cURL Changelog

New in version 7.39.0

November 5th, 2014
  • Changes:
  • SSLv3 is disabled by default
  • CURLOPT_COOKIELIST: Added "RELOAD" command
  • build: Added WinIDN build configuration options to Visual Studio projects
  • ssh: improve key file search
  • SSL: public key pinning. Use CURLOPT_PINNEDPUBLICKEY and --pinnedpubkey
  • vtls: remove QsoSSL support, use gskit!
  • mk-ca-bundle: added SHA-384 signature algorithm
  • docs: added many examples for libcurl opts and other doc improvements
  • build: Added VC ssh2 target to main Makefile
  • MinGW: Added support to build with nghttp2
  • NetWare: Added support to build with nghttp2
  • build: added Watcom support to build with WinSSL
  • build: Added optional specific version generation of VC project files
  • Bugfixes:
  • curl_easy_duphandle: CURLOPT_COPYPOSTFIELDS read out of bounds
  • openssl: build fix for versions < 0.9.8e
  • newlines: fix mixed newlines to LF-only
  • ntlm: Fixed HTTP proxy authentication when using Windows SSPI
  • sasl_sspi: Fixed Unicode build
  • file: reject paths using embedded
  • threaded-resolver: revert Curl_expire_latest() switch
  • configure: allow --with-ca-path with PolarSSL too
  • HTTP/2: Fix busy loop when EOF is encountered
  • CURLOPT_CAPATH: return failure if set without backend support
  • nss: do not fail if a CRL is already cached
  • smtp: Fixed intermittent "SSL3_WRITE_PENDING: bad write retry" error
  • fixed 20+ nits/memory leaks identified by Coverity scans
  • curl_schannel.c: Fixed possible memory or handle leak
  • multi-uv.c: call curl_multi_info_read() better
  • cmake: Check for OpenSSL before OpenLDAP
  • cmake: Fix library list provided to cURL tests
  • cmake: Avoid cycle directory dependencies
  • cmake: Build with GSS-API libraries (MIT or Heimdal)
  • vtls: provide backend defines for internal source code
  • nss: fix a connection failure when FTPS handle is reused
  • tests/http_pipe.py: Python 3 support
  • cmake: build tool_hugehelp (ENABLE_MANUAL)
  • cmake: enable IPv6 by default if available
  • tests: move TESTCASES to Makefile.inc, add show for cmake
  • ntlm: Avoid unnecessary buffer allocation for SSPI based type-2 token
  • ntlm: Fixed empty/bad base-64 decoded buffer return codes
  • ntlm: Fixed empty type-2 decoded message info text
  • cmake: add CMake/Macros.cmake to the release tarball
  • cmake: add SUPPORT_FEATURES and SUPPORT_PROTOCOLS
  • cmake: use LIBCURL_VERSION from curlver.h
  • cmake: generate pkg-config and curl-config
  • fixed several superfluous variable assignements identified by cppcheck
  • cleanup of 'CURLcode result' return code
  • pipelining: only output "is not blacklisted" in debug builds
  • SSL: Remove SSLv3 from SSL default due to POODLE attack
  • gskit.c: remove SSLv3 from SSL default
  • darwinssl: detect possible future removal of SSLv3 from the framework
  • ntlm: Only define ntlm data structure when USE_NTLM is defined
  • ntlm: Return CURLcode from Curl_ntlm_core_mk_lm_hash()
  • ntlm: Return all errors from Curl_ntlm_core_mk_nt_hash()
  • sspi: Only call CompleteAuthToken() when complete is needed
  • http_negotiate: Fixed missing check for USE_SPNEGO
  • HTTP: return larger than 3 digit response codes too
  • openssl: Check for NPN / ALPN via OpenSSL version number
  • openssl: enable NPN separately from ALPN
  • sasl_sspi: Allow DIGEST-MD5 to use current windows credentials
  • sspi: Return CURLE_LOGIN_DENIED on AcquireCredentialsHandle() failure
  • resume: consider a resume from
  • sasl: Fixed Kerberos V5 inclusion when CURL_DISABLE_CRYPTO_AUTH is used
  • build-openssl.bat: Fix x64 release build
  • cmake: drop _BSD_SOURCE macro usage
  • cmake: fix gethostby{addr,name}_r in CurlTests
  • cmake: clean OtherTests, fixing -Werror
  • cmake: fix struct sockaddr_storage check
  • Curl_single_getsock: fix hold/pause sock handling
  • SSL: PolarSSL default min SSL version TLS 1.0
  • cmake: fix ZLIB_INCLUDE_DIRS use
  • buildconf: stop checking for libtool

