_changes.html

#include "_doctype.html"
<html lang="en">
<head> <title>curl - Changes</title>
#include "css.t"
</HEAD>

#define CURL_CHANGES
#define CURL_URL changes.html

#include "_menu.html"
#include "setup.t"

WHERE1(Changes)

<a name="changes"></a>
TITLE(Changelog)

<div class="relatedbox">
<b>Related:</b>

<br><a href="/snapshots/">Daily Snapshots</a>
<br><a href="/source.html">Source repo</a>
<br><a href="/docs/security.html">Security</a>
<br><a href="/docs/vulnerabilities.html">Vulnerabilities</a>
<br><a href="/docs/releases.html">Releaselog</a>
<br><a href="/dev/release-notes.html">Pending Release Notes</a>

</div>

#if 0
<a name="9_19_19"></a>
SUBTITLE(-- Fixed in 7.20.0 - February 9 2011)
<p> Changes:
<ul class="changes">
 CHG change
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF fix
</ul>
#endif

#define CHG <li>
#define BGF <li>

<a name="7_64_0"></a>
SUBTITLE(Fixed in 7.64.0 - February 6 2019)
<p> Changes:
<ul class="changes">
 CHG <a href="https://curl.haxx.se/bug/?i=2956">cookies: leave secure cookies alone</a>
 CHG <a href="https://curl.haxx.se/bug/?i=3406">hostip: support wildcard hosts</a>
 CHG <a href="https://curl.haxx.se/bug/?i=3350">http: Implement trailing headers for chunked transfers</a>
 CHG <a href="https://curl.haxx.se/bug/?i=2873">http: added options for allowing HTTP/0.9 responses</a>
 CHG <a href="https://curl.haxx.se/bug/?i=3318">timeval: Use high resolution timestamps on Windows</a>
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="https://curl.haxx.se/docs/CVE-2018-16890.html">CVE-2018-16890: NTLM type-2 out-of-bounds buffer read</a>
 BGF <a href="https://curl.haxx.se/docs/CVE-2019-3822.html">CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow</a>
 BGF <a href="https://curl.haxx.se/docs/CVE-2019-3823.html">CVE-2019-3823: SMTP end-of-response out-of-bounds read</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3410">FAQ: remove mention of sourceforge for github</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3372">OS400: handle memory error in list conversion</a>
 BGF OS400: upgrade ILE/RPG binding.
 BGF README: add codacy code quality badge
 BGF <a href="https://curl.haxx.se/bug/?i=3384">Revert http_negotiate: do not close connection</a>
 BGF THANKS: added several missing names from year <= 2000
 BGF build: make 'tidy' target work for metalink builds
 BGF <a href="https://curl.haxx.se/bug/?i=3459">cmake: added checks for variadic macros</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3292">cmake: updated check for HAVE_POLL_FINE to match autotools</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3196">cmake: use lowercase for function name like the rest of the code</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3474">configure: detect xlclang separately from clang</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3484">configure: fix recv/send/select detection on Android</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3497">configure: rewrite --enable-code-coverage</a>
 BGF conncache_unlock: avoid indirection by changing input argument type
 BGF <a href="https://curl.haxx.se/bug/?i=3469">cookie: fix comment typo</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3445">cookies: allow secure override when done over HTTPS</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2964">cookies: extend domain checks to non psl builds</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3417">cookies: skip custom cookies when redirecting cross-site</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3423">curl --xattr: strip credentials from any URL that is stored</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3380">curl -J: refuse to append to the destination file</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3438">curl/urlapi.h: include "curl.h" first</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3371">curl_multi_remove_handle() don't block terminating c-ares requests</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3367">darwinssl: accept setting max-tls with default min-tls</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3400">disconnect: separate connections and easy handles better</a>
 BGF disconnect: set conn->data for protocol disconnect
 BGF <a href="https://curl.haxx.se/bug/?i=3432">docs/version.d: mention MultiSSL</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3368">docs: fix the --tls-max description</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3518">docs: use $(INSTALL_DATA) to install man page</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3513">docs: use meaningless port number in CURLOPT_LOCALPORT example</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3369">gopher: always include the entire gopher-path in request</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3392">http2: clear pause stream id if it gets closed</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3401">if2ip: remove unused function Curl_if_is_interface_name</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3491">libssh: do not let libssh create socket</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3493">libssh: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3402">libssh: free sftp_canonicalize_path() data correctly</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2019-01/0000.html">libtest/stub_gssapi: use "real" snprintf</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3376">mbedtls: use VERIFYHOST</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3436">multi: multiplexing improvements</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2019-01/0073.html">multi: set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3286">ntlm: fix NTMLv2 compliance</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3280">ntlm_sspi: add support for channel binding</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3462">openssl: adapt to 3.0.0, OpenSSL_version_num() is deprecated</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3477">openssl: fix the SSL_get_tlsext_status_ocsp_resp call</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3407">openvms: fix OpenSSL discovery on VAX</a>
 BGF openvms: fix typos in documentation
 BGF <a href="https://curl.haxx.se/bug/?i=3453">os400: add a missing closing bracket</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3453">os400: fix extra parameter syntax error</a>
 BGF pingpong: change default response timeout to 120 seconds
 BGF <a href="https://curl.haxx.se/bug/?i=3264">pingpong: ignore regular timeout in disconnect phase</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3426">printf: fix format specifiers</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3496">runtests.pl: Fix perl call to include srcdir</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3435">schannel: fix compiler warning</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3480">schannel: preserve original certificate path parameter</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3504">schannel: stop calling it "winssl"</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3502">sigpipe: if mbedTLS is used, ignore SIGPIPE</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3388">smb: fix incorrect path in request if connection reused</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3481">ssh: log the libssh2 error message when ssh session startup fails</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3447">test1558: verify CURLINFO_PROTOCOL on file:// transfer</a>
 BGF test1561: improve test name
 BGF test1653: make it survive torture tests
 BGF <a href="https://curl.haxx.se/bug/?i=3443">tests: allow tests to pass by 2037-02-12</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3470">tests: move objnames-* from lib into tests</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3449">timediff: fix math for unsigned time_t</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3437">timeval: Disable MSVC Analyzer GetTickCount warning</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3456">tool_cb_prg: avoid integer overflow</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3468">travis: added cmake build for osx</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3365">urlapi: Fix port parsing of eol colon</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3369">urlapi: distinguish possibly empty query</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3411">urlapi: fix parsing ipv6 with zone index</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3442">urldata: rename easy_conn to just conn</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3133">winbuild: conditionally use /DZLIB_WINAPI</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3395">wolfssl: fix memory-leak in threaded use</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3503">spnego_sspi: add support for channel binding</a>
</ul>

<a name="7_63_0"></a>
SUBTITLE(Fixed in 7.63.0 - December 12 2018)
<p> Changes:
<ul class="changes">
 CHG <a href="https://curl.haxx.se/bug/?i=3115">curl: add %{stderr} and %{stdout} for --write-out</a>
 CHG <a href="https://curl.haxx.se/bug/?i=3208">curl: add undocumented option --dump-module-paths for win32</a>
 CHG <a href="https://curl.haxx.se/bug/?i=3227">setopt: add CURLOPT_CURLU</a>
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="https://curl.haxx.se/bug/?i=3348">(lib)curl.rc: fixup for minor bugs</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3340">CURLINFO_REDIRECT_URL: extract the Location: header field unvalidated</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3295">CURLOPT_HEADERFUNCTION.3: match 'nitems' name in synopsis and description</a>
 BGF CURLOPT_WRITEFUNCTION.3: spell out that it gets called many times
 BGF <a href="https://curl.haxx.se/bug/?i=3210">Curl_follow: accept non-supported schemes for "fake" redirects</a>
 BGF <a href="https://curl.haxx.se/bug/?i=876">KNOWN_BUGS: add --proxy-any connection issue</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3269">NTLM: Remove redundant ifdef USE_OPENSSL</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3345">NTLM: force the connection to HTTP/1.1</a>
 BGF OS400: add URL API ccsid wrappers and sync ILE/RPG bindings
 BGF <a href="https://curl.haxx.se/bug/?i=3311">SECURITY-PROCESS: bountygraph shuts down again</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3232">TODO: Have the URL API offer IDN decoding</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3238">ares: remove fd from multi fd set when ares is about to close the fd</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3194">axtls: removed</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3303">checksrc: add COPYRIGHTYEAR check</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3316">cmake: fix MIT/Heimdal Kerberos detection</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3193">configure: include all libraries in ssl-libs fetch</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3207">configure: show CFLAGS, LDFLAGS etc in summary</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3323">connect: fix building for recent versions of Minix</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3299">cookies: create the cookiejar even if no cookies to save</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3351">cookies: expire "Max-Age=0" immediately</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3251">curl: --local-port range was not "including"</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3242">curl: fix --local-port integer overflow</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3322">curl: fix memory leak reading --writeout from file</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3211">curl: fixed UTF-8 in current console code page (Windows)</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3305">curl_easy_perform: fix timeout handling</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3346">curl_global_sslset(): id == -1 is not necessarily an error</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3209">curl_multibyte: fix a malloc overcalculation</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3291">curle: move deprecated error code to ifndef block</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3361">docs: curl_formadd field and file names are now escaped</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3246">docs: escape "\n" codes</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3342">doh: fix memory leak in OOM situation</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3325">doh: make it work for h2-disabled builds too</a>
 BGF examples/ephiperfifo: report error when epoll_ctl fails
 BGF <a href="https://curl.haxx.se/bug/?i=3225">ftp: avoid two unsigned int overflows in FTP listing parser</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3022">host names: allow trailing dot in name resolve, then strip it</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3349">http2: Upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3359">http: don't set CURLINFO_CONDITION_UNMET for http status code 204</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3353">http: fix HTTP Digest auth to include query in URI</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3275">http_negotiate: do not close connection until negotiation is completed</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3276">impacket: add LICENSE</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3216">infof: clearly indicate truncation</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3362">ldap: fix LDAP URL parsing regressions</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3240">libcurl: stop reading from paused transfers</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3184">mprintf: avoid unsigned integer overflow warning</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3213">netrc: don't ignore the login name specified with "--user"</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3261">nss: Fall back to latest supported SSL version</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3337">nss: Fix compatibility with nss versions 3.14 to 3.15</a>
 BGF nss: fix fallthrough comment to fix picky compiler warning
 BGF <a href="https://curl.haxx.se/bug/?i=3262">nss: remove version selecting dead code</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3261">nss: set default max-tls to 1.3/1.2</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3270">openssl: Remove SSLEAY leftovers</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3281">openssl: do not log excess "TLS app data" lines for TLS 1.3</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3339">openssl: do not use file BIOs if not requested</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3337">openssl: fix unused variable compiler warning with old openssl</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3202">openssl: support session resume with TLS 1.3</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3217">openvms: fix example name</a>
 BGF os400: Add curl_easy_conn_upkeep() to ILE/RPG binding
 BGF os400: add CURLOPT_CURLU to ILE/RPG binding
 BGF os400: fix return type of curl_easy_pause() in ILE/RPG binding
 BGF <a href="https://curl.haxx.se/bug/?i=3331">packages: remove old leftover files and dirs</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3278">pop3: only do APOP with a valid timestamp</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2018-10/0118.html">runtests: use the local curl for verifying</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3243">schannel: be consistent in Schannel capitalization</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3197">schannel: better CURLOPT_CERTINFO support</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3201">schannel: use Curl_ prefix for global private symbols</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3296">snprintf: renamed and we now only use msnprintf()</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3266">ssl: fix compilation with OpenSSL 0.9.7</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3291">ssl: replace all internal uses of CURLE_SSL_CACERT</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3226">symbols-in-versions: add missing CURLU_ symbols</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3317">test328: verify Content-Encoding: none</a>
 BGF tests: disable SO_EXCLUSIVEADDRUSE for stunnel on Windows
 BGF <a href="https://curl.haxx.se/bug/?i=3204">tests: drop http_pipe.py script no longer used</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3263">tool_cb_wrt: Silence function cast compiler warning</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3254">tool_doswin: Fix uninitialized field warning</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3190">travis: build with clang sanitizers</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3198">travis: remove curl before a normal build</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3220">url: a short host name + port is not a scheme</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3218">url: fix IPv6 numeral address parser</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3231">urlapi: only skip encoding the first '=' with APPENDQUERY set</a>
</ul>

<a name="7_62_0"></a>
SUBTITLE(Fixed in 7.62.0 - October 31 2018)
<p> Changes:
<ul class="changes">
 CHG <a href="https://curl.haxx.se/bug/?i=2709">multiplex: enable by default</a>
 CHG <a href="https://curl.haxx.se/bug/?i=2709">url: default to CURL_HTTP_VERSION_2TLS if built h2-enabled</a>
 CHG <a href="https://curl.haxx.se/bug/?i=2668">setopt: add CURLOPT_DOH_URL</a>
 CHG <a href="https://curl.haxx.se/bug/?i=2668">curl: --doh-url added</a>
 CHG <a href="https://curl.haxx.se/bug/?i=2896">setopt: add CURLOPT_UPLOAD_BUFFERSIZE: set upload buffer size</a>
 CHG <a href="https://curl.haxx.se/bug/?i=2789">imap: change from "FETCH" to "UID FETCH"</a>
 CHG <a href="https://curl.haxx.se/bug/?i=2724">configure: add option to disable automatic OpenSSL config loading</a>
 CHG <a href="https://curl.haxx.se/bug/?i=1641">upkeep: add a connection upkeep API: curl_easy_upkeep()</a>
 CHG <a href="https://curl.haxx.se/bug/?i=2842">URL-API: added five new functions</a>
 CHG <a href="https://curl.haxx.se/bug/?i=2984">vtls: MesaLink is a new TLS backend</a>
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="https://curl.haxx.se/docs/CVE-2018-16839.html">CVE-2018-16839: SASL password overflow via integer overflow</a>
 BGF <a href="https://curl.haxx.se/docs/CVE-2018-16840.html">CVE-2018-16840: use-after-free in handle close</a>
 BGF <a href="https://curl.haxx.se/docs/CVE-2018-16842.html">CVE-2018-16842: warning message out-of-buffer read</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2942">CURLOPT_DNS_USE_GLOBAL_CACHE: deprecated</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3039">Curl_dedotdotify(): always nul terminate returned string</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3124">Curl_follow: Always free the passed new URL</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3046">Curl_http2_done: fix memleak in error path</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3042">Curl_retry_request: fix memory leak</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3029">Curl_saferealloc: Fixed typo in docblock</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3083">FILE: fix CURLOPT_NOBODY and CURLOPT_HEADER output</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2971">GnutTLS: TLS 1.3 support</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3032">SECURITY-PROCESS: mention the bountygraph program</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3137">VS projects: add USE_IPV6:</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3113">Windows: fixes for MinGW targeting Windows Vista</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2972">anyauthput: fix compiler warning on 64-bit Windows</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3104">appveyor: add WinSSL builds</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3100">appveyor: run test suite (on Windows!)</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3014">certs: generate tests certs with sha256 digest algorithm</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3090">checksrc: enable strict mode and warnings</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3096">checksrc: handle zero scoped ignore commands</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3055">cmake: Backport to work with CMake 3.0 again</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2849">cmake: Improve config installation</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3123">cmake: add support for transitive ZLIB target</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3120">cmake: disable -Wpedantic-ms-format</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3001">cmake: don't require OpenSSL if USE_OPENSSL=OFF</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3056">cmake: fixed path used in generation of docs/tests</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3166">cmake: remove unused *SOCKLEN_T variables</a>
 BGF cmake: suppress MSVC warning C4127 for libtest
 BGF <a href="https://curl.haxx.se/bug/?i=3097">cmake: test and set missed defines during configuration</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3079">comment: Fix multiple typos in function parameters</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3162">config: Remove unused SIZEOF_VOIDP</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3137">config_win32: enable LDAPS</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2697">configure: force-use -lpthreads on HPUX</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3168">configure: remove CURL_CONFIGURE_CURL_SOCKLEN_T</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3006">configure: s/AC_RUN_IFELSE/CURL_RUN_IFELSE</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2962">cookies: Remove redundant expired check</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2957">cookies: fix leak when writing cookies to file</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3143">curl-config.in: remove dependency on bc</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3171">curl.1: --ipv6 mutexes ipv4 (fixed typo)</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3008">curl: enabled Windows VT Support and UTF-8 output</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2955">curl: update the documentation of --tlsv1.0</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2996">curl_multi_wait: call getsock before figuring out timeout</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3111">curl_ntlm_wb: check aprintf() return codes</a>
 BGF <a href="https://github.com/curl/curl/issues/2924#issuecomment-424334807">curl_threads: fix classic MinGW compile break</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3005">darwinssl: Fix realloc memleak</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2901">darwinssl: more specific and unified error codes</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3085">data-binary.d: clarify default content-type is x-www-form-urlencoded</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3067">docs/BUG-BOUNTY: explain the bounty program</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3159">docs/CIPHERS: Mention the options used to set TLS 1.3 ciphers</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3178">docs/CIPHERS: fix the TLS 1.3 cipher names</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3077">docs/CIPHERS: mention the colon separation for OpenSSL</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3036">docs/examples: URL updates</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3121">docs: add "see also" links for SSL options</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2407">example/asiohiper: insert warning comment about its status</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3050">example/htmltidy: fix include paths of tidy libraries</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3033">examples/Makefile.m32: sync with core</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3004">examples/http2-pushinmemory: receive HTTP/2 pushed files in memory</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3030">examples/parseurl.c: show off the URL API</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2991">examples: Fix memory leaks from realloc errors</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2948">examples: do not wait when no transfers are running</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2985">ftp: include command in Curl_ftpsend sendbuffer</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3105">gskit: make sure to terminate version string</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3176">gtls: Values stored to but never read</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3110">hostip: fix check on Curl_shuffle_addr return value</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2992">http2: fix memory leaks on error-path</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3044">http: fix memleak in rewind error path</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2985">krb5: fix memory leak in krb_auth</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3118">ldap: show precise LDAP call in error message on Windows</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2979">lib: fix gcc8 warning on Windows</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2999">memory: add missing curl_printf header</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3084">memory: ensure to check allocation results</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3170">multi: Fix error handling in the SENDPROTOCONNECT state</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3063">multi: fix memory leak in content encoding related error path</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3138">multi: make the closure handle "inherit" CURLOPT_NOSIGNAL</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3122">netrc: free temporary strings if memory allocation fails</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3086">nss: fix nssckbi module loading on Windows</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3016">nss: try to connect even if libnssckbi.so fails to load</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2966">ntlm_wb: Fix memory leaks in ntlm_wb_response</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2959">ntlm_wb: bail out if the response gets overly large</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2983">openssl: assume engine support in 0.9.8 or later</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3026">openssl: enable TLS 1.3 post-handshake auth</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2980">openssl: fix gcc8 warning</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3023">openssl: load built-in engines too</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3176">openssl: make 'done' a proper boolean</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3178">openssl: output the correct cipher list on TLS 1.3 error</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2901">openssl: return CURLE_PEER_FAILED_VERIFICATION on failure to parse issuer</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2989">openssl: show "proper" version number for libressl builds</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2705">pipelining: deprecated</a>
 BGF rand: add comment to skip a clang-tidy false positive
 BGF <a href="https://curl.haxx.se/bug/?i=3155">rtmp: fix for compiling with lwIP</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3075">runtests: ignore disabled even when ranges are given</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2394">runtests: skip ld_preload tests on macOS</a>
 BGF runtests: use Windows paths for Windows curl
 BGF <a href="https://curl.haxx.se/bug/?i=2901">schannel: unified error code handling</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2986">sendf: Fix whitespace in infof/failf concatenation</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3179">ssh: free the session on init failures</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2901">ssl: deprecate CURLE_SSL_CACERT in favour of a unified error code</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3181">system.h: use proper setting with Sun C++ as well</a>
 BGF <a href="https://github.com/curl/curl/issues/1751#issuecomment-321522580">test1299: use single quotes around asterisk</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2941">test1452: mark as flaky</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3163">test1651: unit test Curl_extract_certinfo()</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3093">test320: strip out more HTML when comparing</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2929">tests/negtelnetserver.py: fix Python2-ism in neg TELNET server</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2937">tests: add unit tests for url.c</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3048">timeval: fix use of weak symbol clock_gettime() on Apple platforms</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3140">tool_cb_hdr: handle failure of rename()</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3182">travis: add a "make tidy" build that runs clang-tidy</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3144">travis: add build for "configure --disable-verbose"</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3062">travis: bump the Secure Transport build to use xcode</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3126">travis: make distcheck scan for BOM markers</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3182">unit1300: fix stack-use-after-scope AddressSanitizer warning</a>
 BGF urldata: Fix "connecting" comment
 BGF <a href="https://curl.haxx.se/bug/?i=2763">urlglob: improve error message on bad globs</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2969">vtls: fix ssl version "or later" behavior change for many backends</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3102">x509asn1: Fix SAN IP address verification</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3163">x509asn1: always check return code from getASN1Element()</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2901">x509asn1: return CURLE_PEER_FAILED_VERIFICATION on failure to parse cert</a>
 BGF <a href="https://curl.haxx.se/bug/?i=3163">x509asn1: suppress left shift on signed value</a>
</ul>

<a name="7_61_1"></a>
SUBTITLE(Fixed in 7.61.1 - September 5 2018)
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="https://curl.haxx.se/docs/CVE-2018-14618.html">security advisory (CVE-2018-14618): NTLM password overflow via integer overflow</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2847">CURLINFO_SIZE_UPLOAD: fix missing counter update</a>
 BGF CURLOPT_ACCEPT_ENCODING.3: list them comma-separated
 BGF <a href="https://curl.haxx.se/bug/?i=2915">CURLOPT_SSL_CTX_FUNCTION.3: might cause accidental connection reuse</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2733">Curl_getoff_all_pipelines: improved for multiplexed</a>
 BGF DEPRECATE: remove release date from 7.62.0
 BGF <a href="https://curl.haxx.se/bug/?i=2798">HTTP: Don't attempt to needlessly decompress redirect body</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2890">INTERNALS: require GnuTLS >= 2.11.3</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2857">README.md: add LGTM.com code quality grade for C/C++</a>
 BGF SSLCERTS: improve the openssl command line
 BGF <a href="https://curl.haxx.se/bug/?i=2860">Silence GCC 8 cast-function-type warnings</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2733">ares: check for NULL in completed-callback</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2852">asyn-thread: Remove unused macro</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2754">auth: only pick CURLAUTH_BEARER if we *have* a Bearer token</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2754">auth: pick Bearer authentication whenever a token is available</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2817">cmake: CMake config files are defining CURL_STATICLIB for static builds</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2755">cmake: Respect BUILD_SHARED_LIBS</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2727">cmake: Update scripts to use consistent style</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2753">cmake: bumped minimum version to 3.4</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2753">cmake: link curl to the OpenSSL targets instead of lib absolute paths</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2747">configure: conditionally enable pedantic-errors</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2848">configure: fix for -lpthread detection with OpenSSL and pkg-config</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2733">conn: remove the boolean 'inuse' field</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2719">content_encoding: accept up to 4 unknown trailer bytes after raw deflate data</a>
 BGF cookie tests: treat files as text
 BGF <a href="https://curl.haxx.se/bug/?i=2524">cookies: support creation-time attribute for cookies</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2797">curl: Fix segfault when -H @headerfile is empty</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2925">curl: add http code 408 to transient list for --retry</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2739">curl: fix time-of-check, time-of-use race in dir creation</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2783">curl: use Content-Disposition before the "URL end" for -OJ</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2885">curl: warn the user if a given file name looks like an option</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2908">curl_threads: silence bad-function-cast warning</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2731">darwinssl: add support for ALPN negotiation</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2788">docs/CURLOPT_URL: fix indentation</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2787">docs/CURLOPT_WRITEFUNCTION: size is always 1</a>
 BGF docs/SECURITY-PROCESS: mention bounty, drop pre-notify
 BGF <a href="https://curl.haxx.se/bug/?i=2804">docs/examples: add hiperfifo example using linux epoll/timerfd</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2856">docs: add disallow-username-in-url.d and haproxy-protocol.d to dist</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2773">docs: clarify NO_PROXY env variable functionality</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2868">docs: improved the manual pages of some callbacks</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2837">docs: mention NULL is fine input to several functions</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2852">formdata: Remove unused macro HTTPPOST_CONTENTTYPE_DEFAULT</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2910">gopher: Do not translate `?' to `%09'</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2736">header output: switch off all styles, not just unbold</a>
 BGF hostip: fix unused variable warning
 BGF <a href="https://curl.haxx.se/bug/?i=2928">http2: Use correct format identifier for stream_id</a>
 BGF <a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10012">http2: abort the send_callback if not setup yet</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2894">http2: avoid set_stream_user_data() before stream is assigned</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2880">http2: check nghttp2_session_set_stream_user_data return code</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2800">http2: clear the drain counter in Curl_http2_done</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2882">http2: make sure to send after RST_STREAM</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2751">http2: separate easy handle from connections better</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2420">http: fix for tiny "HTTP/0.9" response</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2852">http_proxy: Remove unused macro SELECT_TIMEOUT</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2830">lib/Makefile: only do symbol hiding if told to</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2861">lib1502: fix memory leak in torture test</a>
 BGF lib1522: fix curl_easy_setopt argument type
 BGF <a href="https://curl.haxx.se/bug/?i=2904">libcurl-thread.3: expand somewhat on the NO_SIGNAL motivation</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2795">mime: check Curl_rand_hex's return code</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2733">multi: always do the COMPLETED procedure/state</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2732">openssl: assume engine support in 1.0.0 or later</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2806">openssl: fix debug messages</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2865">projects: Improve Windows perl detection in batch scripts</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2801">retry: return error if rewind was necessary but didn't happen</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2790">reuse_conn(): memory leak - free old_conn->options</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2018-08/0198.html">schannel: client certificate store opening fix</a>
 BGF schannel: enable CALG_TLS1PRF for w32api >= 5.1
 BGF <a href="https://github.com/curl/curl/pull/2721#issuecomment-403636043">schannel: fix MinGW compile break</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2939">sftp: don't send post-quote sequence when retrying a connection</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2769">smb: fix memory leak on early failure</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2740">smb: fix memory-leak in URL parse error path</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2768">smb_getsock: always wait for write socket too</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2879">ssh-libssh: fix infinite connect loop on invalid private key</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2879">ssh-libssh: reduce excessive verbose output about pubkey auth</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2922">ssh-libssh: use FALLTHROUGH to silence gcc8</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2333">ssl: set engine implicitly when a PKCS#11 URI is provided</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2808">sws: handle EINTR when calling select()</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2792">system_win32: fix version checking</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2852">telnet: Remove unused macros TELOPTS and TELCMDS</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2765">test1143: disable MSYS2's POSIX path conversion</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2786">test1148: disable if decimal separator is not point</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2825">test1307: (fnmatch testing) disabled</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2741">test1422: add required file feature</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2853">test1531: Add timeout</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2852">test1540: Remove unused macro TEST_HANG_TIMEOUT</a>
 BGF test214: disable MSYS2's POSIX path conversion for URL
 BGF <a href="https://curl.haxx.se/bug/?i=2776">test320: treat curl320.out file as binary</a>
 BGF tests/http_pipe.py: Use /usr/bin/env to find python
 BGF <a href="https://curl.haxx.se/bug/?i=2920">tests: Don't use Windows path %PWD for SSH tests</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2772">tests: fixes for Windows line endlings</a>
 BGF tool_operate: Fix setting proxy TLS 1.3 ciphers
 BGF <a href="https://curl.haxx.se/bug/?i=2835">travis: build darwinssl on macos 10.12 to fix linker errors</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2862">travis: execute "set -eo pipefail" for coverage build</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2811">travis: run a 'make checksrc' too</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2869">travis: update to GCC-8</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2856">travis: verify that man pages can be regenerated</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2892">upload: allocate upload buffer on-demand</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2892">upload: change default UPLOAD_BUFSIZE to 64KB</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2871">urldata: remove unused pipe_broke struct field</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2829">vtls: reinstantiate engine on duplicated handles</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2018-07/0080.html">windows: implement send buffer tuning</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2784">wolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random</a>
</ul>
<a name="7_61_0"></a>
SUBTITLE(Fixed in 7.61.0 - July 11 2018)
<p> Changes:
<ul class="changes">
 CHG <a href="https://curl.haxx.se/bug/?i=2495">getinfo: add microsecond precise timers for seven intervals</a>
 CHG <a href="https://curl.haxx.se/bug/?i=2538">curl: show headers in bold, switch off with --no-styled-output</a>
 CHG <a href="https://curl.haxx.se/bug/?i=2102">httpauth: add support for Bearer tokens</a>
 CHG <a href="https://curl.haxx.se/bug/?i=2435">Add CURLOPT_TLS13_CIPHERS and CURLOPT_PROXY_TLS13_CIPHERS</a>
 CHG <a href="https://curl.haxx.se/bug/?i=2435">curl: --tls13-ciphers and --proxy-tls13-ciphers</a>
 CHG <a href="https://curl.haxx.se/bug/?i=2340">Add CURLOPT_DISALLOW_USERNAME_IN_URL</a>
 CHG <a href="https://curl.haxx.se/bug/?i=2340">curl: --disallow-username-in-url</a>
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="https://curl.haxx.se/docs/CVE-2018-0500.html">CVE-2018-0500: smtp: fix SMTP send buffer overflow</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2522">schannel: disable client cert option if APIs not available</a>
 BGF schannel: disable manual verify if APIs not available
 BGF <a href="https://curl.haxx.se/bug/?i=2576">tests/libtest/Makefile: Do not unconditionally add gcc-specific flags</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2571">openssl: acknowledge --tls-max for default version too</a>
 BGF stub_gssapi: fix 'unused parameter' warnings
 BGF <a href="https://curl.haxx.se/bug/?i=2584">examples/progressfunc: make it build on both new and old libcurls</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2579">docs: mention it is HA Proxy protocol "version 1"</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2587">curl_fnmatch: only allow two asterisks for matching</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2590">docs: clarify CURLOPT_HTTPGET</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2586">configure: replace a AC_TRY_RUN with CURL_RUN_IFELSE</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2586">configure: do compile-time SIZEOF checks instead of run-time</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2563">checksrc: make sure sizeof() is used *with* parentheses</a>
 BGF CURLOPT_ACCEPT_ENCODING.3: add brotli and clarify a bit
 BGF <a href="https://curl.haxx.se/bug/?i=2592">schannel: make CAinfo parsing resilient to CR/LF</a>
 BGF tftp: make sure error is zero terminated before printfing it
 BGF <a href="https://curl.haxx.se/bug/?i=1163">http resume: skip body if http code 416 (range error) is ignored</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2580">configure: add basic test of --with-ssl prefix</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2121">cmake: set -d postfix for debug builds</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2018-05/0062.html">multi: provide a socket to wait for in Curl_protocol_getsock</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2606">content_encoding: handle zlib versions too old for Z_BLOCK</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2602">winbuild: only delete OUTFILE if it exists</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2603">winbuild: In MakefileBuild.vc fix typo DISTDIR->DIRDIST</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2604">schannel: add failf calls for client certificate failures</a>
 BGF cmake: Fix the test for fsetxattr and strerror_r
 BGF <a href="https://curl.haxx.se/bug/?i=2612">curl.1: Fix cmdline-opts reference errors</a>
 BGF cmdline-opts/gen.pl: warn if mutexes: or see-also: list non-existing options
 BGF <a href="https://curl.haxx.se/bug/?i=2609">cmake: check for getpwuid_r</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2613">configure: fix ssh2 linking when built with a static mbedtls</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2553">psl: use latest psl and refresh it periodically</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2614">fnmatch: insist on escaped bracket to match</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2618">KNOWN_BUGS: restore text regarding #2101</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2615">INSTALL: LDFLAGS=-Wl,-R/usr/local/ssl/lib</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2617">configure: override AR_FLAGS to silence warning</a>
 BGF os400: implement mime api EBCDIC wrappers
 BGF <a href="https://curl.haxx.se/bug/?i=1221">curl.rc: embed manifest for correct Windows version detection</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2623">strictness: correct {infof, failf} format specifiers</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2624">tests: update .gitignore for libtests</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2609">configure: check for declaration of getpwuid_r</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2626">fnmatch: use the system one if available</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2622">CURLOPT_RESOLVE: always purge old entry first</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2627">multi: remove a potentially bad DEBUGF()</a>
 BGF curl_addrinfo: use same #ifdef conditions in source as header
 BGF <a href="https://curl.haxx.se/bug/?i=2629">build: remove the Borland specific makefiles</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2628">axTLS: not considered fit for use</a>
 BGF cmdline-opts/cert-type.d: mention "p12" as a recognized type
 BGF <a href="https://curl.haxx.se/bug/?i=2637">system.h: add support for IBM xlc C compiler</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2633">tests/libtest: Add lib1521 to nodist_SOURCES</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2640">mk-ca-bundle.pl: leave certificate name untouched</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2634">boringssl + schannel: undef X509_NAME in lib/schannel.h</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2641">openssl: assume engine support in 1.0.1 or later</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2631">cppcheck: fix warnings</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2646">test 46: make test pass after year 2025</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2630">schannel: support selecting ciphers</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2647">Curl_debug: remove dead printhost code</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2649">test 1455: unflakified</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2653">Curl_init_do: handle NULL connection pointer passed in</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2654">progress: remove a set of unused defines</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2655">mk-ca-bundle.pl: make -u delete certdata.txt if found not changed</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2657">GOVERNANCE.md: explains how this project is run</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2203">configure: use pkg-config for c-ares detection</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2199">configure: enhance ability to build with static openssl</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2660">maketgz: fix sed issues on OSX</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1968">multi: fix memory leak when stopped during name resolve</a>
 BGF CURLOPT_INTERFACE.3: interface names not supported on Windows
 BGF <a href="https://curl.haxx.se/bug/?i=2669">url: fix dangling conn->data pointer</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2665">cmake: allow multiple SSL backends</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2018-06/0100.html">system.h: fix for gcc on 32 bit OpenServer</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2674">ConnectionExists: make sure conn->data is set when "taking" a connection</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2677">multi: fix crash due to dangling entry in connect-pending list</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2673">CURLOPT_SSL_VERIFYPEER.3: Add performance note</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2676">netrc: use a larger buffer to support longer passwords</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2681">url: check Curl_conncache_add_conn return code</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2684">configure: Add dependent libraries after crypto</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2685">easy_perform: faster local name resolves by using *multi_timeout()</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2687">getnameinfo: not used, removed all configure checks</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2689">travis: add a build using the synchronous name resolver</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2690">CURLINFO_TLS_SSL_PTR.3: improve the example</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2692">openssl: allow TLS 1.3 by default</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2691">openssl: make the requested TLS version the *minimum* wanted</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2698">openssl: Remove some dead code</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2696">telnet: fix clang warnings</a>
 BGF <a href="https://curl.haxx.se/dev/deprecate.html">DEPRECATE: new doc describing planned item removals</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2706">example/crawler.c: simple crawler based on libxml2</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2708">libssh: goto DISCONNECT state on error, not SESSION_FREE</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2711">CMake: Remove unused functions</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2656">darwinssl: allow High Sierra users to build the code using GCC</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2718">scripts: include _curl as part of CLEANFILES</a>
</ul>
    
