curl and libcurl 7.19.4 has just been released! This time I think the perhaps most notable fix is the CVS-2009-0037 security fix which this release addresses. A little over 600 days passed since the previous vulnerability was announced.
Other than that major event, there are a bunch of interesting changes in this release:
- Added CURLOPT_NOPROXY and the corresponding –noproxy
- the OpenSSL-specific code disables TICKET (rfc5077) which is enabled by default in openssl 0.9.8j
- Added CURLOPT_TFTP_BLKSIZE
- Added CURLOPT_SOCKS5_GSSAPI_SERVICE and CURLOPT_SOCKS5_GSSAPI_NEC – with the corresponding curl options –socks5-gssapi-service and –socks5-gssapi-nec
- Improved IPv6 support when built with with c-ares >= 1.6.1
- Added CURLPROXY_HTTP_1_0 and –proxy1.0
- Added docs/libcurl/symbols-in-versions
- Added CURLINFO_CONDITION_UNMET
- Added support for Digest and NTLM authentication using GnuTLS
- CURLOPT_FTP_CREATE_MISSING_DIRS can now be set to 2 to retry the CWD even when MKD fails
- GnuTLS initing moved to curl_global_init()
- Added CURLOPT_REDIR_PROTOCOLS and CURLOPT_PROTOCOLS
We also did at least 15 documented bugfixes in this release and 25 people are credited for their help to make it happen.