Welcome to this follow-up patch release, just a week after we shipped 8.10.0. A bunch of bugfixes.
Numbers
the 261th release
0 changes
7 days (total: 9,679)
24 bugfixes (total: 10,828)
50 commits (total: 33,259)
0 new public libcurl function (total: 94)
0 new curl_easy_setopt() option (total: 306)
0 new curl command line option (total: 265)
19 contributors, 7 new (total: 3,246)
9 authors, 1 new (total: 1,303)
0 security fixes (total: 158)
Download the new curl release from curl.se as always.
Release presentation
At 08:00 UTC on September18 2024, I will do a live-streamed release presentation of curl 8.10.1 on Twitch.
Bugfixes
These are the perhaps most important ones fixed this time:
- fix configure –with-ca-embed. It could otherwise sometimes lead to an empty bundled CA store.
- cmake: ensure
CURL_USE_OPENSSL
/USE_OPENSSL_QUIC
are set in sync - cmake: fix MSH3 to appear on the feature list
- runtests: accecpt ‘quictls’ as OpenSSL compatible. It would previously skip a few tests that are marked OpenSSL specific.
- connect: store connection info when really done
- fix FTP CRLF line endings for ASCII transfer regression. Perhaps most notably this problem was seen on directory listings, which are done using ASCII mode.
- fix HTTP/2 end-of-stream handling when uploading data from stdin
- http: make max-filesize check not count ignored bodies. Like in the case where a URL is redirected to a second place, the first URL might still provide a body that curl ignores.
- fix AF_INET6 use outside of USE_IPV6. Made the build fail on systems without IPv6 support.
- check that the multi handle is valid in curl_multi_assign. Perhaps not exactly libcurl’s responsibility, but we found at least one application that did this after the 8.10.0 upgrade.
- on QUIC connects, keep on trying on draining server
- request: correctly reset the eos_sent flag. When doing multiple HTTP/2 uploads using the same handle – this caused problems for git.
- transfer: fix sendrecv() without interim poll. An optimization that optimized a little too much… Most commonly this problem was seen with PHP programs that often (but unwisely) skip the polling.
- rustls: fixed minor logic bug in default cipher selection
- rustls: support strong CSRNG data. Now every curl build using TLS ensures use of strong random numbers.