<a name="7_60_0"></a>
SUBTITLE(Fixed in 7.60.0 - May 16 2018)
<p> Changes:
<ul class="changes">
 CHG <a href="https://curl.haxx.se/bug/?i=2162">Add CURLOPT_HAPROXYPROTOCOL, support for the HAProxy PROXY protocol</a>
 CHG <a href="https://curl.haxx.se/bug/?i=2162">Add --haproxy-protocol for the command line tool</a>
 CHG <a href="https://curl.haxx.se/bug/?i=1694">Add CURLOPT_DNS_SHUFFLE_ADDRESSES, shuffle returned IP addresses</a>
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="https://curl.haxx.se/docs/CVE-2018-1000300.html">FTP: shutdown response buffer overflow CVE-2018-1000300</a>
 BGF <a href="https://curl.haxx.se/docs/CVE-2018-1000301.html">RTSP: bad headers buffer over-read CVE-2018-1000301</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2380">FTP: fix typo in recursive callback detection for seeking</a>
 BGF test1208: marked flaky
 BGF <a href="https://curl.haxx.se/bug/?i=2382">HTTP: make header-less responses still count correct body size</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2381">user-agent.d:: mention --proxy-header as well</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2387">http2: fixes typo</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2389">cleanup: misc typos in strings and comments</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2386">rate-limit: use three second window to better handle high speeds</a>
 BGF examples/hiperfifo.c: improved
 BGF <a href="https://curl.haxx.se/mail/lib-2018-03/0048.html">pause: when changing pause state, update socket state</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2369">multi: improved pending transfers handling => improved performance</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2364">curl_version_info.3: fix ssl_version description</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2190">add_handle/easy_perform: clear errorbuffer on start if set</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2397">darwinssl: fix iOS build</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2392">cmake: add support for brotli</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2401">parsedate: support UT timezone</a>
 BGF vauth/ntlm.h: fix the #ifdef header guard
 BGF lib/curl_path.h: added #ifdef header guard
 BGF <a href="https://curl.haxx.se/bug/?i=2408">vauth/cleartext: fix integer overflow check</a>
 BGF CURLINFO_COOKIELIST.3: made the example not leak memory
 BGF <a href="https://curl.haxx.se/bug/?i=2410">cookie.d: mention that "-" as filename means stdin</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2400">CURLINFO_SSL_VERIFYRESULT.3: fixed the example</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1967">http2: read pending frames (including GOAWAY) in connection-check</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2358">timeval: remove compilation warning by casting</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2358">cmake: avoid warn-as-error during config checks</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2418">travis-ci: enable -Werror for CMake builds</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2399">openldap: fix for NULL return from ldap_get_attribute_ber()</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2419">threaded resolver: track resolver time and set suitable timeout values</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2363">cmake: Add advapi32 as explicit link library for win32</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2018-03/0140.html">docs: fix CURLINFO_*_T examples use of CURL_FORMAT_CURL_OFF_T</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2436">test1148: set a fixed locale for the test</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2441">cookies: when reading from a file, only remove_expired once</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2440">cookie: store cookies per top-level-domain-specific hash table</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2319">openssl: fix build with LibreSSL 2.7</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2453">tls: fix mbedTLS 2.7.0 build + handle sha256 failures</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2451">openssl: RESTORED verify locations when verifypeer==0</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2438">file: restore old behavior for file:////foo/bar URLs</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2432">FTP: allow PASV on IPv6 connections when a proxy is being used</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2430">build-openssl.bat: allow custom paths for VS and perl</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2455">winbuild: make the clean target work without build-type</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2189">build-openssl.bat: Refer to VS2017 as VC14.1 instead of VC15</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2462">curl: retry on FTP 4xx, ignore other protocols</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2463">configure: detect (and use) sa_family_t</a>
 BGF examples/sftpuploadresume: Fix Windows large file seek
 BGF <a href="https://curl.haxx.se/bug/?i=2466">build: cleanup to fix clang warnings/errors</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2472">winbuild: updated the documentation</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2463">lib: silence null-dereference warnings</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2478">travis: bump to clang 6 and gcc 7</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2471">travis: build libpsl and make builds use it</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2480">proxy: show getenv proxy use in verbose output</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2485">duphandle: make sure CURLOPT_RESOLVE is duplicated</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2497">all: Refactor malloc+memset to use calloc</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2498">checksrc: Fix typo</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2491">system.h: Add sparcv8plus to oracle/sunpro 32-bit detection</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2496">vauth: Fix typo</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2500">ssh: show libSSH2 error code when closing fails</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2446">test1148: tolerate progress updates better</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2479">urldata: make service names unconditional</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2490">configure: keep LD_LIBRARY_PATH changes local</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1622">ntlm_sspi: fix authentication using Credential Manager</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2376">schannel: add client certificate authentication</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2474">winbuild: Support custom devel paths for each dependency</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1325">schannel: add support for CURLOPT_CAINFO</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2507">http2: handle on_begin_headers() called more than once</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2403">openssl: support OpenSSL 1.1.1 verbose-mode trace messages</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2493">openssl: fix subjectAltName check on non-ASCII platforms</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2513">http2: avoid strstr() on data not zero terminated</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1680">http2: clear the "drain counter" when a stream is closed</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2416">http2: handle GOAWAY properly</a>
 BGF tool_help: clarify --max-time unit of time is seconds
 BGF <a href="https://curl.haxx.se/bug/?i=2515">curl.1: clarify that options and URLs can be mixed</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2514">http2: convert an assert to run-time check</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2499">curl_global_sslset: always provide available backends</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2445">ftplistparser: keep state between invokes</a>
 BGF Curl_memchr: zero length input can't match
 BGF examples/sftpuploadresume: typecast fseek argument to long
 BGF examples/http2-upload: expand buffer to avoid silly warning
 BGF <a href="https://curl.haxx.se/bug/?i=2494">ctype: restore character classification for non-ASCII platforms</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2527">mime: avoid NULL pointer dereference risk</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2529">cookies: ensure that we have cookies before writing jar</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2525">os400.c: fix checksrc warnings</a>
 BGF configure: provide --with-wolfssl as an alias for --with-cyassl
 BGF cyassl: adapt to libraries without TLS 1.0 support built-in
 BGF <a href="https://curl.haxx.se/bug/?i=2534">http2: get rid of another strstr</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2532">checksrc: force indentation of lines after an else</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2537">cookies: remove unused macro</a>
 BGF CURLINFO_PROTOCOL.3: mention the existing defined names
 BGF <a href="https://curl.haxx.se/bug/?i=2533">tests: provide 'manual' as a feature to optionally require</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2541">travis: enable libssh2 on both macos and Linux</a>
 BGF CURLOPT_URL.3: added ENCODING section
 BGF <a href="https://curl.haxx.se/bug/?i=2542">wolfssl: Fix non-blocking connect</a>
 BGF vtls: don't define MD5_DIGEST_LENGTH for wolfssl
 BGF <a href="https://curl.haxx.se/bug/?i=2544">docs: remove extraneous commas in man pages</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2535">URL: fix ASCII dependency in strcpy_url and strlen_url</a>
 BGF ssh-libssh.c: fix left shift compiler warning
 BGF <a href="https://curl.haxx.se/bug/?i=2180">configure: only check for CA bundle for file-using SSL backends</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2531">travis: add an mbedtls build</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2546">http: don't set the "rewind" flag when not uploading anything</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2548">configure: put CURLDEBUG and DEBUGBUILD in lib/curl_config.h</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2520">transfer: don't unset writesockfd on setup of multiplexed conns</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2547">vtls: use unified "supports" bitfield member in backends</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2550">URLs: fix one more http url</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2528">travis: add a build using WolfSSL</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2512">openssl: change FILE ops to BIO ops</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2558">travis: add build using NSS</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2558">smb: reject negative file sizes</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2564">cookies: accept parameter names as cookie name</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2520">http2: getsock fix for uploads</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2561">all over: fixed format specifiers</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2560">http2: use the correct function pointer typedef</a>
</ul>

<a name="7_59_0"></a>
SUBTITLE(Fixed in 7.59.0 - March 14 2018)
<p> Changes:
<ul class="changes">
 CHG <a href="https://curl.haxx.se/bug/?i=2268">curl: add --proxy-pinnedpubkey</a>
 CHG <a href="https://curl.haxx.se/bug/?i=2238">added: CURLOPT_TIMEVALUE_LARGE and CURLINFO_FILETIME_T</a>
 CHG <a href="https://curl.haxx.se/bug/?i=2260">CURLOPT_RESOLVE: Add support for multiple IP addresses per entry</a>
 CHG <a href="https://curl.haxx.se/bug/?i=2260">Add option CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS</a>
 CHG <a href="https://curl.haxx.se/bug/?i=2260">Add new tool option --happy-eyeballs-timeout-ms</a>
 CHG <a href="https://curl.haxx.se/bug/?i=2311">Add CURLOPT_RESOLVER_START_FUNCTION and CURLOPT_RESOLVER_START_DATA</a>
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="https://curl.haxx.se/docs/CVE-2018-1000121.html">openldap: check ldap_get_attribute_ber() results for NULL before using</a>
 BGF <a href="https://curl.haxx.se/docs/CVE-2018-1000120.html">FTP: reject path components with control codes</a>
 BGF <a href="https://curl.haxx.se/docs/CVE-2018-1000122.html">readwrite: make sure excess reads don't go beyond buffer end</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1872">lib555: drop text conversion and encode data as ascii codes</a>
 BGF lib517: make variable static to avoid compiler warning
 BGF <a href="https://curl.haxx.se/bug/?i=1872">lib544: sync ascii code data with textual data</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2263">GSKit: restore pinnedpubkey functionality</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2085">darwinssl: Don't import client certificates into Keychain on macOS</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2250">parsedate: fix date parsing for systems with 32 bit long</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2258">openssl: fix pinned public key build error in FIPS mode</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1429">SChannel/WinSSL: Implement public key pinning</a>
 BGF cookies: remove verbose "cookie size:" output
 BGF <a href="https://github.com/curl/curl/commit/993dd5651a6c853bfe3870f6a69c7b329fa4e8ce#commitcomment-27070080">progress-bar: don't use stderr explicitly, use bar->out</a>
 BGF Fixes for MSDOS
 BGF build: open VC15 projects with VS 2017
 BGF <a href="https://curl.haxx.se/bug/?i=2269">curl_ctype: private is*() type macros and functions</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2202">configure: set PATH_SEPARATOR to colon for PATH w/o separator</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2274">winbuild: make linker generate proper PDB</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2018-01/0074.html">curl_easy_reset: clear digest auth state</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2275">curl/curl.h: fix comment typo for CURLOPT_DNS_LOCAL_IP6</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2205">range: commonize FTP and FILE range handling</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2271">progress-bar docs: update to match implementation</a>
 BGF fnmatch: do not match the empty string with a character set
 BGF <a href="https://curl.haxx.se/mail/lib-2018-01/0114.html">fnmatch: accept an alphanum to be followed by a non-alphanum in char set</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2018-01/0122.html">build: fix termios issue on android cross-compile</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2278">getdate: return -1 for out of range</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2282">formdata: use the mime-content type function</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2164">time-cond: fix reading the file modification time on Windows</a>
 BGF build-openssl.bat: Extend VC15 support to include Enterprise and Professional
 BGF build-wolfssl.bat: Extend VC15 support to include Enterprise and Professional
 BGF openssl: Don't add verify locations when verifypeer==0
 BGF <a href="https://curl.haxx.se/bug/?i=2291">fnmatch: optimize processing of consecutive *s and ?s pattern characters</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2296">schannel: fix compiler warnings</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2298">content_encoding: Add "none" alias to "identity"</a>
 BGF get_posix_time: only check for overflows if they can happen
 BGF <a href="https://curl.haxx.se/bug/?i=2303">http_chunks: don't write chunks twice with CURLOPT_HTTP_TRANSFER_DECODING</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2300">README: language fix</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2305">sha256: build with OpenSSL < 0.9.8</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2304">smtp: fix processing of initial dot in data</a>
 BGF <a href="https://bugzilla.redhat.com/1542256">--tlsauthtype: works only if libcurl is built with TLS-SRP support</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2303">tests: new tests for http raw mode</a>
 BGF libcurl-security.3: man page discussion security concerns when using libcurl
 BGF curl_gssapi: make sure this file too uses our *printf()
 BGF BINDINGS: fix curb link (and remove ruby-curl-multi)
 BGF <a href="https://bugzilla.redhat.com/1510247">nss: use PK11_CreateManagedGenericObject() if available</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1872">travis: add build with iconv enabled</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2312">ssh: add two missing state names</a>
 BGF CURLOPT_HEADERFUNCTION.3: mention folded headers
 BGF <a href="https://curl.haxx.se/mail/lib-2018-02/0056.html">http: fix the max header length detection logic</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2314">header callback: don't chop headers into smaller pieces</a>
 BGF CURLOPT_HEADER.3: clarify problems with different data sizes
 BGF curl --version: show PSL if the run-time lib has it enabled
 BGF <a href="https://curl.haxx.se/mail/lib-2018-02/0072.html">examples/sftpuploadresume: resume upload via CURLOPT_APPEND</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2302">Return error if called recursively from within callbacks</a>
 BGF sasl: prefer PLAIN mechanism over LOGIN
 BGF <a href="https://curl.haxx.se/bug/?i=2330">winbuild: Use CALL to run batch scripts</a>
 BGF curl_share_setopt.3: connection cache is shared within multi handles
 BGF <a href="https://curl.haxx.se/bug/?i=2329">winbuild: Use macros for the names of some build utilities</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2325">projects/README: remove reference to dead IDN link/package</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2335">lib655: silence compiler warning</a>
 BGF configure: Fix version check for OpenSSL 1.1.1
 BGF <a href="https://curl.haxx.se/bug/?i=2342">docs/MANUAL: formfind.pl is not accessible on the site anymore</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2341">unit1309: fix warning on Windows x64</a>
 BGF unit1307: proper cleanup on OOM to fix torture tests
 BGF curl_ctype: fix macro redefinition warnings
 BGF <a href="https://curl.haxx.se/bug/?i=2337">build: get CFLAGS (including -werror) used for examples and tests</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2353">NO_PROXY: fix for IPv6 numericals in the URL</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2356">krb5: use nondeprecated functions</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2354">winbuild: prefer documented zlib library names</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2365">http2: mark the connection for close on GOAWAY</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2371">limit-rate: kick in even before "limit" data has been received</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2357">HTTP: allow "header;" to replace an internal header with a blank one</a>
 BGF http2: verbose output new MAX_CONCURRENT_STREAMS values
 BGF SECURITY: distros' max embargo time is 14 days
 BGF curl tool: accept --compressed also if Brotli is enabled and zlib is not
 BGF <a href="https://curl.haxx.se/bug/?i=2349">WolfSSL: adding TLSv1.3</a>
 BGF checksrc.pl: add -i and -m options
 BGF CURLOPT_COOKIEFILE.3: "-" as file name means stdin
</ul>

<a name="7_58_0"></a>
SUBTITLE(Fixed in 7.58.0 - January 24 2018)
<p> Changes:
<ul class="changes">
 CHG new libssh-powered SSH SCP/SFTP back-end
 CHG <a href="https://curl.haxx.se/bug/?i=2128">curl-config: add --ssl-backends</a>
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="https://curl.haxx.se/docs/CVE-2018-1000005.html">http2: fix incorrect trailer buffer size</a>
 BGF <a href="https://curl.haxx.se/docs/CVE-2018-1000007.html">http: prevent custom Authorization headers in redirects</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2118">travis: add boringssl build</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2017-12/0000.html">examples/xmlstream.c: don't switch off CURL_GLOBAL_SSL</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2119">SSL: Avoid magic allocation of SSL backend specific data</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2127">lib: don't export all symbols, just everything curl_*</a>
 BGF libssh2: send the correct CURLE error code on scp file not found
 BGF libssh2: return CURLE_UPLOAD_FAILED on failure to upload
 BGF <a href="https://curl.haxx.se/bug/?i=2134">openssl: enable pkcs12 in boringssl builds</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2143">libssh2: remove dead code from SSH_SFTP_QUOTE</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2150">sasl_getmessage: make sure we have a long enough string to pass</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2132">conncache: fix several lock issues</a>
 BGF threaded-shared-conn.c: new example
 BGF <a href="https://curl.haxx.se/bug/?i=2152">conncache: only allow multiplexing within same multi handle</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2146">configure: check for netinet/in6.h</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2154">URL: tolerate backslash after drive letter for FILE:</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2159">openldap: add commented out debug possibilities</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2160">include: get netinet/in.h before linux/tcp.h</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2088">CONNECT: keep close connection flag in http_connect_state struct</a>
 BGF BINDINGS: another PostgreSQL client
 BGF <a href="https://curl.haxx.se/bug/?i=2158">curl: limit -# update frequency for unknown total size</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2076">configure: add AX_CODE_COVERAGE only if using gcc</a>
 BGF curl.h: remove incorrect comment about ERRORBUFFER
 BGF <a href="https://curl.haxx.se/bug/?i=1916">openssl: improve data-pending check for https proxy</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2166">curl: remove __EMX__ #ifdefs</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2168">CURLOPT_PRIVATE.3: fix grammar</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1900">sftp: allow quoted commands to use relative paths</a>
 BGF CURLOPT_DNS_CACHE_TIMEOUT.3: see also CURLOPT_RESOLVE
 BGF RESOLVE: output verbose text when trying to set a duplicate name
 BGF <a href="https://github.com/curl/curl/pull/1346#issuecomment-350530901">openssl: Disable file buffering for Win32 SSLKEYLOGFILE</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2169">multi_done: prune DNS cache</a>
 BGF tests: update .gitignore for libtests
 BGF tests: mark data files as non-executable in git
 BGF CURLOPT_DNS_LOCAL_IP4.3: fixed the "SEE ALSO" to not self-reference
 BGF curl.1: documented two missing valid exit codes
 BGF curl.1: mention http:// and https:// as valid proxy prefixes
 BGF <a href="https://curl.haxx.se/bug/?i=2171">vtls: replaced getenv() with curl_getenv()</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2173">setopt: less *or equal* than INT_MAX/1000 should be fine</a>
 BGF examples/smtp-mail.c: use separate defines for options and mail
 BGF <a href="https://curl.haxx.se/bug/?i=2174">curl: support >256 bytes warning messages</a>
 BGF conncache: fix a return code
 BGF krb5: fix a potential access of uninitialized memory
 BGF rand: add a clang-analyzer work-around
 BGF <a href="https://curl.haxx.se/bug/?i=2175">CURLOPT_READFUNCTION.3: refer to argument with correct name</a>
 BGF brotli: allow compiling with version 0.6.0
 BGF <a href="https://curl.haxx.se/bug/?i=2068">content_encoding: rework zlib_inflate</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2017-12/0060.html">curl_easy_reset: release mime-related data</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2185">examples/rtsp: fix error handling macros</a>
 BGF build-openssl.bat: Added support for VC15
 BGF build-wolfssl.bat: Added support for VC15
 BGF build: Added Visual Studio 2017 project files
 BGF winbuild: Added support for VC15
 BGF <a href="https://curl.haxx.se/bug/?i=2179">curl: Support size modifiers for --max-filesize</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2017-12/0057.html">examples/cacertinmem: ignore cert-already-exists error</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2194">brotli: data at the end of content can be lost</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2017-12/0074.html">curl_version_info.3: call the argument 'age'</a>
 BGF openssl: fix memory leak of SSLKEYLOGFILE filename
 BGF <a href="https://curl.haxx.se/bug/?i=2215">build: remove HAVE_LIMITS_H check</a>
 BGF --mail-rcpt: fix short-text description
 BGF <a href="https://curl.haxx.se/bug/?i=2222">scripts: allow all perl scripts to be run directly</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2200">progress: calculate transfer speed on milliseconds if possible</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2216">system.h: check __LONG_MAX__ for defining curl_off_t</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2217">easy: fix connection ownership in curl_easy_pause</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2230">setopt: reintroduce non-static Curl_vsetopt() for OS400 support</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2225">setopt: fix SSLVERSION to allow CURL_SSLVERSION_MAX_ values</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2234">configure.ac: append extra linker flags instead of prepending them</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2212">HTTP: bail out on negative Content-Length: values</a>
 BGF docs: comment about CURLE_READ_ERROR returned by curl_mime_filedata
 BGF <a href="https://curl.haxx.se/bug/?i=2235">mime: clone mime tree upon easy handle duplication</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2210">openssl: enable SSLKEYLOGFILE support by default</a>
 BGF <a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5206">smtp/pop3/imap_get_message: decrease the data length too...</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2239">CURLOPT_TCP_NODELAY.3: fix typo</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2211">SMB: fix numeric constant suffix and variable types</a>
 BGF <a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5251">ftp-wildcard: fix matching an empty string with "*[^a]"</a>
 BGF curl_fnmatch: only allow 5 '*' sections in a single pattern
 BGF openssl: fix potential memory leak in SSLKEYLOGFILE logic
 BGF <a href="https://curl.haxx.se/bug/?i=2248">SSH: Fix state machine for ssh-agent authentication</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2245">examples/url2file.c: add missing curl_global_cleanup() call</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2237">http2: don't close connection when single transfer is stopped</a>
 BGF libcurl-env.3: first version
 BGF <a href="https://curl.haxx.se/bug/?i=2242">curl: progress bar refresh, get width using ioctl()</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2018-01/0087.html">CONNECT_TO: fail attempt to set an IPv6 numerical without IPv6 support</a>
</ul>

<a name="7_57_0"></a>
SUBTITLE(Fixed in 7.57.0 - November 29 2017)
<p> Changes:
<ul class="changes">
 CHG <a href="https://curl.haxx.se/bug/?i=1934">auth: add support for RFC7616 - HTTP Digest access authentication</a>
 CHG <a href="https://curl.haxx.se/bug/?i=2043">share: add support for sharing the connection cache</a>
 CHG <a href="https://curl.haxx.se/bug/?i=2045">HTTP: implement Brotli content encoding</a>
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="https://curl.haxx.se/docs/CVE-2017-8816.html">CVE-2017-8816: NTLM buffer overflow via integer overflow</a>
 BGF <a href="https://curl.haxx.se/docs/CVE-2017-8817.html">CVE-2017-8817: FTP wildcard out of bounds read</a>
 BGF <a href="https://curl.haxx.se/docs/CVE-2017-8818.html">CVE-2017-8818: SSL out of buffer access</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2008">curl_mime_filedata.3: fix typos</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2006">libtest: Add required test libraries for lib1552 and lib1553</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2004">fix time diffs for systems using unsigned time_t</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2013">ftplistparser: memory leak fix: free temporary memory always</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1982">multi: allow table handle sizes to be overridden</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2016">wildcards: don't use with non-supported protocols</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2015">curl_fnmatch: return error on illegal wildcard pattern</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2001">transfer: Fix chunked-encoding upload too early exit</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2025">curl_setup: Improve detection of CURL_WINDOWS_APP</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2023">resolvers: only include anything if needed</a>
 BGF setopt: fix CURLOPT_SSH_AUTH_TYPES option read
 BGF appveyor: add a win32 build
 BGF <a href="https://curl.haxx.se/bug/?i=2021">Curl_timeleft: change return type to timediff_t</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1879">cmake: Export libcurl and curl targets to use by other cmake projects</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2022">curl: in -F option arg, comma is a delimiter for files only</a>
 BGF curl: improved ";type=" handling in -F option arguments
 BGF <a href="https://curl.haxx.se/bug/?i=2033">timeval: use mach_absolute_time() on MacOS</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2034">curlx: the timeval functions are no longer provided as curlx_*</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2026">mkhelp.pl: do not generate comment with current date</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2031">memdebug: use send/recv signature for curl_dosend/curl_dorecv</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2032">cookie: avoid NULL dereference</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2017-11/0000.html">url: fix CURLOPT_POSTFIELDSIZE arg value check to allow -1</a>
 BGF include: remove conncache.h inclusion from where its not needed
 BGF <a href="https://curl.haxx.se/bug/?i=2038">CURLOPT_MAXREDIRS: allow -1 as a value</a>
 BGF tests: Fixed torture tests on tests 556 and 650
 BGF http2: Fixed OOM handling in upgrade request
 BGF url: fix CURLOPT_DNS_CACHE_TIMEOUT arg value check to allow -1
 BGF <a href="https://curl.haxx.se/bug/?i=2047">CURLOPT_INFILESIZE: accept -1</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2044">curl: pass through [] in URLs instead of calling globbing error</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1959">curl: speed up handling of many URLs</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2054">ntlm: avoid malloc(0) for zero length passwords</a>
 BGF <a href="https://github.com/curl/curl/commit/f121575#commitcomment-25347120">url: remove faulty arg value check from CURLOPT_SSH_AUTH_TYPES</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2002">HTTP: support multiple Content-Encodings</a>
 BGF travis: add a job with brotli enabled
 BGF url: remove unnecessary NULL-check
 BGF fnmatch: remove dead code
 BGF <a href="https://curl.haxx.se/bug/?i=2053">connect: store IPv6 connection status after valid connection</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2061">imap: deal with commands case insensitively</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2024">--interface: add support for Linux VRF</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2060">content_encoding: fix inflate_stream for no bytes available</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2064">cmake: Correctly include curl.rc in Windows builds</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2067">cmake: Add missing setmode check</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2071">connect.c: remove executable bit on file</a>
 BGF SMB: fix uninitialized local variable
 BGF <a href="https://curl.haxx.se/mail/lib-2017-11/0032.html">zlib/brotli: only include header files in modules needing them</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2072">URL: return error on malformed URLs with junk after IPv6 bracket</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2079">openssl: fix too broad use of HAVE_OPAQUE_EVP_PKEY</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2080">macOS: Fix missing connectx function with Xcode version older than 9.0</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2087">--resolve: allow IP address within [] brackets</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2096">examples/curlx: Fix code style</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2098">ntlm: remove unnecessary NULL-check to please scan-build</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2098">Curl_llist_remove: fix potential NULL pointer deref</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2098">mime: fix "Value stored to 'sz' is never read" scan-build error</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2098">openssl: fix "Value stored to 'rc' is never read" scan-build error</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2098">http2: fix "Value stored to 'hdbuf' is never read" scan-build error</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2098">http2: fix "Value stored to 'end' is never read" scan-build error</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2098">Curl_open: fix OOM return error correctly</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2073">url: reject ASCII control characters and space in host names</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2106">examples/rtsp: clear RANGE again after use</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2104">connect: improve the bind error message</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2097">make: fix "make distclean"</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2056">connect: add support for new TCP Fast Open API on Linux</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2109">metalink: fix memory-leak and NULL pointer dereference</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2110">URL: update "file:" URL handling</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2111">ssh: remove check for a NULL pointer</a>
 BGF <a href="https://curl.haxx.se/bug/?i=2083">global_init: ignore CURL_GLOBAL_SSL's absence</a>
</ul>

<a name="7_56_1"></a>
SUBTITLE(Fixed in 7.56.1 - October 23 2017)
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="https://curl.haxx.se/docs/CVE-2017-1000257.html">imap: if a FETCH response has no size, don't call write callback</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1939">ftp: UBsan fixup 'pointer index expression overflowed</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1936">failf: skip the sprintf() if there are no consumers</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1923">fuzzer: move to using external curl-fuzzer</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1942">lib/Makefile.m32: allow customizing dll suffixes</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1946">docs: fix typo in curl_mime_data_cb man page</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1794">darwinssl: add support for TLSv1.3</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1945">build: fix --disable-crypto-auth</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1943">lib/config-win32.h: let SMB/SMBS be enabled with OpenSSL/NSS</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1955">openssl: fix build without HAVE_OPAQUE_EVP_PKEY</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1950">strtoofft: Remove extraneous null check</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1954">multi_cleanup: call DONE on handles that never got that</a>
 BGF tests: added flaky keyword to tests 587 and 644
 BGF <a href="https://curl.haxx.se/bug/?i=1953">pingpong: return error when trying to send without connection</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1960">remove_handle: call multi_done() first, then clear dns cache pointer</a>
 BGF mime: be tolerant about setting the same header list twice in a part
 BGF mime: improve unbinding top multipart from easy handle
 BGF mime: avoid resetting a part's encoder when part's contents change
 BGF <a href="https://curl.haxx.se/bug/?i=1962">mime: refuse to add subparts to one of their own descendants</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1969">RTSP: avoid integer overflow on funny RTSP responses</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1964">curl: don't pass semicolons when parsing Content-Disposition</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1948">openssl: enable PKCS12 support for !BoringSSL</a>
 BGF FAQ: s/CURLOPT_PROGRESSFUNCTION/CURLOPT_XFERINFOFUNCTION
 BGF CURLOPT_NOPROGRESS.3: also refer to xferinfofunction
 BGF CURLOPT_XFERINFODATA.3: fix duplicate see also
 BGF <a href="https://curl.haxx.se/bug/?i=1974">test298: verify --ftp-method nowcwd with URL encoded path</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1974">FTP: URL decode path for dir listing in nocwd mode</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1977">smtp_done: fix memory leak on send failure</a>
 BGF ftpserver: support case insensitive commands
 BGF test950; verify SMTP with custom request
 BGF <a href="https://curl.haxx.se/bug/?i=1979">openssl: don't use old BORINGSSL_YYYYMM macros</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1941">setopt: update current connection SSL verify params</a>
 BGF winbuild/BUILD.WINDOWS.txt: mention WITH_NGHTTP2
 BGF <a href="https://curl.haxx.se/bug/?i=1985">curl: reimplement stdin buffering in -F option</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1986">mime: keep "text/plain" content type if user-specified</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1988">mime: fix the content reader to handle >16K data properly</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1990">configure: remove the C++ compiler check</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1980">memdebug: trace send, recv and socket</a>
 BGF runtests: use valgrind for torture as well
 BGF <a href="https://curl.haxx.se/bug/?i=1992">ldap: silence clang warning</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1993">makefile.m32: allow to override gcc, ar and ranlib</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1938">setopt: avoid integer overflows when setting millsecond values</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1938">setopt: range check most long options</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1997">ftp: reject illegal IP/port in PASV 227 response</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1999">mime: do not reuse previously computed multipart size</a>
 BGF vtls: change struct Curl_ssl `close' field name to `close_one'
 BGF os400: add missing symbols in config file
 BGF mime: limit bas64-encoded lines length to 76 characters
 BGF <a href="https://curl.haxx.se/bug/?i=1998">mk-ca-bundle: Remove URL for aurora</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1998">mk-ca-bundle: Fix URL for NSS</a>
</ul>

<a name="7_56_0"></a>
SUBTITLE(Fixed in 7.56.0 - October 4 2017)
<p> Changes:
<ul class="changes">
 CHG <a href="https://curl.haxx.se/bug/?i=1735">curl: enable compression for SCP/SFTP with --compressed-ssh</a>
 CHG <a href="https://curl.haxx.se/bug/?i=1735">libcurl: enable compression for SCP/SFTP with CURLOPT_SSH_COMPRESSION</a>
 CHG <a href="https://curl.haxx.se/libcurl/c/curl_global_sslset.html">vtls: added dynamic changing SSL backend with curl_global_sslset()</a>
 CHG <a href="https://curl.haxx.se/bug/?i=1839">new MIME API, curl_mime_init() and friends</a>
 CHG <a href="https://curl.haxx.se/bug/?i=1866">openssl: initial SSLKEYLOGFILE implementation</a>
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="https://curl.haxx.se/docs/CVE-2017-1000254.html">FTP: zero terminate the entry path even on bad input</a>
 BGF examples/ftpuploadresume.c: use portable code
 BGF runtests: match keywords case insensitively
 BGF <a href="https://curl.haxx.se/bug/?i=1777">travis: build the examples too</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1758">strtoofft: reduce integer overflow risks globally</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1779">zsh.pl: produce a working completion script again</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1785">cmake: remove dead code for CURL_DISABLE_RTMP</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1602">progress: Track total times following redirects</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1784">configure: fix --disable-threaded-resolver</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1786">cmake: remove dead code for DISABLED_THREADSAFE</a>
 BGF configure: fix clang version detection
 BGF darwinssi: fix error: variable length array used
 BGF <a href="https://curl.haxx.se/bug/?i=1790">travis: add metalink to some osx builds</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1788">configure: check for __builtin_available() availability</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1793">http_proxy: fix build error for CURL_DOES_CONVERSIONS</a>
 BGF examples/ftpuploadresume: checksrc compliance
 BGF <a href="https://curl.haxx.se/bug/?i=1782">ftp: fix CWD when doing multicwd then nocwd on same connection</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1767">system.h: remove all CURL_SIZEOF_* defines</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1803">http: Don't wait on CONNECT when there is no proxy</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1797">system.h: check for __ppc__ as well</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1021">http2_recv: return error better on fatal h2 errors</a>
 BGF scripts/contri*sh: use "git log --use-mailmap"
 BGF <a href="https://curl.haxx.se/bug/?i=1808">tftp: fix memory leak on too long filename</a>
 BGF <a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872502#10">system.h: fix build for hppa</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1799">cmake: enable picky compiler options with clang and gcc</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1815">makefile.m32: add support for libidn2</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1751">curl: turn off MinGW CRT's globbing</a>
 BGF request-target.d: mention added in 7.55.0
 BGF <a href="https://curl.haxx.se/bug/?i=1810">curl: shorten and clean up CA cert verification error message</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1818">imap: support PREAUTH</a>
 BGF CURLOPT_USERPWD.3: see also CURLOPT_PROXYUSERPWD
 BGF examples/threaded-ssl: mention that this is for openssl before 1.1
 BGF <a href="https://curl.haxx.se/bug/?i=1832">winbuild: fix embedded manifest option</a>
 BGF tests: Make sure libtests & unittests call curl_global_cleanup()
 BGF <a href="https://curl.haxx.se/bug/?i=1828">system.h: include sys/poll.h for AIX</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1823">darwinssl: handle long strings in TLS certs</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1829">strtooff: fix build for systems with long long but no strtoll</a>
 BGF asyn-thread: Improved cleanup after OOM situations
 BGF <a href="https://curl.haxx.se/bug/?i=1837">HELP-US.md: "How to get started helping out in the curl project"</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2017-08/0120.html">curl.h: CURLSSLBACKEND_WOLFSSL used wrong value</a>
 BGF unit1301: fix error message on first test
 BGF <a href="https://curl.haxx.se/bug/?i=1842">ossfuzz: moving towards the ideal integration</a>
 BGF http: fix a memory leakage in checkrtspprefix()
 BGF examples/post-callback: stop returning one byte at a time
 BGF <a href="https://curl.haxx.se/bug/?i=1858">schannel: return CURLE_SSL_CACERT on failed verification</a>
 BGF MAIL-ETIQUETTE: added "1.9 Your emails are public"
 BGF <a href="https://curl.haxx.se/bug/?i=1859">http-proxy: treat all 2xx as CONNECT success</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1846">openssl: use OpenSSL's default ciphers by default</a>
 BGF runtests.pl: support attribute "nonewline" in part verify/upload
 BGF <a href="https://curl.haxx.se/bug/?i=1861">configure: remove --enable-soname-bump and SONAME_BUMP</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1868">travis: add c-ares enabled builds linux + osx</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1865">vtls: fix WolfSSL 3.12 build problems</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1853">http-proxy: when not doing CONNECT, that phase is done immediately</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1870">configure: fix curl_off_t check's include order</a>
 BGF configure: use -Wno-varargs on clang 3.9[.X] debug builds
 BGF <a href="https://curl.haxx.se/bug/?i=1874">rtsp: do not call fwrite() with NULL pointer FILE *</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1877">mbedtls: enable CA path processing</a>
 BGF travis: add build without HTTP/SMTP/IMAP
 BGF <a href="https://curl.haxx.se/bug/?i=1878">checksrc: verify more code style rules</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1887">HTTP proxy: on connection re-use, still use the new remote port</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1687">tests: add initial gssapi test using stub implementation</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1880">rtsp: Segfault when using WRITEDATA</a>
 BGF docs: clarify the CURLOPT_INTERLEAVE* options behavior
 BGF <a href="https://curl.haxx.se/mail/lib-2017-09/0031.html">non-ascii: use iconv() with 'char **' argument</a>
 BGF server/getpart: provide dummy function to build conversion enabled
 BGF conversions: fix several compiler warnings
 BGF <a href="https://curl.haxx.se/bug/?i=1891">openssl: add missing includes</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1890">schannel: Support partial send for when data is too large</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1892">socks: fix incorrect port number in SOCKS4 error message</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1893">curl: fix integer overflow in timeout options</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1895">travis: on mac, don't install openssl or libidn</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1894">cookies: reject oversized cookies instead of truncating</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1896">cookies: use lock when using CURLINFO_COOKIELIST</a>
 BGF curl: check fseek() return code and bail on error
 BGF examples/post-callback: use long for CURLOPT_POSTFIELDSIZE
 BGF <a href="https://curl.haxx.se/bug/?i=1904">openssl: only verify RSA private key if supported</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1902">tests: make the imap server not verify user+password</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1902">imap: quote atoms properly when escaping characters</a>
 BGF tests: fix a compiler warning in test 643
 BGF <a href="https://curl.haxx.se/bug/?i=1908">file_range: avoid integer overflow when figuring out byte range</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1925">curl.h: include <sys/select.h> on cygwin too</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1918">reuse_conn: don't copy flags that are known to be equal</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1920">http: fix adding custom empty headers to repeated requests</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1921">docs: clarify the use of environment variables for proxy</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1922">docs: link CURLOPT_CONNECTTIMEOUT and CURLOPT_CONNECTTIMEOUT_MS</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1928">connect: fix race condition with happy eyeballs timeout</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1932">cookie: fix memory leak if path was set twice in header</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1917">vtls: compare and clone ssl configs properly</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1919">proxy: read the "no_proxy" variable only if necessary</a>
</ul>

<a name="7_55_1"></a>
SUBTITLE(Fixed in 7.55.1 - August 14 2017)
<p> Bugfixes:
<ul class="bugfixes">
 BGF build: fix 'make install' with configure, install docs/libcurl/&#42; too
 BGF make install: add 8 missing man pages to the installation
 BGF <a href="https://curl.haxx.se/bug/?i=1750">curl: do bounds check using a double comparison</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1744">dist: Add dictserver.py/negtelnetserver.py to release</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1742">digest_sspi: Don't reuse context if the user/passwd has changed</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1746">gitignore: ignore top-level .vs folder</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1746">build: check out *.sln files with Windows line endings</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1753">travis: verify "make install"</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1755">dist: fix the cmake build by shipping cmake_uninstall.cmake.in too</a>
 BGF metalink: fix error: ‘*’ in boolean context, suggest ‘&&’ instead
 BGF <a href="https://curl.haxx.se/bug/?i=1647">configure: use the threaded resolver backend by default if possible</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1743">mkhelp.pl: allow executing this script directly</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2017-08/0050.html">maketgz: remove old *.dist files before making the tarball</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1759">openssl: remove CONST_ASN1_BIT_STRING</a>
 BGF openssl: fix "error: this statement may fall through"
 BGF <a href="https://curl.haxx.se/bug/?i=1761">proxy: fix memory leak in case of invalid proxy server name</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1766">curl/system.h: support more architectures (OpenRISC, ARC)</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1770">docs: fix typos</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1752">curl/system.h: add Oracle Solaris Studio</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1769">CURLINFO_TOTAL_TIME: could wrongly return 4200 seconds</a>
 BGF docs: --connect-to clarified
 BGF <a href="https://curl.haxx.se/bug/?i=1763">cmake: allow user to override CMAKE_DEBUG_POSTFIX</a>
 BGF travis: test cmake build on tarball too
 BGF <a href="https://curl.haxx.se/bug/?i=1762">redirect: make it handle absolute redirects to IDN names</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1774">curl/system.h: fix for gcc on PowerPC</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1764">curl --interface: fixed for IPV6 unique local addresses</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1719">cmake: threads detection improvements</a>
</ul>