New in version 7.38.0 (September 10th, 2014)

  • Changes:
  • supports HTTP/2 draft-14
  • CURLE_HTTP2 is a new error code
  • CURLAUTH_NEGOTIATE is a new auth define
  • CURL_VERSION_GSSAPI is a new capability bit
  • no longer use fbopenssl for anything
  • schannel: use CryptGenRandom for random numbers
  • axtls: define curlssl_random using axTLS's PRNG
  • cyassl: use RNG_GenerateBlock to generate a good random number
  • findprotocol: show unsupported protocol within quotes
  • version: detect and show LibreSSL
  • version: detect and show BoringSSL
  • imap/pop3/smtp: Kerberos (SASL GSSAPI) authentication via Windows SSPI
  • http2: requires nghttp2 0.6.0 or later
  • Bugfixes:
  • SECURITY ADVISORY: cookie leak with IP address as domain
  • SECURITY ADVISORY: cookie leak for TLDs
  • fix a build failure on Debian when NSS support is enabled
  • HTTP/2: fixed compiler warnings when built disabled
  • cyassl: return the correct error code on no CA cert
  • http: Deprecate GSS-Negotiate macros due to bad naming
  • http: Fixed Negotiate: authentication
  • multi: Improve proxy CONNECT performance (regression)
  • ntlm_wb: Avoid invoking ntlm_auth helper with empty username
  • ntlm_wb: Fix hard-coded limit on NTLM auth packet size
  • url.c: use the preferred symbol name: *READDATA
  • smtp: fixed a segfault during test 1320 torture test
  • cyassl: made it compile with version 2.0.6 again
  • nss: do not check the version of NSS at run time
  • c-ares: fix build without IPv6 support
  • HTTP/2: use base64url encoding
  • SSPI Negotiate: Fix 3 memory leaks
  • libtest: fixed duplicated line in Makefile
  • conncache: fix compiler warning
  • openssl: make ossl_send return CURLE_OK better
  • HTTP/2: Support expect: 100-continue
  • HTTP/2: Fix infinite loop in readwrite_data()
  • parsedate: fix the return code for an overflow edge condition
  • darwinssl: don't use strtok()
  • http_negotiate_sspi: Fixed specific username and password not working
  • openssl: replace call to OPENSSL_config
  • http2: show the received header for better debugging
  • HTTP/2: Move :authority before non-pseudo header fields
  • HTTP/2: Reset promised stream, not its associated stream
  • HTTP/2: added some more logging for debugging stream problems
  • ntlm: Added support for SSPI package info query
  • ntlm: Fixed hard coded buffer for SSPI based auth packet generation
  • sasl_sspi: Fixed memory leak with not releasing Package Info struct
  • sasl_sspi: Fixed SPN not being converted to wchar under Unicode builds
  • sasl: Use a dynamic buffer for DIGEST-MD5 SPN generation
  • http_negotiate_sspi: Use a dynamic buffer for SPN generation
  • sasl_sspi: Fixed missing free of challenge buffer on SPN failure
  • sasl_sspi: Fixed hard coded buffer for response generation
  • Curl_poll + Curl_wait_ms: fix timeout return value
  • docs/SSLCERTS: update the section about NSS database
  • create_conn: prune dead connections
  • openssl: fix version report for the 0.9.8 branch
  • mk-ca-bundle.pl: switched to using hg.mozilla.org
  • http: fix the Content-Range: parser
  • Curl_disconnect: don't free the URL
  • win32: Fixed WinSock 2 #if
  • NTLM: ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth
  • curl.1: clarify --limit-rate's effect on both directions
  • disconnect: don't touch easy-related state on disconnects
  • Cmake: big cleanup and numerous fixes
  • HTTP/2: supports draft-14 - moved :headers before the non-psuedo headers
  • HTTP/2: Reset promised stream, not its associated stream
  • configure.ac: Add support for recent GSS-API implementations for HP-UX
  • CONNECT: close proxy connections that fail
  • CURLOPT_NOBODY.3: clarify this option is for downloads
  • darwinssl: fix CA certificate checking using PEM format
  • resolve: cache lookup for async resolvers
  • low-speed-limit: avoid timeout flood
  • polarssl: implement CURLOPT_SSLVERSION
  • multi: convert CURLM_STATE_CONNECT_PEND handling to a list
  • curl_multi_cleanup: remove superfluous NULL assigns
  • polarssl: support CURLOPT_CAPATH / --capath
  • progress: size_dl/size_ul are always >= 0, and clear "KNOWN" properly

