curl and libcurl 7.19.4 has just been released! This time I think the perhaps most notable fix is the CVS-2009-0037 security fix which this release addresses. A little over 600 days passed since the previous vulnerability was announced.

Other than that major event, there are a bunch of interesting changes in this release:

• Added CURLOPT_NOPROXY and the corresponding –noproxy
• the OpenSSL-specific code disables TICKET (rfc5077) which is enabled by default in openssl 0.9.8j
• Added CURLOPT_TFTP_BLKSIZE
• Added CURLOPT_SOCKS5_GSSAPI_SERVICE and CURLOPT_SOCKS5_GSSAPI_NEC – with the corresponding curl options –socks5-gssapi-service and –socks5-gssapi-nec
• Improved IPv6 support when built with with c-ares >= 1.6.1
• Added CURLPROXY_HTTP_1_0 and –proxy1.0
• Added docs/libcurl/symbols-in-versions
• Added CURLINFO_CONDITION_UNMET
• Added support for Digest and NTLM authentication using GnuTLS
• CURLOPT_FTP_CREATE_MISSING_DIRS can now be set to 2 to retry the CWD even when MKD fails
• GnuTLS initing moved to curl_global_init()
• Added CURLOPT_REDIR_PROTOCOLS and CURLOPT_PROTOCOLS

We also did at least 15 documented bugfixes in this release and 25 people are credited for their help to make it happen.