<a name="7_55_0"></a>
SUBTITLE(Fixed in 7.55.0 - August 9 2017)
<p> Changes:
<ul class="changes">
 CHG <a href="https://curl.haxx.se/bug/?i=1486">curl: allow --header and --proxy-header read from file</a>
 CHG <a href="https://curl.haxx.se/bug/?i=1511">getinfo: provide sizes as curl_off_t</a>
 CHG <a href="https://curl.haxx.se/bug/?i=1512">curl: prevent binary output spewed to terminal</a>
 CHG <a href="https://curl.haxx.se/bug/?i=1593">curl: added --request-target</a>
 CHG <a href="https://curl.haxx.se/bug/?i=1593">libcurl: added CURLOPT_REQUEST_TARGET</a>
 CHG <a href="https://curl.haxx.se/bug/?i=1454">curl: added --socks5-{basic,gssapi}: control socks5 auth</a>
 CHG <a href="https://curl.haxx.se/bug/?i=1454">libcurl: added CURLOPT_SOCKS5_AUTH</a>
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="https://curl.haxx.se/docs/CVE-2017-1000101.html">glob: do not parse after a strtoul() overflow range (CVE-2017-1000101)</a>
 BGF <a href="https://curl.haxx.se/docs/CVE-2017-1000100.html">tftp: reject file name lengths that don't fit (CVE-2017-1000100)</a>
 BGF <a href="https://curl.haxx.se/docs/CVE-2017-1000099.html">file: output the correct buffer to the user (CVE-2017-1000099)</a>
 BGF <a href="https://daniel.haxx.se/blog/2017/06/15/target-independent-libcurl-headers/">includes: remove curl/curlbuild.h and curl/curlrules.h</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1565">dist: make the hugehelp.c not get regenerated unnecessarily</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1531">timers: store internal time stamps as time_t instead of doubles</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1556">progress: let "current speed" be UL + DL speeds combined</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1547">http-proxy: do the HTTP CONNECT process entirely non-blocking</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1538">lib/curl_setup.h: remove CURL_WANTS_CA_BUNDLE_ENV</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1476">fuzz: bring oss-fuzz initial code converted to C89</a>
 BGF configure: disable nghttp2 too if HTTP has been disabled
 BGF <a href="https://curl.haxx.se/bug/?i=1577">mk-ca-bundle.pl: Check curl's exit code after certdata download</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1569">test1148: verify the -# progressbar</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1576">tests: stabilize test 2032 and 2033</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1546">HTTPS-Proxy: don't offer h2 for https proxy connections</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1505">http-proxy: only attempt FTP over HTTP proxy</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1578">curl-compilers.m4: enable vla warning for clang</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1578">curl-compilers.m4: enable double-promotion warning</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1578">curl-compilers.m4: enable missing-variable-declarations clang warning</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1578">curl-compilers.m4: enable comma clang warning</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1578">Makefile.m32: enable -W for MinGW32 build</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1514">CURLOPT_PREQUOTE: not supported for SFTP</a>
 BGF http2: fix OOM crash
 BGF <a href="https://curl.haxx.se/bug/?i=1584">PIPELINING_SERVER_BL: cleanup the internal list use</a>
 BGF mkhelp.pl: fix script name in usage text
 BGF lib1521: add curl_easy_getinfo calls to the test set
 BGF travis: do the distcheck test build out-of-tree as well
 BGF if2ip: fix compiler warning in ISO C90 mode
 BGF <a href="https://github.com/curl/curl/commit/73a2fcea0b4adea6ba342cd7ed1149782c214ae3#commitcomment-22655993">lib: fix the djgpp build</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1592">typecheck-gcc: add support for CURLINFO_OFF_T</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1595">travis: enable typecheck-gcc warnings</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1604">maketgz: switch to xz instead of lzma</a>
 BGF CURLINFO_REDIRECT_URL.3: mention the CURLOPT_MAXREDIRS case
 BGF <a href="https://curl.haxx.se/bug/?i=1606">curl-compilers.m4: fix unknown-warning-option on Apple clang</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1610">winbuild: fix boringssl build</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1598">curl/system.h: add check for XTENSA for 32bit gcc</a>
 BGF test1537: fixed memory leak on OOM
 BGF <a href="https://curl.haxx.se/bug/?i=1611">test1521: fix compiler warnings</a>
 BGF <a href="https://github.com/curl/curl/pull/1486#issuecomment-310926872">curl: fix memory leak on test 1147 OOM</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1614">libtest/make: generate lib1521.c dynamically at build-time</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1623">curl_strequal.3: fix typo in SYNOPSIS</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1616">progress: prevent resetting t_starttransfer</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1620">openssl: improve fallback seed of PRNG with a time based hash</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1521">http2: improved PING frame handling</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1615">test1450: add simple testing for DICT</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1591">make: build the docs subdir only from within src</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1621">cmake: Added compatibility options for older Windows versions</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1617">gtls: fix build when sizeof(long) < sizeof(void *)</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1631">url: make the original string get used on subsequent transfers</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2017-07/0003.html">timeval.c: Use long long constant type for timeval assignment</a>
 BGF tool_sleep: typecast to avoid macos compiler warning
 BGF <a href="https://curl.haxx.se/bug/?i=1637">travis.yml: use --enable-werror on debug builds</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1630">test1451: add SMB support to the testbed</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1638">configure: remove checks for 5 functions never used</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1619">configure: try ldap/lber in reversed order first</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2017-07/0005.html">smb: fix build for djgpp/MSDOS</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1642">travis: install nghttp2 on linux builds</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2017-07/0005.html">smb: add support for CURLOPT_FILETIME</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1640">cmake: fix send/recv argument scanner for windows</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1639">inet_pton: fix include on windows to get prototype</a>
 BGF select.h: avoid macro redefinition harder
 BGF cmake: if inet_pton is used, bump _WIN32_WINNT
 BGF asyn-thread.c: fix unused variable warnings on macOS
 BGF runtests: support "threaded-resolver" as a feature
 BGF test506: skip if threaded-resolver
 BGF <a href="https://curl.haxx.se/bug/?i=1552">cmake: remove spurious "-l" from linker flags</a>
 BGF cmake: add CURL_WERROR for enabling "warning as errors"
 BGF <a href="https://github.com/curl/curl/issues/828#issuecomment-313475151">memdebug: don't setbuf() if the file open failed</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1612">curl_easy_escape.3: mention the (lack of) encoding</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1645">test1452: add telnet negotiation</a>
 BGF CURLOPT_POSTFIELDS.3: explain the 100-continue magic better
 BGF <a href="https://curl.haxx.se/bug/?i=1649">cmake: offer CMAKE_DEBUG_POSTFIX when building with MSVC</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1653">tests/valgrind.supp: suppress OpenSSL false positive seen on travis</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1589">curl_setup_once: Remove ERRNO/SET_ERRNO macros</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1665">curl-compilers.m4: disable warning spam with Cygwin's clang</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1664">ldap: fix MinGW compiler warning</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1591">make: fix docs build on OpenBSD</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1672">curl_setup: always define WIN32_LEAN_AND_MEAN on Windows</a>
 BGF system.h: include winsock2.h before windows.h
 BGF <a href="https://curl.haxx.se/bug/?i=1667">winbuild: build with warning level 4</a>
 BGF rtspd: fix MSVC level 4 warning
 BGF sockfilt: suppress conversion warning with explicit cast
 BGF libtest: fix MSVC warning C4706
 BGF <a href="https://github.com/curl/curl/commit/eb16305#commitcomment-23035670">darwinssl: fix pinnedpubkey build error</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1682">tests/server/resolve.c: fix deprecation warning</a>
 BGF <a href="https://bugzilla.redhat.com/1436158">nss: fix a possible use-after-free in SelectClientCert()</a>
 BGF checksrc: escape open brace in regex
 BGF <a href="https://curl.haxx.se/bug/?i=1683">multi: mention integer overflow risk if using > 500 million sockets</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1703">darwinssl: fix --tlsv1.2 regression</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1693">timeval: struct curltime is a struct timeval replacement</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1652">curl_rtmp: fix a compiler warning</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1704">include.d: clarify that it concerns the response headers</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1674">cmake: support make uninstall</a>
 BGF <a href="https://github.com/curl/curl/commit/de6de94#commitcomment-23370851">include.d: clarify --include is only for response headers</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1688">libcurl: Stop using error codes defined under CURL_NO_OLDIES</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1714">http: fix response code parser to avoid integer overflow</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1669">configure: fix the check for IdnToUnicode</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2017-07/0033.html">multi: fix request timer management</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1717">curl_threads: fix MSVC compiler warning</a>
 BGF travis: build on osx with openssl
 BGF travis: build on osx with libressl
 BGF CURLOPT_NETRC.3: mention the file name on windows
 BGF <a href="https://curl.haxx.se/bug/?i=1711">cmake: set MSVC warning level to 4</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2017-08/0008.html">netrc: skip lines starting with '#'</a>
 BGF darwinssl: fix curlssl_sha256sum() compiler warnings on first argument
 BGF BUILD.WINDOWS: mention buildconf.bat for builds off git
 BGF <a href="https://curl.haxx.se/bug/?i=1722">darwinssl: silence compiler warnings</a>
 BGF travis: build on osx with darwinssl
 BGF <a href="https://curl.haxx.se/bug/?i=1718">FTP: skip unnecessary CWD when in nocwd mode</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1733">gssapi: fix memory leak of output token in multi round context</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1728">getparameter: avoid returning uninitialized 'usedarg'</a>
 BGF curl (debug build) easy_events: make event data static
 BGF <a href="https://curl.haxx.se/bug/?i=1730">curl: detect and bail out early on parameter integer overflows</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1738">configure: fix recv/send/select detection on Android</a>
</ul>

<a name="7_54_1"></a>
SUBTITLE(Fixed in 7.54.1 - June 14 2017)
<p> Changes:
<ul class="changes">
 CHG <a href="https://curl.haxx.se/bug/?i=1474">curl: show the libcurl release date in --version output</a>
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="https://curl.haxx.se/docs/CVE-2017-9502.html">CVE-2017-9502: default protocol drive letter buffer overflow</a>
 BGF openssl: fix memory leak in servercert
 BGF tests: remove the html and PDF versions from the tarball
 BGF mbedtls: enable NTLM (& SMB) even if MD4 support is unavailable
 BGF <a href="https://curl.haxx.se/bug/?i=1403">typecheck-gcc: handle function pointers properly</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1435">llist: no longer uses malloc</a>
 BGF gnutls: removed some code when --disable-verbose is configured
 BGF lib: fix maybe-uninitialized warnings
 BGF <a href="https://curl.haxx.se/bug/?i=1439">multi: clarify condition in curl_multi_wait</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1392">schannel: Don't treat encrypted partial record as pending data</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1427">configure: fix the -ldl check for openssl, add -lpthread check</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1440">configure: accept -Og and -Ofast GCC flags</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1432">Makefile: avoid use of GNU-specific form of $<</a>
 BGF if2ip: fix -Wcast-align warning
 BGF <a href="https://curl.haxx.se/bug/?i=1420">configure: stop prepending to LDFLAGS, CPPFLAGS</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1446">curl: set a 100K buffer size by default</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1447">typecheck-gcc: fix _curl_is_slist_info</a>
 BGF <a href="https://bugzilla.redhat.com/1444860">nss: do not leak PKCS #11 slot while loading a key</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1414">nss: load libnssckbi.so if no other trust is specified</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1451">examples: ftpuploadfrommem.c</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2017-04/0127.html">url: declare get_protocol_family() static</a>
 BGF examples/cookie_interface.c: changed to example.com
 BGF test1443: test --remote-time
 BGF curl: use utimes instead of obsolescent utime when available
 BGF url: fixed a memory leak on OOM while setting CURLOPT_BUFFERSIZE
 BGF curl_rtmp: fix missing-variable-declarations warnings
 BGF tests: fixed OOM handling of unit tests to abort test
 BGF <a href="https://github.com/curl/curl/issues/1441#issuecomment-297689856">curl_setup: Ensure no more than one IDN lib is enabled</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1460">tool: Fix missing prototype warnings for CURL_DOES_CONVERSIONS</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1449">CURLOPT_BUFFERSIZE: 1024 bytes is now the minimum size</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1453">curl: non-boolean command line args reject --no- prefixes</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1389">telnet: Write full buffer instead of byte-by-byte</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1452">typecheck-gcc: add missing string options</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1452">typecheck-gcc: add support for CURLINFO_SOCKET</a>
 BGF opt man pages: they all have examples now
 BGF <a href="https://curl.haxx.se/bug/?i=1464">curl_setup_once: use SEND_QUAL_ARG2 for swrite</a>
 BGF test557: set a known good numeric locale
 BGF schannel: return a more specific error code for SEC_E_UNTRUSTED_ROOT
 BGF tests/server: make string literals const
 BGF <a href="https://curl.haxx.se/bug/?i=1466">runtests: use -R for random order</a>
 BGF unit1305: fix compiler warning
 BGF curl_slist_append.3: clarify a NULL input creates a new list
 BGF tests/server: run checksrc by default in debug-builds
 BGF tests: fix -Wcast-qual warnings
 BGF runtests.pl: simplify the datacheck read section
 BGF <a href="https://curl.haxx.se/bug/?i=1463">curl: remove --environment and tool_writeenv.c</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1471">buildconf: fix hang on IRIX</a>
 BGF tftp: silence bad-function-cast warning
 BGF asyn-thread: fix unused macro warnings
 BGF tool_parsecfg: fix -Wcast-qual warning
 BGF sendrecv: fix MinGW-w64 warning
 BGF <a href="https://curl.haxx.se/bug/?i=1469">test537: use correct variable type</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1315">rand: treat fake entropy the same regardless of endianness</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1465">curl: generate the --help output</a>
 BGF tests: removed redundant --trace-ascii arguments
 BGF multi: assign IDs to all timers and make each timer singleton
 BGF <a href="https://curl.haxx.se/bug/?i=1472">multi: use a fixed array of timers instead of malloc</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1475">mbedtls: Support server renegotiation request</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1481">pipeline: fix mistakenly trying to pipeline POSTs</a>
 BGF lib510: don't write past the end of the buffer if it's too small
 BGF CURLOPT_HTTPPROXYTUNNEL.3: clarify, add example
 BGF <a href="https://curl.haxx.se/bug/?i=1400">SecureTransport/DarwinSSL: Implement public key pinning</a>
 BGF curl.1: clarify --config
 BGF <a href="https://curl.haxx.se/bug/?i=1487">curl_sasl: fix build error with CURL_DISABLE_CRYPTO_AUTH + USE_NTLM</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1450">darwinssl: Fix exception when processing a client-side certificate</a>
 BGF curl.1: mention --oauth2-bearer's <token> argument
 BGF <a href="https://curl.haxx.se/bug/?i=1490">mkhelp.pl: do not add current time into curl binary</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1253">asiohiper.cpp / evhiperfifo.c: deal with negative timerfunction input</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1479">ssh: fix memory leak in disconnect due to timeout</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1488">tests: stabilize test 1034</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1461">cmake: auto detection of CURL_CA_BUNDLE/CURL_CA_PATH</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1504">assert: avoid, use DEBUGASSERT instead</a>
 BGF <a href="https://curl.haxx.se/bug/?i=878">LDAP: using ldap_bind_s on Windows with methods</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1489">redirect: store the "would redirect to" URL when max redirs is reached</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1321">winbuild: fix the nghttp2 build</a>
 BGF examples: fix -Wimplicit-fallthrough warnings
 BGF <a href="https://curl.haxx.se/bug/?i=1499">time: fix type conversions and compiler warnings</a>
 BGF mbedtls: fix variable shadow warning
 BGF <a href="https://curl.haxx.se/bug/?i=1516">test557: fix ubsan runtime error due to int left shift</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1294">transfer: init the infilesize from the postfields</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1208">docs: clarify NO_PROXY further</a>
 BGF build-wolfssl: Sync config with wolfSSL 3.11
 BGF <a href="https://curl.haxx.se/bug/?i=1516">curl-compilers.m4: enable -Wshift-sign-overflow for clang</a>
 BGF example/externalsocket.c: make it use CLOSESOCKETFUNCTION too
 BGF lib574.c: use correct callback proto
 BGF lib583: fix compiler warning
 BGF <a href="https://curl.haxx.se/bug/?i=1522">curl-compilers.m4: fix compiler_num for clang</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1524">typecheck-gcc.h: separate getinfo slist checks from other pointers</a>
 BGF typecheck-gcc.h: check CURLINFO_TLS_SSL_PTR and CURLINFO_TLS_SESSION
 BGF <a href="https://curl.haxx.se/bug/?i=846">typecheck-gcc.h: check CURLINFO_CERTINFO</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1528">build: provide easy code coverage measuring</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1530">test1537: dedicated tests of the URL (un)escape API calls</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1529">curl_endian: remove unused functions</a>
 BGF test1538: verify the libcurl strerror API calls
 BGF MD(4|5): silence cast-align clang warning
 BGF <a href="https://curl.haxx.se/bug/?i=1532">dedotdot: fixed output for ".." and "." only input</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1536">cyassl: define build macros before including ssl.h</a>
 BGF updatemanpages.pl: error out on too old git version
 BGF curl_sasl: fix unused-variable warning
 BGF x509asn1: fix implicit-fallthrough warning with GCC 7
 BGF libtest: fix implicit-fallthrough warnings with GCC 7
 BGF <a href="https://curl.haxx.se/bug/?i=1539">BINDINGS: add Ring binding</a>
 BGF curl_ntlm_core: pass unsigned char to toupper
 BGF test1262: verify ftp download with -z for "if older than this"
 BGF <a href="https://curl.haxx.se/bug/?i=1543">test1521: test all curl_easy_setopt options</a>
 BGF typecheck-gcc: allow CURLOPT_STDERR to be NULL too
 BGF metalink: remove unused printf() argument
 BGF <a href="https://curl.haxx.se/bug/?i=1550">file: make speedcheck use current time for checks</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2017-06/0017.html">configure: fix link with librtmp when specifying path</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1557">examples/multi-uv.c: fix deprecated symbol</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1541">cmake: Fix inconsistency regarding mbed TLS include directory</a>
 BGF setopt: check CURLOPT_ADDRESS_SCOPE option range
 BGF <a href="https://curl.haxx.se/bug/?i=1561">gitignore: ignore all vim swap files</a>
 BGF urlglob: fix division by zero
 BGF <a href="https://curl.haxx.se/mail/lib-2017-06/0038.html">libressl: OCSP and intermediate certs workaround no longer needed</a>
</ul>

<a name="7_54_0"></a>
SUBTITLE(Fixed in 7.54.0 - April 19 2017)
<p> Changes:
<ul class="changes">
 CHG <a href="https://curl.haxx.se/bug/?i=1166">Add CURL_SSLVERSION_MAX_* constants to CURLOPT_SSLVERSION</a>
 CHG <a href="https://curl.haxx.se/bug/?i=1166">Add --max-tls</a>
 CHG <a href="https://curl.haxx.se/bug/?i=783">Add CURLOPT_SUPPRESS_CONNECT_HEADERS</a>
 CHG <a href="https://curl.haxx.se/bug/?i=783">Add --suppress-connect-headers</a>
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="https://curl.haxx.se/docs/CVE-2017-7468.html">CVE-2017-7468: switch off SSL session id when client cert is used</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1275">cmake: Replace invalid UTF-8 byte sequence</a>
 BGF tests: use consistent environment variables for setting charset
 BGF proxy: fixed a memory leak on OOM
 BGF ftp: removed an erroneous free in an OOM path
 BGF <a href="https://curl.haxx.se/bug/?i=1287">docs: de-duplicate file lists in the Makefiles</a>
 BGF ftp: fixed a NULL pointer dereference on OOM
 BGF gopher: fixed detection of an error condition from Curl_urldecode
 BGF <a href="https://curl.haxx.se/bug/?i=1289">url: fix unix-socket support for proxy-disabled builds</a>
 BGF test1139: allow for the possibility that the man page is not rebuilt
 BGF cyassl: get library version string at runtime
 BGF digest_sspi: fix compilation warning
 BGF tests: enable HTTP/2 tests to run with non-default port numbers
 BGF warnless: suppress compiler warning
 BGF <a href="https://curl.haxx.se/bug/?i=1240">darwinssl: Warn that disabling host verify also disables SNI</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1295">configure: fix for --enable-pthreads</a>
 BGF checksrc.bat: Ignore curl_config.h.in, curl_config.h
 BGF <a href="https://curl.haxx.se/bug/?i=1301">no-keepalive.d: fix typo</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1292">configure: fix --with-zlib when a path is specified</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1297">build: fix gcc7 implicit fallthrough warnings</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1304">fix potential use of uninitialized variables</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1290">CURLOPT_SSL_CTX_FUNCTION.3: Fix EXAMPLE formatting errors</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1228">CMake: Reorganize SSL support, separate WinSSL and SSPI</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1228">CMake: Add DarwinSSL support</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1228">CMake: Add mbedTLS support</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2017-03/0004.html">ares: return error at once if timed out before name resolve starts</a>
 BGF BINDINGS: added C++, perl, go and Scilab bindings
 BGF URL: return error on malformed URLs with junk after port number
 BGF <a href="https://curl.haxx.se/bug/?i=1308">KNOWN_BUGS: Add DarwinSSL won't import PKCS#12 without a password</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1286">http2: Fix assertion error on redirect with CL=0</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1058">updatemanpages.pl: Update man pages to use current date and versions</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2017-03/0002.html">--insecure: clarify that this option is for server connections</a>
 BGF mkhelp: simplified the gzip code
 BGF build: fixed making man page in out-of-tree tarball builds
 BGF tests: disabled 1903 due to flakiness
 BGF openssl: add two /* FALLTHROUGH */ to satisfy coverity
 BGF cmdline-opts: fixed a few typos
 BGF <a href="https://curl.haxx.se/bug/?i=1095">authneg: clear auth.multi flag at http_done</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1095">curl_easy_reset: Also reset the authentication state</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1239">proxy: skip SSL initialization for closed connections</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1317">http_proxy: ignore TE and CL in CONNECT 2xx responses</a>
 BGF tool_writeout: fixed a buffer read overrun on --write-out
 BGF <a href="https://curl.haxx.se/mail/lib-2017-03/0017.html">make: regenerate docs/curl.1 by running make in docs</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1322">winbuild: add basic support for OpenSSL 1.1.x</a>
 BGF build: removed redundant DEPENDENCIES from makefiles
 BGF CURLINFO_LOCAL_PORT.3: added example
 BGF <a href="https://curl.haxx.se/bug/?i=1331">curl: show HTTPS-Proxy options on CURLE_SSL_CACERT</a>
 BGF tests: strip more options from non-HTTP --libcurl tests
 BGF tests: fixed the documented test server port numbers
 BGF runtests.pl: fixed display of the Gopher IPv6 port number
 BGF <a href="https://curl.haxx.se/bug/?i=1329">multi: fix streamclose() crash in debug mode</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1288">cmake: build manual pages</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1288">cmake: add support for building HTML and PDF docs</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1272">mbedtls: add support for CURLOPT_SSL_CTX_FUNCTION</a>
 BGF make: introduce 'test-nonflaky' target
 BGF CURLINFO_PRIMARY_IP.3: add example
 BGF <a href="https://curl.haxx.se/bug/?i=1342">tests/README: mention nroff for --manual tests</a>
 BGF mkhelp: disable compression if the perl gzip module is unavailable
 BGF <a href="https://curl.haxx.se/bug/?i=1348">openssl: fall back on SSL_ERROR_* string when no error detail</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1318">asiohiper: make sure socket is open in event_cb</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1352">tests/README: make "Run" section foolproof</a>
 BGF curl: check for end of input in writeout backslash handling
 BGF <a href="https://curl.haxx.se/bug/?i=1344">.gitattributes: turn off CRLF for *.am</a>
 BGF multi: fix MinGW-w64 compiler warnings
 BGF schannel: fix variable shadowing warning
 BGF <a href="https://curl.haxx.se/bug/?i=1361">openssl: exclude DSA code when OPENSSL_NO_DSA is defined</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1350">http: Fix proxy connection reuse with basic-auth</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1354">pause: handle mixed types of data when paused</a>
 BGF http: do not treat FTPS over CONNECT as HTTPS
 BGF <a href="https://curl.haxx.se/bug/?i=1365">conncache: make hashkey avoid malloc</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1366">make: use the variable MAKE for recursive calls</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2017-03/0116.html">curl: fix callback argument inconsistency</a>
 BGF <a href="https://github.com/curl/curl/pull/1367">NTLM: check for features with #ifdef instead of #if</a>
 BGF cmake: add several missing files to the dist
 BGF <a href="https://curl.haxx.se/bug/?i=1362">select: use correct SIZEOF_ constant</a>
 BGF connect: fix unreferenced parameter warning
 BGF schannel: fix unused variable warning
 BGF <a href="https://curl.haxx.se/bug/?i=1371">gcc7: fix ‘*’ in boolean context</a>
 BGF http2: silence unused parameter warnings
 BGF ssh: fix narrowing conversion warning
 BGF <a href="https://github.com/curl/curl/issues/1225#issuecomment-290340890">telnet: (win32) fix read callback return variable</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1375">docs: Explain --fail-early does not imply --fail</a>
 BGF docs: added examples for CURLINFO_FILETIME.3 and CURLOPT_FILETIME.3
 BGF <a href="https://curl.haxx.se/bug/?i=1379">tests/server/util: remove in6addr_any for recent MinGW</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1377">multi: make curl_multi_wait avoid malloc in the typical case</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1373">include: curl/system.h is a run-time version of curlbuild.h</a>
 BGF easy: silence compiler warning
 BGF <a href="https://curl.haxx.se/bug/?i=1381">llist: replace Curl_llist_alloc with Curl_llist_init</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1376">hash: move key into hash struct to reduce mallocs</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1380">url: don't free postponed data on connection reuse</a>
 BGF curl_sasl: declare mechtable static
 BGF curl: fix Windows Unicode build
 BGF <a href="https://curl.haxx.se/bug/?i=1358">multi: fix queueing of pending easy handles</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1378">tool_operate: fix MinGW compiler warning</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1390">low_speed_limit: improved function for longer time periods</a>
 BGF gtls: fix compiler warning
 BGF <a href="https://curl.haxx.se/bug/?i=1395">sspi: print out InitializeSecurityContext() error message</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1394">schannel: fix compiler warnings</a>
 BGF vtls: fix unreferenced variable warnings
 BGF INSTALL.md: fix secure transport configure arguments
 BGF CURLINFO_SCHEME.3: fix variable type
 BGF <a href="https://curl.haxx.se/mail/lib-2017-04/0044.html">libcurl-thread.3: also mention threaded-resolver</a>
 BGF <a href="https://curl.haxx.se/bug/?i=851">nss: load CA certificates even with --insecure</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1402">openssl: fix this statement may fall through</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1406">poll: prefer <poll.h> over <sys/poll.h></a>
 BGF <a href="https://curl.haxx.se/bug/?i=1401">polarssl: unbreak build with versions < 1.3.8</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2017-04/0030.html">Curl_expire_latest: ignore already expired timers</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1409">configure: turn implicit function declarations into errors</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1417">mbedtls: fix memory leak in error path</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1416">http2: fix handle leak in error path</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1422">.gitattributes: force shell scripts to LF</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1422">configure.ac: ignore CR after version numbers</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1422">extern-scan.pl: strip trailing CR</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1424">openssl: make SSL_ERROR_to_str more future-proof</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1424">openssl: fix thread-safety bugs in error-handling</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1425">openssl: don't try to print nonexistent peer private keys</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1393">nss: fix MinGW compiler warnings</a>
</ul>

<a name="7_53_1"></a>
SUBTITLE(Fixed in 7.53.1 - February 24 2017)
<p> Bugfixes:
<ul class="bugfixes">
 BGF cyassl: fix typo
 BGF <a href="https://curl.haxx.se/bug/?i=1257">url: Improve CURLOPT_PROXY_CAPATH error handling</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1276">urldata: include curl_sspi.h when Windows SSPI is enabled</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1281">formdata: check for EOF when reading from stdin</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1277">tests: Set CHARSET & LANG to UTF-8 in 1035, 2046 and 2047</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1257">url: Default the proxy CA bundle location to CURL_CA_BUNDLE</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1285">rand: added missing #ifdef HAVE_FCNTL_H around fcntl.h header</a>
</ul>

<a name="7_53_0"></a>
SUBTITLE(Fixed in 7.53.0 - February 22 2017)
<p> Changes:
<ul class="changes">
 CHG <a href="https://curl.haxx.se/bug/?i=1197">unix_socket: added --abstract-unix-socket and CURLOPT_ABSTRACT_UNIX_SOCKET</a>
 CHG <a href="https://curl.haxx.se/bug/?i=1222">CURLOPT_BUFFERSIZE: support enlarging receive buffer</a>
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="https://curl.haxx.se/docs/CVE-2017-2629.html">CVE-2017-2629: make SSL_VERIFYSTATUS work again</a>
 BGF gnutls-random: check return code for failed random
 BGF openssl-random: check return code when asking for random
 BGF http: remove "Curl_http_done: called premature" message
 BGF cyassl: use time_t instead of long for timeout
 BGF build-wolfssl: Sync config with wolfSSL 3.10
 BGF ftp-gss: check for init before use
 BGF <a href="https://curl.haxx.se/mail/lib-2016-12/0110.html">configure: accept --with-libidn2 instead</a>
 BGF ftp: failure to resolve proxy should return that error code
 BGF curl.1: add three more exit codes
 BGF docs/ciphers: link to our own new page about ciphers
 BGF <a href="https://curl.haxx.se/bug/?i=1174">vtls: s/SSLEAY/OPENSSL - fixes multi_socket timeouts with openssl</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1172">darwinssl: fix iOS build</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1173">darwinssl: fix CFArrayRef leak</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1147">cmake: use crypt32.lib when building with OpenSSL on windows</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1013">curl_formadd.3: CURLFORM_CONTENTSLENGTH not needed when chunked</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1180">digest_sspi: copy terminating NUL as well</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1121">curl: fix --remote-time incorrect times on Windows</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1190">curl.1: several updates and corrections</a>
 BGF content_encoding: change return code on a failure
 BGF curl.h: CURLE_FUNCTION_NOT_FOUND is no longer in use
 BGF <a href="https://curl.haxx.se/mail/lib-2017-01/0000.html">docs: TCP_KEEPALIVE start and interval default to 60</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1184">darwinssl: --insecure overrides --cacert if both settings are in use</a>
 BGF TheArtOfHttpScripting: grammar
 BGF CIPHERS.md: document GSKit ciphers
 BGF wolfssl: support setting cipher list
 BGF wolfssl: display negotiated SSL version and cipher
 BGF <a href="https://curl.haxx.se/bug/?i=1196">lib506: fix build for Open Watcom</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1191">asiohiper: improved socket handling</a>
 BGF examples: make the C++ examples follow our code style too
 BGF <a href="https://curl.haxx.se/mail/lib-2017-01/0009.html">tests/sws: retry send() on EWOULDBLOCK</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1195">cmake: Fix passing _WINSOCKAPI_ macro to compiler</a>
 BGF smtp: Fix STARTTLS denied error message
 BGF <a href="https://curl.haxx.se/bug/?i=1203">imap/pop3: don't print response character in STARTTLS denied messages</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2017-01/0055.html">rand: make it work without TLS backing</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1124">url: fix parsing for when 'file' is the default protocol</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1187">url: allow file://X:/path URLs on windows again</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1204">gnutls: check for alpn and ocsp in configure</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1207">IDN: Use TR46 'non-transitional' for toASCII translations</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1140">url: Fix NO_PROXY env var to work properly with --proxy option</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1169">CURLOPT_PREQUOTE.3: takes a struct curl_slist*, not a char*</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1169">docs: Add note about libcurl copying strings to CURLOPT_* manpages</a>
 BGF curl: reset the easy handle at --next
 BGF --next docs: --trace and --trace-ascii are also global
 BGF --write-out docs: 'time_total' is not always shown with ms precision
 BGF http: print correct HTTP string in verbose output when using HTTP/2
 BGF <a href="https://curl.haxx.se/bug/?i=1211">docs: improved language in README.md HISTORY.md CONTRIBUTE.md</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1160">http2: disable server push if not requested</a>
 BGF nss: use the correct lock in nss_find_slot_by_name()
 BGF usercertinmem.c: improve the short description
 BGF CURLOPT_CONNECT_TO: Fix compile warnings
 BGF docs: non-blocking SSL handshake is now supported with NSS
 BGF <a href="https://curl.haxx.se/bug/?i=1217">*.rc: escape non-ASCII/non-UTF-8 character for clarity</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1223">mbedTLS: fix multi interface non-blocking handshake</a>
 BGF <a href="https://github.com/curl/curl/issues/1174#issuecomment-274018791">PolarSSL: fix multi interface non-blocking handshake</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1215">VC: remove the makefile.vc6 build infra</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1225">telnet: fix windows compiler warnings</a>
 BGF cookies: do not assume a valid domain has a dot
 BGF polarssl: fix hangs
 BGF <a href="https://curl.haxx.se/bug/?i=1109">gnutls: disable TLS session tickets</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1109">mbedtls: disable TLS session tickets</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1227">mbedtls: implement CTR-DRBG and HAVEGE random generators</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1236">openssl: Don't use certificate after transferring ownership</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1176">cmake: Support curl --xattr when built with cmake</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1237">OS400: Fix symbols</a>
 BGF <a href="https://github.com/curl/curl/commit/cb4e2be">docs: Add more HTTPS proxy documentation</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1247">docs: use more HTTPS links</a>
 BGF cmdline-opts: Fixed build and test in out of source tree builds
 BGF CHANGES.0: removed
 BGF <a href="https://curl.haxx.se/bug/?i=1240">schannel: Remove incorrect SNI disabled message</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1246">darwinssl: Avoid parsing certificates when not in verbose mode</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1245">test552: Fix typos</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1245">telnet: Fix typos</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1243">transfer: only retry nobody-requests for HTTP</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1249">http2: reset push header counter fixes crash</a>
 BGF <a href="https://bugzilla.redhat.com/1420327">nss: make FTPS work with --proxytunnel</a>
 BGF test1139: Added the --manual keyword since the manual is required
 BGF <a href="https://curl.haxx.se/mail/lib-2017-02/0032.html">polarssl, mbedtls: Fix detection of pending data</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1255">http_proxy: Fix tiny memory leak upon edge case connecting to proxy</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1252">URL: only accept ";options" in SMTP/POP3/IMAP URL schemes</a>
 BGF curl.1: ftp.sunet.se is no longer an FTP mirror
 BGF <a href="https://curl.haxx.se/bug/?i=1258">tool_operate: Show HTTPS-Proxy options on CURLE_SSL_CACERT</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1229">http2: fix memory-leak when denying push streams</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1260">configure: Allow disabling pthreads, fall back on Win32 threads</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1263">curl: fix typo in time condition warning message</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1220">axtls: adapt to API changes</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1238">tool_urlglob: Allow a glob range with the same start and stop</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1265">winbuild: add note on auto-detection of MACHINE in Makefile.vc</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1242">http: fix missing 'Content-Length: 0' while negotiating auth</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1248">proxy: fix hostname resolution and IDN conversion</a>
 BGF docs: fix timeout handling in multi-uv example
 BGF <a href="https://curl.haxx.se/bug/?i=1251">digest_sspi: Fix nonce-count generation in HTTP digest</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1269">sftp: improved checks for create dir failures</a>
 BGF <a href="https://github.com/Microsoft/vcpkg/blob/7676b8780db1e1e591c4fc7eba4f96f73c428cb4/ports/curl/0002_fix_uwp.patch">smb: use getpid replacement for windows UWP builds</a>
 BGF <a href="https://github.com/curl/curl/issues/928">digest_sspi: Handle 'stale=TRUE' directive in HTTP digest</a>
</ul>

<a name="7_52_1"></a>
SUBTITLE(Fixed in 7.52.1 - December 23 2016)
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="https://curl.haxx.se/docs/CVE-2016-9594.html">CVE-2016-9594: uninitialized random</a>
 BGF lib557: fix checksrc warnings
 BGF lib: fix MSVC compiler warnings
 BGF <a href="https://curl.haxx.se/mail/lib-2016-12/0098.html">lib557.c: use a shorter MAXIMIZE representation</a>
 BGF tests: run checksrc on debug builds
</ul>

<a name="7_52_0"></a>
SUBTITLE(Fixed in 7.52.0 - December 21 2016)
<p> Changes:
<ul class="changes">
 CHG nss: map CURL_SSLVERSION_DEFAULT to NSS default
 CHG vtls: support TLS 1.3 via CURL_SSLVERSION_TLSv1_3
 CHG curl: introduce the --tlsv1.3 option to force TLS 1.3
 CHG <a href="https://curl.haxx.se/bug/?i=1064">curl: Add --retry-connrefused</a>
 CHG <a href="https://curl.haxx.se/bug/?i=1127">proxy: Support HTTPS proxy and SOCKS+HTTP(s)</a>
 CHG <a href="https://curl.haxx.se/bug/?i=1137">add CURLINFO_SCHEME, CURLINFO_PROTOCOL, and %{scheme}</a>
 CHG <a href="https://curl.haxx.se/mail/archive-2016-11/0038.html">curl: add --fail-early</a>
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="https://curl.haxx.se/docs/CVE-2016-9586.html">CVE-2016-9586: printf floating point buffer overflow</a>
 BGF <a href="https://curl.haxx.se/docs/CVE-2016-9952.html">CVE-2016-9952: Win CE schannel cert wildcard matches too much</a>
 BGF <a href="https://curl.haxx.se/docs/CVE-2016-9953.html">CVE-2016-9953: Win CE schannel cert name out of buffer read</a>
 BGF msvc: removed a straggling reference to strequal.c
 BGF <a href="https://curl.haxx.se/bug/?i=1098">winbuild: remove strcase.obj from curl build</a>
 BGF examples: bugfixed multi-uv.c
 BGF <a href="https://curl.haxx.se/bug/?i=1104">configure: verify that compiler groks -Werror=partial-availability</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1087">mbedtls: fix build with mbedtls versions < 2.4.0</a>
 BGF dist: add unit test CMakeLists.txt to the tarball
 BGF <a href="https://curl.haxx.se/bug/?i=1106">curl -w: added more decimal digits to timing counters</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1103">easy: Initialize info variables on easy init and duphandle</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1089">cmake: disable poll for macOS</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1092">http2: Don't send header fields prohibited by HTTP/2 spec</a>
 BGF <a href="https://github.com/curl/curl/commit/ce8d09483eea2fcb1b50e323e1a8ed1f3613b2e3#commitcomment-19666146">ssh: check md5 fingerprints case insensitively (regression)</a>
 BGF openssl: initial TLS 1.3 adaptions
 BGF curl_formadd.3: *_FILECONTENT and *_FILE need the file to be kept
 BGF <a href="https://curl.haxx.se/bug/?i=1113">printf: fix ".*f" handling</a>
 BGF examples/fileupload.c: fclose the file as well
 BGF <a href="https://curl.haxx.se/bug/?i=1115">SPNEGO: Fix memory leak when authentication fails</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2016-11/0087.html">realloc: use Curl_saferealloc to avoid common mistakes</a>
 BGF openssl: make sure to fail in the unlikely event that PRNG seeding fails
 BGF <a href="https://curl.haxx.se/mail/lib-2016-11/0104.html">URL-parser: for file://[host]/ URLs, the [host] must be localhost</a>
 BGF timeval: prefer time_t to hold seconds instead of long
 BGF <a href="https://curl.haxx.se/mail/lib-2016-11/0119.html">Curl_rand: fixed and moved to rand.c</a>
 BGF <a href="https://github.com/curl/curl/commit/ee4f76606cfa4ee068bf28edd37c8dae7e8db317#commitcomment-19823146">glob: fix [a-c] globbing regression</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1105">darwinssl: fix SSL client certificate not found on MacOS Sierra</a>
 BGF curl.1: Clarify --dump-header only writes received headers
 BGF http2: Fix address sanitizer memcpy warning
 BGF <a href="https://curl.haxx.se/bug/?i=1102">http2: Use huge HTTP/2 windows</a>
 BGF connects: Don't mix unix domain sockets with regular ones
 BGF <a href="https://curl.haxx.se/mail/lib-2016-11/0137.html">url: Fix conn reuse for local ports and interfaces</a>
 BGF x509: Limit ASN.1 structure sizes to 256K
 BGF checksrc: add more checks
 BGF <a href="https://curl.haxx.se/bug/?i=1141">winbuild: add config option ENABLE_NGHTTP2</a>
 BGF <a href="https://github.com/curl/curl/commit/a4d8888#commitcomment-19985676">http2: check nghttp2_session_set_local_window_size exists</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1125">http2: Fix crashes when parent stream gets aborted</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1148">CURLOPT_CONNECT_TO: Skip non-matching "connect-to" entries</a>
 BGF URL parser: reject non-numerical port numbers
 BGF CONNECT: reject TE or CL in 2xx responses
 BGF <a href="https://curl.haxx.se/bug/?i=1132">CONNECT: read responses one byte at a time</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1152">curl: support zero-length argument strings in config files</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1157">openssl: don't use OpenSSL's ERR_PACK</a>
 BGF <a href="https://github.com/curl/curl/blob/master/docs/cmdline-opts/MANPAGE.md">curl.1: generated with the new man page system</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1134">curl_easy_recv: Improve documentation and example program</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1134">Curl_getconnectinfo: avoid checking if the connection is closed</a>
 BGF <a href="https://curl.haxx.se/docs/ssl-ciphers.html">CIPHERS.md: attempt to document TLS cipher names</a>
</ul>