New in version 7.37.1 (August 27th, 2014)

  • Changes:
  • bits.close: introduce connection close tracking
  • darwinssl: Add support for --cacert
  • polarssl: add ALPN support
  • docs: Added new option man pages
  • Bugfixes:
  • build: Fixed incorrect reference to curl_setup.h in Visual Studio files
  • build: Use $(TargetDir) and $(TargetName) macros for .pdb and .lib output
  • curl.1: clarify that -u can't specify a user with colon
  • openssl: Fix uninitialized variable use in NPN callback
  • curl_easy_reset: reset the URL
  • curl_version_info.3: returns a pointer to a static struct
  • url-parser: only use if_nametoindex if detected by configure
  • select: with winsock, avoid passing unsupported arguments to select()
  • gnutls: don't use deprecated type names anymore
  • gnutls: allow building with nghttp2 but without ALPN support
  • tests: Fix portability issue with the tftpd server
  • curl_sasl_sspi: Fixed corrupt hostname in DIGEST-MD5 SPN
  • curl_sasl: extended native DIGEST-MD5 cnonce to be a 32-byte hex string
  • random: use Curl_rand() for proper random data
  • Curl_ossl_init: call OPENSSL_config for initing engines
  • config-win32.h: Updated for VC12
  • winbuild: Don't USE_WINSSL when WITH_SSL is being used
  • getinfo: HTTP CONNECT code not reset between transfers
  • Curl_rand: Use a fake entropy for debug builds when CURL_ENTROPY set
  • http2: avoid segfault when using the plain-text http2
  • conncache: move the connection counter to the cache struct
  • http2: better return code error checking
  • curlbuild: fix GCC build on SPARC systems without configure script
  • tool_metalink: Support polarssl as digest provider
  • curl.h: reverse the enum/define setup for old symbols
  • curl.h: moved two really old deprecated symbols
  • curl.h: renamed CURLOPT_DEPRECATEDx to CURLOPT_OBSOLETEx
  • buildconf: do not search tools in current directory.
  • OS400: make it compilable again. Make RPG binding up to date
  • nss: do not abort on connection failure (failing tests 305 and 404)
  • nss: make the fallback to SSLv3 work again
  • tool: prevent valgrind from reporting possibly lost memory (nss only)
  • progress callback: skip last callback update on errors
  • nss: fix a memory leak when CURLOPT_CRLFILE is used
  • compiler warnings: potentially uninitialized variables
  • url.c: Fixed memory leak on OOM
  • gnutls: ignore invalid certificate dates with VERIFYPEER disabled
  • gnutls: fix SRP support with versions of GnuTLS from 2.99.0
  • gnutls: fixed a couple of uninitialized variable references
  • gnutls: fixed compilation against versions < 2.12.0
  • build: Fixed overridden compiler PDB settings in VC7 to VC12
  • ntlm_wb: Fixed buffer size not being large enough for NTLMv2 sessions
  • netrc: don't abort if home dir cannot be found
  • netrc: fixed thread safety problem by using getpwuid_r if available
  • cookie: avoid mutex deadlock
  • configure: respect host tool prefix for krb5-config
  • gnutls: handle IP address in cert name check

New in version 7.35.0 (January 29th, 2014)

