFLAGS etc in summary [7]
 o connect: fix building for recent versions of Minix [52]
 o cookies: create the cookiejar even if no cookies to save [48]
 o cookies: expire "Max-Age=0" immediately [64]
 o curl: --local-port range was not "including" [29]
 o curl: fix --local-port integer overflow [25]
 o curl: fix memory leak reading --writeout from file [51]
 o curl: fixed UTF-8 in current console code page (Windows) [16]
 o curl_easy_perform: fix timeout handling [49]
 o curl_global_sslset(): id == -1 is not necessarily an error [68]
 o curl_multibyte: fix a malloc overcalculation [18]
 o curle: move deprecated error code to ifndef block [40]
 o docs: curl_formadd field and file names are now escaped [72]
 o docs: escape "\n" codes [26]
 o doh: fix memory leak in OOM situation [56]
 o doh: make it work for h2-disabled builds too [57]
 o examples/ephiperfifo: report error when epoll_ctl fails
 o ftp: avoid two unsigned int overflows in FTP listing parser [30]
 o host names: allow trailing dot in name resolve, then strip it [46]
 o http2: Upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1 [65]
 o http: don't set CURLINFO_CONDITION_UNMET for http status code 204 [70]
 o http: fix HTTP Digest auth to include query in URI [69]
 o http_negotiate: do not close connection until negotiation is completed [36]
 o impacket: add LICENSE [39]
 o infof: clearly indicate truncation [14]
 o ldap: fix LDAP URL parsing regressions [71]
 o libcurl: stop reading from paused transfers [20]
 o mprintf: avoid unsigned integer overflow warning [10]
 o netrc: don't ignore the login name specified with "--user" [17]
 o nss: Fall back to latest supported SSL version [60]
 o nss: Fix compatibility with nss versions 3.14 to 3.15 [61]
 o nss: fix fallthrough comment to fix picky compiler warning
 o nss: remove version selecting dead code [33]
 o nss: set default max-tls to 1.3/1.2 [32]
 o openssl: Remove SSLEAY leftovers [37]
 o openssl: do not log excess "TLS app data" lines for TLS 1.3 [34]
 o openssl: do not use file BIOs if not requested [59]
 o openssl: fix unused variable compiler warning with old openssl [66]
 o openssl: support session resume with TLS 1.3 [44]
 o openvms: fix example name [8]
 o os400: Add curl_easy_conn_upkeep() to ILE/RPG binding
 o os400: add CURLOPT_CURLU to ILE/RPG binding
 o os400: fix return type of curl_easy_pause() in ILE/RPG binding
 o packages: remove old leftover files and dirs [58]
 o pop3: only do APOP with a valid timestamp [35]
 o runtests: use the local curl for verifying [6]
 o schannel: be consistent in Schannel capitalization [23]
 o schannel: better CURLOPT_CERTINFO support [2]
 o schannel: use Curl_ prefix for global private symbols [4]
 o snprintf: renamed and we now only use msnprintf() [47]
 o ssl: fix compilation with OpenSSL 0.9.7 [43]
 o ssl: replace all internal uses of CURLE_SSL_CACERT [40]
 o symbols-in-versions: add missing CURLU_ symbols [15]
 o test328: verify Content-Encoding: none [54]
 o tests: disable SO_EXCLUSIVEADDRUSE for stunnel on Windows
 o tests: drop http_pipe.py script no longer used [5]
 o tool_cb_wrt: Silence function cast compiler warning [31]
 o tool_doswin: Fix uninitialized field warning [38]
 o travis: build with clang sanitizers [3]
 o travis: remove curl before a normal build [11]
 o url: a short host name + port is not a scheme [13]
 o url: fix IPv6 numeral address parser [12]
 o urlapi: only skip encoding the first '=' with APPENDQUERY set [21]

This release includes the following known bugs:

 o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html)

This release would not have looked like this without help, code, reports and
advice from friends like these:

  Alessandro Ghedini, Alexey Melnichuk, Antoni Villalonga, Ben Greear,
  bobmitchell1956 on github, Brad King, Brian Carpenter, daboul on github,
  Daniel Gustafsson, Daniel Stenberg, Dave Reisner, David Benjamin,
  Dheeraj Sangamkar, dtmsecurity on github, Elia Tufarolo, Frank Gevaerts,
  Gergely Nagy, Gisle Vanem, Hagai Auro, Han Han, infinnovation-dev on github,
  James Knight, Jérémy Rocher, Jeroen Ooms, Jim Fuller, Johannes Schindelin,
  Kamil Dudka, Konstantin Kushnir, Marcel Raad, Marc Hörsken, Marcos Diazr,
  Michael Kaufmann, NTMan on Github, Patrick Monnerat, Paul Howarth,
  Pavel Pavlov, Peter Wu, Ray Satiro, Rod Widdowson, Romain Fliedel,
  Samuel Surtees, Sevan Janiyan, Stefan Kanthak, Sven Blumenstein, Tim Rühsen,
  Tobias Hintze, Tomas Hoger, tonystz on Github, tpaukrt on github,
  Viktor Szakats, Yasuhiro Matsumoto,
  (51 contributors)