<a name="7_51_0"></a>
SUBTITLE(Fixed in 7.51.0 - November 2 2016)
<p> Changes:
<ul class="changes">
 CHG nss: additional cipher suites are now accepted by CURLOPT_SSL_CIPHER_LIST
 CHG <a href="https://curl.haxx.se/libcurl/c/CURLOPT_KEEP_SENDING_ON_ERROR.html">New option: CURLOPT_KEEP_SENDING_ON_ERROR</a>
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="https://curl.haxx.se/docs/CVE-2016-8615.html">CVE-2016-8615: cookie injection for other servers</a>
 BGF <a href="https://curl.haxx.se/docs/CVE-2016-8616.html">CVE-2016-8616: case insensitive password comparison</a>
 BGF <a href="https://curl.haxx.se/docs/CVE-2016-8617.html">CVE-2016-8617: OOB write via unchecked multiplication</a>
 BGF <a href="https://curl.haxx.se/docs/CVE-2016-8618.html">CVE-2016-8618: double-free in curl_maprintf</a>
 BGF <a href="https://curl.haxx.se/docs/CVE-2016-8619.html">CVE-2016-8619: double-free in krb5 code</a>
 BGF <a href="https://curl.haxx.se/docs/CVE-2016-8620.html">CVE-2016-8620: glob parser write/read out of bounds</a>
 BGF <a href="https://curl.haxx.se/docs/CVE-2016-8621.html">CVE-2016-8621: curl_getdate read out of bounds</a>
 BGF <a href="https://curl.haxx.se/docs/CVE-2016-8622.html">CVE-2016-8622: URL unescape heap overflow via integer truncation</a>
 BGF <a href="https://curl.haxx.se/docs/CVE-2016-8623.html">CVE-2016-8623: Use-after-free via shared cookies</a>
 BGF <a href="https://curl.haxx.se/docs/CVE-2016-8624.html">CVE-2016-8624: invalid URL parsing with '#'</a>
 BGF <a href="https://curl.haxx.se/docs/CVE-2016-8625.html">CVE-2016-8625: IDNA 2003 makes curl use wrong host</a>
 BGF <a href="https://curl.haxx.se/bug/?i=964">openssl: fix per-thread memory leak using 1.0.1 or 1.0.2</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1013">http: accept "Transfer-Encoding: chunked" for HTTP/2 as well</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1019">LICENSE-MIXING.md: update with mbedTLS dual licensing</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1011">examples/imap-append: Set size of data to be uploaded</a>
 BGF test2048: fix url
 BGF darwinssl: disable RC4 cipher-suite support
 BGF CURLOPT_PINNEDPUBLICKEY.3: fix the AVAILABILITY formatting
 BGF <a href="https://curl.haxx.se/mail/lib-2016-09/0045.html">openssl: don’t call CRYTPO_cleanup_all_ex_data</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1029">libressl: fix version output</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1017">easy: Reset all statistical session info in curl_easy_reset</a>
 BGF <a href="https://curl.haxx.se/bug/?i=997">curl_global_cleanup.3: don't unload the lib with sub threads running</a>
 BGF dist: add CurlSymbolHiding.cmake to the tarball
 BGF <a href="https://curl.haxx.se/bug/?i=1031">docs: Remove that --proto is just used for initial retrieval</a>
 BGF configure: Fixed builds with libssh2 in a custom location
 BGF curl.1: --trace supports % for sending to stderr!
 BGF <a href="https://curl.haxx.se/bug/?i=1050">cookies: same domain handling changed to match browser behavior</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1053">formpost: trying to attach a directory no longer crashes</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1056">CURLOPT_DEBUGFUNCTION.3: fixed unused argument warning</a>
 BGF formpost: avoid silent snprintf() truncation
 BGF ftp: fix Curl_ftpsendf
 BGF mprintf: return error on too many arguments
 BGF <a href="https://curl.haxx.se/bug/?i=1052">smb: properly check incoming packet boundaries</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1049">GIT-INFO: remove the Mac 10.1-specific details</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1066">resolve: add error message when resolving using SIGALRM</a>
 BGF <a href="https://curl.haxx.se/bug/?i=922">cmake: add nghttp2 support</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2016-10/0040.html">dist: remove PDF and HTML converted docs from the releases</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1057">configure: disable poll() in macOS builds</a>
 BGF vtls: only re-use session-ids using the same scheme
 BGF <a href="https://curl.haxx.se/bug/?i=1075">pipelining: skip to-be-closed connections when pipelining</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1048">win: fix Universal Windows Platform build</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1042">curl: do not set CURLOPT_SSLENGINE to DEFAULT automatically</a>
 BGF maketgz: make it support "only" generating version info
 BGF Curl_socket_check: add extra check to avoid integer overflow
 BGF gopher: properly return error for poll failures
 BGF curl: set INTERLEAVEDATA too
 BGF polarssl: clear thread array at init
 BGF polarssl: fix unaligned SSL session-id lock
 BGF polarssl: reduce #ifdef madness with a macro
 BGF <a href="https://curl.haxx.se/bug/?i=739">curl_multi_add_handle: set timeouts in closure handles</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1069">configure: set min version flags for builds on mac</a>
 BGF INSTALL: converted to markdown => INSTALL.md
 BGF <a href="https://curl.haxx.se/bug/?i=1083">curl_multi_remove_handle: fix a double-free</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2016-10/0011.html">multi: fix infinite loop in curl_multi_cleanup()</a>
 BGF <a href="https://bugzilla.redhat.com/1388162">nss: fix tight loop in non-blocking TLS handhsake over proxy</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1012">mk-ca-bundle: Change URL retrieval to HTTPS-only by default</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1087">mbedtls: stop using deprecated include file</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1088">docs: fix req->data in multi-uv example</a>
 BGF configure: Fix test syntax for monotonic clock_gettime
 BGF <a href="https://curl.haxx.se/bug/?i=1059">CURLMOPT_MAX_PIPELINE_LENGTH.3: Clarify it's not for HTTP/2</a>
</ul>
    
<a name="7_50_3"></a>
SUBTITLE(Fixed in 7.50.3 - September 14 2016)
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="https://curl.haxx.se/docs/CVE-2016-7167.html">CVE-2016-7167: escape and unescape integer overflows</a>
 BGF mk-ca-bundle.pl: use SHA256 instead of SHA1
 BGF checksrc: detect strtok() use
 BGF <a href="https://curl.haxx.se/bug/?i=975">errors: new alias CURLE_WEIRD_SERVER_REPLY</a>
 BGF <a href="https://curl.haxx.se/bug/?i=996">http2: support > 64bit sized uploads</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1005">openssl: fix bad memory free (regression)</a>
 BGF <a href="https://curl.haxx.se/bug/?i=981">CMake: hide private library symbols</a>
 BGF <a href="https://curl.haxx.se/bug/?i=973">http: refuse to pass on response body when NO_NODY is set</a>
 BGF <a href="https://curl.haxx.se/bug/?i=841">cmake: fix curl-config --static-libs</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1004">mbedtls: switch off NTLM in build if md4 isn't available</a>
 BGF <a href="https://curl.haxx.se/bug/?i=1007">curl: --create-dirs on windows groks both forward and backward slashes</a>
</ul>
    
<a name="7_50_2"></a>
SUBTITLE(Fixed in 7.50.2 - September 7 2016)
<p> Bugfixes:
<ul class="bugfixes">
 BGF mbedtls: Added support for NTLM
 BGF <a href="https://curl.haxx.se/mail/lib-2016-07/0057.html">SSH: fixed SFTP/SCP transfer problems</a>
 BGF multi: make Curl_expire() work with 0 ms timeouts
 BGF <a href="https://curl.haxx.se/bug/?i=937">mk-ca-bundle.pl: -m keeps ca cert meta data in output</a>
 BGF <a href="https://curl.haxx.se/bug/?i=857">TFTP: Fix upload problem with piped input</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2016-06/0143.html">CURLOPT_TCP_NODELAY: now enabled by default</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2016-08/0017.html">mbedtls: set verbose TLS debug when MBEDTLS_DEBUG is defined</a>
 BGF http2: always wait for readable socket
 BGF cmake: Enable win32 large file support by default
 BGF cmake: Enable win32 threaded resolver by default
 BGF <a href="https://curl.haxx.se/bug/?i=949">winbuild: Avoid setting redundant CFLAGS to compile commands</a>
 BGF curl.h: make CURL_NO_OLDIES define CURL_STRICTER
 BGF docs: make more markdown files use .md extension
 BGF docs: CONTRIBUTE and LICENSE-MIXING were converted to markdown
 BGF <a href="https://curl.haxx.se/bug/?i=952">winbuild: Allow changing C compiler via environment variable CC</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2016-08/0076.html">rtsp: accept any RTSP session id</a>
 BGF HTTP: retry failed HEAD requests on reused connections too
 BGF <a href="https://curl.haxx.se/bug/?i=956">configure: add zlib search with pkg-config</a>
 BGF <a href="https://curl.haxx.se/bug/?i=959">openssl: accept subjectAltName iPAddress if no dNSName match</a>
 BGF <a href="https://curl.haxx.se/bug/?i=962">MANUAL: Remove invalid link to LDAP documentation</a>
 BGF <a href="https://curl.haxx.se/bug/?i=944">socks: improved connection procedure</a>
 BGF proxy: reject attempts to use unsupported proxy schemes
 BGF <a href="https://curl.haxx.se/bug/?i=954">proxy: bring back use of "Proxy-Connection:"</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2016-08/0122.html">curl: allow "pkcs11:" prefix for client certificates</a>
 BGF <a href="https://curl.haxx.se/bug/?i=970">spnego_sspi: fix memory leak in case *outlen is zero</a>
 BGF SOCKS: improve verbose output of SOCKS5 connection sequence
 BGF SOCKS: display the hostname returned by the SOCKS5 proxy server
 BGF http/sasl: Query authentication mechanism supported by SSPI before using
 BGF <a href="https://curl.haxx.se/bug/?i=718">sasl: Don't use GSSAPI authentication when domain name not specified</a>
 BGF <a href="https://curl.haxx.se/bug/?i=820">win: Basic support for Universal Windows Platform apps</a>
 BGF nss: fix incorrect use of a previously loaded certificate from file
 BGF <a href="https://bugzilla.mozilla.org/1297397">nss: work around race condition in PK11_FindSlotByName()</a>
 BGF <a href="https://curl.haxx.se/bug/?i=978">ftp: fix wrong poll on the secondary socket</a>
 BGF openssl: build warning-free with 1.1.0 (again)
 BGF <a href="https://curl.haxx.se/bug/?i=899">HTTP: stop parsing headers when switching to unknown protocols</a>
 BGF test219: Add http as a required feature
 BGF TLS: random file/egd doesn't have to match for conn reuse
 BGF <a href="https://curl.haxx.se/bug/?i=983">schannel: Disable ALPN for Wine since it is causing problems</a>
 BGF <a href="https://curl.haxx.se/bug/?i=941">http2: make sure stream errors don't needlessly close the connection</a>
 BGF <a href="https://curl.haxx.se/bug/?i=986">http2: return CURLE_HTTP2_STREAM for unexpected stream close</a>
 BGF darwinssl: --cainfo is intended for backward compatibility only
 BGF <a href="https://curl.haxx.se/bug/?i=971">speed caps: not based on average speeds anymore</a>
 BGF <a href="https://curl.haxx.se/bug/?i=958">configure: make the cpp -P detection not clobber CPPFLAGS</a>
 BGF http2: use named define instead of magic constant in read callback
 BGF http2: skip the content-length parsing, detect unknown size
 BGF <a href="https://curl.haxx.se/bug/?i=982">http2: return EOF when done uploading without known size</a>
 BGF <a href="https://curl.haxx.se/bug/?i=993">darwinssl: test for errSecSuccess in PKCS12 import rather than noErr</a>
 BGF <a href="https://curl.haxx.se/bug/?i=995">openssl: fix CURLINFO_SSL_VERIFYRESULT</a>
</ul>
    
<a name="7_50_1"></a>
SUBTITLE(Fixed in 7.50.1 - August 3 2016)
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="https://curl.haxx.se/docs/CVE-2016-5419.html">TLS: switch off SSL session id when client cert is used</a>
 BGF <a href="https://curl.haxx.se/docs/CVE-2016-5420.html">TLS: only reuse connections with the same client cert</a>
 BGF <a href="https://curl.haxx.se/docs/CVE-2016-5421.html">curl_multi_cleanup: clear connection pointer for easy handles</a>
 BGF include the <a href="https://curl.haxx.se/libcurl/c/CURLINFO_HTTP_VERSION.html">CURLINFO_HTTP_VERSION man page</a> into the release tarball
 BGF include the http2-server.pl script in the release tarball
 BGF test558: fix test by stripping file paths from FD lines
 BGF spnego: Corrected miss-placed * in Curl_auth_spnego_cleanup() declaration
 BGF <a href="https://curl.haxx.se/mail/lib-2016-07/0070.html">tests: Fix for http/2 feature</a>
 BGF <a href="https://curl.haxx.se/bug/?i=917">cmake: Fix for schannel support</a>
 BGF <a href="https://curl.haxx.se/bug/?i=926">curl.h: make public types void * again</a>
 BGF <a href="https://curl.haxx.se/bug/?i=938">win32: fix a potential memory leak in Curl_load_library</a>
 BGF <a href="https://curl.haxx.se/bug/?i=939">travis: fix OSX build by re-installing libtool</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2016-08/0001.html">mbedtls: Fix debug function name</a>
</ul>

<a name="7_50_0"></a>
SUBTITLE(Fixed in 7.50.0 - July 21 2016)
<p> Changes:
<ul class="changes">
 CHG <a href="https://curl.haxx.se/bug/?i=799">http: add CURLINFO_HTTP_VERSION and %{http_version}</a>
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="https://curl.haxx.se/bug/?i=828">memdebug: fix MSVC crash with -DMEMDEBUG_LOG_SYNC</a>
 BGF <a href="https://curl.haxx.se/bug/?i=836">openssl: fix build with OPENSSL_NO_COMP</a>
 BGF <a href="https://curl.haxx.se/bug/?i=838">mbedtls: removed unused variables</a>
 BGF <a href="https://curl.haxx.se/bug/?i=837">cmake: Added missing mbedTLS support</a>
 BGF <a href="https://curl.haxx.se/bug/?i=791">URL parser: allow URLs to use one, two or three slashes</a>
 BGF <a href="https://curl.haxx.se/bug/?i=842">curl: fix -q [regression]</a>
 BGF <a href="https://curl.haxx.se/bug/?i=844">openssl: Use correct buffer sizes for error messages</a>
 BGF <a href="https://bugzilla.redhat.com/1340757">curl: fix SIGSEGV while parsing URL with too many globs</a>
 BGF <a href="https://curl.haxx.se/bug/?i=822">schannel: add CURLOPT_CERTINFO support</a>
 BGF <a href="https://curl.haxx.se/bug/?i=815">vtls: fix ssl session cache race condition</a>
 BGF <a href="https://curl.haxx.se/bug/?i=855">http: Fix HTTP/2 connection reuse [regression]</a>
 BGF checksrc: Add LoadLibrary to the banned functions list
 BGF <a href="https://curl.haxx.se/bug/?i=840">schannel: Disable ALPN on Windows < 8.1</a>
 BGF configure: occasional ignorance of --enable-symbol-hiding with GCC
 BGF http2: test17xx are the first real HTTP/2 tests
 BGF <a href="https://curl.haxx.se/bug/?i=863">resolve: add support for IPv6 DNS64/NAT64 Networks on OS X + iOS</a>
 BGF <a href="https://curl.haxx.se/bug/?i=865">curl_multi_socket_action.3: rewording</a>
 BGF <a href="https://curl.haxx.se/bug/?i=862">CURLOPT_POSTFIELDS.3: Clarify what happens when set empty</a>
 BGF <a href="https://curl.haxx.se/bug/?i=874">cmake: Fix build with winldap</a>
 BGF <a href="https://curl.haxx.se/bug/?i=875">openssl: fix cert check with non-DNS name fields present</a>
 BGF <a href="https://curl.haxx.se/bug/?i=883">curl.1: mention the units for the progress meter</a>
 BGF openssl: use more 'const' to fix build warnings with 1.1.0 branch
 BGF <a href="https://curl.haxx.se/bug/?i=882">cmake: now using BUILD_TESTING=ON/OFF</a>
 BGF vtls: Only call add/getsession if session id is enabled
 BGF <a href="https://curl.haxx.se/mail/lib-2016-06/0100.html">headers: forward declare CURL, CURLM and CURLSH as structs</a>
 BGF <a href="https://curl.haxx.se/bug/?i=894">configure: improve detection of CA bundle path on FreeBSD</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2016-06/0052.html">SFTP: set a generic error when no SFTP one exists</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2016-06/0136.html">curl_global_init.3: expand on the SSL and WIN32 bits purpose</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2016-06/0139.html">conn: don't free easy handle data in handler->disconnect</a>
 BGF <a href="https://curl.haxx.se/bug/?i=911">cookie.c: Fix misleading indentation</a>
 BGF <a href="https://curl.haxx.se/bug/?i=913">library: Fix memory leaks found during static analysis</a>
 BGF <a href="https://curl.haxx.se/bug/?i=914">CURLMOPT_SOCKETFUNCTION.3: fix typo</a>
 BGF <a href="https://curl.haxx.se/bug/?i=915">curl_global_init: moved the "IPv6 works" check here</a>
 BGF <a href="https://curl.haxx.se/bug/?i=907">connect: disable TFO on Linux when using SSL</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2016-07/0054.html">vauth: Fixed memory leak due to function returning without free</a>
 BGF winbuild: fix embedded manifest option
</ul>

<a name="7_49_1"></a>
SUBTITLE(Fixed in 7.49.1 - May 30 2016)
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="https://curl.haxx.se/docs/CVE-2016-4802.html">Windows: prevent DLL hijacking, CVE-2016-4802</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2016-05/0113.html">dist: include manpage-scan.pl, nroff-scan.pl and CHECKSRC.md</a>
 BGF <a href="https://curl.haxx.se/bug/?i=812">schannel: fix compile break with MSVC XP toolset</a>
 BGF <a href="https://curl.haxx.se/bug/?i=813">curlbuild.h.dist: check __LP64__ as well to fix MIPS build</a>
 BGF <a href="https://curl.haxx.se/bug/?i=816">dist: include curl_multi_socket_all.3</a>
 BGF http2: use HTTP/2 in the HTTP/1.1-alike response
 BGF openssl: ERR_remove_thread_state() is deprecated in latest 1.1.0
 BGF <a href="https://curl.haxx.se/bug/?i=819">CURLOPT_CONNECT_TO.3: user must not free the list prematurely</a>
 BGF <a href="https://curl.haxx.se/bug/?i=821">libcurl.m4: Avoid obsolete warning</a>
 BGF <a href="https://curl.haxx.se/bug/?i=818">winbuild/Makefile.vc: Fix check on SSL, MBEDTLS, WINSSL exclusivity</a>
 BGF curl_multibyte: fix compiler error
 BGF <a href="https://curl.haxx.se/bug/?i=817">openssl: cleanup must free compression methods (memory leak)</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2016-05/0196.html">mbedtls: fix includes so snprintf() works</a>
 BGF checksrc.pl: Added variants of strcat() & strncat() to banned function list
 BGF <a href="https://curl.haxx.se/bug/?i=824">contributors.sh: better grep pattern and show GitHub username</a>
 BGF <a href="https://curl.haxx.se/bug/?i=831">ssh: fix build for libssh2 before 1.2.6</a>
 BGF <a href="https://github.com/curl/curl/issues/826">curl_share_setopt.3: Add min ver needed for ssl session lock</a>
</ul>

<a name="7_49_0"></a>
SUBTITLE(Fixed in 7.49.0 - May 18 2016)
<p> Changes:
<ul class="changes">
 CHG <a href="https://curl.haxx.se/bug/?i=724">schannel: Add ALPN support</a>
 CHG SSH: support CURLINFO_FILETIME
 CHG <a href="https://curl.haxx.se/bug/?i=677">SSH: new CURLOPT_QUOTE command "statvfs"</a>
 CHG <a href="https://curl.haxx.se/docs/http2.html">wolfssl: Add ALPN support</a>
 CHG <a href="https://curl.haxx.se/docs/manpage.html#--http2-prior-knowledge">http2: added --http2-prior-knowledge</a>
 CHG <a href="https://curl.haxx.se/libcurl/c/CURLOPT_HTTP_VERSION.html">http2: added CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE</a>
 CHG <a href="https://curl.haxx.se/libcurl/c/CURLOPT_CONNECT_TO.html">libcurl: added CURLOPT_CONNECT_TO</a>
 CHG <a href="https://curl.haxx.se/docs/manpage.html#--connect-to">curl: added --connect-to</a>
 CHG <a href="https://curl.haxx.se/libcurl/c/CURLOPT_TCP_FASTOPEN.html">libcurl: added CURLOPT_TCP_FASTOPEN</a>
 CHG <a href="https://curl.haxx.se/docs/manpage.html#--tcp-fastopen">curl: added --tcp-fastopen</a>
 CHG curl: remove support for --ftpport, -http-request and --socks
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="https://curl.haxx.se/docs/CVE-2016-3739.html">CVE-2016-3739: TLS certificate check bypass with mbedTLS/PolarSSL</a>
 BGF checksrc.bat: Updated the help to be consistent with generate.bat
 BGF checksrc.bat: Added support for scanning the tests and examples
 BGF <a href="https://twitter.com/xtraemeat/status/712564874098917376">openssl: fix ERR_remove_thread_state() for boringssl/libressl</a>
 BGF openssl: boringssl provides the same numbering as openssl
 BGF <a href="https://curl.haxx.se/bug/?i=619">multi: fix "Operation timed out after" timer</a>
 BGF <a href="https://curl.haxx.se/bug/?i=731">url: don't use bad offset in tld_check_name to show error</a>
 BGF sshserver.pl: use quotes for given options
 BGF <a href="https://curl.haxx.se/bug/?i=620">Makefile.am: skip the scripts dir</a>
 BGF <a href="https://curl.haxx.se/bug/?i=492">curl: warn for --capath use if not supported by libcurl</a>
 BGF <a href="https://curl.haxx.se/bug/?i=736">http2: fix connection reuse</a>
 BGF <a href="https://curl.haxx.se/bug/?i=738">GSS: make Curl_gss_log_error more verbose</a>
 BGF build-wolfssl: Allow a broader range of ciphers (Visual Studio)
 BGF <a href="https://github.com/wolfSSL/wolfssl/issues/366">wolfssl: Use ECC supported curves extension</a>
 BGF openssl: Fix compilation warnings
 BGF Curl_add_buffer_send: avoid possible NULL dereference
 BGF SOCKS5_gssapi_negotiate: don't assume little-endian ints
 BGF <a href="https://curl.haxx.se/bug/?i=744">strerror: don't bit shift a signed integer</a>
 BGF url: Corrected get protocol family for FTP and LDAP
 BGF curl/mprintf.h: remove support for _MPRINTF_REPLACE
 BGF <a href="https://curl.haxx.se/bug/?i=741">upload: missing rewind call could make libcurl hang</a>
 BGF <a href="https://curl.haxx.se/bug/?i=747">IMAP: check pointer before dereferencing it</a>
 BGF build: Changed the Visual Studio projects warning level from 3 to 4
 BGF checksrc: now stricter, wider checks, code cleaned up
 BGF checksrc: added docs/CHECKSRC.md
 BGF <a href="https://curl.haxx.se/bug/?i=745">curl_sasl: Fixed potential null pointer utilisation</a>
 BGF krb5: Fixed missing client response when mutual authentication enabled
 BGF krb5: Only process challenge when present
 BGF krb5: Only generate a SPN when its not known
 BGF formdata: use appropriate fopen() macros
 BGF curl.1: -w filename_effective was introduced in 7.26.0
 BGF <a href="https://curl.haxx.se/bug/?i=722">http2: make use of the nghttp2 error callback</a>
 BGF <a href="https://curl.haxx.se/bug/?i=750">http2: fix connection reuse when PING comes after last DATA</a>
 BGF <a href="https://curl.haxx.se/bug/?i=752">curl.1: change example for -F</a>
 BGF <a href="https://curl.haxx.se/bug/?i=755">HTTP2: Add a space character after the status code</a>
 BGF curl.1: use example.com more
 BGF mbedtls.c: changed private prefix to mbed_
 BGF <a href="https://curl.haxx.se/bug/?i=737">mbedtls: implement and provide *_data_pending() to avoid hang</a>
 BGF mbedtls: fix MBEDTLS_DEBUG builds
 BGF ftp/imap/pop3/smtp: Allow the service name to be overridden
 BGF CURLOPT_SOCKS5_GSSAPI_SERVICE: Merged with CURLOPT_PROXY_SERVICE_NAME
 BGF build: include scripts/ in the dist
 BGF <a href="https://curl.haxx.se/bug/?i=663">http2: Add handling stream level error</a>
 BGF <a href="https://curl.haxx.se/bug/?i=663">http2: Improve header parsing</a>
 BGF <a href="https://curl.haxx.se/bug/?i=769">makefile.vc6: use d suffix on debug object</a>
 BGF <a href="https://curl.haxx.se/bug/?i=770">configure: remove check for libresolve</a>
 BGF <a href="https://curl.haxx.se/bug/?i=771">scripts/make: use $(EXEEXT) for executables</a>
 BGF checksrc: got rid of the whitelist files
 BGF <a href="https://curl.haxx.se/bug/?i=657">sendf: added ability to call recv() before send() as workaround</a>
 BGF <a href="https://curl.haxx.se/bug/?i=765">NTLM: check for NULL pointer before dereferencing</a>
 BGF <a href="https://curl.haxx.se/bug/?i=763">openssl: builds with OpenSSL 1.1.0-pre5</a>
 BGF <a href="https://curl.haxx.se/bug/?i=766">configure: ac_cv_ -> curl_cv_ for all cached vars</a>
 BGF <a href="https://curl.haxx.se/bug/?i=606">winbuild: add mbedtls support</a>
 BGF <a href="https://curl.haxx.se/mail/archive-2016-04/0021.html">curl: make --ftp-create-dirs retry on failure</a>
 BGF PolarSSL: implement public key pinning
 BGF <a href="https://curl.haxx.se/mail/lib-2016-04/0084.html">multi: accidentally used resolved host name instead of proxy</a>
 BGF CURLINFO_TLS_SESSION.3: clarify TLS library support before 7.48.0
 BGF <a href="https://curl.haxx.se/bug/?i=655">CONNECT_ONLY: don't close connection on GSS 401/407 responses</a>
 BGF <a href="https://curl.haxx.se/bug/?i=779">opts: Fix some syntax errors in example code fragments</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2016-04/0095.html">mbedtls: Fix session resume</a>
 BGF test1139: verifies libcurl option man page presence
 BGF <a href="https://curl.haxx.se/mail/lib-2016-04/0126.html">CURLINFO_TLS_SSL_PTR.3: Clarify SSL pointer availability</a>
 BGF curl: make --disable work as long form of -q
 BGF curl: use --telnet-option as documented
 BGF curl.1: document --ftp-ssl-reqd, --krb4 and --ntlm-wb
 BGF curl: -h output lacked --proxy-header and --ntlm-wb
 BGF <a href="https://curl.haxx.se/bug/?i=760">curl -J: make it work even without http:// scheme on URL</a>
 BGF <a href="https://curl.haxx.se/bug/?i=743">lib: include curl_printf.h as one of the last headers</a>
 BGF <a href="https://curl.haxx.se/bug/?i=675">tests: handle path properly on Msys/Cygwin</a>
 BGF <a href="https://curl.haxx.se/bug/?i=784">curl.1: --mail-rcpt can be used multiple times</a>
 BGF <a href="https://curl.haxx.se/bug/?i=785">CURLOPT_ACCEPT_ENCODING.3: clarified</a>
 BGF docs: fixed lots of broken man page references
 BGF <a href="https://curl.haxx.se/bug/?i=781">tls: make setting pinnedkey option fail if not supported</a>
 BGF test1140: run nroff-scan to verify man pages
 BGF <a href="https://curl.haxx.se/bug/?i=785">http: make sure a blank header overrides accept_decoding</a>
 BGF <a href="https://curl.haxx.se/bug/?i=648">connections: do not reuse non-HTTP proxies on different ports</a>
 BGF <a href="https://curl.haxx.se/bug/?i=794">connect: fix invalid "Network is unreachable" errors</a>
 BGF <a href="https://curl.haxx.se/bug/?i=789">TLS: move the ALPN/NPN enable bits to the connection</a>
 BGF <a href="https://curl.haxx.se/bug/?i=795">TLS: SSL_peek is not a const operation</a>
 BGF <a href="https://curl.haxx.se/bug/?i=797">http2: Add space between colon and header value</a>
 BGF <a href="https://curl.haxx.se/bug/?i=802">darwinssl: fix certificate verification disable on OS X 10.8</a>
 BGF mprintf: Fix processing of width and prec args
 BGF <a href="https://curl.haxx.se/bug/?i=800">ftp wildcard: segfault due to init only in multi_perform</a>
</ul>

<a name="7_48_0"></a>
SUBTITLE(Fixed in 7.48.0 - March 23 2016)
<p> Changes:
<ul class="changes">
 CHG <a href="https://curl.haxx.se/bug/?i=569">configure: --with-ca-fallback: use built-in TLS CA fallback</a>
 CHG <a href="https://curl.haxx.se/bug/?i=481">TFTP: add --tftp-no-options to expose CURLOPT_TFTP_NO_OPTIONS</a>
 CHG <a href="https://curl.haxx.se/libcurl/c/CURLINFO_TLS_SSL_PTR.html">getinfo: CURLINFO_TLS_SSL_PTR supersedes CURLINFO_TLS_SESSION</a>
 CHG <a href="https://curl.haxx.se/dev/code-style.html">added CODE_STYLE.md</a>
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="https://curl.haxx.se/bug/?i=633">Proxy-Connection: stop sending this header by default</a>
 BGF os400: sync ILE/RPG definitions with latest public header files
 BGF <a href="https://curl.haxx.se/bug/?i=639">cookies: allow spaces in cookie names, cut of trailing spaces</a>
 BGF <a href="https://github.com/curl/curl/commit/4520534#commitcomment-15954863">tool_urlglob: Allow reserved dos device names (Windows)</a>
 BGF <a href="https://curl.haxx.se/bug/?i=640">openssl: remove most BoringSSL #ifdefs</a>
 BGF tool_doswin: Support for literal path prefix \\?\
 BGF <a href="https://curl.haxx.se/bug/?i=642">mbedtls: fix ALPN usage segfault</a>
 BGF <a href="https://curl.haxx.se/bug/?i=626">mbedtls: fix memory leak when destroying SSL connection data</a>
 BGF nss: do not count enabled cipher-suites
 BGF examples/cookie_interface.c: add cleanup call
 BGF examples: adhere to curl code style
 BGF <a href="https://curl.haxx.se/bug/?i=646">curlx_tvdiff: handle 32bit time_t overflows</a>
 BGF dist: ship buildconf.bat too
 BGF <a href="https://bugzilla.redhat.com/1305970">curl.1: --disable-{eprt,epsv} are ignored for IPv6 hosts</a>
 BGF <a href="https://curl.haxx.se/bug/?i=649">generate.bat: Fix comment bug by removing old comments</a>
 BGF test1604: Add to Makefile.inc so it gets run
 BGF <a href="https://curl.haxx.se/bug/?i=651">gtls: fix for builds lacking encrypted key file support</a>
 BGF <a href="https://curl.haxx.se/bug/?i=451">SCP: use libssh2_scp_recv2 to support > 2GB files on windows</a>
 BGF <a href="https://curl.haxx.se/bug/?i=653">CURLOPT_CONNECTTIMEOUT_MS.3: Fix example to use milliseconds option</a>
 BGF <a href="https://curl.haxx.se/bug/?i=658">cookie: do not refuse cookies to localhost</a>
 BGF <a href="https://curl.haxx.se/bug/?i=650">openssl: avoid direct PKEY access with OpenSSL 1.1.0</a>
 BGF <a href="https://curl.haxx.se/bug/?i=659">http: Don't break the header into chunks if HTTP/2</a>
 BGF <a href="https://curl.haxx.se/bug/?i=661">http2: don't decompress gzip decoding automatically</a>
 BGF curlx.c: i2s_ASN1_IA5STRING() clashes with an openssl function
 BGF curl.1: add a missing dash
 BGF <a href="https://curl.haxx.se/bug/?i=666">curl.1: HTTP headers for --cookie must be Set-Cookie style</a>
 BGF <a href="https://curl.haxx.se/bug/?i=666">CURLOPT_COOKIEFILE.3: HTTP headers must be Set-Cookie style</a>
 BGF <a href="https://curl.haxx.se/bug/?i=667">curl_sasl: Fix memory leak in digest parser</a>
 BGF <a href="https://curl.haxx.se/bug/?i=670">src/Makefile.m32: add CURL_{LD,C}FLAGS_EXTRAS support</a>
 BGF CURLOPT_DEBUGFUNCTION.3: Fix example
 BGF <a href="https://curl.haxx.se/bug/?i=672">runtests: Fixed usage of %PWD on MinGW64</a>
 BGF <a href="https://curl.haxx.se/bug/?i=676">tests/sshserver.pl: use RSA instead of DSA for host auth</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2016-02/0097.html">multi_remove_handle: keep the timeout list until after disconnect</a>
 BGF Curl_read: check for activated HTTP/1 pipelining, not only requested
 BGF <a href="https://curl.haxx.se/bug/?i=404">configure: warn on invalid ca bundle or path</a>
 BGF <a href="https://curl.haxx.se/bug/?i=681">file: try reading from files with no size</a>
 BGF getinfo: Add support for mbedTLS TLS session info
 BGF <a href="https://curl.haxx.se/bug/?i=688">formpost: fix memory leaks in AddFormData error branches</a>
 BGF <a href="https://curl.haxx.se/bug/?i=689">makefile.m32: allow to pass .dll/.exe-specific LDFLAGS</a>
 BGF <a href="https://curl.haxx.se/bug/?i=690">url: if Curl_done is premature then pipeline not in use</a>
 BGF <a href="https://curl.haxx.se/bug/?i=695">cookie: remove redundant check</a>
 BGF <a href="https://curl.haxx.se/bug/?i=697">cookie: Don't expire session cookies in remove_expired</a>
 BGF <a href="https://curl.haxx.se/bug/?i=692">makefile.m32: fix to allow -ssh2-winssl combination</a>
 BGF checksrc.bat: Fixed cannot find perl if installed but not in path
 BGF build-openssl.bat: Fixed cannot find perl if installed but not in path
 BGF mbedtls: fix user-specified SSL protocol version
 BGF <a href="https://curl.haxx.se/bug/?i=693">makefile.m32: add missing libs for static -winssl-ssh2 builds</a>
 BGF <a href="https://curl.haxx.se/bug/?i=697">test46: change cookie expiry date</a>
 BGF <a href="https://curl.haxx.se/bug/?i=704">pipeline: Sanity check pipeline pointer before accessing it</a>
 BGF openssl: use the correct OpenSSL/BoringSSL/LibreSSL in messages
 BGF <a href="https://curl.haxx.se/bug/?i=701">ftp_done: clear tunnel_state when secondary socket closes</a>
 BGF <a href="https://curl.haxx.se/bug/?i=705">opt-docs: fix heading macros</a>
 BGF <a href="https://curl.haxx.se/bug/?i=422">imap/pop3/smtp: Fixed connections upgraded with TLS are not reused</a>
 BGF <a href="https://curl.haxx.se/bug/?i=707">curl_multi_wait: never return -1 in 'numfds'</a>
 BGF url.c: fix clang warning: no newline at end of file
 BGF krb5: improved type handling to avoid clang compiler warnings
 BGF <a href="https://curl.haxx.se/bug/?i=709">cookies: first n/v pair in Set-Cookie: is the cookie, then parameters</a>
 BGF <a href="https://curl.haxx.se/bug/?i=703">multi: avoid blocking during CURLM_STATE_WAITPROXYCONNECT</a>
 BGF <a href="https://curl.haxx.se/bug/?i=712">multi hash: ensure modulo performed on curl_socket_t</a>
 BGF curl: glob_range: no need to check unsigned variable for negative
 BGF easy: add check to malloc() when running event-based
 BGF <a href="https://curl.haxx.se/mail/lib-2016-03/0150.html">CURLOPT_SSLENGINE.3: Only for OpenSSL built with engine support</a>
 BGF version: thread safety
 BGF openssl: verbose: show matching SAN pattern
 BGF openssl: adapt to OpenSSL 1.1.0 API breakage in ERR_remove_thread_state()
 BGF formdata.c: Fixed compilation warning
 BGF <a href="https://curl.haxx.se/bug/?i=719">configure: use cpp -P when needed</a>
 BGF imap.c: Fixed compilation warning with /Wall enabled
 BGF config-w32.h: Fixed compilation warning when /Wall enabled
 BGF ftp/imap/pop3/smtp: Fixed compilation warning when /Wall enabled
 BGF build: Added missing Visual Studio filter files for VC10 onwards
 BGF easy: Remove poll failure check in easy_transfer
 BGF mbedtls: fix compiler warning
 BGF build-wolfssl: Update VS properties for wolfSSL v3.9.0
 BGF Fixed various compilation warnings when verbose strings disabled
 BGF <a href="https://curl.haxx.se/bug/?i=715">sshserver: remove use of AuthorizedKeysFile2</a>
</ul>
    