  • Changes:
  • imap/pop3/smtp: Added support for SASL authentication downgrades
  • imap/pop3/smtp: Extended the login options to support multiple auth mechanisms
  • TheArtOfHttpScripting: major update, converted layout and more
  • mprintf: Added support for I, I32 and I64 size specifiers
  • makefile: Added support for VC7, VC11 and VC12
  • Bugfixes:
  • SECURITY ADVISORY: re-use of wrong HTTP NTLM connection
  • curl_easy_setopt: Fixed OAuth 2.0 Bearer option name
  • pop3: Fixed APOP being determined by CAPA response rather than by timestamp
  • Curl_pp_readresp: zero terminate line
  • FILE: don't wait due to CURLOPT_MAX_RECV_SPEED_LARGE
  • docs: mention CURLOPT_MAX_RECV/SEND_SPEED_LARGE don't work for FILE://
  • pop3: Fixed auth preference not being honored when CAPA not supported
  • imap: Fixed auth preference not being honored when CAPABILITY not supported
  • threaded resolver: Use pthread_t * for curl_thread_t
  • FILE: we don't support paused transfers using this protocol
  • connect: Try all addresses in first connection attempt
  • curl_easy_setopt.3: Added SMTP information to CURLOPT_INFILESIZE_LARGE
  • OpenSSL: Fix forcing SSLv3 connections
  • openssl: allow explicit sslv2 selection
  • FTP parselist: fix "total" parser
  • conncache: fix possible dereference of null pointer
  • multi.c: fix possible dereference of null pointer
  • mk-ca-bundle: introduces -d and warns about using this script
  • ConnectionExists: fix NTLM check for new connection
  • trynextip: fix build for non-IPV6 capable systems
  • Curl_updateconninfo: don't do anything for UDP "connections"
  • darwinssl: un-break Leopard build after PKCS#12 change
  • threaded-resolver: never use NULL hints with getaddrinf
  • multi_socket: remind app if timeout didn't run
  • OpenSSL: deselect weak ciphers by default
  • error message: Sensible message on timeout when transfer size unknown
  • curl_easy_setopt.3: mention how to unset CURLOPT_INFILESIZE*
  • win32: Fixed use of deprecated function 'GetVersionInfoEx' for VC12
  • configure: fix gssapi linking on HP-UX
  • chunked-parser: abort on overflows, allow 64 bit chunks
  • chunked parsing: relax the CR strictness
  • cookie: max-age fixes
  • progress bar: always update when at 100%
  • progress bar: increase update frequency to 10Hz
  • tool: Fixed incorrect return code if command line parser runs out of memory
  • tool: Fixed incorrect return code if password prompting runs out of memory
  • HTTP POST: omit Content-Length if data size is unknown
  • GnuTLS: disable insecure ciphers
  • GnuTLS: honor --slv2 and the --tlsv1[.N] switches
  • multi: Fixed a memory leak on OOM condition
  • netrc: Fixed a memory and file descriptor leak on OOM
  • getpass: fix password parsing from console
  • TFTP: fix crash on time-out
  • hostip: don't remove DNS entries that are in use
  • tests: lots of tests fixed to pass the OOM torture tests

New in version 7.34.0 (December 23rd, 2013)

