On Sun, 25 Aug 2024, Paul Gilmartin via curl-users wrote:
Running curl from a script I attempt to terminate a long download.
kill -INT curl has no effect
kill -TERM curl terminates curl.
Does curl trap SIGINT for some special behavior, leaving the default
SIGTERM?
SIGINT is the signal
Hello!
I just wanted to mention that I am again running a little webinar about curl
this Thursday.
All details here:
https://daniel.haxx.se/blog/2024/09/02/webinar-mastering-the-curl-command-line/
--
/ daniel.haxx.se
| Commercial curl support up to 24x7 is available!
| Private help, bug
On Mon, 9 Sep 2024, Nicolas George via curl-users wrote:
Can I submit a feature wish to have an option to choose the presence or
absence of this “(\\Seen)” flag?
What would you say the ideal way would be to set such an option on the command
line? Assuming we keep the current way the default f
Hello friends!
I'm happy to announce another curl release. Get it as always from
https://curl.se. Pay special attention to the security advisory that follows
this email.
curl and libcurl 8.10.0
Public curl releases: 260
Command line options: 265
curl_easy_setopt() options:
OCSP stapling bypass with GnuTLS
Project curl Security Advisory, September 11th 2024 -
[Permalink](https://curl.se/docs/CVE-2024-8096.html)
VULNERABILITY
-
When curl is told to use the Certificate Status Request TLS extension, often
referred to as OC
On Wed, 11 Sep 2024, Paul Gilmartin via curl-users wrote:
curl: showing headers and --remote-header-name cannot be combined
Since --head implies that the body is not saved, we can actually make this
work fairly easy...
--
/ daniel.haxx.se
| Commercial curl support up to 24x7 is available
On Thu, 12 Sep 2024, Daniel Stenberg via curl-users wrote:
Since --head implies that the body is not saved, we can actually make this
work fairly easy...
Eh, no. I was not thinking right. It still needs to save the headers in that
final name that it will not know until several headers have
On Fri, 11 Oct 2024, ValdikSS via curl-users wrote:
Currently curl, when used with --connect-timeout option, uses it as a global
timeout for the whole connection set, decreasing the timeout for each IP
address in half every connection attempt.
When you use curl 8.3.0 or later, curl stops the
On Tue, 24 Sep 2024, Kaushal Shriyan via curl-users wrote:
I am using a postman to invoke a REST API call. Is there a way to capture
the cURL (https://curl.se/) request (header and body) initiated by Postman
REST API client to the Application server which is running RHEL 8.10 OS to
the backend
On Mon, 23 Sep 2024, Jason Qian via curl-users wrote:
When Kerberos is enabled, sometimes the server ticket of Negotiate is too
large that the server has problems handling it.
My question is in the curl, is there a way to control the size of the ticket
which will be sent to the server?
No.
On Fri, 13 Sep 2024, Nicolas George via curl-users wrote:
I created a PR for adding this proposal to the TODO document:
https://github.com/curl/curl/pull/14964
"someone" just has to work on it.
--
/ daniel.haxx.se
| Commercial curl support up to 24x7 is available!
| Private help, bug fix
Hello friends!
I'm happy to announce another curl release. Get it as always from
https://curl.se
curl and libcurl 8.10.1
Public curl releases: 261
Command line options: 265
curl_easy_setopt() options: 306
Public functions in libcurl: 94
Contributors: 32
Hi friends,
Here's another release for you. As always, get it from https://curl.se/
curl and libcurl 8.11.0
Public curl releases: 262
Command line options: 266
curl_easy_setopt() options: 306
Public functions in libcurl: 94
Contributors: 3267
This releas
HSTS subdomain overwrites parent cache entry
Project curl Security Advisory, November 6th 2024 -
[Permalink](https://curl.se/docs/CVE-2024-9681.html)
VULNERABILITY
-
When curl is asked to use HSTS, the expiry time for a subdomain might
ov
gzip integer overflow
=
Project curl Security Advisory, February 5th 2025 -
[Permalink](https://curl.se/docs/CVE-2025-0725.html)
VULNERABILITY
-
When libcurl is asked to perform automatic gzip decompression of
content-encoded HTTP responses with the `CURLOPT_ACCE
Hi friends,
I'm happy to announce a brand new curl release. This time in association with
three separate security advisories that will follow shortly.