        Thanks! (and sorry if I forgot to mention someone)

References to bug reports and discussions on issues:

 [1] = https://curl.haxx.se/bug/?i=3194
 [2] = https://curl.haxx.se/bug/?i=3197
 [3] = https://curl.haxx.se/bug/?i=3190
 [4] = https://curl.haxx.se/bug/?i=3201
 [5] = https://curl.haxx.se/bug/?i=3204
 [6] = https://curl.haxx.se/mail/lib-2018-10/0118.html
 [7] = https://curl.haxx.se/bug/?i=3207
 [8] = https://curl.haxx.se/bug/?i=3217
 [9] = https://curl.haxx.se/bug/?i=3210
 [10] = https://curl.haxx.se/bug/?i=3184
 [11] = https://curl.haxx.se/bug/?i=3198
 [12] = https://curl.haxx.se/bug/?i=3218
 [13] = https://curl.haxx.se/bug/?i=3220
 [14] = https://curl.haxx.se/bug/?i=3216
 [15] = https://curl.haxx.se/bug/?i=3226
 [16] = https://curl.haxx.se/bug/?i=3211
 [17] = https://curl.haxx.se/bug/?i=3213
 [18] = https://curl.haxx.se/bug/?i=3209
 [19] = https://curl.haxx.se/bug/?i=3208
 [20] = https://curl.haxx.se/bug/?i=3240
 [21] = https://curl.haxx.se/bug/?i=3231
 [22] = https://curl.haxx.se/bug/?i=3232
 [23] = https://curl.haxx.se/bug/?i=3243
 [24] = https://curl.haxx.se/bug/?i=3115
 [25] = https://curl.haxx.se/bug/?i=3242
 [26] = https://curl.haxx.se/bug/?i=3246
 [27] = https://curl.haxx.se/bug/?i=3227
 [28] = https://curl.haxx.se/bug/?i=876
 [29] = https://curl.haxx.se/bug/?i=3251
 [30] = https://curl.haxx.se/bug/?i=3225
 [31] = https://curl.haxx.se/bug/?i=3263
 [32] = https://curl.haxx.se/bug/?i=3261
 [33] = https://curl.haxx.se/bug/?i=3262
 [34] = https://curl.haxx.se/bug/?i=3281
 [35] = https://curl.haxx.se/bug/?i=3278
 [36] = https://curl.haxx.se/bug/?i=3275
 [37] = https://curl.haxx.se/bug/?i=3270
 [38] = https://curl.haxx.se/bug/?i=3254
 [39] = https://curl.haxx.se/bug/?i=3276
 [40] = https://curl.haxx.se/bug/?i=3291
 [41] = https://curl.haxx.se/bug/?i=3269
 [42] = https://curl.haxx.se/bug/?i=3238
 [43] = https://curl.haxx.se/bug/?i=3266
 [44] = https://curl.haxx.se/bug/?i=3202
 [45] = https://curl.haxx.se/bug/?i=3295
 [46] = https://curl.haxx.se/bug/?i=3022
 [47] = https://curl.haxx.se/bug/?i=3296
 [48] = https://curl.haxx.se/bug/?i=3299
 [49] = https://curl.haxx.se/bug/?i=3305
 [50] = https://curl.haxx.se/bug/?i=3311
 [51] = https://curl.haxx.se/bug/?i=3322
 [52] = https://curl.haxx.se/bug/?i=3323
 [53] = https://curl.haxx.se/bug/?i=3316
 [54] = https://curl.haxx.se/bug/?i=3317
 [55] = https://curl.haxx.se/bug/?i=3193
 [56] = https://curl.haxx.se/bug/?i=3342
 [57] = https://curl.haxx.se/bug/?i=3325
 [58] = https://curl.haxx.se/bug/?i=3331
 [59] = https://curl.haxx.se/bug/?i=3339
 [60] = https://curl.haxx.se/bug/?i=3261
 [61] = https://curl.haxx.se/bug/?i=3337
 [62] = https://curl.haxx.se/bug/?i=3303
 [63] = https://curl.haxx.se/bug/?i=3348
 [64] = https://curl.haxx.se/bug/?i=3351
 [65] = https://curl.haxx.se/bug/?i=3349
 [66] = https://curl.haxx.se/bug/?i=3337
 [67] = https://curl.haxx.se/bug/?i=3345
 [68] = https://curl.haxx.se/bug/?i=3346
 [69] = https://curl.haxx.se/bug/?i=3353
 [70] = https://curl.haxx.se/bug/?i=3359
 [71] = https://curl.haxx.se/bug/?i=3362
 [72] = https://curl.haxx.se/bug/?i=3361
 [73] = https://curl.haxx.se/bug/?i=3340