  • Changes:
  • SSL: protocol version can be specified more precisely
  • imap/pop3/smtp: Added graceful cancellation of SASL authentication
  • Add "Happy Eyeballs" for IPv4/IPv6 dual connect attempts
  • base64: Added validation of base64 input strings when decoding
  • curl_easy_setopt: Added the ability to set the login options separately
  • smtp: Added support for additional SMTP commands
  • curl_easy_getinfo: Added CURLINFO_TLS_SESSION for accessing TLS internals
  • nss: allow to use TLS > 1.0 if built against recent NSS
  • SECURITY: added this document to describe our security processes
  • parseconfig: warn if unquoted white spaces are detected
  • Bugfixes:
  • SECURITY VULNERABILITY: libcurl cert name check ignore with GnuTLS
  • darwinssl: un-break iOS build after PKCS#12 feature added
  • tool: use XFERFUNCTION to save some casts
  • usercertinmem: fix memory leaks
  • ssh: Handle successful SSH_USERAUTH_NONE
  • NSS: acknowledge the --no-sessionid/CURLOPT_SSL_SESSIONID_CACHE option
  • test906: Fixed failing test on some platforms
  • sasl: initialize NSS before using NTLM crypto
  • sasl: Fixed memory leak in OAUTH2 message creation
  • imap/pop3/smtp: Fixed QUIT / LOGOUT being sent when SSL connect fails
  • cmake: unbreak for non-Windows platforms
  • ssh: initialize per-handle data in ssh_connect()
  • glob: fix broken URLs
  • configure: check for long long when building with cyassl
  • CURLOPT_RESOLVE: mention they don't time-out
  • docs/examples/httpput.c: fix build for MSVC
  • FTP: make the data connection work when going through proxy
  • NSS: support for CERTINFO feature
  • curl_multi_wait: accept 0 from multi_timeout() as valid timeout
  • glob_range: pass the closing bracket for a-z ranges
  • tool_help: Updated --list-only description to include POP3
  • Curl_ssl_push_certinfo_len: don't %.*s non-zero-terminated string
  • cmake: fix Windows build with IPv6 support
  • ares: Fixed compilation under Visual Studio 2012
  • curl_easy_setopt.3: clarify CURLOPT_SSL_VERIFYHOST documentation
  • curl.1: mention that -O does no URL decoding
  • darwinssl: PKCS#12 import feature now requires Lion or later
  • darwinssl: check for SSLSetSessionOption() presence when toggling BEAST
  • configure: Fix test with -Werror=implicit-function-declaration
  • sigpipe: factor out sigpipe_reset from easy.c
  • curl_multi_cleanup: ignore SIGPIPE
  • globbing: curl glob counter mismatch with {} list use
  • parseconfig: dash options can't specified with colon or equals
  • digest: fix CURLAUTH_DIGEST_IE
  • curl.h: for OpenBSD
  • darwinssl: Fix #if 10.6.0 for SecKeychainSearch
  • TFTP: fix return codes for connect timeout
  • login options: remove the ;[options] support from CURLOPT_USERPWD
  • imap: Fixed incorrect fallback to clear text authentication
  • parsedate: avoid integer overflow
  • curl.1: document -J doesn't %-decode
  • multi: add timer inaccuracy margin to timeout/connecttimeout

New in version 7.33.0 (October 15th, 2013)

  • Changes:
  • test code for testing the event based API
  • CURLM_ADDED_ALREADY: new error code
  • test TFTP server: support "writedelay" within
  • krb4 support has been removed
  • imap/pop3/smtp: added basic SASL XOAUTH2 support
  • darwinssl: add support for PKCS#12 files for client authentication
  • darwinssl: enable BEAST workaround on iOS 7 & later
  • Pass password to OpenSSL engine by user interface
  • c-ares: Add support for various DNS binding options
  • cookies: add expiration
  • curl: added --oauth2-bearer option
  • Bugfixes:
  • nss: make sure that NSS is initialized
  • curl: make --no-[option] work properly for several options
  • FTP: with socket_action send better socket updates in active mode
  • curl: fix the --sasl-ir in the --help output
  • tests 2032, 2033: Don't hardcode port in expected output
  • urlglob: better detect unclosed braces, empty lists and overflows
  • urlglob: error out on range overflow
  • imap: Fixed response check for SEARCH, EXPUNGE, LSUB, UID and NOOP commands
  • handle arbitrary-length username and password
  • TFTP: make the CURLOPT_LOW_SPEED* options work
  • curl.h: name space pollution by "enum type"
  • multi: move on from STATE_DONE faster
  • FTP: 60 secs delay if aborted in the CURLOPT_HEADERFUNCTION callback
  • multi_socket: improved 100-continue timeout handling
  • curl_multi_remove_handle: allow multiple removes
  • FTP: fix getsock during DO_MORE state
  • -x: rephrased the --proxy section somewhat
  • acinclude: fix --without-ca-path when cross-compiling
  • LDAP: fix bad free() when URL parsing failed
  • --data: mention CRLF treatment when reading from file
  • curl_easy_pause: suggest one way to unpause
  • imap: Fixed calculation of transfer when partial FETCH received
  • pingpong: Check SSL library buffers for already read data
  • imap/pop3/smtp: Speed up SSL connection initialization
  • libcurl.3: for multi interface connections are held in the multi handle
  • curl_easy_setopt.3: mention RTMP URL quirks
  • curl.1: detail how short/long options work
  • curl.1: Added information about optional login options to --user option
  • curl: Added clarification to the --mail options in the --help output
  • curl_easy_setopt.3: clarify that TIMEOUT and TIMEOUT_MS set the same value
  • openssl: use correct port number in error message
  • darwinssl: block TLS_RSA_WITH_NULL_SHA256 cipher
  • OpenSSL: acknowledge CURLOPT_SSL_VERIFYHOST without VERIFYPEER
  • xattr: add support for FreeBSD xattr API
  • win32: fix Visual Studio 2010 build with WINVER >= 0x600
  • configure: use icc options without space
  • test1112: Increase the timeout from 7s to 16s
  • SCP: upload speed on a fast connection limited to 16384 B/s
  • curl_setup_once: fix errno access for lwip on Windows
  • HTTP: Output http response 304 when modified time is too old