Get this curl version as always from https://curl.se/
curl and libcurl 8.12.0
Public curl releases: 264
Command line options:
eventfd double close
Project curl Security Advisory, February 5th 2025 -
[Permalink](https://curl.se/docs/CVE-2025-0665.html)
VULNERABILITY
-
libcurl would wrongly close the same eventfd file descriptor twice when taking
down a connection channel after having co
netrc and default credential leak
==
Project curl Security Advisory, February 5th 2025 -
[Permalink](https://curl.se/docs/CVE-2025-0167.html)
VULNERABILITY
-
When asked to use a `.netrc` file for credentials **and** to follow HTTP
redirects, curl coul
netrc and redirect credential leak
==
Project curl Security Advisory, December 11th 2024 -
[Permalink](https://curl.se/docs/CVE-2024-11053.html)
VULNERABILITY
-
When asked to both use a `.netrc` file for credentials and to follow HTTP
redirects, curl
Hello!
I'm happy to announce a brand new curl release. Get it as always from
https://curl.se/
curl and libcurl 8.11.1
Public curl releases: 263
Command line options: 266
curl_easy_setopt() options: 306
Public functions in libcurl: 94
Contributors: 3298
On Fri, 17 Jan 2025, Falk via curl-users wrote:
I would like to propose a feature, where one can specify a checksum (e.g. md5
or sha256) on command line which is checked by curl during download.
Example:
curl -sha256 $SHA256_HASH -o- https://fnm.vercel.app/install | bash
Problem one:
Imag
Hey,
Over the years, people have requested an easier way to provide a list of URLs
to curl and have it download them all.
With my new PR [*], you can write "curl --url @file" and curl will download
all the URLs in the provided file as if -O was used for each one of them. It
can also get the
On Mon, 27 Jan 2025, Dick Brooks wrote:
This is great news. Will Basic Auth info also be supported for each URL?
Sure that works as expected pretty much already:
1. You can add the username + password on a per URL basis in the file
or
2. You provide the credentials separately on the command
On Mon, 27 Jan 2025, Paul Gilmartin via curl-users wrote:
Will the URL list support individual --time-cond or --ETag values for
selective update of outdated packages?
Not really. Those are already options that are ticky to use when there are
more than one URL involved so I don't know how you
Hello!
Due to a number of annoying bugs in the previous release, this follow-up
8.12.1 release is here only eight days later.
As always, get it from https://curl.se
curl and libcurl 8.12.1
Public curl releases: 265
Command line options: 267
curl_easy_setopt() options: 30
Hello,
In a break from the debugging and thinking of patch releases, a less serious
question to ponder about:
Should we get ourselves a mascot for the curl project?
The poll is here: https://github.com/curl/curl/discussions/16276
--
/ daniel.haxx.se || https://rock-solid.curl.dev
--
Unsubs
Hello friends!
Welcome to the second 8.13.0 release candidate: rc2.
Please try this release candidate in your use cases and products and verify
that everything works as intended.
Please try the new features and options and verify that they work the way they
are documented, and maybe also the wa
On Sun, 6 Apr 2025, Daniel Stenberg via curl-users wrote:
Hm, sorry, I might have been mostly wrong in my explanation of this bug.
I'll rethink and come back with a new PR soon.
In my great wisdom I confused CURLOPT_HTTP_TRANSFER_DECODING with
CURLOPT_TRANSFER_ENCODING.
Maybe not the
On Wed, 2 Apr 2025, Dagobert Michelsen wrote:
I have a regression on Solaris 10 Sparc:
It is puzzling that CloseSocket suddenly is deemed fine by configure.
I made https://github.com/curl/curl/issues/16915 for it
--
/ daniel.haxx.se || https://rock-solid.curl.dev
--
Unsubscribe: https://li
On Sat, 5 Apr 2025, Fabian Keil via curl-users wrote:
Privoxy has tests for the handling of chunk-encoded content
Thanks!
That's even the "worst" kind of use - the most complicated for us to provide.
This, because when curl doesn't handle the chunking itself it doesn't know
when the content
Hello,
If there is anyone around who uses --raw with a decent use case? I would not
mind learning how/why because I'm about to break it:
https://github.com/curl/curl/issues/16974
... and I'd like to figure out what we should to do fix it again. If at all...
--
/ daniel.haxx.se || https:/
On Sat, 5 Apr 2025, Dan Fandrich via curl-users wrote:
Debian codesearch shows a number of projects using it:
Thanks!