<a name="7_47_1"></a>
SUBTITLE(Fixed in 7.47.1 - February 8 2016)
<p> Bugfixes:
<ul class="bugfixes">
 BGF getredirect.c: fix variable name
 BGF <a href="https://github.com/curl/curl/pull/616">tool_doswin: silence unused function warning</a>
 BGF <a href="https://curl.haxx.se/bug/?i=617">cmake: fixed when OpenSSL enabled on Windows and schannel detected</a>
 BGF curl.1: Explain remote-name behavior if file already exists
 BGF <a href="https://curl.haxx.se/bug/?i=624">tool_operate: Don't sanitize --output path (Windows)</a>
 BGF URLs: change all http:// URLs to https:// in documentation & comments
 BGF <a href="https://github.com/curl/curl/issues/635">sasl_sspi: Fix memory leak in domain populate</a>
 BGF COPYING: clarify that Daniel is not the sole author
 BGF <a href="https://curl.haxx.se/mail/lib-2016-02/0017.html">examples/htmltitle: Use _stricmp on Windows</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2016-02/0016.html">examples/asiohiper: Avoid function name collision on Windows</a>
 BGF <a href="https://github.com/curl/curl/pull/637">idn_win32: Better error checking</a>
 BGF <a href="https://github.com/curl/curl/commit/dd1b44c#commitcomment-15913896">openssl: Fix signed/unsigned mismatch warning in X509V3_ext</a>
 BGF <a href="https://curl.haxx.se/docs/CVE-2016-0754.html">curl save files: check for backslashes on cygwin</a>
</ul>

<a name="7_47_0"></a>
SUBTITLE(Fixed in 7.47.0 - January 27 2016)
<p> Changes:
<ul class="changes">
 CHG version: Add flag CURL_VERSION_PSL for libpsl
 CHG <a href="https://curl.haxx.se/libcurl/c/CURLOPT_HTTP_VERSION.html">http: added CURL_HTTP_VERSION_2TLS to do HTTP/2 for HTTPS only</a>
 CHG curl: use 2TLS by default
 CHG <a href="https://curl.haxx.se/docs/manpage.html#--expect100-timeout">curl --expect100-timeout: added</a>
 CHG <a href="https://curl.haxx.se/bug/?i=574">Add .dir-locals and set c-basic-offset to 2 (for emacs)</a>
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="https://curl.haxx.se/docs/CVE-2016-0754.html">curl: avoid local drive traversal when saving file on Windows</a>
 BGF <a href="https://curl.haxx.se/docs/CVE-2016-0755.html">NTLM: do not resuse proxy connections without diff proxy credentials</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2015-12/0003.html">tests: Disable the OAUTHBEARER tests when using a non-default port number</a>
 BGF curl: remove keepalive #ifdef checks done on libcurl's behalf
 BGF <a href="https://github.com/curl/curl/issues/425#issuecomment-154518679">formdata: Check if length is too large for memory</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2015-12/0023.html">lwip: Fix compatibility issues with later versions</a>
 BGF openssl: BoringSSL doesn't have CONF_modules_free
 BGF config-win32: Fix warning HAVE_WINSOCK2_H undefined
 BGF <a href="https://curl.haxx.se/bug/?i=558">build: fix compilation error with CURL_DISABLE_VERBOSE_STRINGS</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2015-11/0103.html">http2: Fix hanging paused stream</a>
 BGF <a href="https://curl.haxx.se/bug/?i=555">scripts/Makefile: fix GNUism and survive no perl</a>
 BGF openssl: adapt to 1.1.0+ name changes
 BGF <a href="https://curl.haxx.se/bug/?i=491">openssl: adapt to openssl >= 1.1.0 X509 opaque structs</a>
 BGF HTTP2.md: spell fix and remove TODO now implemented
 BGF <a href="https://curl.haxx.se/bug/?i=565">setstropt: const-correctness</a>
 BGF cyassl: fix compiler warning on type conversion
 BGF <a href="https://curl.haxx.se/mail/lib-2015-12/0062.html">gskit: Fix host subject altname verification</a>
 BGF <a href="https://curl.haxx.se/bug/?i=564">http2: Support trailer fields</a>
 BGF wolfssl: handle builds without SSLv3 support
 BGF <a href="https://curl.haxx.se/bug/?i=565">cyassl: deal with lack of *get_peer_certificate</a>
 BGF sockfilt: do not wait on unreliable file or pipe handle
 BGF make: build zsh script even in an out-of-tree build
 BGF test 1326: fix getting stuck on Windows
 BGF test 87: fix file check on Windows
 BGF <a href="https://github.com/Alexpux/MINGW-packages/tree/master/mingw-w64-curl">configure: allow static builds on mingw</a>
 BGF <a href="https://github.com/Alexpux/MINGW-packages/commit/9253d0bf58a1486e91f7efb5316e7fdb48fa4007">configure: detect IPv6 support on Windows</a>
 BGF <a href="https://curl.haxx.se/bug/?i=575">ConnectionExists: with *PIPEWAIT, wait for connections</a>
 BGF <a href="https://curl.haxx.se/bug/?i=577">Makefile.inc: s/curl_SOURCES/CURL_FILES</a>
 BGF test 16: fixed for Windows
 BGF test 252-255: use datacheck mode text for ASCII-mode LISTings
 BGF tftpd server: add Windows support by writing files in binary mode
 BGF ftplistparser: fix handling of file LISTings using Windows EOL
 BGF tests first.c: fix calculation of sleep timeout on Windows
 BGF tests (several): use datacheck mode text for ASCII-mode LISTings
 BGF CURLOPT_RANGE.3: for HTTP servers, range support is optional
 BGF test 1515: add MSYS support by passing a relative path
 BGF <a href="https://curl.haxx.se/bug/?i=586">curl_global_init.3: Add Windows-specific info for init via DLL</a>
 BGF <a href="https://curl.haxx.se/bug/?i=564">http2: Fix client write for trailers on stream close</a>
 BGF mbedtls: Fix ALPN support
 BGF <a href="https://curl.haxx.se/bug/?i=592">connection reuse: IDN host names fixed</a>
 BGF <a href="https://curl.haxx.se/bug/?i=564">http2: Fix PUSH_PROMISE headers being treated as trailers</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2016-01/0031.html">http2: handle the received SETTINGS frame</a>
 BGF <a href="https://curl.haxx.se/bug/?i=564">http2: Ensure that http2_handle_stream_close is called</a>
 BGF mbedtls: implement CURLOPT_PINNEDPUBLICKEY
 BGF runtests: Add mbedTLS to the SSL backends
 BGF <a href="https://curl.haxx.se/bug/?i=596">IDN host names: Remove the port number before converting to ACE</a>
 BGF zsh.pl: fail if no curl is found
 BGF scripts: fix zsh completion generation
 BGF <a href="https://curl.haxx.se/bug/?i=582">scripts: don't generate and install zsh completion when cross-compiling</a>
 BGF <a href="https://curl.haxx.se/bug/?i=597">lib: Prefix URLs with lower-case protocol names/schemes</a>
 BGF <a href="https://curl.haxx.se/bug/?i=584">ConnectionExists: only do pipelining/multiplexing when asked</a>
 BGF <a href="https://curl.haxx.se/bug/?i=594">configure: assume IPv6 works when cross-compiled</a>
 BGF openssl: for 1.1.0+ they now provide a SSLeay() macro of their own
 BGF openssl: improved error detection/reporting
 BGF <a href="https://curl.haxx.se/mail/lib-2016-01/0072.html">ssh: CURLOPT_SSH_PUBLIC_KEYFILE now treats "" as NULL again</a>
 BGF <a href="https://curl.haxx.se/bug/?i=601">mbedtls: Fix pinned key return value on fail</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2016-01/0123.html">maketgz: generate date stamp with LC_TIME=C</a>
</ul>

<a name="7_46_0"></a>
SUBTITLE(Fixed in 7.46.0 - December 2 2015)
<p> Changes:
<ul class="changes">
 CHG configure: build silently by default
 CHG cookies: Add support for Publix Suffix List with libpsl
 CHG <a href="https://curl.haxx.se/bug/?i=496">vtls: added support for mbedTLS</a>
 CHG <a href="https://curl.haxx.se/libcurl/c/CURLOPT_STREAM_DEPENDS.html">Added CURLOPT_STREAM_DEPENDS</a>
 CHG <a href="https://curl.haxx.se/libcurl/c/CURLOPT_STREAM_DEPENDS_E.html">Added CURLOPT_STREAM_DEPENDS_E</a>
 CHG <a href="https://curl.haxx.se/libcurl/c/CURLOPT_STREAM_WEIGHT.html">Added CURLOPT_STREAM_WEIGHT</a>
 CHG <a href="https://curl.haxx.se/bug/?i=425">Added CURLFORM_CONTENTLEN</a>
 CHG oauth2: Added support for OAUTHBEARER SASL mechanism to IMAP, POP3 and SNMP
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF des: Fix header conditional for Curl_des_set_odd_parity
 BGF <a href="https://curl.haxx.se/bug/?i=478">ntlm: get rid of unconditional use of long long</a>
 BGF CURLOPT_CERTINFO.3: fix reference to CURLINFO_CERTINFO
 BGF <a href="https://curl.haxx.se/bug/?i=479">docs: CURLINFO_LASTSOCKET => CURLINFO_ACTIVESOCKET</a>
 BGF http2: Fix http2_recv to return -1 if recv returned -1
 BGF curl_global_init_mem: set function pointers before doing init
 BGF <a href="https://curl.haxx.se/bug/?i=478">ntlm: error out without 64bit support as the code needs it</a>
 BGF openssl: Fix set up of pkcs12 certificate verification chain
 BGF <a href="https://curl.haxx.se/mail/lib-2015-10/0035.html">acinclude: remove PKGCONFIG override</a>
 BGF test1531: case the size to fix the test on non-largefile builds
 BGF <a href="https://curl.haxx.se/bug/?i=346">fread_func: move callback pointer from set to state struct</a>
 BGF test1601: fix compilation with --enable-debug and --disable-crypto-auth
 BGF <a href="https://curl.haxx.se/bug/?i=493">http2: Don't pass uninitialized name+len pairs to nghttp2_submit_request</a>
 BGF curlbuild.h: Fix non-configure compiling to mips and sh4 targets
 BGF <a href="https://curl.haxx.se/bug/?i=452">tool: Generate easysrc with last cache linked-list</a>
 BGF cmake: Fix for add_subdirectory(curl) use-case
 BGF vtls: fix compiler warning for TLS backends without sha256
 BGF build: fix for MSDOS/djgpp
 BGF checksrc: add crude // detection
 BGF http2: on_frame_recv: trust the conn/data input
 BGF <a href="https://curl.haxx.se/bug/?i=480">ftp: allow CURLOPT_IGNORE_CONTENT_LENGTH to ignore size</a>
 BGF polarssl/mbedtls: fix name space pollution
 BGF <a href="https://github.com/curl/curl/pull/501">build: Fix mingw ssl gdi32 order</a>
 BGF build: Fix support for PKG_CONFIG
 BGF MacOSX-Framework: sdk regex fix for sdk 10.10 and later
 BGF socks: Fix incorrect port numbers in failed connect messages
 BGF curl.1: -E: s/private certificate/client certificate
 BGF <a href="https://curl.haxx.se/bug/?i=506">curl.h: s/HTTPPOST_/CURL_HTTPOST_</a>
 BGF <a href="https://curl.haxx.se/bug/?i=425">curl_formadd: support >2GB files on windows</a>
 BGF <a href="https://curl.haxx.se/bug/?i=473">http redirects: %-encode bytes outside of ascii range</a>
 BGF rawstr: Speed up Curl_raw_toupper by 40%
 BGF curl_ntlm_core: fix 2 curl_off_t constant overflows.
 BGF getinfo: CURLINFO_ACTIVESOCKET: fix bad socket value
 BGF tftp tests: verify sent options too
 BGF imap: Don't call imap_atom() when no mailbox specified in LIST command
 BGF imap: Fixed double quote in LIST command when mailbox contains spaces
 BGF <a href="https://curl.haxx.se/bug/?i=486">imap: Don't check for continuation when executing a CUSTOMREQUEST</a>
 BGF acinclude: Remove check for 16-bit curl_off_t
 BGF <a href="https://curl.haxx.se/bug/?i=524">BoringSSL: Work with stricter BIO_get_mem_data()</a>
 BGF <a href="https://curl.haxx.se/bug/?i=523">cmake: Add missing feature macros in config header</a>
 BGF <a href="https://curl.haxx.se/bug/?i=525">sasl_sspi: fixed unicode build for digest authentication</a>
 BGF sasl_sspi: fix identity memory leak in digest authentication
 BGF unit1602: Fixed failure in torture test
 BGF unit1603: Added unit tests for hash functions
 BGF vtls/openssl: remove unused traces of yassl ifdefs
 BGF openssl: remove #ifdefs for < 0.9.7 support
 BGF typecheck-gcc.h: add some missing options
 BGF curl: mark two more options strings for --libcurl output
 BGF <a href="https://curl.haxx.se/bug/?i=526">openssl: Free modules on cleanup</a>
 BGF CURLMOPT_PUSHFUNCTION.3: *_byname() returns only the first header
 BGF getconnectinfo: Don't call recv(2) if socket == -1
 BGF http2: http_done: don't free already-freed push headers
 BGF <a href="https://curl.haxx.se/bug/?i=532">zsh completion: Preserve single quotes in output</a>
 BGF os400: Provide options for libssh2 use in compile scripts.
 BGF <a href="https://curl.haxx.se/bug/?i=535">build: Fix theoretical infinite loops</a>
 BGF pop3: Differentiate between success and continuation responses
 BGF examples: Fixed compilation warnings
 BGF schannel: Use GetVersionEx() when VerifyVersionInfo() isn't available
 BGF CURLOPT_HEADERFUNCTION.3: fix typo
 BGF curl: expanded the -XHEAD warning text
 BGF <a href="https://curl.haxx.se/bug/?i=538">done: make sure the final progress update is made</a>
 BGF <a href="https://curl.haxx.se/bug/?i=534">build: Install zsh completion</a>
 BGF <a href="https://stackoverflow.com/questions/33903982/curl-timecond-none-doesnt-work-how-to-remove-if-modified-since-header">RTSP: do not add if-modified-since without timecondition</a>
 BGF curl: Fixed display of URL index in password prompt for --next
 BGF <a href="https://curl.haxx.se/mail/lib-2015-11/0088.html">nonblock: fix setting non-blocking mode for Amiga</a>
 BGF <a href="https://curl.haxx.se/bug/?i=530">http2 push: add missing inits of new stream</a>
 BGF http2: convert some verbose output into debug-only output
 BGF <a href="https://curl.haxx.se/bug/?i=546">Curl_read_plain: clean up ifdefs that break statements</a>
</ul>

<a name="7_45_0"></a>
SUBTITLE(Fixed in 7.45.0 - October 7 2015)
<p> Changes:
<ul class="changes">
 CHG <a href="https://curl.haxx.se/bug/?i=351">added CURLOPT_DEFAULT_PROTOCOL</a>
 CHG <a href="https://curl.haxx.se/bug/?i=351">added new tool option --proto-default</a>
 CHG getinfo: added CURLINFO_ACTIVESOCKET
 CHG turned CURLINFO_* option docs as stand-alone man pages
 CHG <a href="https://daniel.haxx.se/blog/2015/09/11/unnecessary-use-of-curl-x/">curl: point out unnecessary uses of -X in verbose mode</a>
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="https://curl.haxx.se/mail/lib-2015-08/0016.html">curl_global_init_mem.3: Stronger thread safety warning</a>
 BGF <a href="https://github.com/curl/curl/pull/379">buildconf.bat: Fixed issues when ran in directories with special chars</a>
 BGF cmake: Fix CurlTests check for gethostbyname_r with 5 arguments
 BGF generate.bat: Fixed issues when ran in directories with special chars
 BGF generate.bat: Only call buildconf.bat if it exists
 BGF generate.bat: Added support for generating only the prerequisite files
 BGF curl.1: Document weaknesses in SSLv2 and SSLv3
 BGF CURLOPT_HTTP_VERSION.3: connection re-use goes before version
 BGF docs: Update the redirect protocols disabled by default
 BGF inet_pton.c: Fix MSVC run-time check failure
 BGF CURLMOPT_PUSHFUNCTION.3: fix argument types
 BGF rtsp: support basic/digest authentication
 BGF rtsp: stop reading empty DESCRIBE responses
 BGF <a href="https://curl.haxx.se/bug/?i=388">travis: Upgrading to container based build</a>
 BGF travis.yml: Add OS X testbot
 BGF FTP: make state machine not get stuck in state
 BGF <a href="https://curl.haxx.se/bug/?i=392">openssl: handle lack of server cert when strict checking disabled</a>
 BGF <a href="https://android.googlesource.com/platform/external/curl/+/f551028d5caab">configure: change functions to detect openssl (clones)</a>
 BGF <a href="https://android.googlesource.com/platform/external/curl/+/f551028d5caab">configure: detect latest boringssl</a>
 BGF runtests: Allow for spaces in server-verify curl custom path
 BGF http2: on_frame_recv: get a proper 'conn' for the debug logging
 BGF ntlm: mark deliberate switch case fall-through
 BGF http2: remove dead code
 BGF <a href="https://curl.haxx.se/bug/?i=395">curl_easy_{escape,unescape}.3: "char *" vs. "const char *"</a>
 BGF curl: point out the conflicting HTTP methods if used
 BGF <a href="https://curl.haxx.se/bug/?i=399">cmake: added Windows SSL support</a>
 BGF curl_easy_{escape,setopt}.3: fix example
 BGF <a href="https://curl.haxx.se/bug/?i=398">curl_easy_escape.3: escape '\n'</a>
 BGF <a href="https://curl.haxx.se/bug/?i=402">libcurl.m4: Put braces around empty if body</a>
 BGF buildconf.bat: Fixed double blank line in 'curl manual' warning output
 BGF sasl: Only define Curl_sasl_digest_get_pair() when CRYPTO_AUTH enabled
 BGF inet_pton.c: Fix MSVC run-time check failure
 BGF CURLOPT_FOLLOWLOCATION.3: mention methods for redirects
 BGF <a href="https://curl.haxx.se/bug/?i=401">http2: don't pass on Connection: headers</a>
 BGF <a href="https://lists.fedoraproject.org/pipermail/devel/2015-September/214117.html">nss: do not directly access SSL_ImplementedCiphers</a>
 BGF docs: numerous cleanups and spelling fixes
 BGF <a href="https://curl.haxx.se/bug/?i=405">FTP: do_more: add check for wait_data_conn in upload case</a>
 BGF <a href="https://curl.haxx.se/bug/?i=415">parse_proxy: reject illegal port numbers</a>
 BGF <a href="https://curl.haxx.se/bug/?i=409">cmake: IPv6 : disable Unix header check on Windows platform</a>
 BGF winbuild: run buildconf.bat if necessary
 BGF buildconf.bat: fix syntax error
 BGF <a href="https://curl.haxx.se/bug/?i=411">curl_sspi: fix possibly undefined CRYPT_E_REVOKED</a>
 BGF <a href="https://bugzilla.mozilla.org/1202264">nss: prevent NSS from incorrectly re-using a session</a>
 BGF libcurl-errors.3: add two missing error codes
 BGF openssl: fix build with < 0.9.8
 BGF <a href="https://curl.haxx.se/bug/?i=427">openssl: refactor certificate parsing to use OpenSSL memory BIO</a>
 BGF <a href="https://curl.haxx.se/bug/?i=440">openldap: only part of LDAP query results received</a>
 BGF <a href="https://curl.haxx.se/bug/?i=410">ssl: add server cert's "sha256//" hash to verbose</a>
 BGF <a href="https://curl.haxx.se/bug/?i=435">NTLM: Reset auth-done when using a fresh connection</a>
 BGF <a href="https://curl.haxx.se/bug/?i=429">curl: generate easysrc only on --libcurl</a>
 BGF <a href="https://curl.haxx.se/bug/?i=380">tests: disable 1801 until fixed</a>
 BGF CURLINFO_TLS_SESSION: always return backend info
 BGF gnutls: Support CURLOPT_KEYPASSWD
 BGF gnutls: Report actual GnuTLS error message for certificate errors
 BGF tests: disable 1510 due to CI-problems on github
 BGF cmake: Put "winsock2.h" before "windows.h" during configure checks
 BGF cmake: Ensure discovered include dirs are considered
 BGF <a href="https://curl.haxx.se/bug/?i=456">configure: Add missing ')' for CURL_CHECK_OPTION_RT</a>
 BGF <a href="https://curl.haxx.se/bug/?i=457">build: fix failures with -Wcast-align and -Werror</a>
 BGF FTP: fix uploading ASCII with unknown size
 BGF readwrite_data: set a max number of loops
 BGF http2: avoid superfluous Curl_expire() calls
 BGF <a href="https://curl.haxx.se/mail/lib-2015-09/0097.html">http2: set TCP_NODELAY unconditionally</a>
 BGF docs: fix unescaped '\n' in man pages
 BGF <a href="https://curl.haxx.se/bug/?i=447">openssl: Fix algorithm init to make (gost) engines work</a>
 BGF win32: make recent Borland compilers use long long
 BGF runtests: Fix pid check in checkdied
 BGF <a href="https://curl.haxx.se/bug/?i=466">gopher: don't send NUL byte</a>
 BGF <a href="https://curl.haxx.se/bug/?i=469">tool_setopt: fix c_escape truncated octal</a>
 BGF <a href="https://curl.haxx.se/bug/?i=471">hiperfifo: fix the pointer passed to WRITEDATA</a>
 BGF <a href="https://curl.haxx.se/bug/?i=468">getinfo: Fix return code for unknown CURLINFO options</a>
</ul>

<a name="7_44_0"></a>
SUBTITLE(Fixed in 7.44.0 - August 12 2015)
<p> Changes:
<ul class="changes">
 CHG <a href="https://curl.haxx.se/libcurl/c/CURLMOPT_PUSHFUNCTION.html">http2: added CURLMOPT_PUSHFUNCTION and CURLMOPT_PUSHDATA</a>
 CHG <a href="https://curl.haxx.se/libcurl/c/http2-serverpush.html">examples: added http2-serverpush.c</a>
 CHG http2: added curl_pushheader_byname() and curl_pushheader_bynum()
 CHG <a href="https://github.com/curl/curl/blob/master/docs/CODE_OF_CONDUCT.md">docs: added CODE_OF_CONDUCT.md</a>
 CHG <a href="https://github.com/curl/curl/issues/264">curl: Add --ssl-no-revoke to disable certificate revocation checks</a>
 CHG <a href="https://curl.haxx.se/libcurl/c/CURLOPT_SSL_OPTIONS.html">libcurl: New value CURLSSLOPT_NO_REVOKE for CURLOPT_SSL_OPTIONS</a>
 CHG makefile: Added support for VC14
 CHG build: Added Visual Studio 2015 (VC14) project files
 CHG <a href="https://github.com/curl/curl/pull/174">build: Added wolfSSL configurations to VC10+ project files</a>
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="https://github.com/curl/curl/issues/278">FTP: fix HTTP CONNECT logic regression</a>
 BGF openssl: Fix build with openssl < ~ 0.9.8f
 BGF openssl: fix build with BoringSSL
 BGF curl_easy_setopt.3: option order doesn't matter
 BGF <a href="https://github.com/curl/curl/issues/318">openssl: fix use of uninitialized buffer</a>
 BGF RTSP: removed dead code
 BGF Makefile.m32: add support for CURL_LDFLAG_EXTRAS
 BGF curl: always provide negotiate/kerberos options
 BGF cookie: Fix bug in export if any-domain cookie is present
 BGF curl_easy_setopt.3: mention CURLOPT_PIPEWAIT
 BGF INSTALL: Advise use of non-native SSL for Windows <= XP
 BGF tool_help: fix --tlsv1 help text to use >= for TLSv1
 BGF <a href="https://curl.haxx.se/mail/lib-2015-06/0122.html">HTTP: POSTFIELDSIZE set after added to multi handle</a>
 BGF SSL-PROBLEMS: mention WinSSL problems in WinXP
 BGF setup-vms.h: Symbol case fixups
 BGF SSL: Pinned public key hash support
 BGF libtest: call PR_Cleanup() on exit if NSPR is used
 BGF ntlm_wb: Fix theoretical memory leak
 BGF runtests: Allow for spaces in curl custom path
 BGF http2: add stream != NULL checks for reliability
 BGF schannel: Replace deprecated GetVersion with VerifyVersionInfo
 BGF http2: verify success of strchr() in http2_send()
 BGF configure: add --disable-rt option
 BGF openssl: work around MSVC warning
 BGF HTTP: ignore "Content-Encoding: compress"
 BGF configure: check if OpenSSL linking wants -ldl
 BGF build-openssl.bat: Show syntax if required args are missing
 BGF test1902: attempt to make the test more reliable
 BGF libcurl-thread.3: Consolidate thread safety info
 BGF maketgz: Fixed some VC makefiles missing from the release tarball
 BGF <a href="https://github.com/curl/curl/issues/356">libcurl-multi.3: mention curl_multi_wait</a>
 BGF ABI doc: use secure URL
 BGF <a href="https://bugzilla.redhat.com/1248389">http: move HTTP/2 cleanup code off http_disconnect()</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2015-07/0149.html">libcurl-thread.3: Warn memory functions must be thread safe</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2015-07/0149.html">curl_global_init_mem.3: Warn threaded resolver needs thread safe funcs</a>
 BGF <a href="https://curl.haxx.se/bug/?i=360">docs: formpost needs the full size at start of upload</a>
 BGF curl_gssapi: remove 'const' to fix compiler warnings
 BGF <a href="https://curl.haxx.se/bug/?i=357">SSH: three state machine fixups</a>
 BGF <a href="https://github.com/curl/curl/issues/361">libcurl.3: fix a single typo</a>
 BGF generate.bat: Only clean prerequisite files when in ALL mode
 BGF curl_slist_append.3: add error checking to the example
 BGF buildconf.bat: Added support for file clean-up via -clean
 BGF generate.bat: Use buildconf.bat for prerequisite file clean-up
 BGF <a href="https://github.com/curl/curl/issues/363">NTLM: handle auth for only a single request</a>
 BGF <a href="https://github.com/curl/curl/issues/366">curl_multi_remove_handle.3: fix formatting</a>
 BGF checksrc.bat: Fixed error when [directory] isn't a curl source directory
 BGF checksrc.bat: Fixed error when missing *.c and *.h files
 BGF <a href="https://curl.haxx.se/mail/lib-2015-08/0019.html">CURLOPT_RESOLVE.3: Note removal support was added in 7.42</a>
 BGF test46: update cookie expire time
 BGF <a href="https://curl.haxx.se/bug/?i=359">SFTP: fix range request off-by-one in size check</a>
 BGF <a href="https://curl.haxx.se/bug/?i=370">CMake: fix GSSAPI builds</a>
 BGF <a href="https://curl.haxx.se/bug/?i=371">build: refer to fixed libidn versions</a>
 BGF <a href="https://curl.haxx.se/bug/?i=372">http2: discard frames with no SessionHandle</a>
 BGF curl_easy_recv.3: fix formatting
 BGF <a href="https://curl.haxx.se/bug/?i=374">libcurl-tutorial.3: fix formatting</a>
 BGF <a href="https://curl.haxx.se/bug/?i=375">curl_formget.3: correct return code</a>
</ul>

<a name="7_43_0"></a>
SUBTITLE(Fixed in 7.43.0 - June 17 2015)
<p> Changes:
<ul class="changes">
 CHG <a href="https://curl.haxx.se/libcurl/c/CURLOPT_PROXY_SERVICE_NAME.html">Added CURLOPT_PROXY_SERVICE_NAME</a>
 CHG <a href="https://curl.haxx.se/libcurl/c/CURLOPT_SERVICE_NAME.html">Added CURLOPT_SERVICE_NAME</a>
 CHG <a href="https://curl.haxx.se/docs/manpage.html#--proxy-service-name">New curl option: --proxy-service-name</a>
 CHG <a href="https://curl.haxx.se/docs/manpage.html#--service-name">New curl option: --service-name</a>
 CHG <a href="https://github.com/curl/curl/issues/198">New curl option: --data-raw</a>
 CHG <a href="https://curl.haxx.se/libcurl/c/CURLOPT_PIPEWAIT.html">Added CURLOPT_PIPEWAIT</a>
 CHG <a href="https://curl.haxx.se/libcurl/c/CURLMOPT_PIPELINING.html">Added support for multiplexing transfers using HTTP/2, enable this with the new CURLPIPE_MULTIPLEX bit for CURLMOPT_PIPELINING</a>
 CHG HTTP/2: requires nghttp2 1.0.0 or later
 CHG scripts: add zsh.pl for generating zsh completion
 CHG curl.h: add CURL_HTTP_VERSION_2
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="https://curl.haxx.se/docs/CVE-2015-3236.html">CVE-2015-3236: lingering HTTP credentials in connection re-use</a>
 BGF <a href="https://curl.haxx.se/docs/CVE-2015-3237.html">CVE-2015-3237: SMB send off unrelated memory contents</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2015-04/0095.html">nss: fix compilation failure with old versions of NSS</a>
 BGF curl_easy_getinfo.3: document 'internals' in CURLINFO_TLS_SESSION
 BGF schannel.c: Fix possible SEC_E_BUFFER_TOO_SMALL error
 BGF <a href="https://github.com/curl/curl/pull/206">Curl_ossl_init: load builtin modules</a>
 BGF <a href="https://github.com/curl/curl/commit/5b668606527613179d0349f21b4ab0df2971e3d2#commitcomment-10473445">configure: follow-up fix for krb5-config</a>
 BGF <a href="https://github.com/curl/curl/pull/141">sasl_sspi: Populate domain from the realm in the challenge</a>
 BGF netrc: support 'default' token
 BGF README: convert to UTF-8
 BGF cyassl: Implement public key pinning
 BGF nss: implement public key pinning for NSS backend
 BGF mingw build: add arch -m32/-m64 to LDFLAGS
 BGF <a href="https://curl.haxx.se/mail/lib-2015-04/0199.html">schannel: Fix out of bounds array</a>
 BGF configure: remove autogenerated files by autoconf
 BGF configure: remove --automake from libtoolize call
 BGF acinclude.m4: fix shell test for default CA cert bundle/path
 BGF <a href="https://github.com/curl/curl/issues/244">schannel: fix regression in schannel_recv</a>
 BGF <a href="https://github.com/curl/curl/issues/219">openssl: skip trace outputs for ssl_ver == 0</a>
 BGF gnutls: properly retrieve certificate status
 BGF <a href="https://github.com/curl/curl/pull/258">netrc: Read in text mode when cygwin</a>
 BGF <a href="https://github.com/curl/curl/issues/254">winbuild: Document the option used to statically link the CRT</a>
 BGF FTP: Make EPSV use the control IP address rather than the original host
 BGF FTP: fix dangling conn->ip_addr dereference on verbose EPSV
 BGF conncache: keep bundles on host+port bases, not only host names
 BGF runtests.pl: use 'h2c' now, no -14 anymore
 BGF curlver: introducing new version number (checking) macros
 BGF <a href="https://github.com/curl/curl/issues/275">openssl: boringssl build brekage, use SSL_CTX_set_msg_callback</a>
 BGF <a href="https://github.com/curl/curl/issues/281">CURLOPT_POSTFIELDS.3: correct variable names</a>
 BGF <a href="https://github.com/curl/curl/issues/282">curl_easy_unescape.3: update RFC reference</a>
 BGF gnutls: don't fail on non-fatal alerts during handshake
 BGF testcurl.pl: allow source to be in an arbitrary directory
 BGF CURLOPT_HTTPPROXYTUNNEL.3: only works with a HTTP proxy
 BGF <a href="https://github.com/curl/curl/issues/267">SSPI-error: Change SEC_E_ILLEGAL_MESSAGE description</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2015-05/0056.html">parse_proxy: switch off tunneling if non-HTTP proxy</a>
 BGF share_init: fix OOM crash
 BGF perl: remove subdir, not touched in 9 years
 BGF CURLOPT_COOKIELIST.3: Add example
 BGF <a href="https://curl.haxx.se/mail/lib-2015-05/0115.html">CURLOPT_COOKIE.3: Explain that the cookies won't be modified</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2015-05/0137.html">CURLOPT_COOKIELIST.3: Explain Set-Cookie without a domain</a>
 BGF FAQ: How do I port libcurl to my OS?
 BGF openssl: Use TLS_client_method for OpenSSL 1.1.0+
 BGF <a href="https://github.com/curl/curl/issues/256">HTTP-NTLM: fail auth on connection close instead of looping</a>
 BGF <a href="https://github.com/curl/curl/pull/258#issuecomment-107093055">curl_setup: Add macros for FOPEN_READTEXT, FOPEN_WRITETEXT</a>
 BGF curl_getdate.3: update RFC reference
 BGF curl_multi_info_read.3: added example
 BGF curl_multi_perform.3: added example
 BGF curl_multi_timeout.3: added example
 BGF <a href="https://github.com/curl/curl/issues/292">cookie: Stop exporting any-domain cookies</a>
 BGF openssl: remove dummy callback use from SSL_CTX_set_verify()
 BGF openssl: remove SSL_get_session()-using code
 BGF openssl: removed USERDATA_IN_PWD_CALLBACK kludge
 BGF openssl: removed error string #ifdef
 BGF <a href="https://rt.openssl.org/Ticket/Display.html?id=3621&user=guest&pass=guest">openssl: Fix verification of server-sent legacy intermediates</a>
 BGF docs: man page indentation and syntax fixes
 BGF docs: Spelling fixes
 BGF fopen.c: fix a few compiler warnings
 BGF <a href="https://curl.haxx.se/mail/lib-2015-06/0047.html">CURLOPT_OPENSOCKETFUNCTION: return error at once</a>
 BGF schannel: Add support for optional client certificates
 BGF build: Properly detect OpenSSL 1.0.2 when using configure
 BGF <a href="https://curl.haxx.se/mail/lib-2015-06/0019.html">urldata: store POST size in state.infilesize too</a>
 BGF security:choose_mech remove dead code
 BGF rtsp_do: remove dead code
 BGF docs: many HTTP URIs changed to HTTPS
 BGF <a href="https://github.com/curl/curl/issues/244">schannel: schannel_recv overhaul</a>
</ul>

<a name="7_42_1"></a>
SUBTITLE(Fixed in 7.42.1 - April 29 2015)
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="https://curl.haxx.se/docs/CVE-2015-3153.html">CURLOPT_HEADEROPT: default to separate</a>
 BGF <a href="https://curl.haxx.se/mail/archive-2015-04/0046.html">dist: include {src,lib}/checksrc.whitelist</a>
 BGF <a href="https://curl.haxx.se/bug/?i=231">connectionexists: fix build without NTLM</a>
 BGF docs: distribute the <a href="/libcurl/c/CURLOPT_PINNEDPUBLICKEY.html">CURLOPT_PINNEDPUBLICKEY</a> man page, too
 BGF <a href="https://github.com/curl/curl/issues/237">curl -z: do not write empty file on unmet condition</a>
 BGF <a href="https://github.com/curl/curl/issues/235">openssl: fix serial number output</a>
 BGF <a href="https://curl.haxx.se/libcurl/c/curl_easy_getinfo.html">curl_easy_getinfo.3</a>: document 'internals' in CURLINFO_TLS_SESSION
 BGF sws: init http2 state properly
 BGF curl.1: fix typo
</ul>