New in version 7.32.0 (August 12th, 2013)

  • curl: allow timeouts to accept decimal values
  • OS400: add slist and certinfo EBCDIC support
  • OS400: new SSL backend GSKit
  • CURLOPT_XFERINFOFUNCTION: introducing a new progress callback
  • LIBCURL-STRUCTS: new document

New in version 7.31.0 (June 24th, 2013)

  • Changes:
  • darwinssl: add TLS session resumption
  • darwinssl: add TLS crypto authentication
  • imap/pop3/smtp: Added support for ;auth= in the URL
  • imap/pop3/smtp: Added support for ;auth= to CURLOPT_USERPWD
  • usercertinmem.c: add example showing user cert in memory
  • url: Added smtp and pop3 hostnames to the protocol detection list
  • imap/pop3/smtp: Added support for enabling the SASL initial response
  • curl -E: allow to use ':' in certificate nicknames
  • Bugfixes:
  • SECURITY VULNERABILITY: curl_easy_unescape() may parse data beyond the end of the input buffer [26]
  • FTP: access files in root dir correctly
  • configure: try pthread_create without -lpthread
  • FTP: handle a 230 welcome response
  • curl-config: don't output static libs when they are disabled
  • CURL_CHECK_CA_BUNDLE: don't check for paths when cross-compiling
  • Various documentation updates
  • getinfo.c: reset timecond when clearing session-info variables
  • FILE: prevent an artificial timeout event due to stale speed-check data
  • ftp_state_pasv_resp: connect through proxy also when set by env
  • sshserver: disable StrictHostKeyChecking
  • ftpserver: Fixed imap logout confirmation data
  • curl_easy_init: use less mallocs
  • smtp: Fixed unknown percentage complete in progress bar
  • smtp: Fixed sending of double CRLF caused by first in EOB
  • bindlocal: move brace out of #ifdef
  • winssl: Fixed invalid memory access during SSL shutdown
  • OS X framework: fix invalid symbolic link
  • OpenSSL: allow empty server certificate subject
  • axtls: prevent memleaks on SSL handshake failures
  • cookies: only consider full path matches
  • Revert win32 MemoryTracking: wcsdup() _wcsdup() and _tcsdup()
  • Curl_cookie_add: handle IPv6 hosts
  • ossl_send: SSL_write() returning 0 is an error too
  • ossl_recv: SSL_read() returning 0 is an error too
  • Digest auth: escape user names with backslash or " in them
  • curl_formadd.3: fixed wrong "end-marker" syntax
  • libcurl-tutorial.3: fix incorrect backslash
  • curl_multi_wait: reduce timeout if the multi handle wants to
  • tests/Makefile: typo in the perlcheck target
  • axtls: honor disabled VERIFYHOST
  • OpenSSL: avoid double free in the PKCS12 certificate code
  • multi_socket: reduce timeout inaccuracy margin
  • digest: support auth-int for empty entity body
  • axtls: now done non-blocking
  • lib1900: use tutil_tvnow instead of gettimeofday
  • curl_easy_perform: avoid busy-looping
  • CURLOPT_COOKIELIST: take cookie share lock
  • multi_socket: react on socket close immediately

