{"id":26066,"date":"2024-12-11T08:14:16","date_gmt":"2024-12-11T07:14:16","guid":{"rendered":"https:\/\/daniel.haxx.se\/blog\/?p=26066"},"modified":"2024-12-11T10:51:15","modified_gmt":"2024-12-11T09:51:15","slug":"curl-8-11-1","status":"publish","type":"post","link":"https:\/\/daniel.haxx.se\/blog\/2024\/12\/11\/curl-8-11-1\/","title":{"rendered":"curl 8.11.1"},"content":{"rendered":"\n<p>Welcome to another curl release. This time we do a bugfix only release, five weeks since the previous version shipped.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Release Presentation<\/h2>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"curl 8.11.1 with Daniel Stenberg\" width=\"474\" height=\"267\" src=\"https:\/\/www.youtube.com\/embed\/9SgOsDr4KDE?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Numbers<\/h2>\n\n\n\n<p class=\"has-text-align-center\"><strong>the 263rd release<br>0 changes<br>35 days (total: 9,763)<\/strong><br><strong>79 bugfixes (total: 11,173)<\/strong><br><strong>115 commits (total: 33,811)<br>0 new public libcurl function (total: 94)<br>0 new curl_easy_setopt() option (total: 306)<\/strong><br><strong>0 new curl command line option (total: 266)<\/strong><br><strong>51 contributors, 32 new (total: 3,299)<\/strong><br><strong>22 authors, 10 new (total: 1,323)<\/strong><br><strong>1 security fixes (total: 161)<\/strong><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Security<\/h2>\n\n\n\n<p> <a href=\"https:\/\/curl.se\/docs\/CVE-2024-11053.html\">CVE-2024-11053: netrc and redirect credential leak<\/a>. (<strong>Severity: Low<\/strong>) When asked to both use a <code>.netrc<\/code> file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Bugfixes<\/h2>\n\n\n\n<p>As usual, here follows some bugfixes I figure could be worth highlighting. See <a href=\"https:\/\/curl.se\/ch\/8.11.1.html\">the changelog<\/a> on the curl site for the full list of changes.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">curl<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>&#8211;continue-at is mutually exclusive with &#8211;no-clobber<\/li>\n\n\n\n<li>&#8211;continue-at is mutually exclusive with &#8211;range<\/li>\n\n\n\n<li>&#8211;continue-at is mutually exclusive with &#8211;remove-on-error<\/li>\n\n\n\n<li>use real time in trace timestamps<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">scripts<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>dmaketgz: use &#8211;no-cache when building docker image<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">libcurl<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>duphandle: also init netrc<\/li>\n\n\n\n<li>hostip: don&#8217;t use the resolver for FQDN localhost<\/li>\n\n\n\n<li>mime: fix reader stall on small read lengths<\/li>\n\n\n\n<li>mprintf: fix integer overflow checks<\/li>\n\n\n\n<li>multi: fix callback for <code>CURLMOPT_TIMERFUNCTION<\/code> not being called again<\/li>\n\n\n\n<li>netrc: address several netrc parser flaws<\/li>\n\n\n\n<li>netrc: support large file, longer lines, longer tokens<\/li>\n\n\n\n<li>socket: handle binding to &#8220;host!&#8221;<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">http related<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>http_negotiate: allow for a one byte larger channel binding buffer<\/li>\n\n\n\n<li>digest: produce a shorter cnonce in Digest headers<\/li>\n\n\n\n<li>cookie: treat cookie name case sensitively<\/li>\n\n\n\n<li>nghttp2: use custom memory functions<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">protocols<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>libssh: use libssh sftp_aio to upload file<\/li>\n\n\n\n<li>libssh: when using IPv6 numerical address, add brackets<\/li>\n\n\n\n<li>OpenSSL: improved error message on expired certificate<\/li>\n\n\n\n<li>rtsp: check EOS in the RTSP receive and return an error code<\/li>\n\n\n\n<li>schannel: remove TLS 1.3 ciphersuite-list support<\/li>\n\n\n\n<li>fixes for wolfSSL OPENSSL_COEXIST<\/li>\n<\/ul>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Welcome to another curl release. This time we do a bugfix only release, five weeks since the previous version shipped. Release Presentation Numbers the 263rd release0 changes35 days (total: 9,763)79 bugfixes (total: 11,173)115 commits (total: 33,811)0 new public libcurl function (total: 94)0 new curl_easy_setopt() option (total: 306)0 new curl command line option (total: 266)51 contributors, &hellip; <a href=\"https:\/\/daniel.haxx.se\/blog\/2024\/12\/11\/curl-8-11-1\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">curl 8.11.1<\/span> <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":5,"featured_media":26092,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[33,95],"class_list":["post-26066","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-curl","tag-curl-and-libcurl","tag-release"],"_links":{"self":[{"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/posts\/26066","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/comments?post=26066"}],"version-history":[{"count":8,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/posts\/26066\/revisions"}],"predecessor-version":[{"id":26097,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/posts\/26066\/revisions\/26097"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/media\/26092"}],"wp:attachment":[{"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/media?parent=26066"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/categories?post=26066"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/tags?post=26066"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}