<a name="7_42_0"></a>
SUBTITLE(Fixed in 7.42.0 - April 22 2015)
<p> Changes:
<ul class="changes">
 CHG openssl: show the cipher selection to use in verbose text
 CHG gtls: implement <a href="https://curl.haxx.se/libcurl/c/CURLOPT_CERTINFO.html">CURLOPT_CERTINFO</a>
 CHG add <a href="https://curl.haxx.se/libcurl/c/CURLOPT_SSL_FALSESTART.html">CURLOPT_SSL_FALSESTART</a> option (darwinssl and NSS)
 CHG curl: add <a href="https://curl.haxx.se/docs/manpage.html#--false-start">--false-start</a> option
 CHG add <a href="https://curl.haxx.se/libcurl/c/CURLOPT_PATH_AS_IS.html">CURLOPT_PATH_AS_IS</a>
 CHG curl: add <a href="curl.haxx.se/docs/manpage.html#--path-as-is">--path-as-is</a> option
 CHG <a href="https://curl.haxx.se/bug/?i=183">curl: create output file on successful download of an empty file</a>
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="https://curl.haxx.se/docs/CVE-2015-3143.html">ConnectionExists: for NTLM re-use, require credentials to match</a>
 BGF <a href="https://curl.haxx.se/docs/CVE-2015-3145.html">cookie: cookie parser out of boundary memory access</a>
 BGF <a href="https://curl.haxx.se/docs/CVE-2015-3144.html">fix_hostname: zero length host name caused -1 index offset</a>
 BGF <a href="https://curl.haxx.se/docs/CVE-2015-3148.html">http_done: close Negotiate connections when done</a>
 BGF sws: timeout idle CONNECT connections
 BGF nss: improve error handling in Curl_nss_random()
 BGF nss: do not skip Curl_nss_seed() if data is NULL
 BGF curl-config.in: eliminate double quotes around CURL_CA_BUNDLE
 BGF http2: move lots of verbose output to be debug-only
 BGF dist: add extern-scan.pl to the tarball
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1487">http2: return recv error on unexpected EOF</a>
 BGF build: Use default RandomizedBaseAddress directive in VC9+ project files
 BGF build: Removed DataExecutionPrevention directive from VC9+ project files
 BGF tool: Updated the warnf() function to use the GlobalConfig structure
 BGF http2: Return error if stream was closed with other than NO_ERROR
 BGF mprintf.h: remove #ifdef CURLDEBUG
 BGF <a href="https://curl.haxx.se/bug/?i=144">libtest: fixed linker errors on msvc</a>
 BGF tool: use ENABLE_CURLX_PRINTF instead of _MPRINTF_REPLACE
 BGF curl.1: fix "The the" typo
 BGF cmake: handle build definitions CURLDEBUG/DEBUGBUILD
 BGF openssl: remove all uses of USE_SSLEAY
 BGF <a href="https://curl.haxx.se/bug/?i=147">multi: fix memory-leak on timeout (regression)</a>
 BGF curl_easy_setopt.3: added <a href="https://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYSTATUS.html">CURLOPT_SSL_VERIFYSTATUS</a>
 BGF <a href="https://curl.haxx.se/bug/?i=150">metalink: add some error checks</a>
 BGF TLS: make it possible to enable ALPN/NPN without HTTP/2
 BGF http2: use CURL_HTTP_VERSION_* symbols instead of NPN_*
 BGF conncontrol: only log changes to the connection bit
 BGF <a href="https://curl.haxx.se/mail/lib-2015-01/0170.html">multi: fix *getsock() with CONNECT</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2015-03/0052.html">symbols.pl: handle '-' in the deprecated field</a>
 BGF <a href="https://curl.haxx.se/bug/?i=157">MacOSX-Framework: use @rpath instead of @executable_path</a>
 BGF GnuTLS: add support for CURLOPT_CAPATH
 BGF GnuTLS: print negotiated TLS version and full cipher suite name
 BGF GnuTLS: don't print double newline after certificate dates
 BGF memanalyze.pl: handle free(NULL)
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1492">proxy: re-use proxy connections (regression)</a>
 BGF mk-ca-bundle: Don't report SHA1 numbers with "-q"
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1491">http: always send Host: header as first header</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1487">openssl: sort ciphers to use based on strength</a>
 BGF openssl: use colons properly in the ciphers list
 BGF <a href="https://curl.haxx.se/bug/?i=166">http2: detect premature close without data transferred</a>
 BGF hostip: Fix signal race in Curl_resolv_timeout
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1493">closesocket: call multi socket cb on close even with custom close</a>
 BGF mksymbolsmanpage.pl: use std header and generate better nroff header
 BGF <a href="https://curl.haxx.se/bug/?i=168">connect: Fix happy eyeballs logic for IPv4-only builds</a>
 BGF curl_easy_perform.3: remove superfluous close brace from example
 BGF <a href="https://curl.haxx.se/bug/?i=169">HTTP: don't use Expect: headers when on HTTP/2</a>
 BGF Curl_sh_entry: remove unused 'timestamp'
 BGF docs/libcurl: makefile portability fix
 BGF mkhelp: Remove trailing carriage return from every line of input
 BGF nss: explicitly tell NSS to disable NPN/ALPN when libcurl disables it
 BGF curl_easy_setopt.3: added a few missing options
 BGF metalink: fix resource leak in OOM
 BGF axtls: version 1.5.2 now requires that config.h be manually included
 BGF HTTP: don't switch to HTTP/2 from 1.1 until we get the 101
 BGF cyassl: detect the library as renamed wolfssl
 BGF <a href="https://curl.haxx.se/libcurl/c/CURLOPT_HTTPHEADER.html">CURLOPT_HTTPHEADER</a>.3: add a "SECURITY CONCERNS" section
 BGF <a href="https://curl.haxx.se/libcurl/c/CURLOPT_URL.html">CURLOPT_URL</a>.3: Added SECURITY CONCERNS
 BGF openssl: try to avoid accessing OCSP structs when possible
 BGF test938: added missing closing tags
 BGF testcurl: Allow '=' in values given on command line
 BGF tests/certs: added make target to rebuild certificates
 BGF tests/certs: rebuild certificates with modified key usage bits
 BGF gtls: avoid uninitialized variable
 BGF gtls: dereferencing NULL pointer
 BGF gtls: add check of return code
 BGF test1513: eliminated race condition in test run
 BGF dict: rename byte to avoid compiler shadowed declaration warning
 BGF <a href="https://curl.haxx.se/libcurl/c/curl_easy_recv.html">curl_easy_recv</a>/<a href="https://curl.haxx.se/libcurl/c/curl_easy_send.html">send</a>: make them work with the multi interface
 BGF vtls: fix compile with --disable-crypto-auth but with SSL
 BGF openssl: adapt to ASN1/X509 things gone opaque in 1.1
 BGF <a href="https://curl.haxx.se/mail/lib-2015-03/0205.html">openssl: verifystatus: only use the OCSP work-around <= 1.0.2a</a>
 BGF curl_memory: make curl_memory.h the second-last header file loaded
 BGF testcurl.pl: add the --notes option to supply more info about a build
 BGF cyassl: If wolfSSL then identify as such in version string
 BGF cyassl: Check for invalid length parameter in Curl_cyassl_random
 BGF cyassl: default to highest possible TLS version
 BGF Curl_ssl_md5sum: return CURLcode (fixes OOM)
 BGF polarssl: remove dead code
 BGF polarssl: called mbedTLS in 1.3.10 and later
 BGF globbing: fix step parsing for character globbing ranges
 BGF globbing: fix url number calculation when using range with step
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1465">multi: on a request completion, check all CONNECT_PEND transfers</a>
 BGF build: link curl to openssl libraries when openssl support is enabled
 BGF url: Don't accept CURLOPT_SSLVERSION unless USE_SSL is defined
 BGF vtls: Don't accept unknown CURLOPT_SSLVERSION values
 BGF build: Fix libcurl.sln erroneous mixed configurations
 BGF cyassl: remove undefined reference to CyaSSL_no_filesystem_verify
 BGF cyassl: add SSL context callback support for CyaSSL
 BGF tool: only set SSL options if SSL is enabled
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1465">multi: remove_handle: move pending connections</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1486">configure: Use KRB5CONFIG for krb5-config</a>
 BGF axtls: add timeout within Curl_axtls_connect
 BGF <a href="https://curl.haxx.se/libcurl/c/CURLOPT_HTTP200ALIASES.html">CURLOPT_HTTP200ALIASES</a>.3: Mainly SHOUTcast servers use "ICY 200"
 BGF cyassl: Fix library initialization return value
 BGF <a href="https://curl.haxx.se/bug/?i=195">cookie: handle spaces after the name in Set-Cookie</a>
 BGF <a href="https://curl.haxx.se/bug/?i=192">http2: Fix missing nghttp2_session_send call in Curl_http2_switched</a>
 BGF cyassl: Fix certificate load check
 BGF build-openssl.bat: Fix mixed line endings
 BGF checksrc.bat: Check lib\vtls source
 BGF DNS: fix refreshing of obsolete dns cache entries
 BGF <a href="https://curl.haxx.se/libcurl/c/CURLOPT_RESOLVE.html">CURLOPT_RESOLVE</a>: actually implement removals
 BGF checksrc.bat: quotes to support an SRC_DIR with spaces
 BGF cyassl: Remove 'Connecting to' message from cyassl_connect_step2
 BGF cyassl: Use CYASSL_MAX_ERROR_SZ for error buffer size
 BGF lib/transfer.c: Remove factor of 8 from sleep time calculation
 BGF lib/makefile.m32: add missing libs to build libcurl.dll
 BGF build: Generate source prerequisites for Visual Studio in generate.bat
 BGF cyassl: Include the CyaSSL build config
 BGF firefox-db2pem: fix wildcard to find Firefox default profile
 BGF BUGS: refer to the github issue tracker now as primary
 BGF vtls_openssl: improve several certificate error messages
 BGF cyassl: Add support for TLS extension SNI
 BGF parsecfg: do not continue past a zero termination
 BGF <a href="https://curl.haxx.se/bug/?i=171">configure --with-nss=PATH: query pkg-config if available</a>
 BGF configure --with-nss: drop redundant if statement
 BGF <a href="https://curl.haxx.se/mail/lib-2015-04/0069.html">cyassl: Fix include order</a>
 BGF <a href="https://curl.haxx.se/bug/?i=223">HTTP: fix PUT regression with Negotiate</a>
 BGF <a href="https://curl.haxx.se/bug/?i=225">curl_version_info.3: fixed the 'protocols' variable type</a>
</ul>

<a name="7_41_0"></a>
SUBTITLE(Fixed in 7.41.0 - February 25 2015)
<p> Changes:
<ul class="changes">
 CHG NetWare build: added TLS-SRP enabled build
 CHG winbuild: Added option to build with c-ares
 CHG <a href="https://curl.haxx.se/docs/manpage.html#--cert-status">Added --cert-status</a>
 CHG <a href="https://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYSTATUS.html">Added CURLOPT_SSL_VERIFYSTATUS</a>
 CHG sasl: implement EXTERNAL authentication mechanism
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1469">sasl_gssapi: Fixed build on NetBSD with built-in GSS-API</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1468">FTP: fix IPv6 host using link-local address</a>
 BGF FTP: if EPSV fails on IPV6 connections, bail out
 BGF gssapi: Remove need for duplicated GSS_C_NT_HOSTBASED_SERVICE definitions
 BGF NSS: fix compiler error when built http2-enabled
 BGF <a href="https://curl.haxx.se/bug/?i=136">mingw build: allow to pass custom CFLAGS</a>
 BGF <a href="https://curl.haxx.se/bug/?i=134">add -m64 CFLAGS when targeting mingw64, add -m32/-m64 to LDFLAGS</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2015-01/0036.html">curl_schannel.c: mark session as removed from cache if not freed</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2015-01/0065.html">Curl_pretransfer: reset expected transfer sizes</a>
 BGF <a href="https://curl.haxx.se/bug/?i=137">curl.h: remove extra space</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2015-01/0094.html">curl_endian: Fixed build when 64-bit integers are not supported</a>
 BGF checksrc.bat: Better detection of Perl installation
 BGF build-openssl.bat: Added check for Perl installation
 BGF http_negotiate: Return CURLcode in Curl_input_negotiate() instead of int
 BGF http_negotiate: Added empty decoded challenge message info text
 BGF vtls: Removed unimplemented overrides of curlssl_close_all()
 BGF sasl_gssapi: Fixed memory leak with local SPN variable
 BGF http_negotiate: Use dynamic buffer for SPN generation
 BGF ldap: Renamed the CURL_LDAP_WIN definition to USE_WIN32_LDAP
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1471">openssl: do public key pinning check independently</a>
 BGF timeval: typecast for better type (on Amiga)
 BGF ipv6: enclose AF_INET6 uses with proper #ifdefs for ipv6
 BGF SASL: common URL option and auth capabilities decoders for all protocols
 BGF BoringSSL: fix build
 BGF BoringSSL: detected by configure, switches off NTLM
 BGF openvms: Handle openssl/0.8.9zb version parsing
 BGF configure: detect libresssl
 BGF configure: remove detection of the old yassl emulation API
 BGF curl_setup: Disable SMB/CIFS support when HTTP only
 BGF imap: remove automatic password setting: it breaks external sasl authentication
 BGF sasl: remove XOAUTH2 from default enabled authentication mechanism
 BGF runtests: identify BoringSSL and libressl
 BGF security: avoid compiler warning
 BGF ldap: build with BoringSSL
 BGF des: Added Curl_des_set_odd_parity()
 BGF CURLOPT_SEEKFUNCTION.3: also when server closes a connection
 BGF CURLOPT_HTTP_VERSION.3: CURL_HTTP_VERSION_2_0 added in 7.33.0
 BGF build: Removed unused Visual Studio bscmake settings
 BGF build: Enabled DEBUGBUILD in Visual Studio debug builds
 BGF build: Renamed top level Visual Studio solution files
 BGF build: Removed Visual Studio SuppressStartupBanner directive for VC8+
 BGF libcurl-symbols: first basic shot for autogenerated docs
 BGF Makefile.am: fix 'make distcheck'
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1476">getpass_r: read from stdin, not stdout!</a>
 BGF getpass: protect include with proper #ifdef
 BGF opts: CURLOPT_CAINFO availability depends on SSL engine
 BGF more cleanup of 'CURLcode result' return code
 BGF MD4: replace implementation
 BGF MD5: replace implementation
 BGF <a href="https://curl.haxx.se/mail/lib-2015-02/0034.html">openssl: SSL_SESSION->ssl_version no longer exist</a>
 BGF md5: use axTLS's own MD5 functions when available
 BGF schannel: Removed curl_ prefix from source files
 BGF curl.1: add warning when using -H and redirects
 BGF curl.1: clarify that -X is used for all requests
 BGF gskit: Fix exclusive SSLv3 option
 BGF <a href="https://curl.haxx.se/mail/lib-2015-01/0002.html">polarssl: Fix exclusive SSL protocol version options</a>
 BGF http2: Fix bug that associated stream canceled on PUSH_PROMISE
 BGF ftp: accept all 2xx responses to the PORT command
 BGF <a href="https://curl.haxx.se/bug/?i=139">configure: allow both --with-ca-bundle and --with-ca-path</a>
 BGF cmake: install the dll file to the correct directory
 BGF nss: fix NPN/ALPN protocol negotiation
 BGF polarssl: fix ALPN protocol negotiation
 BGF cmake: Fix generation of tool_hugehelp.c on windows
 BGF cmake: fix winsock2 detection on windows
 BGF gnutls: fix build with HTTP2
 BGF <a href="https://bugzilla.redhat.com/1187531">connect: fix a spurious connect failure on dual-stacked hosts</a>
 BGF test: test 530 is now less timing dependent
 BGF telnet: invalid use of custom read function if not set
</ul>

<a name="7_40_0"></a>
SUBTITLE(Fixed in 7.40.0 - January 8 2015)
<p> Changes:
<ul class="changes">
 CHG http_digest: Added support for Windows SSPI based authentication
 CHG version info: Added Kerberos V5 to the supported features
 CHG Makefile: Added VC targets for WinIDN
 CHG config-win32: Introduce build targets for VS2012+
 CHG SSL: Add PEM format support for public key pinning
 CHG <a href="https://curl.haxx.se/bug/view.cgi?id=1456">smtp: Added support for the conversion of Unix newlines during mail send</a>
 CHG smb: Added initial support for the SMB/CIFS protocol
 CHG Added support for HTTP over unix domain sockets, via
   CURLOPT_UNIX_SOCKET_PATH and --unix-socket
 CHG sasl: Added support for GSS-API based Kerberos V5 authentication
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="https://curl.haxx.se/docs/CVE-2014-8151.html">darwinssl: fix session ID keys to only reuse identical sessions</a>
 BGF <a href="https://curl.haxx.se/docs/CVE-2014-8150.html">url-parsing: reject CRLFs within URLs</a>
 BGF OS400: Adjust specific support to last release
 BGF THANKS: Remove duplicate names
 BGF url.c: Fixed compilation warning
 BGF <a href="https://curl.haxx.se/mail/lib-2014-11/0035.html">ssh: Fixed build on platforms where R_OK is not defined</a>
 BGF tool_strdup.c: include the tool strdup.h
 BGF build: Fixed Visual Studio project file generation of strdup.[c|h]
 BGF <a href="https://curl.haxx.se/mail/lib-2014-11/0078.html">curl_easy_setopt.3: add CURLOPT_PINNEDPUBLICKEY</a>
 BGF curl.1: show zone index use in a URL
 BGF mk-ca-bundle.vbs: switch to new certdata.txt url
 BGF Makefile.dist: Added some missing SSPI configurations
 BGF build: Fixed no NTLM support for email when CURL_DISABLE_HTTP is defined
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1448">SSH: use the port number as well for known_known checks</a>
 BGF libssh2: detect features based on version, not configure checks
 BGF <a href="https://github.com/tatsuhiro-t/nghttp2/issues/103">http2: Deal with HTTP/2 data inside Upgrade response header buffer</a>
 BGF multi: removed Curl_multi_set_easy_connection
 BGF symbol-scan.pl: do not require autotools
 BGF cmake: add ENABLE_THREADED_RESOLVER, rename ARES
 BGF cmake: build libhostname for test suite
 BGF cmake: fix HAVE_GETHOSTNAME definition
 BGF tests: fix libhostname visibility
 BGF tests: fix memleak in server/resolve.c
 BGF vtls.h: Fixed compiler warning when compiled without SSL
 BGF CMake: Restore order-dependent header checks
 BGF CMake: Restore order-dependent library checks
 BGF tool: Removed krb4 from the supported features
 BGF http2: Don't send Upgrade headers when we already do HTTP/2
 BGF <a href="https://curl.haxx.se/mail/lib-2014-11/0221.html">examples: Don't call select() to sleep on windows</a>
 BGF <a href="https://sourceforge.net/p/curl/feature-requests/82/">win32: Updated some legacy APIs to use the newer extended versions</a>
 BGF easy.c: Fixed compilation warning when no verbose string support
 BGF connect.c: Fixed compilation warning when no verbose string support
 BGF build: in Makefile.m32 pass -F flag to windres
 BGF build: in Makefile.m32 add -m32 flag for 32bit
 BGF multi: when leaving for timeout, close accordingly
 BGF CMake: Simplify if() conditions on check result variables
 BGF build: in Makefile.m32 try to detect 64bit target
 BGF multi: inform about closed sockets before they are closed
 BGF multi-uv.c: close the file handle after download
 BGF examples: Wait recommended 100ms when no file descriptors are ready
 BGF ntlm: Split the SSPI based messaging code from the native messaging code
 BGF cmake: fix NTLM detection when CURL_DISABLE_HTTP defined
 BGF cmake: add Kerberos to the supported feature
 BGF CURLOPT_POSTFIELDS.3: mention the COPYPOSTFIELDS option
 BGF http: Disable pipelining for HTTP/2 and upgraded connections
 BGF ntlm: Fixed static'ness of local decode function
 BGF sasl: Reduced the need for two sets of NTLM messaging functions
 BGF multi.c: Fixed compilation warnings when no verbose string support
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1455">select.c: fix compilation for VxWorks</a>
 BGF multi-single.c: switch to use curl_multi_wait
 BGF curl_multi_wait.3: clarify numfds being used if not NULL
 BGF http.c: Fixed compilation warnings from features being disabled
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1457">NSS: enable the CAPATH option</a>
 BGF docs: Fix FAILONERROR typos
 BGF HTTP: don't abort connections with pending Negotiate authentication
 BGF HTTP: Free (proxy)userpwd for NTLM/Negotiate after sending a request
 BGF http_perhapsrewind: don't abort CONNECT requests
 BGF build: updated dependencies in makefiles
 BGF multi.c: Fixed compilation warning
 BGF ftp.c: Fixed compilation warnings when proxy support disabled
 BGF get_url_file_name: Fixed crash on OOM on debug build
 BGF cookie.c: Refactored cleanup code to simplify
 BGF OS400: enable NTLM authentication
 BGF ntlm: Use Windows Crypt API
 BGF http2: avoid logging neg "failure" if h2 was not requested
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1462">schannel_recv: return the correct code</a>
 BGF VC build: added sspi define for winssl-zlib builds
 BGF Curl_client_write(): chop long data, convert data only once
 BGF openldap: do not ignore Curl_client_write() return code
 BGF ldap: check Curl_client_write() return codes
 BGF parsedate.c: Fixed compilation warning
 BGF url.c: Fixed compilation warning when USE_NTLM is not defined
 BGF <a href="https://curl.haxx.se/mail/lib-2014-12/0089.html">ntlm_wb_response: fix "statement not reached"</a>
 BGF telnet: fix "cast increases required alignment of target type"
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1456">smtp: Fixed dot stuffing when EOL characters at end of input buffers</a>
 BGF ntlm: Allow NTLM2Session messages when USE_NTRESPONSES manually defined
 BGF ntlm: Disable NTLM v2 when 64-bit integers are not supported
 BGF ntlm: Use short integer when decoding 16-bit values
 BGF ftp.c: Fixed compilation warning when no verbose string support
 BGF synctime.c: fixed timeserver URLs
 BGF mk-ca-bundle.pl: restored forced run again
 BGF ntlm: Fixed return code for bad type-2 Target Info
 BGF curl_schannel.c: Data may be available before connection shutdown
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1450">curl_schannel: Improvements to memory re-allocation strategy</a>
 BGF darwinssl: aprintf() to allocate the session key
 BGF tool_util.c: Use GetTickCount64 if it is available
 BGF lib: Fixed multiple code analysis warnings if SAL are available
 BGF tool_binmode.c: Explicitly ignore the return code of setmode
 BGF tool_urlglob.c: Silence warning C6293: Ill-defined for-loop
 BGF opts: Warn CURLOPT_TIMEOUT overrides when set after CURLOPT_TIMEOUT_MS
 BGF <a href="https://curl.haxx.se/mail/lib-2014-12/0103.html">SFTP: work-around servers that return zero size on STAT</a>
 BGF connect: singleipconnect(): properly try other address families after failure
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1451">IPV6: address scope != scope id</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1449">parseurlandfillconn(): fix improper non-numeric scope_id stripping</a>
 BGF secureserver.pl: make OpenSSL CApath and cert absolute path values
 BGF secureserver.pl: update Windows detection and fix path conversion
 BGF secureserver.pl: clean up formatting of config and fix verbose output
 BGF tests: Added Windows support using Cygwin-based OpenSSH
 BGF sockfilt.c: use non-Ex functions that are available before WinXP
 BGF VMS: Updates for 0740-0D1220
 BGF openssl: warn for SRP set if SSLv3 is used, not for TLS version
 BGF openssl: make it compile against openssl 1.1.0-DEV master branch
 BGF openssl: fix SSL/TLS versions in verbose output
 BGF curl: show size of inhibited data when using -v
 BGF build: Removed WIN32 definition from the Visual Studio projects
 BGF build: Removed WIN64 definition from the libcurl Visual Studio projects
 BGF vtls: Use bool for Curl_ssl_getsessionid() return type
 BGF sockfilt.c: Replace 100ms sleep with thread throttle
 BGF sockfilt.c: Reduce the number of individual memory allocations
 BGF vtls: Don't set cert info count until memory allocation is successful
 BGF nss: Don't ignore Curl_ssl_init_certinfo() OOM failure
 BGF nss: Don't ignore Curl_extract_certinfo() OOM failure
 BGF vtls: Fixed compilation warning and an ignored return code
 BGF sockfilt.c: Fixed compilation warnings
 BGF darwinssl: Fixed compilation warning
 BGF vtls: Use '(void) arg' for unused parameters
 BGF sepheaders.c: Fixed resource leak on failure
 BGF <a href="https://curl.haxx.se/bug/?i=133">lib1900.c: Fixed cppcheck error</a>
 BGF ldap: Fixed Unicode connection details in Win32 initialsation / bind calls
 BGF ldap: Fixed Unicode DN, attributes and filter in Win32 search calls
</ul>

<a name="7_39_0"></a>
SUBTITLE(Fixed in 7.39.0 - November 5 2014)
<p> Changes:
<ul class="changes">
 CHG SSLv3 is disabled by default
 CHG <a href="https://curl.haxx.se/libcurl/c/CURLOPT_COOKIELIST.html">CURLOPT_COOKIELIST: Added "RELOAD" command</a>
 CHG build: Added WinIDN build configuration options to Visual Studio projects
 CHG ssh: improve key file search
 CHG SSL: public key pinning. Use CURLOPT_PINNEDPUBLICKEY and --pinnedpubkey
 CHG vtls: remove QsoSSL support, use gskit!
 CHG mk-ca-bundle: added SHA-384 signature algorithm
 CHG docs: added many examples for libcurl opts and other doc improvements
 CHG build: Added VC ssh2 target to main Makefile
 CHG MinGW: Added support to build with nghttp2
 CHG NetWare: Added support to build with nghttp2
 CHG build: added Watcom support to build with WinSSL
 CHG build: Added optional specific version generation of VC project files
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="https://curl.haxx.se/docs/CVE-2014-3707.html">curl_easy_duphandle: CURLOPT_COPYPOSTFIELDS read out of bounds</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2014-09/0064.html">openssl: build fix for versions < 0.9.8e</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2014-09/0075.html">newlines: fix mixed newlines to LF-only</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2014-08/0273.html">ntlm: Fixed HTTP proxy authentication when using Windows SSPI</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1422">sasl_sspi: Fixed Unicode build</a>
 BGF file: reject paths using embedded %00
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1426">threaded-resolver: revert Curl_expire_latest() switch</a>
 BGF configure: allow --with-ca-path with PolarSSL too
 BGF HTTP/2: Fix busy loop when EOF is encountered
 BGF CURLOPT_CAPATH: return failure if set without backend support
 BGF nss: do not fail if a CRL is already cached
 BGF smtp: Fixed intermittent "SSL3_WRITE_PENDING: bad write retry" error
 BGF fixed 20+ nits/memory leaks identified by Coverity scans
 BGF curl_schannel.c: Fixed possible memory or handle leak
 BGF multi-uv.c: call curl_multi_info_read() better
 BGF cmake: Check for OpenSSL before OpenLDAP
 BGF cmake: Fix library list provided to curl tests
 BGF cmake: Avoid cycle directory dependencies
 BGF cmake: Build with GSS-API libraries (MIT or Heimdal)
 BGF vtls: provide backend defines for internal source code
 BGF nss: fix a connection failure when FTPS handle is reused
 BGF tests/http_pipe.py: Python 3 support
 BGF cmake: build tool_hugehelp (ENABLE_MANUAL)
 BGF cmake: enable IPv6 by default if available
 BGF tests: move TESTCASES to Makefile.inc, add show for cmake
 BGF ntlm: Avoid unnecessary buffer allocation for SSPI based type-2 token
 BGF ntlm: Fixed empty/bad base-64 decoded buffer return codes
 BGF ntlm: Fixed empty type-2 decoded message info text
 BGF cmake: add CMake/Macros.cmake to the release tarball
 BGF cmake: add SUPPORT_FEATURES and SUPPORT_PROTOCOLS
 BGF cmake: use LIBCURL_VERSION from curlver.h
 BGF cmake: generate pkg-config and curl-config
 BGF fixed several superfluous variable assignments identified by cppcheck
 BGF cleanup of 'CURLcode result' return code
 BGF pipelining: only output "is not blacklisted" in debug builds
 BGF SSL: Remove SSLv3 from SSL default due to POODLE attack
 BGF gskit.c: remove SSLv3 from SSL default
 BGF darwinssl: detect possible future removal of SSLv3 from the framework
 BGF ntlm: Only define ntlm data structure when USE_NTLM is defined
 BGF ntlm: Return CURLcode from Curl_ntlm_core_mk_lm_hash()
 BGF ntlm: Return all errors from Curl_ntlm_core_mk_nt_hash()
 BGF sspi: Only call CompleteAuthToken() when complete is needed
 BGF http_negotiate: Fixed missing check for USE_SPNEGO
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1441">HTTP: return larger than 3 digit response codes too</a>
 BGF openssl: Check for NPN / ALPN via OpenSSL version number
 BGF openssl: enable NPN separately from ALPN
 BGF sasl_sspi: Allow DIGEST-MD5 to use current windows credentials
 BGF sspi: Return CURLE_LOGIN_DENIED on AcquireCredentialsHandle() failure
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1443">resume: consider a resume from</a>
 BGF sasl: Fixed Kerberos V5 inclusion when CURL_DISABLE_CRYPTO_AUTH is used
 BGF build-openssl.bat: Fix x64 release build
 BGF cmake: drop _BSD_SOURCE macro usage
 BGF cmake: fix gethostby{addr,name}_r in CurlTests
 BGF cmake: clean OtherTests, fixing -Werror
 BGF cmake: fix struct sockaddr_storage check
 BGF Curl_single_getsock: fix hold/pause sock handling
 BGF SSL: PolarSSL default min SSL version TLS 1.0
 BGF <a href="https://curl.haxx.se/bug/?i=123">cmake: fix ZLIB_INCLUDE_DIRS use</a>
 BGF buildconf: stop checking for libtool
</ul>

<a name="7_38_0"></a>
SUBTITLE(Fixed in 7.38.0 - September 10 2014)
<p> Changes:
<ul class="changes">
 CHG supports HTTP/2 draft-14
 CHG CURLE_HTTP2 is a new error code
 CHG CURLAUTH_NEGOTIATE is a new auth define
 CHG CURL_VERSION_GSSAPI is a new capability bit
 CHG no longer use fbopenssl for anything
 CHG schannel: use CryptGenRandom for random numbers
 CHG axtls: define curlssl_random using axTLS's PRNG
 CHG cyassl: use RNG_GenerateBlock to generate a good random number
 CHG findprotocol: show unsupported protocol within quotes
 CHG version: detect and show LibreSSL
 CHG version: detect and show BoringSSL
 CHG imap/pop3/smtp: Kerberos (SASL GSSAPI) authentication via Windows SSPI
 CHG http2: requires nghttp2 0.6.0 or later
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="/docs/CVE-2014-3613.html">SECURITY ADVISORY: cookie leak with IP address as domain</a>
 BGF <a href="/docs/CVE-2014-3620.html">SECURITY ADVISORY: cookie leak for TLDs</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2014-07/0209.html">fix a build failure on Debian when NSS support is enabled</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2014-07/0202.html">HTTP/2: fixed compiler warnings when built disabled</a>
 BGF cyassl: return the correct error code on no CA cert
 BGF http: Deprecate GSS-Negotiate macros due to bad naming
 BGF http: Fixed Negotiate: authentication
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1397">multi: Improve proxy CONNECT performance (regression)</a>
 BGF ntlm_wb: Avoid invoking ntlm_auth helper with empty username
 BGF ntlm_wb: Fix hard-coded limit on NTLM auth packet size
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1398">url.c: use the preferred symbol name: *READDATA</a>
 BGF smtp: fixed a segfault during test 1320 torture test
 BGF cyassl: made it compile with version 2.0.6 again
 BGF nss: do not check the version of NSS at run time
 BGF <a href="https://curl.haxx.se/mail/lib-2014-07/0337.html">c-ares: fix build without IPv6 support</a>
 BGF <a href="https://github.com/tatsuhiro-t/nghttp2/issues/62">HTTP/2: use base64url encoding</a>
 BGF SSPI Negotiate: Fix 3 memory leaks
 BGF <a href="https://curl.haxx.se/bug/?i=105">libtest: fixed duplicated line in Makefile</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1399">conncache: fix compiler warning</a>
 BGF openssl: make ossl_send return CURLE_OK better
 BGF HTTP/2: Support expect: 100-continue
 BGF HTTP/2: Fix infinite loop in readwrite_data()
 BGF parsedate: fix the return code for an overflow edge condition
 BGF darwinssl: don't use strtok()
 BGF <a href="https://curl.haxx.se/mail/lib-2014-06/0224.html">http_negotiate_sspi: Fixed specific username and password not working</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1401">openssl: replace call to OPENSSL_config</a>
 BGF http2: show the received header for better debugging
 BGF HTTP/2: Move :authority before non-pseudo header fields
 BGF HTTP/2: Reset promised stream, not its associated stream
 BGF HTTP/2: added some more logging for debugging stream problems
 BGF ntlm: Added support for SSPI package info query
 BGF ntlm: Fixed hard coded buffer for SSPI based auth packet generation
 BGF sasl_sspi: Fixed memory leak with not releasing Package Info struct
 BGF sasl_sspi: Fixed SPN not being converted to wchar under Unicode builds
 BGF sasl: Use a dynamic buffer for DIGEST-MD5 SPN generation
 BGF http_negotiate_sspi: Use a dynamic buffer for SPN generation
 BGF sasl_sspi: Fixed missing free of challenge buffer on SPN failure
 BGF sasl_sspi: Fixed hard coded buffer for response generation
 BGF Curl_poll + Curl_wait_ms: fix timeout return value
 BGF docs/SSLCERTS: update the section about NSS database
 BGF <a href="https://curl.haxx.se/mail/lib-2014-06/0189.html">create_conn: prune dead connections</a>
 BGF openssl: fix version report for the 0.9.8 branch
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1409">mk-ca-bundle.pl: switched to using hg.mozilla.org</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2014-06/0221.html">http: fix the Content-Range: parser</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2014-08/0148.html">Curl_disconnect: don't free the URL</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2014-08/0155.html">win32: Fixed WinSock 2 #if</a>
 BGF NTLM: ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1414">curl.1: clarify --limit-rate's effect on both directions</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2014-08/0148.html">disconnect: don't touch easy-related state on disconnects</a>
 BGF cmake: big cleanup and numerous fixes
 BGF HTTP/2: supports draft-14 - moved :headers before the non-psuedo headers
 BGF HTTP/2: Reset promised stream, not its associated stream
 BGF configure.ac: Add support for recent GSS-API implementations for HP-UX
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1381">CONNECT: close proxy connections that fail</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2014-08/0236.html">CURLOPT_NOBODY.3: clarify this option is for downloads</a>
 BGF <a href="https://curl.haxx.se/bug/?i=115">darwinssl: fix CA certificate checking using PEM format</a>
 BGF <a href="https://curl.haxx.se/bug/?i=112">resolve: cache lookup for async resolvers</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2014-06/0235.html">low-speed-limit: avoid timeout flood</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1419">polarssl: implement CURLOPT_SSLVERSION</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2014-07/0206.html">multi: convert CURLM_STATE_CONNECT_PEND handling to a list</a>
 BGF curl_multi_cleanup: remove superfluous NULL assigns
 BGF polarssl: support CURLOPT_CAPATH / --capath
 BGF progress: size_dl/size_ul are always >= 0, and clear "KNOWN" properly
</ul>

<a name="7_37_1"></a>
SUBTITLE(Fixed in 7.37.1 - July 16 2014)
<p> Changes:
<ul class="changes">
 CHG bits.close: introduce connection close tracking
 CHG darwinssl: Add support for --cacert
 CHG polarssl: add ALPN support
 CHG docs: Added new option man pages
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="https://curl.haxx.se/mail/lib-2014-05/0235.html">build: Fixed incorrect reference to curl_setup.h in Visual Studio files</a>
 BGF build: Use $(TargetDir) and $(TargetName) macros for .pdb and .lib output
 BGF curl.1: clarify that -u can't specify a user with colon
 BGF openssl: Fix uninitialized variable use in NPN callback
 BGF curl_easy_reset: reset the URL
 BGF curl_version_info.3: returns a pointer to a static struct
 BGF <a href="https://curl.haxx.se/mail/lib-2014-05/0260.html">url-parser: only use if_nametoindex if detected by configure</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2014-05/0278.html">select: with winsock, avoid passing unsupported arguments to select()</a>
 BGF gnutls: don't use deprecated type names anymore
 BGF gnutls: allow building with nghttp2 but without ALPN support
 BGF tests: Fix portability issue with the tftpd server
 BGF curl_sasl_sspi: Fixed corrupt hostname in DIGEST-MD5 SPN
 BGF curl_sasl: extended native DIGEST-MD5 cnonce to be a 32-byte hex string
 BGF <a href="https://curl.haxx.se/mail/lib-2014-06/0001.html">random: use Curl_rand() for proper random data</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2014-06/0003.html">Curl_ossl_init: call OPENSSL_config for initing engines</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1378">config-win32.h: Updated for VC12</a>
 BGF winbuild: Don't USE_WINSSL when WITH_SSL is being used
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1380">getinfo: HTTP CONNECT code not reset between transfers</a>
 BGF Curl_rand: Use a fake entropy for debug builds when CURL_ENTROPY set
 BGF http2: avoid segfault when using the plain-text http2
 BGF conncache: move the connection counter to the cache struct
 BGF http2: better return code error checking
 BGF curlbuild: fix GCC build on SPARC systems without configure script
 BGF tool_metalink: Support polarssl as digest provider
 BGF curl.h: reverse the enum/define setup for old symbols
 BGF curl.h: moved two really old deprecated symbols
 BGF curl.h: renamed CURLOPT_DEPRECATEDx to CURLOPT_OBSOLETEx
 BGF buildconf: do not search tools in current directory.
 BGF OS400: make it compilable again. Make RPG binding up to date
 BGF nss: do not abort on connection failure (failing tests 305 and 404)
 BGF nss: make the fallback to SSLv3 work again
 BGF tool: prevent valgrind from reporting possibly lost memory (nss only)
 BGF <a href="https://curl.haxx.se/mail/lib-2014-06/0062.html">progress callback: skip last callback update on errors</a>
 BGF nss: fix a memory leak when CURLOPT_CRLFILE is used
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1391">compiler warnings: potentially uninitialized variables</a>
 BGF url.c: Fixed memory leak on OOM
 BGF gnutls: ignore invalid certificate dates with VERIFYPEER disabled
 BGF gnutls: fix SRP support with versions of GnuTLS from 2.99.0
 BGF gnutls: fixed a couple of uninitialized variable references
 BGF gnutls: fixed compilation against versions < 2.12.0
 BGF build: Fixed overridden compiler PDB settings in VC7 to VC12
 BGF <a href="https://curl.haxx.se/mail/lib-2014-07/0103.html">ntlm_wb: Fixed buffer size not being large enough for NTLMv2 sessions</a>
 BGF netrc: don't abort if home dir cannot be found
 BGF netrc: fixed thread safety problem by using getpwuid_r if available
 BGF <a href="https://curl.haxx.se/mail/lib-2014-02/0184.html">cookie: avoid mutex deadlock</a>
 BGF configure: respect host tool prefix for krb5-config
 BGF gnutls: handle IP address in cert name check
</ul>

<a name="7_37_0"></a>
SUBTITLE(Fixed in 7.37.0 - May 21 2014)
<p> Changes:
<ul class="changes">
 CHG URL parser: IPv6 zone identifiers are now supported
 CHG CURLOPT_PROXYHEADER: set headers for proxy-only
 CHG CURLOPT_HEADEROPT: added
 CHG curl: add --proxy-header
 CHG sasl: Added support for DIGEST-MD5 via Windows SSPI
 CHG sasl: Added DIGEST-MD5 qop-option validation in native challenge handling
 CHG <a href="https://curl.haxx.se/mail/lib-2014-04/0067.html">imap: Expanded mailbox SEARCH support to use URL query strings</a>
 CHG <a href="https://curl.haxx.se/mail/lib-2014-04/0067.html">imap: Extended FETCH support to include PARTIAL URL specifier</a>
 CHG nss: implement non-blocking SSL handshake
 CHG build: Reworked Visual Studio project files
 CHG poll: enable poll on darwin13
 CHG mk-ca-bundle: added -p
 CHG libtests: add a wait_ms() function
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1350">mkhelp: generate code for --disable-manual as well</a>
 BGF hostcheck: added a system include to define struct in_addr
 BGF winbuild: added warnless.c to fix build
 BGF Makefile.vc6: added warnless.c to fix build
 BGF smtp: Fixed login denied when server doesn't support AUTH capability
 BGF <a href="https://curl.haxx.se/mail/lib-2014-03/0173.html">smtp: Fixed login denied with a RFC-821 based server</a>
 BGF curl: stop interpreting IPv6 literals as glob patterns
 BGF http2: remove _DRAFT09 from the NPN_HTTP2 enum
 BGF http2: let openssl mention the exact protocol negotiated
 BGF http2+openssl: fix compiler warnings in ALPN using code
 BGF <a href="https://curl.haxx.se/mail/lib-2014-02/0135.html (ruined)">ftp: in passive data connect wait for happy eyeballs sockets</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1349">HTTP: don't send Content-Length: 0 _and_ Expect: 100-continue</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2014-04/0053.html">http2: Compile with current nghttp2, which supports h2-11</a>
 BGF http_negotiate_sspi: Fixed compilation when USE_HTTP_NEGOTIATE not defined
 BGF <a href="https://curl.haxx.se/mail/lib-2014-04/0063.html">strerror: fix comment about vxworks' strerror_r buffer size</a>
 BGF url: only use if_nametoindex() if IFNAMSIZ is available
 BGF imap: Fixed untagged response detection when no data after command
 BGF various: fix possible dereference of null pointer
 BGF various: fix use of uninitialized variable
 BGF various: fix use of non-null terminated strings
 BGF telnet.c: check sscanf results before passing them to snprintf
 BGF parsedate.c: check sscanf result before passing it to strlen
 BGF sockfilt.c: free memory in case of memory allocation errors
 BGF sockfilt.c: ignore non-key-events and continue waiting for input
 BGF sockfilt.c: properly handle disk files, pipes and character input
 BGF sockfilt.c: fixed getting stuck waiting for MinGW stdin pipe
 BGF sockfilt.c: clean up threaded approach and add documentation
 BGF <a href="https://curl.haxx.se/mail/lib-2014-04/0159.html">configure: use the nghttp2 path correctly with pkg-config</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1362">curl_global_init_mem: bump initialized even if already initialized</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2014-04/0145.html">gtls: fix NULL pointer dereference</a>
 BGF cyassl: Use error-ssl.h when available
 BGF <a href="https://curl.haxx.se/bug/?i=97">handler: make 'protocol' always specified as a single bit</a>
 BGF INFILESIZE: fields in UserDefined must not be changed run-time
 BGF openssl: biomem->data is not zero terminated
 BGF config-win32.h: Fixed HAVE_LONGLONG for Visual Studio .NET 2003 and up
 BGF curl_ntlm_core: Fixed use of long long for VC6 and VC7
 BGF <a href="https://curl.haxx.se/mail/lib-2014-04/0161.html">SNI: strip off a single trailing dot from host name</a>
 BGF curl: bail on cookie use when built with disabled cookies
 BGF curl_easy_setopt.3: added the proto for CURLOPT_SSH_KNOWNHOSTS
 BGF <a href="http://thread.gmane.org/gmane.comp.version-control.git/238242">curl_multi_cleanup: ignore SIGPIPE better</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1352">schannel: don't use the connect-timeout during send</a>
 BGF mprintf: allow %.s with data not being zero terminated
 BGF tool_help: Fixed missing --login-options option
 BGF configure: Don't set LD_LIBRARY_PATH when cross-compiling
 BGF <a href="https://bugzilla.redhat.com/1093348">http: auth failure on duplicated 'WWW-Authenticate: Negotiate' header</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1368">cacertinmem: fix memory leak</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2014-05/0081.html">lib1506: make sure the transfers are not within the same ms</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2014-05/0025.html">Makefile.b32: Fixed for vtls changes</a>
 BGF sasl: Fixed missing qop in the client's challenge-response message
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1371">openssl: unbreak PKCS12 support</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1369">darwinssl: fix potential crash with a P12 file</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2014-05/0147.html">timers: fix timer regression involving redirects / reconnects</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2014-04/0203.html">CURLINFO_SSL_VERIFYRESULT: made more reliable</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2014-05/0127.html">HTTP: fixed connection re-use</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1343">configure: add SPNEGO to supported features</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1344">configure: add GSS-API to supported features</a>
 BGF ALPN: fix typo in http/1.1 identifier
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1374">http2: make connection re-use work</a>
</ul>