New in version 7.30.0 (April 12th, 2013)

  • imap: Changed response tag generation to be completely unique
  • imap: Added support for SASL-IR extension
  • imap: Added support for the list command
  • imap: Added support for the append command
  • imap: Added custom request parsing
  • imap: Added support to the fetch command for UID and SECTION properties
  • imap: Added parsing and verification of the UIDVALIDITY mailbox attribute
  • darwinssl: Make certificate errors less techy
  • imap/pop3/smtp: Added support for the STARTTLS capability
  • checksrc: ban use of sprintf, vsprintf, strcat, strncat and gets
  • curl_global_init() now accepts the CURL_GLOBAL_ACK_EINTR flag
  • Added CURLMOPT_MAX_HOST_CONNECTIONS, CURLMOPT_MAX_TOTAL_CONNECTIONS for new multi interface connection handling
  • Added CURLMOPT_MAX_PIPELINE_LENGTH, CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE, CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE, CURLMOPT_PIPELINING_SITE_BL and CURLMOPT_PIPELI NING_SERVER_BL for new pipelining control
  • Bugfixes:
  • SECURITY ADVISORY: cookie tailmatching to avoid cross-domain leakage
  • darwinssl: Fix build under Leopard
  • DONE: consider callback-aborted transfers premature
  • ntlm: Fixed memory leaks
  • smtp: Fixed an issue when processing EHLO failure responses
  • pop3: Fixed incorrect return value from pop3_endofresp()
  • pop3: Fixed SASL authentication capability detection
  • pop3: Fixed blocking SSL connect when connecting via POP3S
  • imap: Fixed memory leak when performing multiple selects
  • nss: fix misplaced code enabling non-blocking socket mode
  • AddFormData: prevent only directories from being posted
  • darwinssl: fix infinite loop if server disconnected abruptly
  • metalink: fix improbable crash parsing metalink filename
  • show proper host name on failed resolve
  • MacOSX-Framework: Make script work in Xcode 4.0 and later
  • strlcat: remove function
  • darwinssl: Fix send glitchiness with data > 32 or so KB
  • polarssl: better 1.1.x and 1.2.x support
  • various documentation improvements
  • multi: NULL pointer reference when closing an unused multi handle
  • SOCKS: fix socks proxy when noproxy matched
  • install-sh: updated to support multiple source files as arguments
  • PolarSSL: added human readable error strings
  • resolver_error: remove wrong error message output
  • docs: updates HTML index and general improvements
  • curlbuild.h.dist: enhance non-configure GCC ABI detection logic
  • sasl: Fixed null pointer reference when decoding empty digest challenge
  • easy: do not ignore poll() failures other than EINTR
  • darwinssl: disable ECC ciphers under Mountain Lion by default
  • CONNECT: count received headers
  • build: fixes for VMS
  • CONNECT: clear 'rewindaftersend' on success
  • HTTP proxy: insert slash in URL if missing
  • hiperfifo: updated to use current libevent API
  • getinmemory.c: abort the transfer nicely if not enough memory
  • improved win32 memorytracking
  • corrected proxy header response headers count
  • FTP quote operations on re-used connection
  • tcpkeepalive on win32
  • tcpkeepalive on Mac OS X
  • easy: acknowledge the CURLOPT_MAXCONNECTS option properly
  • easy interface: restore default MAXCONNECTS to 5
  • win32: don't set SO_SNDBUF for windows vista or later versions
  • HTTP: made cookie sort function more deterministic
  • winssl: Fixed memory leak if connection was not successful
  • FTP: wait on both connections during active STOR state
  • connect: treat a failed local bind of an interface as a non-fatal error
  • darwinssl: disable insecure ciphers by default
  • FTP: handle "rubbish" in front of directory name in 257 responses
  • mk-ca-bundle: Fixed lost OpenSSL output with "-t"