{"id":25842,"date":"2024-11-06T08:16:11","date_gmt":"2024-11-06T07:16:11","guid":{"rendered":"https:\/\/daniel.haxx.se\/blog\/?p=25842"},"modified":"2024-11-06T11:03:54","modified_gmt":"2024-11-06T10:03:54","slug":"curl-8-11-0","status":"publish","type":"post","link":"https:\/\/daniel.haxx.se\/blog\/2024\/11\/06\/curl-8-11-0\/","title":{"rendered":"curl 8.11.0"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Numbers<\/h2>\n\n\n\n<p class=\"has-text-align-center\"><strong>the 262nd release<br>5 changes<br>49 days (total: 9,728)<\/strong><br><strong>266 bugfixes (total: 11,094)<\/strong><br><strong>435 commits (total: 33,694)<br>0 new public libcurl function (total: 94)<br>0 new curl_easy_setopt() option (total: 306)<\/strong><br><strong>1 new curl command line option (total: 266)<\/strong><br><strong>55 contributors, 22 new (total: 3,268)<\/strong><br><strong>25 authors, 10 new (total: 1,312)<\/strong><br><strong>1 security fixes (total: 160)<\/strong><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Release presentation<\/h2>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"curl 8.11.0 with Daniel Stenberg\" width=\"474\" height=\"267\" src=\"https:\/\/www.youtube.com\/embed\/C9SSeavI1NE?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Security<\/h2>\n\n\n\n<p><a href=\"https:\/\/curl.se\/docs\/CVE-2024-9681.html\">CVE-2024-9681:  HSTS subdomain overwrites parent cache entry<\/a>. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain&#8217;s cache entry, making it end sooner or later than otherwise intended.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Changes<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>&#8211;create-dirs works for &#8211;dump-header as well<\/li>\n\n\n\n<li>P12 format support added to GnuTLS backend<\/li>\n\n\n\n<li>Added options to disable IPFS<\/li>\n\n\n\n<li>TLSv1.3 earlydata support (with GnuTLS)<\/li>\n\n\n\n<li>Official WebSocket support<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Bugfixes<\/h2>\n\n\n\n<p>These are some of my favorite bugfixes in this release.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Build<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>cmake: document -D and env build options<\/li>\n\n\n\n<li>configure: add support for &#8216;unity&#8217; builds<\/li>\n\n\n\n<li>configure: set linker flags to allow rustls build on macos<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">curl<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>detect ECH support dynamically, not at build time<\/li>\n\n\n\n<li>support &#8211;show-headers AND &#8211;remote-header-name<\/li>\n\n\n\n<li>make &#8211;skip-existing work for &#8211;parallel<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">libcurl<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>conncache: find bundle again in case it is removed<\/li>\n\n\n\n<li>curl.h: remove the struct pointer for CURL\/CURLSH\/CURLM typedefs<\/li>\n\n\n\n<li>ftp: fix 0-length last write on upload from stdin<\/li>\n\n\n\n<li>hsts: support &#8220;implied LWS&#8221; properly around max-age<\/li>\n\n\n\n<li>lib: remove function pointer typecasts for hmac\/sha256\/md5<\/li>\n\n\n\n<li>mprintf: do not ignore length modifiers of %o, %x, %X<\/li>\n\n\n\n<li>mprintf: treat %o as unsigned<\/li>\n\n\n\n<li>multi: make curl_multi_cleanup invalidate magic latter<\/li>\n\n\n\n<li>multi: make multi_handle_timeout use the connect timeout<\/li>\n\n\n\n<li>netrc: cache the netrc file in memory<\/li>\n\n\n\n<li>select: use poll() if existing, avoid poll() with no sockets<\/li>\n\n\n\n<li>url: use same credentials on redirect<\/li>\n\n\n\n<li>urlapi: normalize the IPv6 address<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">protocols<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>ngtcp2: set max window size to 10x of initial (128KB)<\/li>\n\n\n\n<li>url: connection reuse on h3 connections<\/li>\n\n\n\n<li>gnutls: use session cache for QUIC<\/li>\n\n\n\n<li>mbedTLS: fix handling of TLSv1.3 sessions<\/li>\n\n\n\n<li>schannel: ignore error on recv beyond close notify<\/li>\n\n\n\n<li>schannel: reclassify extra-verbose schannel_recv messages<\/li>\n\n\n\n<li>quic: use send\/recvmmsg when available<\/li>\n\n\n\n<li>quic: use the session cache with wolfSSL as well<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">tests<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>generate lib1521.c atomically<\/li>\n\n\n\n<li>remove all valgrind disable instructions<\/li>\n\n\n\n<li>remove debug requirement on 38 tests<\/li>\n\n\n\n<li>use &#8216;-4&#8217; where needed<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Next<\/h2>\n\n\n\n<p>Unless we find a terrible regression, the next curl release is scheduled to ship on January 8, 2025.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>curl 8.11.0 is released, featuring one security fix, five changes and 265 bugfixes.<\/p>\n","protected":false},"author":5,"featured_media":25861,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[33,95],"class_list":["post-25842","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-curl","tag-curl-and-libcurl","tag-release"],"_links":{"self":[{"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/posts\/25842","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/comments?post=25842"}],"version-history":[{"count":16,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/posts\/25842\/revisions"}],"predecessor-version":[{"id":25931,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/posts\/25842\/revisions\/25931"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/media\/25861"}],"wp:attachment":[{"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/media?parent=25842"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/categories?post=25842"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/tags?post=25842"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}