<a name="7_36_0"></a>
SUBTITLE(Fixed in 7.36.0 - March 26 2014)
<img src="/pix/alert.png"
align="right" alt="Release contains security-related bug fixes" border="0">
<p> Changes:
<ul class="changes">
 CHG <a href="https://curl.haxx.se/mail/lib-2014-01/0183.html">ntlm: Added support for NTLMv2</a>
 CHG <a href="https://curl.haxx.se/mail/archive-2013-11/0006.html">tool: Added support for URL specific options</a>
 CHG openssl: add ALPN support
 CHG gtls: add ALPN support
 CHG nss: add ALPN and NPN support
 CHG <a href="https://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTEXPECT100TIMEOUTMS">added CURLOPT_EXPECT_100_TIMEOUT_MS</a>
 CHG tool: add --no-alpn and --no-npn
 CHG added CURLOPT_SSL_ENABLE_NPN and CURLOPT_SSL_ENABLE_ALPN
 CHG winssl: enable TLSv1.1 and TLSv1.2 by default
 CHG winssl: TLSv1.2 disables certificate signatures using MD5 hash
 CHG <a href="https://curl.haxx.se/mail/lib-2014-02/0243.html">winssl: enable hostname verification of IP address using SAN or CN</a>
 CHG <a href="https://curl.haxx.se/bug/?i=93">darwinssl: Don't omit CN verification when an IP address is used</a>
 CHG http2: build with current nghttp2 version
 CHG polarssl: dropped support for PolarSSL < 1.3.0
 CHG openssl: info message with SSL version used
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="https://curl.haxx.se/docs/CVE-2014-0138.html">SECURITY ADVISORY: wrong re-use of connections</a>
 BGF <a href="https://curl.haxx.se/docs/CVE-2014-0139.html">SECURITY ADVISORY: IP address wildcard certificate validation</a>
 BGF <a href="https://curl.haxx.se/docs/CVE-2014-1263.html">SECURITY ADVISORY: not verifying certs for TLS to IP address / Darwinssl</a>
 BGF <a href="https://curl.haxx.se/docs/CVE-2014-2522.html">SECURITY ADVISORY: not verifying certs for TLS to IP address / Winssl</a>
 BGF <a href="https://bugzilla.redhat.com/1058776">nss: allow to use ECC ciphers if NSS implements them</a>
 BGF netrc: Fixed a memory leak in an OOM condition
 BGF ftp: fixed a memory leak on wildcard error path
 BGF pipeline: Fixed a NULL pointer dereference on OOM
 BGF nss: prefer highest available TLS version
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1334">100-continue: fix timeout condition</a>
 BGF ssh: Fixed a NULL pointer dereference on OOM condition
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1333">formpost: use semicolon in multipart/mixaed</a>
 BGF --help: add missing --tlsv1.x options
 BGF formdata: Fixed memory leak on OOM condition
 BGF <a href="https://curl.haxx.se/mail/lib-2014-02/0100.html">ConnectionExists: reusing possible HTTP+NTLM connections better</a>
 BGF mingw32: fix compilation
 BGF <a href="https://curl.haxx.se/mail/lib-2014-02/0097.html">chunked decoder: track overflows correctly</a>
 BGF curl_easy_setopt.3: add CURL_HTTP_VERSION_2_0
 BGF dict: fix memory leak in OOM exit path
 BGF valgrind: added suppression on optimized code
 BGF curl: output protocol headers using binary mode
 BGF tool: Added URL index to password prompt for multiple operations
 BGF <a href="http://thread.gmane.org/gmane.comp.version-control.git/242213">ConnectionExists: re-use non-NTLM connections better</a>
 BGF axtls: call ssl_read repeatedly
 BGF multi: make MAXCONNECTS default 4 x number of easy handles function
 BGF configure: Fix the --disable-crypto-auth option
 BGF multi: ignore SIGPIPE internally
 BGF curl.1: update the description of --tlsv1
 BGF <a href="https://curl.haxx.se/mail/lib-2014-02/0155.html">SFTP: skip reading the dir when NOBODY=1</a>
 BGF easy: Fixed a memory leak on OOM condition
 BGF tool: Fixed incorrect return code when setting HTTP request fails
 BGF configure: Tiny fix to honor POSIX
 BGF tool: Do not output libcurl source for the information only parameters
 BGF Rework Open Watcom make files to use standard Wmake features
 BGF x509asn: moved out Curl_verifyhost from NSS builds
 BGF configure: call it GSS-API
 BGF hostcheck: Curl_cert_hostcheck is not used by NSS builds
 BGF <a href="https://curl.haxx.se/mail/lib-2014-02/0036.html">multi_runsingle: move timestamp into INIT</a>
 BGF remote_port: allow connect to port 0
 BGF parse_remote_port: error out on illegal port numbers better
 BGF ssh: Pass errors from libssh2_sftp_read up the stack
 BGF docs: remove documentation on setting up krb4 support
 BGF polarssl: build fixes to work with PolarSSL 1.3.x
 BGF polarssl: fix possible handshake timeout issue in multi
 BGF nss: allow to enable/disable cipher-suites better
 BGF ssh: prevent a logic error that could result in an infinite loop
 BGF http2: free resources on disconnect
 BGF polarssl: avoid extra newlines in debug messages
 BGF <a href="https://curl.haxx.se/mail/lib-2014-03/0134.html">rtsp: parse "Session:" header properly</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1337">trynextip: don't store 'ai' on failed connects</a>
 BGF Curl_cert_hostcheck: strip trailing dots in host name and wildcard
</ul>

<a name="7_35_0"></a>
SUBTITLE(Fixed in 7.35.0 - January 29 2014)
<img src="/pix/alert.png"
align="right" alt="Release contains security-related bug fix" border="0">
<p> Changes:
<ul class="changes">
 CHG imap/pop3/smtp: Added support for SASL authentication downgrades
 CHG imap/pop3/smtp: Extended the login options to support multiple auth mechanisms
 CHG TheArtOfHttpScripting: major update, converted layout and more
 CHG mprintf: Added support for I, I32 and I64 size specifiers
 CHG makefile: Added support for VC7, VC11 and VC12
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="https://curl.haxx.se/docs/CVE-2014-0015.html">SECURITY ADVISORY: re-use of wrong HTTP NTLM connection</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1313">curl_easy_setopt: Fixed OAuth 2.0 Bearer option name</a>
 BGF pop3: Fixed APOP being determined by CAPA response rather than by timestamp
 BGF <a href="https://curl.haxx.se/mail/lib-2013-12/0113.html">Curl_pp_readresp: zero terminate line</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1312">FILE: don't wait due to CURLOPT_MAX_RECV_SPEED_LARGE</a>
 BGF docs: mention CURLOPT_MAX_RECV/SEND_SPEED_LARGE don't work for FILE://
 BGF pop3: Fixed auth preference not being honored when CAPA not supported
 BGF imap: Fixed auth preference not being honored when CAPABILITY not supported
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1314">threaded resolver: Use pthread_t * for curl_thread_t</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1286">FILE: we don't support paused transfers using this protocol</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1315">connect: Try all addresses in first connection attempt</a>
 BGF curl_easy_setopt.3: Added SMTP information to CURLOPT_INFILESIZE_LARGE
 BGF <a href="https://curl.haxx.se/mail/lib-2014-01/0002.html">OpenSSL: Fix forcing SSLv3 connections</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2014-01/0013.html">openssl: allow explicit sslv2 selection</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2014-01/0019.html">FTP parselist: fix "total" parser</a>
 BGF conncache: fix possible dereference of null pointer
 BGF multi.c: fix possible dereference of null pointer
 BGF mk-ca-bundle: introduces -d and warns about using this script
 BGF <a href="https://curl.haxx.se/mail/lib-2014-01/0046.html">ConnectionExists: fix NTLM check for new connection</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1322">trynextip: fix build for non-IPV6 capable systems</a>
 BGF <a href="https://curl.haxx.se/mail/archive-2014-01/0016.html">Curl_updateconninfo: don't do anything for UDP "connections"</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2013-12/0150.html">darwinssl: un-break Leopard build after PKCS#12 change</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2014-01/0061.html">threaded-resolver: never use NULL hints with getaddrinf</a>
 BGF multi_socket: remind app if timeout didn't run
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1323">OpenSSL: deselect weak ciphers by default</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2014-01/0115.html">error message: Sensible message on timeout when transfer size unknown</a>
 BGF curl_easy_setopt.3: mention how to unset CURLOPT_INFILESIZE*
 BGF <a href="https://curl.haxx.se/mail/lib-2014-01/0134.html">win32: Fixed use of deprecated function 'GetVersionInfoEx' for VC12</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1321">configure: fix gssapi linking on HP-UX</a>
 BGF chunked-parser: abort on overflows, allow 64 bit chunks
 BGF <a href="https://curl.haxx.se/mail/archive-2014-01/0000.html">chunked parsing: relax the CR strictness</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2014-01/0130.html">cookie: max-age fixes</a>
 BGF progress bar: always update when at 100%
 BGF progress bar: increase update frequency to 10Hz
 BGF tool: Fixed incorrect return code if command line parser runs out of memory
 BGF tool: Fixed incorrect return code if password prompting runs out of memory
 BGF <a href="https://curl.haxx.se/mail/lib-2014-01/0103.html">HTTP POST: omit Content-Length if data size is unknown</a>
 BGF GnuTLS: disable insecure ciphers
 BGF GnuTLS: honor --slv2 and the --tlsv1[.N] switches
 BGF multi: Fixed a memory leak on OOM condition
 BGF netrc: Fixed a memory and file descriptor leak on OOM
 BGF <a href="https://curl.haxx.se/bug/?i=87">getpass: fix password parsing from console</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2014-01/0246.html">TFTP: fix crash on time-out</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1327">hostip: don't remove DNS entries that are in use</a>
 BGF tests: lots of tests fixed to pass the OOM torture tests
</ul>

<a name="7_34_0"></a>
SUBTITLE(Fixed in 7.34.0 - December 17 2013)
<img src="/pix/alert.png"
align="right" alt="Release contains security-related bug fix" border="0">
<p> Changes:
<ul class="changes">
 CHG <a href="https://curl.haxx.se/bug/?i=79">SSL: protocol version can be specified more precisely</a>
 CHG imap/pop3/smtp: Added graceful cancellation of SASL authentication
 CHG Add "Happy Eyeballs" for IPv4/IPv6 dual connect attempts
 CHG <a href="https://curl.haxx.se/mail/lib-2013-10/0242.html">base64: Added validation of base64 input strings when decoding</a>
 CHG curl_easy_setopt: Added the ability to set the login options separately
 CHG smtp: Added support for additional SMTP commands
 CHG curl_easy_getinfo: Added CURLINFO_TLS_SESSION for accessing TLS internals
 CHG <a href="https://curl.haxx.se/mail/lib-2013-11/0162.html">nss: allow to use TLS > 1.0 if built against recent NSS</a>
 CHG <a href="/dev/secprocess.html">SECURITY: added this document to describe our security processes</a>
 CHG parseconfig: warn if unquoted white spaces are detected
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="https://curl.haxx.se/docs/CVE-2013-6422.html">SECURITY VULNERABILITY: libcurl cert name check ignore with GnuTLS</a>
 BGF darwinssl: un-break iOS build after PKCS#12 feature added
 BGF <a href="https://curl.haxx.se/mail/lib-2013-10/0089.html">tool: use XFERFUNCTION to save some casts</a>
 BGF usercertinmem: fix memory leaks
 BGF <a href="https://curl.haxx.se/mail/lib-2013-10/0096.html">ssh: Handle successful SSH_USERAUTH_NONE</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2013-10/0113.html">NSS: acknowledge the --no-sessionid/CURLOPT_SSL_SESSIONID_CACHE option</a>
 BGF <a href="https://sourceforge.net/p/curl/bugs/1291">test906: Fixed failing test on some platforms</a>
 BGF sasl: initialize NSS before using NTLM crypto
 BGF sasl: Fixed memory leak in OAUTH2 message creation
 BGF imap/pop3/smtp: Fixed QUIT / LOGOUT being sent when SSL connect fails
 BGF <a href="https://sourceforge.net/p/curl/bugs/1292">cmake: unbreak for non-Windows platforms</a>
 BGF ssh: initialize per-handle data in ssh_connect()
 BGF glob: fix broken URLs
 BGF configure: check for long long when building with cyassl
 BGF <a href="https://curl.haxx.se/mail/lib-2013-10/0062.html">CURLOPT_RESOLVE: mention they don't time-out</a>
 BGF docs/examples/httpput.c: fix build for MSVC
 BGF FTP: make the data connection work when going through proxy
 BGF NSS: support for CERTINFO feature
 BGF curl_multi_wait: accept 0 from multi_timeout() as valid timeout
 BGF glob_range: pass the closing bracket for a-z ranges
 BGF tool_help: Updated --list-only description to include POP3
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1295">Curl_ssl_push_certinfo_len: don't %.*s non-zero-terminated string</a>
 BGF <a href="https://sourceforge.net/p/curl/bugs/1064">cmake: fix Windows build with IPv6 support</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2013-11/0057.html">ares: Fixed compilation under Visual Studio 2012</a>
 BGF <a href="https://curl.haxx.se/bug/?i=83">curl_easy_setopt.3: clarify CURLOPT_SSL_VERIFYHOST documentation</a>
 BGF <a href="https://sourceforge.net/p/curl/bugs/1299">curl.1: mention that -O does no URL decoding</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2013-11/0076.html">darwinssl: PKCS#12 import feature now requires Lion or later</a>
 BGF darwinssl: check for SSLSetSessionOption() presence when toggling BEAST
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1304">configure: Fix test with -Werror=implicit-function-declaration</a>
 BGF sigpipe: factor out sigpipe_reset from easy.c
 BGF curl_multi_cleanup: ignore SIGPIPE
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1305">globbing: curl glob counter mismatch with {} list use</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1297">parseconfig: dash options can't specified with colon or equals</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1308">digest: fix CURLAUTH_DIGEST_IE</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2013-12/0017.html">curl.h: <sys/select.h> for OpenBSD</a>
 BGF darwinssl: Fix #if 10.6.0 for SecKeychainSearch
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1310">TFTP: fix return codes for connect timeout</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1311">login options: remove the ;[options] support from CURLOPT_USERPWD</a>
 BGF imap: Fixed incorrect fallback to clear text authentication
 BGF parsedate: avoid integer overflow
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1294">curl.1: document -J doesn't %-decode</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1298">multi: add timer inaccuracy margin to timeout/connecttimeout</a>
</ul>

<a name="7_33_0"></a>
SUBTITLE(Fixed in 7.33.0 - October 14 2013)
<p> Changes:
<ul class="changes">
 CHG <a href="https://daniel.haxx.se/blog/2013/08/20/testing-curl_multi_socket_action/">test code for testing the event based API</a>
 CHG CURLM_ADDED_ALREADY: new error code
 CHG test TFTP server: support "writedelay" within <servercmd>
 CHG krb4 support has been removed
 CHG <a href="https://curl.haxx.se/mail/lib-2013-08/0234.html">imap/pop3/smtp: added basic SASL XOAUTH2 support</a>
 CHG darwinssl: add support for PKCS#12 files for client authentication
 CHG darwinssl: enable BEAST workaround on iOS 7 & later
 CHG <a href="https://curl.haxx.se/mail/lib-2013-08/0265.html">Pass password to OpenSSL engine by user interface</a>
 CHG c-ares: Add support for various DNS binding options
 CHG cookies: add expiration
 CHG curl: added --oauth2-bearer option
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF nss: make sure that NSS is initialized
 BGF curl: make --no-[option] work properly for several options
 BGF <a href="https://curl.haxx.se/mail/lib-2013-08/0043.html">FTP: with socket_action send better socket updates in active mode</a>
 BGF curl: fix the --sasl-ir in the --help output
 BGF tests 2032, 2033: Don't hardcode port in expected output
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1264">urlglob: better detect unclosed braces, empty lists and overflows</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1267">urlglob: error out on range overflow</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2013-08/0136.html">imap: Fixed response check for SEARCH, EXPUNGE, LSUB, UID and NOOP commands</a>
 BGF <a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719856">handle arbitrary-length username and password</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1269">TFTP: make the CURLOPT_LOW_SPEED* options work</a>
 BGF <a href="https://curl.haxx.se/bug/?i=76">curl.h: name space pollution by "enum type"</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2013-08/0211.html">multi: move on from STATE_DONE faster</a>
 BGF <a href="https://bugzilla.redhat.com/1005686">FTP: 60 secs delay if aborted in the CURLOPT_HEADERFUNCTION callback</a>
 BGF multi_socket: improved 100-continue timeout handling
 BGF curl_multi_remove_handle: allow multiple removes
 BGF <a href="https://curl.haxx.se/mail/lib-2013-08/0109.html">FTP: fix getsock during DO_MORE state</a>
 BGF -x: rephrased the --proxy section somewhat
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1273">acinclude: fix --without-ca-path when cross-compiling</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2013-08/0209.html">LDAP: fix bad free() when URL parsing failed</a>
 BGF --data: mention CRLF treatment when reading from file
 BGF curl_easy_pause: suggest one way to unpause
 BGF <a href="https://curl.haxx.se/mail/lib-2013-08/0170.html">imap: Fixed calculation of transfer when partial FETCH received</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2013-08/0170.html">pingpong: Check SSL library buffers for already read data</a>
 BGF imap/pop3/smtp: Speed up SSL connection initialization
 BGF libcurl.3: for multi interface connections are held in the multi handle
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1278">curl_easy_setopt.3: mention RTMP URL quirks</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1279">curl.1: detail how short/long options work</a>
 BGF curl.1: Added information about optional login options to --user option
 BGF curl: Added clarification to the --mail options in the --help output
 BGF curl_easy_setopt.3: clarify that TIMEOUT and TIMEOUT_MS set the same value
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1281">openssl: use correct port number in error message</a>
 BGF darwinssl: block TLS_RSA_WITH_NULL_SHA256 cipher
 BGF OpenSSL: acknowledge CURLOPT_SSL_VERIFYHOST without VERIFYPEER
 BGF xattr: add support for FreeBSD xattr API
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1282">win32: fix Visual Studio 2010 build with WINVER >= 0x600</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2013-09/0182.html">configure: use icc options without space</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2010-02/0200.html">test1112: Increase the timeout from 7s to 16s</a>
 BGF SCP: upload speed on a fast connection limited to 16384 B/s
 BGF <a href="https://curl.haxx.se/mail/lib-2013-10/0048.html">curl_setup_once: fix errno access for lwip on Windows</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1288">HTTP: Output http response 304 when modified time is too old</a>
</ul>

<a name="7_32_0"></a>
SUBTITLE(Fixed in 7.32.0 - August 12 2013)
<p> Changes:
<ul class="changes">
 CHG curl: allow timeouts to accept decimal values
 CHG OS400: add slist and certinfo EBCDIC support
 CHG OS400: new SSL backend GSKit
 CHG CURLOPT_XFERINFOFUNCTION: introducing a new progress callback
 CHG LIBCURL-STRUCTS: new document
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1200">dotdot: introducing dot file path cleanup</a>
 BGF docs: fix typo in curl_easy_getinfo manpage
 BGF test1230: avoid using hard-wired port number
 BGF test1396: invoke the correct test tool
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1180">SIGPIPE: ignored while inside the library</a>
 BGF darwinssl: fix crash that started happening in Lion
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1249">OpenSSL: check for read errors, don't assume</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1191">c-ares: improve error message on failed resolve</a>
 BGF printf: make sure %x are treated unsigned
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1251">formpost: better random boundaries</a>
 BGF <a href="https://curl.haxx.se/mail/archive-2013-06/0052.html">url: restore the functionality of 'curl -u :'</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1252">curl.1: fix typo in --xattr description</a>
 BGF digest: improve nonce generation
 BGF configure: automake 1.14 compatibility tweak
 BGF curl.1: document the --post303 option in the man page
 BGF curl.1: document the --sasl-ir option in the man page
 BGF setup-vms.h: sk_pop symbol tweak
 BGF tool_paramhlp: try harder to catch negatives
 BGF <a href="https://curl.haxx.se/mail/lib-2013-07/0046.html">cmake: Fix for MSVC2010 project generation</a>
 BGF asyn-ares: Don't blank ares servers if none configured
 BGF curl_multi_wait: set revents for extra fds
 BGF Reinstate WIN32 MemoryTracking: track wcsdup() _wcsdup() and _tcsdup()
 BGF <a href="https://curl.haxx.se/mail/lib-2013-07/0115.html">ftp_do_more: consider DO_MORE complete when server connects back</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2013-07/0103.html">curl_easy_perform: gradually increase the delay time</a>
 BGF curl: fix symbolic names for CURLUSESSL_* enum in --libcurl output
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=496">curl: fix upload of a zip file in OpenVMS</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1217">build: fix linking on Solaris 10</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2013-07/0258.html">curl_formadd: CURLFORM_FILECONTENT wrongly rejected some option combos</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=758">curl_formadd: fix file upload on VMS</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2013-07/0239.html">curl_easy_pause: on unpause, trigger mulit-socket handling</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1255">md5 & metalink: use better build macros on Apple operating systems</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1255">darwinssl: fix build error in crypto authentication under Snow Leopard</a>
 BGF <a href="https://curl.haxx.se/mail/archive-2013-07/0031.html">curl: make --progress-bar update the line less frequently</a>
 BGF configure: don't error out on variable confusions (CFLAGS, LDFLAGS etc)
 BGF mk-ca-bundle: skip more untrusted certificates
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1262">formadd: wrong pointer for file name when CURLFORM_BUFFERPTR used</a>
 BGF FTP: when EPSV gets a 229 but fails to connect, retry with PASV
 BGF <a href="https://curl.haxx.se/mail/lib-2013-08/0057.html">mk-ca-bundle.1: don't install on make install</a>
 BGF VMS: lots of updates and fixes of the build procedure
 BGF global dns cache: didn't work (regression)
 BGF global dns cache: fix memory leak
</ul>

<a name="7_31_0"></a>
SUBTITLE(Fixed in 7.31.0 - June 22 2013)
<img src="/pix/alert.png"
align="right" alt="Release contains security-related bug fix" border="0">
<p> Changes:
<ul class="changes">
 CHG darwinssl: add TLS session resumption
 CHG darwinssl: add TLS crypto authentication
 CHG imap/pop3/smtp: Added support for ;auth=<mech> in the URL
 CHG imap/pop3/smtp: Added support for ;auth=<mech> to CURLOPT_USERPWD
 CHG usercertinmem.c: add example showing user cert in memory
 CHG url: Added smtp and pop3 hostnames to the protocol detection list
 CHG <a href="https://curl.haxx.se/mail/lib-2012-03/0114.html">imap/pop3/smtp: Added support for enabling the SASL initial response</a>
 CHG <a href="https://curl.haxx.se/bug/view.cgi?id=1196">curl -E: allow to use ':' in certificate nicknames</a>
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="https://curl.haxx.se/docs/CVE-2013-2174.html">SECURITY VULNERABILITY: curl_easy_unescape() may parse data beyond the end of the input buffer</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2013-04/0142.html">FTP: access files in root dir correctly</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1216">configure: try pthread_create without -lpthread</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2013-02/0102.html">FTP: handle a 230 welcome response</a>
 BGF curl-config: don't output static libs when they are disabled
 BGF <a href="https://curl.haxx.se/mail/lib-2013-04/0294.html">CURL_CHECK_CA_BUNDLE: don't check for paths when cross-compiling</a>
 BGF Various documentation updates
 BGF <a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=705783">getinfo.c: reset timecond when clearing session-info variables</a>
 BGF <a href="https://bugzilla.redhat.com/906031">FILE: prevent an artificial timeout event due to stale speed-check data</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1218">ftp_state_pasv_resp: connect through proxy also when set by env</a>
 BGF sshserver: disable StrictHostKeyChecking
 BGF ftpserver: Fixed imap logout confirmation data
 BGF curl_easy_init: use less mallocs
 BGF smtp: Fixed unknown percentage complete in progress bar
 BGF smtp: Fixed sending of double CRLF caused by first in EOB
 BGF <a href="https://curl.haxx.se/mail/lib-2013-05/0000.html">bindlocal: move brace out of #ifdef</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1219">winssl: Fixed invalid memory access during SSL shutdown</a>
 BGF OS X framework: fix invalid symbolic link
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1220">OpenSSL: allow empty server certificate subject</a>
 BGF axtls: prevent memleaks on SSL handshake failures
 BGF cookies: only consider full path matches
 BGF <a href="https://curl.haxx.se/mail/lib-2013-05/0070.html">Revert win32 MemoryTracking: wcsdup() _wcsdup() and _tcsdup()</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1221">Curl_cookie_add: handle IPv6 hosts</a>
 BGF ossl_send: SSL_write() returning 0 is an error too
 BGF ossl_recv: SSL_read() returning 0 is an error too
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1230">Digest auth: escape user names with backslash or &quot; in them</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1233">curl_formadd.3: fixed wrong "end-marker" syntax</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1234">libcurl-tutorial.3: fix incorrect backslash</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1224">curl_multi_wait: reduce timeout if the multi handle wants to</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1239">tests/Makefile: typo in the perlcheck target</a>
 BGF axtls: honor disabled VERIFYHOST
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1236">OpenSSL: avoid double free in the PKCS12 certificate code</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1228">multi_socket: reduce timeout inaccuracy margin</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1235">digest: support auth-int for empty entity body</a>
 BGF axtls: now done non-blocking
 BGF lib1900: use tutil_tvnow instead of gettimeofday
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1238">curl_easy_perform: avoid busy-looping</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1215">CURLOPT_COOKIELIST: take cookie share lock</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1248">multi_socket: react on socket close immediately</a>
</ul>

<a name="7_30_0"></a>
SUBTITLE(Fixed in 7.30.0 - April 12 2013)
<img src="/pix/alert.png"
align="right" alt="Release contains security-related bug fix" border="0">
<p> Changes:
<ul class="changes">
 CHG imap: Changed response tag generation to be completely unique
 CHG imap: Added support for SASL-IR extension
 CHG imap: Added support for the list command
 CHG imap: Added support for the append command
 CHG imap: Added custom request parsing
 CHG imap: Added support to the fetch command for UID and SECTION properties
 CHG imap: Added parsing and verification of the UIDVALIDITY mailbox attribute
 CHG darwinssl: Make certificate errors less techy
 CHG imap/pop3/smtp: Added support for the STARTTLS capability
 CHG checksrc: ban use of sprintf, vsprintf, strcat, strncat and gets

 CHG <a href="https://curl.haxx.se/bug/view.cgi?id=1168">curl_global_init() now
     accepts the CURL_GLOBAL_ACK_EINTR flag</a>

 CHG Added CURLMOPT_MAX_HOST_CONNECTIONS, CURLMOPT_MAX_TOTAL_CONNECTIONS for
     new multi interface connection handling

 CHG <a
     href="https://daniel.haxx.se/blog/2013/03/26/better-pipelining-in-libcurl-7-30-0/">Added
     CURLMOPT_MAX_PIPELINE_LENGTH, CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE,
     CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE, CURLMOPT_PIPELINING_SITE_BL and
     CURLMOPT_PIPELI NING_SERVER_BL for new pipelining control</a>
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="https://curl.haxx.se/docs/CVE-2013-1944.html">SECURITY ADVISORY: cookie tailmatching to avoid cross-domain leakage</a>
 BGF darwinssl: Fix build under Leopard
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1184">DONE: consider callback-aborted transfers premature</a>
 BGF ntlm: Fixed memory leaks
 BGF smtp: Fixed an issue when processing EHLO failure responses
 BGF pop3: Fixed incorrect return value from pop3_endofresp()
 BGF pop3: Fixed SASL authentication capability detection
 BGF pop3: Fixed blocking SSL connect when connecting via POP3S
 BGF imap: Fixed memory leak when performing multiple selects
 BGF nss: fix misplaced code enabling non-blocking socket mode
 BGF <a href="https://curl.haxx.se/mail/archive-2013-02/0040.html">AddFormData: prevent only directories from being posted</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2013-03/0014.html">darwinssl: fix infinite loop if server disconnected abruptly</a>
 BGF metalink: fix improbable crash parsing metalink filename
 BGF show proper host name on failed resolve
 BGF MacOSX-Framework: Make script work in Xcode 4.0 and later
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1192">strlcat: remove function</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2013-02/0145.html">darwinssl: Fix send glitchiness with data > 32 or so KB</a>
 BGF polarssl: better 1.1.x and 1.2.x support
 BGF various documentation improvements
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1194">multi: NULL pointer reference when closing an unused multi handle</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1190">SOCKS: fix socks proxy when noproxy matched</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1195">install-sh: updated to support multiple source files as arguments</a>
 BGF PolarSSL: added human readable error strings
 BGF resolver_error: remove wrong error message output
 BGF docs: updates HTML index and general improvements
 BGF curlbuild.h.dist: enhance non-configure GCC ABI detection logic
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1193">sasl: Fixed null pointer reference when decoding empty digest challenge</a>
 BGF easy: do not ignore poll() failures other than EINTR
 BGF darwinssl: disable ECC ciphers under Mountain Lion by default
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1204">CONNECT: count received headers</a>
 BGF build: fixes for VMS
 BGF <a href="https://groups.google.com/d/msg/msysgit/B31LNftR4BI/KhRTz0iuGmUJ">CONNECT: clear 'rewindaftersend' on success</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1206">HTTP proxy: insert slash in URL if missing</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1199">hiperfifo: updated to use current libevent API</a>
 BGF getinmemory.c: abort the transfer nicely if not enough memory
 BGF improved win32 memorytracking
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1204">corrected proxy header response headers count</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2013-03/0319.html">FTP quote operations on re-used connection</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1209">tcpkeepalive on win32</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1214">tcpkeepalive on Mac OS X</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1212">easy: acknowledge the CURLOPT_MAXCONNECTS option properly</a>
 BGF easy interface: restore default MAXCONNECTS to 5
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1188">win32: don't set SO_SNDBUF for windows vista or later versions</a>
 BGF HTTP: made cookie sort function more deterministic
 BGF winssl: Fixed memory leak if connection was not successful
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1183">FTP: wait on both connections during active STOR state</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1189">connect: treat a failed local bind of an interface as a non-fatal error</a>
 BGF darwinssl: disable insecure ciphers by default
 BGF <a href="https://curl.haxx.se/mail/lib-2013-04/0113.html">FTP: handle "rubbish" in front of directory name in 257 responses</a>
 BGF mk-ca-bundle: Fixed lost OpenSSL output with "-t"
</ul>

<a name="7_29_0"></a>
SUBTITLE(Fixed in 7.29.0 - February 6 2013)
<img src="/pix/alert.png"
align="right" alt="Release contains security-related bug fix" border="0">
<p> Changes:
<ul class="changes">
 CHG test: offer "automake" output and check for perl better
 CHG <a href="https://daniel.haxx.se/blog/2013/01/17/internally-were-all-multi-now/">always-multi: always use non-blocking internals</a>
 CHG imap: Added support for sasl digest-md5 authentication
 CHG imap: Added support for sasl cram-md5 authentication
 CHG imap: Added support for sasl ntlm authentication
 CHG imap: Added support for sasl login authentication
 CHG imap: Added support for sasl plain text authentication
 CHG imap: Added support for login disabled server capability
 CHG <a href="https://curl.haxx.se/mail/lib-2013-01/0045.html">mk-ca-bundle: add -f, support passing to stdout and more</a>
 CHG writeout: -w now supports remote_ip/port and local_ip/port
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="/docs/CVE-2013-0249.html">SECURITY ADVISORY: SASL buffer overflow vulnerability</a>

 BGF nss: prevent NSS from crashing on client auth hook failure
 BGF darwinssl: Fixed inability to disable peer verification on Snow Leopard and Lion
 BGF curl_multi_remove_handle: fix memory leak triggered with CURLOPT_RESOLVE
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1173">SCP: relative path didn't work as documented</a>
 BGF setup_once.h: HP-UX <sys/socket.h> issue workaround
 BGF configure: fix cross pkg-config detection
 BGF runtests: Do not add undefined values to @INC
 BGF build: fix compilation with CURL_DISABLE_CRYPTO_AUTH flag
 BGF multi: fix re-sending request on early connection close
 BGF HTTP: remove stray CRLF in chunk-encoded content-free request bodies
 BGF build: fix AIX compilation and usage of events/revents
 BGF VC Makefiles: add missing hostcheck
 BGF nss: clear session cache if a client certificate from file is used
 BGF nss: fix error messages for CURLE_SSL_{CACERT,CRL}_BADFILE
 BGF <a href="https://curl.haxx.se/mail/lib-2013-01/0191.html">fix HTTP CONNECT tunnel establishment upon delayed response</a>
 BGF --libcurl: fix for non-zero default options
 BGF FTP: reject illegal port numbers in EPSV 229 responses
 BGF build: use per-target '_CPPFLAGS' for those currently using default
 BGF <a href="https://curl.haxx.se/mail/lib-2012-12/0246.html">configure: fix automake 1.13 compatibility</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1180">curl: ignore SIGPIPE</a>
 BGF pop3: Added support for non-blocking SSL upgrade
 BGF pop3: Fixed default authentication detection
 BGF imap: Fixed usernames and passwords that contain escape characters
 BGF <a href="https://curl.haxx.se/mail/lib-2013-01/0130.html">packages/DOS/common.dj: remove COFF debug info generation</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2013-01/0250.html">imap/pop3/smtp: Fixed failure detection during TLS upgrade</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2013-02/0004.html">pop3: Fixed no known authentication mechanism when fallback is required</a>
 BGF <a href="https://curl.haxx.se/mail/archive-2013-01/0017.html">formadd: reject trying to read a directory where a file is expected</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1171">formpost: support quotes, commas and semicolon in file names</a>
 BGF <a href="https://bugzilla.redhat.com/696783">docs: update the comments about loading CA certs with NSS</a>
 BGF <a href="https://bugzilla.redhat.com/896544">docs: fix typos in man pages</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2013-01/0295.html">darwinssl: Fix bug where packets were sometimes transmitted twice</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1186">winbuild: include version info for .dll .exe</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=1187">schannel: Removed extended error connection setup flag</a>
 BGF VMS: fix and generate the VMS build config
</ul>

<a name="7_28_1"></a>
SUBTITLE(Fixed in 7.28.1 - November 20 2012)
<p> Changes:
<ul class="changes">
 CHG metalink/md5: Use CommonCrypto on Apple operating systems
 CHG href_extractor: new example code extracting href elements
 CHG <a href="https://curl.haxx.se/bug/view.cgi?id=3578163">NSS can be used for metalink hashing</a>
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF Fix broken libmetalink-aware OpenSSL build
 BGF <a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690551">gnutls: fix the error is fatal logic</a>
 BGF darwinssl: un-broke iOS build, fix error on server disconnect
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=3577710">asyn-ares: restore functionality with c-ares < 1.6.1</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=3578418">tlsauthtype: deal with the string case insensitively</a>
 BGF Fixed MSVC libssh2 static build
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=3582407">evhiperfifo: fix the pointer passed to WRITEDATA</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=3582408">BUGS: fix the bug tracker URL</a>
 BGF winbuild: Use machine type of development environment
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=3579064">FTP: prevent the multi interface from blocking</a>
 BGF uniformly use AM_CPPFLAGS, avoid deprecated INCLUDES
 BGF httpcustomheader.c: free the headers after use
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=3582321">fix >2000 bytes POST over NTLM-using proxy</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=3581898">redirects to URLs with fragments</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=3579813">don't send '#' fragments when using proxy</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=3579286">OpenSSL: show full issuer string</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=3582718">fix HTTP auth regression</a>
 BGF <a href="https://daniel.haxx.se/blog/2012/10/25/libcurl-claimed-to-be-dangerous/">CURLOPT_SSL_VERIFYHOST: stop supporting the 1 value</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=3586338">ftp: EPSV-disable fix over SOCKS</a>
 BGF <a href="https://curl.haxx.se/bug/?i=50">Digest: Add microseconds into nounce calculation</a>
 BGF SCP/SFTP: improve error code used for send failures
 BGF SSL: Several SSL-backend related fixes
 BGF removed the notorious "additional stuff not fine" debug output
 BGF OpenSSL: Disable SSL/TLS compression - avoid the "CRIME" attack
 BGF FILE: Make upload-writes unbuffered
 BGF <a href="https://curl.haxx.se/mail/lib-2012-11/0125.html">custom memory callbacks failure with HTTP proxy (and more)</a>
 BGF TFTP: handle resends
 BGF autoconf: don't force-disable compiler debug option
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=3586741">winbuild: Fix PDB file output</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2012-11/0095.html">test2032: spurious failure caused by premature termination</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=3575448">memory leak: CURLOPT_RESOLVE with multi interface</a>
</ul>

