{"id":29470,"date":"2026-03-11T07:53:08","date_gmt":"2026-03-11T06:53:08","guid":{"rendered":"https:\/\/daniel.haxx.se\/blog\/?p=29470"},"modified":"2026-03-11T10:58:29","modified_gmt":"2026-03-11T09:58:29","slug":"curl-8-19-0","status":"publish","type":"post","link":"https:\/\/daniel.haxx.se\/blog\/2026\/03\/11\/curl-8-19-0\/","title":{"rendered":"curl 8.19.0"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Release presentation<\/h2>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"curl 8.19.0 with Daniel Stenberg\" width=\"474\" height=\"267\" src=\"https:\/\/www.youtube.com\/embed\/5XoJTh99bPg?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Numbers<\/h2>\n\n\n\n<p class=\"has-text-align-center\">the 273rd release<br>8 changes<br>63 days (total: 10,712)<br>264 bugfixes (total: 13,640)<br>538 commits (total: 38,024)<br>0 new public libcurl function (total: 100)<br>0 new curl_easy_setopt() option (total: 308)<br>0 new curl command line option (total: 273)<br>77 contributors, 48 new (total: 3,619)<br>37 authors, 21 new (total: 1,451)<br>4 security fixes (total: 180)<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Security<\/h2>\n\n\n\n<p>We <a href=\"https:\/\/daniel.haxx.se\/blog\/2026\/01\/26\/the-end-of-the-curl-bug-bounty\/\" data-type=\"post\" data-id=\"28830\">stopped the bug-bounty<\/a> but it has not stopped people from finding vulnerabilities in curl.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/curl.se\/docs\/CVE-2026-1965.html\">CVE-2026-1965: bad reuse of HTTP Negotiate connection<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/curl.se\/docs\/CVE-2026-3783.html\">CVE-2026-3783: token leak with redirect and netrc<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/curl.se\/docs\/CVE-2026-3784.html\">CVE-2026-3784: wrong proxy connection reuse with credentials<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/curl.se\/docs\/CVE-2026-3805.html\">CVE-2026-3805: use after free in SMB connection reuse<\/a><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Changes<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>We stopped the bug-bounty. It&#8217;s worth repeating, even if it was no code change.<\/li>\n\n\n\n<li>The cmake build got a <code>CURL_BUILD_EVERYTHING<\/code> option<\/li>\n\n\n\n<li>Initial support for MQTTS was merged<\/li>\n\n\n\n<li>curl now supports fractions for &#8211;limit-rate and &#8211;max-filesize<\/li>\n\n\n\n<li>curl&#8217;s -J option now uses the redirect name as a backup<\/li>\n\n\n\n<li>we <a href=\"https:\/\/daniel.haxx.se\/blog\/2026\/01\/17\/more-http-3-focus-one-backend-less\/\" data-type=\"post\" data-id=\"28776\">no longer support OpenSSL-QUIC<\/a><\/li>\n\n\n\n<li>on Windows, curl can now get built to use the native CA store by default<\/li>\n\n\n\n<li>the minimum Windows version curl supports is now Vista (up from XP)<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Pending removals<\/h2>\n\n\n\n<p>The following upcoming changes might be worth noticing. See <a href=\"https:\/\/curl.se\/dev\/deprecate.html\">the deprecate documentation<\/a> for details.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>NTLM support becomes opt-in<\/li>\n\n\n\n<li>RTMP support is getting dropped<\/li>\n\n\n\n<li>SMB support becomes opt-in<\/li>\n\n\n\n<li>Support for c-ares versions before 1.16 goes away<\/li>\n\n\n\n<li>Support for CMake 3.17 and earlier gets dropped<\/li>\n\n\n\n<li>TLS-SRP support will be removed<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Next<\/h2>\n\n\n\n<p>We plan to ship the next curl release on April 29. See you then!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Release presentation Numbers the 273rd release8 changes63 days (total: 10,712)264 bugfixes (total: 13,640)538 commits (total: 38,024)0 new public libcurl function (total: 100)0 new curl_easy_setopt() option (total: 308)0 new curl command line option (total: 273)77 contributors, 48 new (total: 3,619)37 authors, 21 new (total: 1,451)4 security fixes (total: 180) Security We stopped the bug-bounty but it &hellip; <a href=\"https:\/\/daniel.haxx.se\/blog\/2026\/03\/11\/curl-8-19-0\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">curl 8.19.0<\/span> <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":5,"featured_media":29493,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[33,95],"class_list":["post-29470","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-curl","tag-curl-and-libcurl","tag-release"],"_links":{"self":[{"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/posts\/29470","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/comments?post=29470"}],"version-history":[{"count":10,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/posts\/29470\/revisions"}],"predecessor-version":[{"id":29544,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/posts\/29470\/revisions\/29544"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/media\/29493"}],"wp:attachment":[{"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/media?parent=29470"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/categories?post=29470"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/tags?post=29470"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}