My plan to keep --raw working in the next release now looks like this:
https://github.com/curl/curl/pull/16982
--
/ daniel.haxx.se || https://rock-solid.curl.dev
--
Unsu
On Sat, 5 Apr 2025, Daniel Stenberg via curl-users wrote:
My plan to keep --raw working in the next release now looks like this:
Hm, sorry, I might have been mostly wrong in my explanation of this bug. I'll
rethink and come back with a new PR soon.
--
/ daniel.haxx.se || https:/
Hello friends!
Welcome to the third and last 8.13.0 release candidate: rc3. Now only a week
left until the actual release.
Please try this release candidate in your use cases and products and verify
that everything works as intended.
Please try the new features and options and verify that the
Hello team!
Welcome to a new release. Get it as always from https://curl.se/
curl and libcurl 8.13.0
Public curl releases: 266
Command line options: 268
curl_easy_setopt() options: 307
Public functions in libcurl: 96
Contributors: 3378
This release inclu
Hi friends,
In an attempt to improve -X and to perhaps support the future QUERY method
better, I recently made a PR that introduces a --location-mode option.
It has received very little attention and feedback so here I am. I would like
some more eyes and thoughts on this before I proceed.
T
On Mon, 28 Apr 2025, Aleksei via curl-users wrote:
I'm trying to implement a "download only if updated on a remote
resource" functionality with a curl script using etags.
Currently the etag file saved with --etag-save becomes useless after a
single update on a remote resource.
I don't unders
On Tue, 29 Apr 2025, Aleksei wrote:
If they work together in a single invocation then great, no enhancement
needed. Man page describes ETag usage in separate requests:
Use the option --etag-save to first save the ETag from a response, and
then use this option to compare against the saved ETa
On Tue, 29 Apr 2025, Aleksei wrote:
I'm asking for "and update the etag file" part to be done by curl.
Scenario:
1) curl downloads a webpage, saving etag file in file0.etag
Something like this:
curl --etag-save file0.etag $URL
2) website updates a webpage (update 1)
3) curl uses "--etag-co
On Tue, 29 Apr 2025, Aleksei wrote:
Thanks for explanations Daniel, all clear now. Perhaps these things should
be mentioned in the man page, the current --etag-save and --etag-compare
sections gave me a clear impression these options are to be used in separate
curl invocations.
How about add
Hello friends!
As per our new tradition, we have an rc1 build of the coming curl release
uploaded and made available for testing on https://curl.se/rc/.
Please consider taking this for a spin and verify that everything seems to
work as they should. All the new features for the pending release
On Tue, 25 Feb 2025, Daniel Stenberg wrote:
This new functionality that opens up the opportunity to make curl do QUERY
better by using this new flag. But how?
My plan is now to merge the libcurl part necessary for this functionality in
this feature window, then write up a proposal for the cur
On Sun, 2 Mar 2025, Bastian Jesuiter wrote:
I personally like the idea of adding a flag specifically for this new -L
behavior.
Here's a first take that introduces a --request-mode option for this purpose:
https://github.com/curl/curl/pull/16543
--
/ daniel.haxx.se || https://rock-solid.cur
Hello friends!
Welcome to the first 8.13.0 release candidate: rc1.
Today is the first day of the feature freeze, meaning that all changes and new
features that are introduced in the pending release have been merged already
and should work.
Please try this release candidate in your use cases and
On Tue, 25 Feb 2025, Daniel Stenberg via curl-users wrote:
4. Another way?
I thought of another way:
4. Add a new option --location-code that just changes how -L works, so that
users can opt to add this in their .curlrc and magically have all existing
command lines using -L switch over
On Tue, 25 Feb 2025, Stefan Eissing wrote:
AFAICT, this is to make QUERY requests working correctly? Would it be
clearer to have a separate option to do a QUERY, which then would have the
"correct" redirect behaviour? So, user would not have to -X this?
While the primary purpose right now is
Hello friends!
In preparing for the actual release, rc2 has been uploaded and made available
for testing on https://curl.se/rc/.
Please consider taking this for a spin and verify that everything seems to work
as they should. All the new features for the pending release have been merged
and sho
Hello friends!
In preparing for the actual release, rc3 has been uploaded and made available
for testing on https://curl.se/rc/.
Please consider taking this for a spin and verify that everything seems to work
as they should. All the new features for the pending release have been merged
and shoul
Hello!
The time has come for you to once again do your curl community duty. Run over
and fill in the curl user survey and tell us about how you use curl etc. This
is the only proper way we get user feedback on a wide scale so please use this
opportunity to tell us what you really think.
This
Hello!
Just a quick reminder: if you haven't already, please head over and fill in
this year's curl survey:
https://daniel.haxx.se/blog/2025/05/19/the-curl-user-survey-2025-is-up/
Thanks!
--
/ daniel.haxx.se || https://rock-solid.curl.dev
--
Unsubscribe: https://lists.haxx.se/mailman/lis
Hello,
What YOU can do to help out in the curl project. Things we would appreciate
help and assistance with at the moment. Some things that are current.
For general tips on how to get started helping out, start at [1].
## survey
Fill in the annual curl user survey [3] and make your friends do
Hello,
I'm happy to once again announce that we have shipped a new curl release. curl
8.14.0 is uploaded and is as always available at https://curl.se
Enjoy!
curl and libcurl 8.14.0
Public curl releases: 267
Command line options: 269
curl_easy_setopt() options: 308
Publ
QUIC certificate check skip with wolfSSL
Project curl Security Advisory, May 28 2025 -
[Permalink](https://curl.se/docs/CVE-2025-4947.html)
VULNERABILITY
-
libcurl accidentally skips the certificate verification for QUIC connections
when conn
No QUIC certificate pinning with wolfSSL
Project curl Security Advisory, May 28 2025 -
[Permalink](https://curl.se/docs/CVE-2025-5025.html)
VULNERABILITY
-
libcurl supports *pinning* of the server certificate public key for HTTPS
transfers. D
Hello friends!
There is a fresh rc1 build of the coming curl 8.15.0 release uploaded and made
available for testing on https://curl.se/rc/.
Please consider taking this for a spin and verify that everything seems to work
as they should. All the new features for the pending release have been me
Hello!
Another curl release has been packaged, signed and uploaded. Get it as always
from https://curl.se/
curl and libcurl 8.14.1
Public curl releases: 268
Command line options: 269
curl_easy_setopt() options: 308
Public functions in libcurl: 96
Contributors:
WebSocket endless loop
==
Project curl Security Advisory, June 4 2025 -
[Permalink](https://curl.se/docs/CVE-2025-5399.html)
VULNERABILITY
-
Due to a mistake in libcurl's WebSocket code, a malicious server can send a
particularly crafted packet which makes libcur
Hi friends,
I managed to chew through all the data, I ran the numbers and I generated the
output.
Enjoy:
https://daniel.haxx.se/blog/2025/07/03/curl-user-survey-2025-analysis/
--
/ daniel.haxx.se || https://rock-solid.curl.dev
--
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-us
Hello again!
I just uploaded the rc2 build of the coming curl 8.15.0 release uploaded and
made it available for testing on https://curl.se/rc/.
Please take this one for a spin and verify that everything seems to work as
they should. All the new features for the pending release have been merge
Hello friends,
The curl command line parser is a custom parser that acts slightly different
than many other command line tools.
One particular difference is how arguments to long options are provided:
space-separated from the option itself. Like this when setting the user agent:
curl --us
On Tue, 1 Jul 2025, Paul Gilmartin via curl-users wrote:
Does this introduce any incompatibility?
I have thought hard on this but I can't think of any.
For example, would i
change the behavior of:
curl --output =x https://example.com
That's a valid existing command line for which t
Hello,
Feel free to join in the name-shedding over on GitHub where this new option
proposal is being discussed:
https://github.com/curl/curl/pull/17800
--
/ daniel.haxx.se || https://rock-solid.curl.dev
--
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users
Etiquette: https://
Hello,
The third and last release candidate of the coming curl 8.15.0 release is now
uploaded and available for testing on https://curl.se/rc/.
Please take this one for a spin and verify that everything seems to work as they
should. All the new features for the pending release have been merged
On Wed, 9 Jul 2025, Dick Brooks wrote:
Congratulations. Any chance we will see an SBOM for curl in the future?
The "normal" curl release does not need an SBOM. It is just one thing and this
one thing comes only from us: the curl release.
curl releases are done as source code tarballs with n
Hello,
We're running a small crowd-source program to give everyone a chance to help
sponsor a new laptop for curl development:
https://daniel.haxx.se/blog/2025/07/12/sponsor-my-laptop/
--
/ daniel.haxx.se || https://rock-solid.curl.dev
--
Unsubscribe: https://lists.haxx.se/mailman/listinfo
Hello team,
I'm happy to announce that we have yet again put together a little curl
release. Get it as always from https://curl.se
Enjoy!
curl and libcurl 8.15.0
Public curl releases: 269
Command line options: 269
curl_easy_setopt() options: 308
Public functions in libc
66 matches
Mail list logo