<a name="7_28_0"></a>
SUBTITLE(Fixed in 7.28.0 - October 10 2012)
<p> Changes:
<ul class="changes">
 CHG SSH: added agent based authentication
 CHG ftp: active conn, allow application to set sockopt after accept() call with CURLSOCKTYPE_ACCEPT
 CHG <a href="https://daniel.haxx.se/blog/2012/09/03/introducing-curl_multi_wait/">multi: add curl_multi_wait()</a>
 CHG metalink: Added support for Microsoft Windows CryptoAPI
 CHG md5: Added support for Microsoft Windows CryptoAPI
 CHG <a href="https://curl.haxx.se/bug/view.cgi?id=3566860">parse_proxy: treat "socks://x" as a socks4 proxy</a>
 CHG socks: Added support for IPv6 connections through SOCKSv5 proxy
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="https://daniel.haxx.se/blog/2012/10/10/wsapoll-is-broken/">WSAPoll disabled on Windows builds due to its bugs</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=3544688">segfault on request retries</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=3551460">curl-config: parentheses fix</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=3552997">VC build: add define for openssl</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=3546353">globbing: fix segfault when >9 globs were used</a>
 BGF fixed a few clang-analyzer warnings
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=3554668">metalink: change code order to build with gnutls-nettle</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=3554668">gtls: fix build failure by including nettle-specific headers</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=3545398">change preferred HTTP auth on a handle previously used for another auth</a>
 BGF <a href="https://bugzilla.redhat.com/844385">file: use fdopen() to avoid race condition</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2012-07/0271.html">Added DWANT_IDN_PROTOTYPES define for MSVC too</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2012-07/0111.html">verbose: fixed (nil) output of hostnames in re-used connections</a>
 BGF metalink: Un-broke the build when building --with-darwinssl
 BGF curl man page cleanup
 BGF Avoid leak of local device string when reusing connection
 BGF <a href="https://curl.haxx.se/mail/lib-2012-07/0122.html">Curl_socket_check: fix return code for timeout</a>
 BGF nss: do not print misleading NSS error codes
 BGF configure: remove the --enable/disable-nonblocking options
 BGF darwinssl: add TLS 1.1 and 1.2 support, replace deprecated functions
 BGF NTLM: re-use existing connection better
 BGF schannel crash on multi and easy handle cleanup
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=3561305">SOCKS: truly disable it if CURL_DISABLE_PROXY is defined</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2012-09/0019.html">mk-ca-bundle: detect start of trust section better</a>
 BGF <a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685402">gnutls: do not fail on non-fatal handshake errors</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=3564114">SMTP: only send SIZE if supported</a>
 BGF ftpserver: respond with a 250 to SMTP EHLO
 BGF ssh: do not crash if MD5 fingerprint is not provided by libssh2
 BGF winbuild: Added support for building with SPNEGO enabled
 BGF metalink: Fixed validation of binary files containing EOF
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=3568327">setup.h: fixed for MS VC10 build</a>
 BGF cmake: use standard findxxx modules for cmake v2.8+
 BGF <a href="https://curl.haxx.se/mail/lib-2012-09/0127.html">HTTP_ONLY: disable more protocols</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2012-09/0188.html">Curl_reconnect_request: clear pointer on failure</a>
 BGF https.c example: remember to call curl_global_init()
 BGF metalink: Filter resource URLs by type
 BGF <a href="https://curl.haxx.se/mail/lib-2012-09/0081.html">multi interface: CURLOPT_LOW_SPEED_* fix during rate limitation</a>
 BGF curl_schannel: Removed buffer limit and optimized buffer strategy
</ul>

<a name="7_27_0"></a>
SUBTITLE(Fixed in 7.27.0 - July 27 2012)
<p> Changes:
<ul class="changes">
 CHG nss: use human-readable error messages provided by NSS
 CHG <a href="https://daniel.haxx.se/blog/2012/06/03/curling-the-metalink/">added --metalink for metalink download support</a>
 CHG pop3: Added support for sasl plain text authentication
 CHG pop3: Added support for sasl login authentication
 CHG pop3: Added support for sasl ntlm authentication
 CHG pop3: Added support for sasl cram-md5 authentication
 CHG pop3: Added support for sasl digest-md5 authentication
 CHG pop3: Added support for apop authentication
 CHG <a href="https://daniel.haxx.se/blog/2012/06/12/schannel-support-in-libcurl/">Added support for Schannel (Native Windows) SSL/TLS encryption</a>
 CHG <a href="https://daniel.haxx.se/blog/2012/06/28/darwin-native-ssl-for-curl/">Added support for Darwin SSL (Native Mac OS X and iOS)</a>
 CHG <a href="https://bugzilla.redhat.com/676596">http: print reason phrase from HTTP status line on error</a>
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF pop3: Fixed the issue of having to supply the user name for all requests
 BGF configure: fix LDAPS disabling related misplaced closing parenthesis
 BGF cmdline: made -D option work with -O and -J
 BGF configure: Fix libcurl.pc and curl-config generation for static MingW* cross builds
 BGF <a href="https://bugzilla.redhat.com/788526">ssl: fix duplicated SSL handshake with multi interface and proxy</a>
 BGF winbuild: Fix Makefile.vc ignoring USE_IPV6 and USE_IDN flags
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=3533045">OpenSSL: support longer certificate subject names</a>
 BGF openldap: OOM fixes
 BGF log2changes.pl: fix the Version output
 BGF <a href="https://curl.haxx.se/mail/lib-2012-06/0001.html">lib554.c: use curl_formadd() properly</a>
 BGF urldata.h: fix cyassl build clash with wincrypt.h
 BGF <a href="https://daniel.haxx.se/blog/2012/07/08/curls-new-http-cookies-docs/">cookies: changed the URL in the cookiejar headers</a>
 BGF http-proxy: keep CONNECT connections alive (for NTLM)
 BGF NTLM SSPI: fixed to work with unicode user names and passwords
 BGF OOM fix in the curl tool when cloning cmdline options
 BGF fixed some examples to use curl_global_init() properly
 BGF cmdline: stricter numerical option parser
 BGF HTTP HEAD: don't force-close after response-headers
 BGF test231: fix wrong -C use
 BGF docs: switch to proper UTF-8 for text file encoding
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=3546257">keepalive: DragonFly uses milliseconds</a>
 BGF HTTP Digest: Client's "qop" value should not be quoted
 BGF make distclean works again
</ul>

<a name="7_26_0"></a>
SUBTITLE(Fixed in 7.26.0 - May 24 2012)
<p> Changes:
<ul class="changes">
 CHG nss: the minimal supported version of NSS bumped to 3.12.x
 CHG nss: human-readable names are now provided for NSS errors if available
 CHG add a manual page for mk-ca-bundle
 CHG added --post303 and the CURL_REDIR_POST_303 option for CURLOPT_POSTREDIR
 CHG smtp: Add support for DIGEST-MD5 authentication
 CHG pop3: Added support for additional pop3 commands
 CHG curl: -w now supports 'filename_effective'
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="https://bugzilla.redhat.com/738456">nss: libcurl now uses NSS_InitContext() to prevent collisions if available</a>
 BGF <a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670126">URL parse: reject numerical IPv6 addresses outside brackets</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2012-04/0246.html">MD5: fix OOM memory leak</a>
 BGF OpenSSL cert: provide more details when cert check fails
 BGF <a href="https://curl.haxx.se/mail/archive-2012-04/0060.html">HTTP: empty chunked POST ended up in two zero size chunks</a>
 BGF fixed a regression when curl resolved to multiple addresses and the first isn't supported [7]
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=3517418">-# progress meter: avoid superfluous updates and duplicate lines</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2012-04/0127.html">headers: surround GCC attribute names with double underscores</a>
 BGF PolarSSL: correct return code for CRL matches
 BGF PolarSSL: include version number in version string
 BGF PolarSSL: add support for asynchronous connect
 BGF <a href="https://curl.haxx.se/mail/lib-2012-03/0238.html">mk-ca-bundle: revert the LWP usage</a>
 BGF IPv6 cookie domain: get rid of the first bracket before the second
 BGF connect.c: return changed to CURLE_COULDNT_CONNECT when opensocket fails
 BGF <a href="https://tools.ietf.org/html/rfc6125#section-6.4.3">OpenSSL: Made cert hostname check conform to RFC 6125</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=3510057">HTTP: reset expected DL/UL sizes on redirects</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2012-03/0278.html">CMake: fix Windows LDAP/LDAPS option handling</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2012-03/0255.html">CMake: fix MS Visual Studio x64 unsigned long long literal suffix</a>
 BGF configure: update detection logic of getaddrinfo() thread-safeness
 BGF configure: check for gethostbyname in the watt lib
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=3528241">curl-config.1: fix curl-config usage in example</a>
 BGF smtp: Fixed non-escaping of dot character at beginning of line
 BGF MakefileBuild.vc: use the correct IDN variable
 BGF autoconf: improve handling of versioned symbols
 BGF curl.1: clarify -x usage
 BGF curl: shorten user-agent
 BGF <a href="https://curl.haxx.se/mail/lib-2012-05/0108.html">smtp: issue with the multi-interface always sending postdata</a>
 BGF compile error with GnuTLS+Nettle fixed
 BGF winbuild: fix IPv6 enabled build
</ul>

<a name="7_25_0"></a>
SUBTITLE(Fixed in 7.25.0 - March 22 2012)
<p> Changes:
<ul class="changes">
 CHG <a href="https://curl.haxx.se/mail/lib-2012-02/0009.html">configure: add option disable --libcurl output</a>
 CHG <a href="https://curl.haxx.se/mail/lib-2012-02/0001.html">--ssl-allow-beast and CURLOPT_SSL_OPTIONS added</a>
 CHG <a href="https://curl.haxx.se/mail/lib-2012-01/0264.html">Added CURLOPT_TCP_KEEPALIVE, CURLOPT_TCP_KEEPIDLE, CURLOPT_TCP_KEEPINTVL</a>
 CHG <a href="https://curl.haxx.se/mail/lib-2012-01/0263.html">curl: use new library-side TCP_KEEPALIVE options</a>
 CHG <a href="https://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTMAILAUTH">Added a new CURLOPT_MAIL_AUTH option</a>
 CHG <a href="https://curl.haxx.se/docs/manpage.html#--mail-auth">Added support for --mail-auth</a>
 CHG <a href="https://curl.haxx.se/docs/manpage.html#--libcurl">--libcurl now also works with -F and more!</a>
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="https://curl.haxx.se/mail/lib-2012-02/0098.html">--max-redirs: allow negative numbers as option value</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2012-02/0000.html">parse_proxy: bail out on zero-length proxy names</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2012-02/0052.html">configure: don't modify LD_LIBRARY_PATH for cross compiles</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=3481551">curl_easy_reset: reset the referer string</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=3481223">curl tool: don't abort glob-loop due to failures</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=3482093">CONNECT: send correct Host: with IPv6 numerical address</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2012-01/0303.html">Explicitly link to the nettle/gcrypt libraries</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2012-01/0190.html">more resilient connection times among IP addresses</a>
 BGF winbuild: fix IPV6 and IDN options
 BGF SMTP: Fixed error when using CURLOPT_CONNECT_ONLY
 BGF cyassl: update to CyaSSL 2.0.x API
 BGF smtp: Fixed an issue with the EOB checking
 BGF <a href="https://curl.haxx.se/mail/lib-2012-02/0051.html">pop3: Fixed drop of final CRLF in EOB checking</a>
 BGF smtp: Fixed an issue with writing postdata
 BGF smtp: Added support for returning SMTP response codes
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=3493129">CONNECT: fix ipv6 address in the Request-Line</a>
 BGF curl-config: only provide libraries with --libs
 BGF <a href="https://curl.haxx.se/mail/lib-2012-03/0046.html">LWIP: don't consider HAVE_ERRNO_H to be winsock</a>
 BGF ssh: tunnel through HTTP proxy if requested
 BGF <a href="https://curl.haxx.se/mail/lib-2012-03/0036.html">cookies: strip off [brackets] from numerical ipv6 host names</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=3494091">libcurl docs: version corrections</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=3494968">cmake: list_spaces_append_once failure</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2012-03/0045.html">resolve with c-ares: don't resolve IPv6 when not working</a>
 BGF smtp: changed error code for EHLO and HELO responses
 BGF parsedate: fix a numeric overflow
</ul>

<a name="7_24_0"></a>
SUBTITLE(Fixed in 7.24.0 - January 24 2012)
<img src="/pix/alert.png"
align="right" alt="Release contains security-related bug fix" border="0">
<p> Changes:
<ul class="changes">
 CHG <a href="https://curl.haxx.se/mail/lib-2011-11/0205.html">CURLOPT_QUOTE: SFTP supports the '*'-prefix now</a>
 CHG <a href="https://curl.haxx.se/mail/lib-2011-11/0067.html">CURLOPT_DNS_SERVERS: set name servers if possible</a>
 CHG <a href="https://curl.haxx.se/mail/lib-2011-11/0164.html">Add support for using nettle instead of gcrypt as gnutls backend</a>
 CHG <a href="https://curl.haxx.se/mail/lib-2011-12/0107.html">CURLOPT_INTERFACE: avoid resolving interfaces names with magic prefixes</a>
 CHG <a href="https://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTACCEPTTIMOUTMS">Added CURLOPT_ACCEPTTIMEOUT_MS</a>
 CHG <a href="https://curl.haxx.se/mail/lib-2011-12/0133.html">configure: add symbols versioning option --enable-versioned-symbols</a>
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="https://curl.haxx.se/docs/CVE-2012-0036.html">curl was vulnerable to a data injection attack for certain protocols</a> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0036">CVE-2012-0036</a>
 BGF <a href="https://curl.haxx.se/docs/CVE-2011-3389.html">curl was vulnerable to a SSL CBC IV vulnerability when built to use OpenSSL</a>

 BGF <a href="https://curl.haxx.se/mail/lib-2011-11/0116.html">SSL session share: move the age counter to the share object</a>
 BGF <a href="https://curl.haxx.se/mail/archive-2011-11/0030.htm">-J -O: use -O name if no Content-Disposition header comes!</a>
 BGF <a href="https://curl.haxx.se/mail/archive-2011-11/0035.html">protocol_connect: show verbose connect and set connect time</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2011-11/0218.html">query-part: ignore the URI part for given protocols</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2011-11/0267.html">gnutls: only translate winsock errors for old versions</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2011-11/0279.html">POP3: fix end of body detection</a>
 BGF POP3: detect when LIST returns no mails
 BGF <a href="https://curl.haxx.se/mail/lib-2011-11/0247.html">TELNET: improved treatment of options</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2011-11/0294.html">configure: add support for pkg-config detection of libidn</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=3442068">CyaSSL 2.0+ library initialization adjustment</a>
 BGF multi interface: only use non-NULL socker function pointer
 BGF call opensocket callback properly for active FTP
 BGF <a href="https://curl.haxx.se/mail/lib-2011-12/0018.html">don't call close socket callback for sockets created with accept()</a>
 BGF <a href="https://curl.haxx.se/mail/archive-2011-12/0010.html">differentiate better between host/proxy errors</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=3451592">SSH: fix CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 and --hostpubmd5</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2011-11/0371.html">multi: handle timeouts on DNS servers by checking for new sockets</a>
 BGF CURLOPT_DNS_SERVERS: fix return code
 BGF <a href="https://curl.haxx.se/mail/lib-2011-11/0368.html">POP3: fixed escaped dot not being stripped out</a>
 BGF <a href="https://curl.haxx.se/mail/archive-2011-12/0012.html">OpenSSL: check for the SSLv2 function in configure</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2011-12/0063.html">MakefileBuild: fix the static build</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2011-12/0010.html">create_conn: don't switch to HTTP protocol if tunneling is enabled</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2011-12/0070.html">multi interface: fix block when CONNECT_ONLY option is used</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2011-11/0022.html">Fix connection reuse for TLS upgraded connections</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2011-12/0121.html">multiple file upload with -F and custom type</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2011-12/0179.html">multi interface: active FTP connections are no longer blocking</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2011-12/0215.html">Android build fix</a>
 BGF <a href="https://curl.haxx.se/mail/archive-2011-12/0022.html">timer: restore PRETRANSFER timing</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2011-12/0218.html">libcurl.m4: Fix quoting arguments of AC_LANG_PROGRAM</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2011-12/0211.html">appconnect time fixed for non-blocking connect ssl backends</a>
 BGF <a href="https://bugzilla.redhat.com/767490">do not include SSL handshake into time spent waiting for 100-continue</a>
 BGF handle dns cache case insensitive
 BGF <a href="https://curl.haxx.se/mail/lib-2011-12/0314.html">use new host name casing for subsequent HTTP requests</a>
 BGF CURLOPT_RESOLVE: avoid adding already present host names
 BGF <a href="https://curl.haxx.se/mail/lib-2011-12/0249.html">SFTP mkdir: use correct permission</a>
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=3463121">resolve: don't leak pre-populated dns entries</a>
 BGF --retry: Retry transfers on timeout and DNS errors
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=3466497">negotiate with SSPI backend: use the correct buffer for input</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2011-12/0249.html">SFTP dir: increase buffer size counter to avoid cut off file names</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2012-01/0146.html">TFTP: fix resending (again)</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2012-01/0160.html">c-ares: don't include getaddrinfo-using code</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2012-01/0096.html">FTP: CURLE_PARTIAL_FILE will not close the control channel</a>
 BGF win32-threaded-resolver: stop using a dummy socket
 BGF <a href="https://curl.haxx.se/mail/lib-2012-01/0049.html">OpenSSL: remove reference to openssl internal struct</a>
 BGF OpenSSL: SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option no longer enabled
 BGF OpenSSL: fix PKCS#12 certificate parsing related memory leak
 BGF <a href="https://curl.haxx.se/bug/view.cgi?id=3474308">OpenLDAP: fix LDAP connection phase memory leak</a>
 BGF Telnet: Use correct file descriptor for telnet upload
 BGF Telnet: Remove bogus optimisation of telnet upload
 BGF URL parse: user name with ipv6 numerical address
 BGF polarssl: show cipher suite name correctly with 1.1.0
 BGF polarssl: havege_rand is not present in version 1.1.0 WARNING, we still use the <a href="https://tls.mbed.org/tech-updates/security-advisories/polarssl-security-advisory-2011-02">old API which is said to be insecure</a>
 BGF <a href="https://curl.haxx.se/mail/lib-2012-01/0225.html">gnutls: enforced use of SSLv3</a>
</ul>

<a name="7_23_1"></a>
SUBTITLE(Fixed in 7.23.1 - November 17 2011)
<p> Bugfixes:
<ul class="bugfixes">
 BGF Windows: curl would fail if it found no CA cert, unless -k was used. Even
     if a non-SSL protocol URL was used
</ul>

<a name="7_23_0"></a>
SUBTITLE(Fixed in 7.23.0 - November 15 2011)
<p> Changes:
<ul class="changes">
 CHG Empty headers can be sent in HTTP requests by terminating with a semicolon
 CHG SSL session sharing support added to curl_share_setopt()
 CHG Added support to MAIL FROM for the optional SIZE parameter
 CHG smtp: Added support for NTLM authentication
 CHG curl tool: code split into tool_*.[ch] files
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF handle HTTP redirects to "https://hostname/path"
 BGF SMTP without --mail-from caused segfault
 BGF prevent extra progress meter headers between multiple files
 BGF allow Content-Length to be replaced when sending HTTP requests
 BGF curl now always sets postfieldsize to allow --data-binary and --data
   to be mixed in the same command line
 BGF curl_multi_fdset: avoid FD_SET out of bounds
 BGF lots of MinGW build tweaks
 BGF Curl_gethostname: return un-qualified machine name
 BGF fixed the openssl version number configure check
 BGF nss: certificates from files are no longer looked up by file base names
 BGF returning abort from the progress function when using the multi interface
   would not properly cancel the transfer and close the connection
 BGF fix libcurl.m4 to not fail with modern gcc versions
 BGF ftp: improved the failed PORT host name resolved error message
 BGF TFTP timeout and unexpected block adjustments
 BGF HTTP and GOPHER test server-side connection closing adjustments
 BGF fix endless loop upon transport connection timeout
 BGF don't clobber errno on failed connect
 BGF typecheck: allow NULL to unset CURLOPT_ERRORBUFFER
 BGF formdata: ack read callback abort
 BGF make --show-error properly position independent
 BGF set the ipv6-connection boolean correctly on connect
 BGF SMTP: fix end-of-body string escaping
 BGF gtls: only call gnutls_transport_set_lowat with <gnutls-2.12.0
 BGF HTTP: handle multiple auths in a single WWW-Authenticate line
 BGF curl_multi_fdset: correct fdset with FTP PORT use
 BGF windbuild: fix the static build
 BGF fix builds with GnuTLS version 3
 BGF fix calling of OpenSSL's ERR_remove_state(0)
 BGF HTTP auth: fix proxy Negotiate bug when Negotiate not requested
 BGF ftp PORT: don't hang if bind() fails
 BGF -# would crash on terminals wider than 256 columns
</ul>

<a name="7_22_0"></a>
SUBTITLE(Fixed in 7.22.0 - September 13 2011)
<p> Changes:
<ul class="changes">
 CHG Added CURLOPT_GSSAPI_DELEGATION
 CHG Added support for NTLM delegation to Samba's winbind daemon helper ntlm_auth
 CHG Display notes from setup file in testcurl.pl
 CHG BSD-style lwIP TCP/IP stack experimental support on Windows
 CHG OpenSSL: Use SSL_MODE_RELEASE_BUFFERS if available
 CHG --delegation was added to set CURLOPT_GSSAPI_DELEGATION
 CHG nss: start with no database if the selected database is broken
 CHG telnet: allow programmatic use on Windows
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF curl_getdate: detect some illegal dates better
 BGF when sending a request and an error is received before the (entire) request
   body is sent, stop sending the request and close the connection after
   having received the entire response. This is equally true if an Expect:
   100-continue header was used.
 BGF When using both -J and a single -O with multiple URLs, a missing init
   could cause a segfault
 BGF -J fixed for escaped quotes
 BGF -J fixed for file names with semicolons
 BGF progress: reset flags at transfer start to avoid wrong
   CURLINFO_CONTENT_LENGTH_DOWNLOAD
 BGF curl_gssapi: Guard files with HAVE_GSSAPI and rename private header
 BGF silence picky compilers: mark unused parameters
 BGF help output: more gnu like output
 BGF libtests: stop checking for CURLM_CALL_MULTI_PERFORM
 BGF setting a non-HTTP proxy with an environment variable or with CURLOPT_PROXY
   / --proxy (without specifying CURLOPT_PROXYTYPE) would still make it do
   proxy-like HTTP requests
 BGF CURLFORM_BUFFER: insert filename as documented (regression)
 BGF SOCKS: fix the connect timeout
 BGF ftp_doing: bail out on error properly while multi interfacing
 BGF improved Content-Encoded decoding error message
 BGF asyn-thread: check for dotted addresses before thread starts
 BGF cmake: find winsock when building on windows
 BGF Curl_retry_request: check return code
 BGF cookies: handle 'secure=' as if it was 'secure'
 BGF tests: break busy loops in tests 502, 555, and 573
 BGF FTP: fix proxy connect race condition with multi interface and SOCKS proxy
 BGF RTSP: GET_PARAMETER requests have a body
 BGF fixed several memory leaks in OOM situations
 BGF bad expire(0) caused multi_socket API to hang
 BGF Avoid ftruncate() static define with mingw64
 BGF mk-ca-bundle.pl: ignore untrusted certs
 BGF builds with PolarSSL 1.0.0
</ul>
<a name="7_21_7"></a>
SUBTITLE(Fixed in 7.21.7 - June 23 2011)
<a href="https://curl.haxx.se/docs/CVE-2011-2192.html"><img src="/pix/alert.png"
align="right" alt="Release contains security-related bug fix" border="0"></a>
<p> Changes:
<ul class="changes">
 CHG recognize the [protocol]:// prefix in proxy hosts where the protocol is one
   of socks4, socks4a, socks5 or socks5h.
 CHG Added CURLOPT_CLOSESOCKETFUNCTION and CURLOPT_CLOSESOCKETDATA
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="/docs/CVE-2011-2192.html">SECURITY ADVISORY: inappropriate GSSAPI delegation</a>

 BGF NTLM: work with unicode
 BGF fix connect with SOCKS proxy when using the multi interface
 BGF anyauthput.c: stdint.h must not be included unconditionally
 BGF CMake: improved build
 BGF SCP/SFTP enable non-blocking earlier
 BGF GnuTLS handshake: fix timeout
 BGF cyassl: build without filesystem
 BGF HTTPS over HTTP proxy using the multi interface
 BGF speedcheck: invalid timeout event on a reused handle
 BGF Force connection close for HTTP 200 OK when time condition matched
 BGF curl_formget: fix FILE * leak
 BGF configure: improved OpenSSL detection
 BGF Android build: support gingerbread
 BGF CURLFORM_STREAM: acknowledge CURLFORM_FILENAME
 BGF windows build: use correct MS CRT
 BGF pop3: remove extra space in LIST command
</ul>

<a name="7_21_6"></a>
SUBTITLE(Fixed in 7.21.6 - April 22 2011)
<p> Changes:
<ul class="changes">
 CHG Added --tr-encoding and CURLOPT_TRANSFER_ENCODING
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF curl-config: fix --version
 BGF curl_easy_setopt.3: CURLOPT_PROXYTYPE clarification
 BGF use HTTPS properly after CONNECT
 BGF SFTP: close file before post quote operations
</ul>

<a name="7_21_5"></a>
SUBTITLE(Fixed in 7.21.5 - April 17 2011)
<p> Changes:
<ul class="changes">
 CHG SOCKOPTFUNCTION: callback can say already-connected
 CHG Added --netrc-file
 CHG Added (new) support for cyassl
 CHG TLS-SRP: enabled with OpenSSL
 CHG Added CURLE_NOT_BUILT_IN and CURLE_UNKNOWN_OPTION
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF nss: avoid memory leak on SSL connection failure
 BGF nss: do not ignore failure of SSL handshake
 BGF multi: better failed connect handling when using FTP, SMTP, POP3 and IMAP
 BGF runtests.pl: fix pid number concatenation that prevented it from killing
   the correct process at times
 BGF PolarSSL: Return 0 on receiving TLS CLOSE_NOTIFY alert
 BGF curl_easy_setopt.3: Removed wrong reference to CURLOPT_USERPASSWORD
 BGF multi: close connection on timeout
 BGF IMAP in multi mode does SSL connections non-blocking
 BGF honours the --disable-ldaps configure option
 BGF Force setopt constants written by --libcurl to be long
 BGF ssh_connect: treat libssh2 return code better
 BGF SFTP upload could stall the state machine when the multi_socket API was
   used
 BGF SFTP and SCP could leak memory when used with the multi interface and
   the connection was closed
 BGF Added missing file to repair the MSVC makefiles
 BGF Fixed detection of recvfrom arguments on Android/bionic
 BGF GSS: handle reuse fix
 BGF transfer: avoid insane conversion of time_t
 BGF nss: do not ignore value of CURLOPT_SSL_VERIFYPEER in certain cases
 BGF SMTP-multi: non-blocking connect
 BGF SFTP-multi: set cselect for sftp and scp to fix "stall" risk
 BGF configure: removed wrongly claimed default paths
 BGF pop3: fixed torture tests to succeed
 BGF symbols-in-versions: many corrections
 BGF if a HTTP request gets retried because the connection was dead, rewind if
   any data was sent as part of it
 BGF only probe for working ipv6 once and then re-use that info for further
   requests
 BGF requests that are asked to bound to a local interface/port will no longer
   wrongly re-use connections that aren't
 BGF libcurl.m4: Add missing quotes in AC_LINK_IFELSE
 BGF progress output: don't print the last update on a separate line
 BGF POP3: the command to send is STLS, not STARTTLS
 BGF POP3: PASS command was not sent after upgrade to TLS
 BGF configure: fix libtool warning
 BGF nss: allow to use multiple client certificates for a single host
 BGF HTTP pipelining: Fix handling of zero-length responses
 BGF Don't list NTLM in curl-config when HTTP is disabled
 BGF curl_easy_setopt.3: CURLOPT_RESOLVE typo version
 BGF OpenSSL: build fine with no-sslv2 versions
 BGF checkconnection: don't call with NULL pointer with RTSP and multi interface
 BGF Borland makefile updates
 BGF configure: libssh2 link fix without pkg-config
 BGF certinfo crash
 BGF CCC crash
</ul>

<a name="7_21_4"></a>
SUBTITLE(Fixed in 7.21.4 - February 17 2011)
<p> Changes:
<ul class="changes">
 CHG CURLINFO_FTP_ENTRY_PATH now supports SFTP
 CHG introduced new framework for unit-testing
 CHG IDN: use win32 API if told to
 CHG ares: ask for both IPv4 and IPv6 addresses
 CHG HTTP: do Negotiate authentication using SSPI on windows
 CHG Windows build: alternative makefile
 CHG TLS-SRP: support added when using GnuTLS
 CHG added support for axTLS
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF SMTP: add brackets for MAIL FROM
 BGF ossl_seed: no more RAND_screen (on Windows)
 BGF multi: connect fail => use next IP address
 BGF use the timeout when using multiple IP addresses similar to how
   the easy interface does it
 BGF cookies: tricked dotcounter fixed
 BGF pubkey_show: allocate buffer to fit any-size result
 BGF Curl_nss_connect: avoid PATH_MAX
 BGF Curl_do: avoid using stale conn pointer
 BGF tftpd test server: avoid buffer overflow report from glibc
 BGF nss: avoid CURLE_OUT_OF_MEMORY given a file name without any slash
 BGF nss: fix a bug in handling of CURLOPT_CAPATH
 BGF CMake: Use upstream CheckTypeSize module
 BGF OpenSSL get_cert_chain: support larger data sets
 BGF SCP/SFTP transfers: acknowledge speedcheck
 BGF GnuTLS builds: fix memory leak
 BGF connect problem: use UDP correctly
 BGF Borland C++ makefile tweaks
 BGF OpenSSL: improved error message on SSL_CTX_new failures
 BGF HTTP: memory leak on multiple Location:
 BGF ares_query_completed_cb: don't touch invalid data
 BGF ares: memory leak fix
 BGF mk-ca-bundle: use new cacert url
 BGF Curl_gmtime: added a portable gmtime and check for NULL
 BGF curl.1: typo in -v description
 BGF CURLOPT_SOCKOPTFUNCTION: return proper error code
 BGF --keepalive-time: warn if not supported properly
 BGF file: add support for CURLOPT_TIMECONDITION
 BGF nss: avoid memory leaks and failure of NSS shutdown
 BGF multi: fix CURLM_STATE_TOOFAST for multi_socket
</ul>

<a name="7_21_3"></a>
SUBTITLE(Fixed in 7.21.3 - December 15 2010)
<p> Changes:
<ul class="changes">
 CHG Added --noconfigure switch to testcurl.pl
 CHG Added --xattr option
 CHG Added CURLOPT_RESOLVE and --resolve
 CHG Added CURLAUTH_ONLY
 CHG Added version-check.pl to the examples dir
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF check for libcurl features for some command line options
 BGF Curl_setopt: disallow CURLOPT_USE_SSL without SSL support
 BGF http_chunks: remove debug output
 BGF URL-parsing: consider ? a divider
 BGF SSH: avoid using the libssh2_ prefix
 BGF SSH: use libssh2_session_handshake() to work on win64
 BGF ftp: prevent server from hanging on closed data connection when stopping
   a transfer before the end of the full transfer (ranges)
 BGF LDAP: detect non-binary attributes properly
 BGF ftp: treat server's response 421 as CURLE_OPERATION_TIMEDOUT
 BGF gnutls->handshake: improved timeout handling
 BGF security: Pass the right parameter to init
 BGF krb5: Use GSS_ERROR to check for error
 BGF TFTP: resend the correct data
 BGF configure: fix autoconf 2.68 warning: no AC_LANG_SOURCE call detected
 BGF GnuTLS: now detects socket errors on Windows
 BGF symbols-in-versions: updated en masse
 BGF added a couple examples that were missing from the tar ball
 BGF Curl_send/recv_plain: return errno on failure
 BGF Curl_wait_for_resolv (for c-ares): correct timeout
 BGF ossl_connect_common: detect connection re-use
 BGF configure: Prevent link errors with --librtmp
 BGF openldap: use remote port in URL passed to ldap_init_fd()
 BGF url: provide dead_connection flag in Curl_handler::disconnect
 BGF lots of compiler warning fixes
 BGF ssh: fix a download resume point calculation
 BGF fix getinfo CURLINFO_LOCAL* for reused connections
 BGF multi: the returned running handles conuter could turn negative
 BGF multi: only ever consider pipelining for connections doing HTTP(S)
</ul>

<a name="7_21_2"></a>
SUBTITLE(Fixed in 7.21.2 - October 13 2010)
<a href="https://curl.haxx.se/docs/CVE-2010-3842.html"><img src="/pix/alert.png"
align="right" alt="Release contains security-related bug fix" border="0"></a>
<p> Changes:
<ul class="changes">
 CHG curl -T: ignore file size of special files
 CHG Added GOPHER protocol support
 CHG Added mk-ca-bundle.vbs script
 CHG c-ares build now requires c-ares >= 1.6.0
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="https://curl.haxx.se/docs/CVE-2010-3842.html">--remote-header-name security vulnerability fixed</a>
 BGF multi: support the timeouts correctly, fixes known bug #62
 BGF multi: use timeouts properly for MAX_RECV/SEND_SPEED
 BGF negotiation: Wrong proxy authorization
 BGF multi: avoid sending multiple complete messages
 BGF cmdline: make -F type= accept ;charset=
 BGF RESUME_FROM: clarify what ftp uploads do
 BGF http: handle trailer headers in all chunked responses
 BGF Curl_is_connected: use correct errno
 BGF Added SSPI build to Watcom makefile
 BGF progress: callback for POSTs less than MAX_INITIAL_POST_SIZE
 BGF linking problem on Fedora 13
 BGF Link curl and the test apps with -lrt explicitly when necessary
 BGF chunky parser: only rewind stream internally if needed
 BGF remote-header-name: don't output filename when NULL
 BGF Curl_timeleft: avoid returning "no timeout" by mistake
 BGF timeout: use the correct start value as offset
 BGF FTP: fix wrong timeout trigger
 BGF buildconf got better output on failures
 BGF rtsp: avoid SIGSEGV on malformed header
 BGF LDAP: Support for tunnelling queries through HTTP proxy
 BGF configure's --enable-werror had a bashism
 BGF test565: Don't hardcode IP:PORT
 BGF configure: check for gcrypt if using GnuTLS
 BGF configure: don't enable RTMP if the lib detect fails
 BGF curl_easy_duphandle: clone the c-ares handle correctly
 BGF MacOSX-Framework: updates for Snowleopard
 BGF support URL containing colon without trailing port number
 BGF parsedate: allow time specified without seconds
 BGF curl_easy_escape: don't escape "unreserved" characters
 BGF SFTP: avoid downloading negative sizes
 BGF Lots of GSS/KRB FTP fixes
 BGF TFTP: Work around tftpd-hpa upload bug
 BGF libcurl.m4: several fixes
 BGF HTTP: remove special case for 416
 BGF examples: use example.com in example URLs
 BGF globbing: fix crash on unballanced open brace
 BGF cmake: build fixed
</ul>

<a name="7_21_1"></a>
SUBTITLE(Fixed in 7.21.1 - August 11 2010)
<p> Changes:
<ul class="changes">
 CHG maketgz: produce CHANGES automatically
 CHG added support for NTLM authentication when compiled with NSS
 CHG build: Enable configure --enable-werror
 CHG curl-config: --built-shared returns shared info
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF configure: spell --disable-threaded-resolver correctly
 BGF multi: call the progress callback in all states
 BGF multi: unmark handle as used when no longer head of pipeline
 BGF sendrecv: treat all negative values from send/recv as errors
 BGF ftp-wildcard: avoid tight loop when used without any pattern
 BGF multi_socket: re-use of same socket without notifying app
 BGF ftp wildcard: FTP LIST parser FIX
 BGF urlglobbing backslash escaping bug
 BGF build: add enable IPV6 option for the VC makefiles
 BGF multi: CURLINFO_LASTSOCKET doesn't work after remove_handle
 BGF --libcurl: use *_LARGE options with typecasted constants
 BGF --libcurl: hide setopt() calls setting default options
 BGF curl: avoid setting libcurl options to its default
 BGF --libcurl: list the tricky options instead of using [REMARK]
 BGF http: don't enable chunked during authentication negotiations
 BGF upload: warn users trying to upload from stdin with anyauth
 BGF configure: allow environments variable to override internals
 BGF threaded resolver: fix timeout issue
 BGF multi: fix condition that remove timers before trigger
 BGF examples: add curl_multi_timeout
 BGF --retry: access violation with URL part sets continued
 BGF ssh: Fix compile error on 64-bit systems.
 BGF remote-header-name: chop filename at next semicolon
 BGF ftp: response timeout bug in "quote" sending
 BGF CUSTOMREQUEST: shouldn't be disabled when HTTP is disabled
 BGF Watcom makefiles overhaul.
 BGF NTLM tests: boost coverage by forcing the hostname
 BGF multi: fix FTPS connecting the data connection with OpenSSL
 BGF retry: consider retrying even if -f is used
 BGF fix SOCKS problem when using multi interface
 BGF typecheck-gcc: add checks for recently added options
 BGF SCP: send large files properly with new enough libssh2
 BGF multi_socket: set timeout for 100-continue
 BGF ";type=" URL suffix over HTTP proxy
 BGF acknowledge progress callback error returns during connect
 BGF Watcom makefile fixes
 BGF runtests: clear old setenv remainders before test
</ul>

<a name="7_21_0"></a>
SUBTITLE(Fixed in 7.21.0 - June 16 2010)
<p> Changes:
<ul class="changes">
 CHG added the --proto and -proto-redir options
 CHG new configure option --enable-threaded-resolver
 CHG improve TELNET ability with libcurl
 CHG added support for PolarSSL
 CHG added support for FTP wildcard matching and downloads
 CHG added support for RTMP
 CHG introducing new LDAP code for new enough OpenLDAP
 CHG OpenLDAP support enabled for cygwin builds
 CHG added CURLINFO_PRIMARY_PORT, CURLINFO_LOCAL_IP and CURLINFO_LOCAL_PORT
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF prevent needless reverse name lookups
 BGF detect GSS on ancient Linux distros
 BGF GnuTLS: EOF caused error when it wasn't
 BGF GnuTLS: SSL handshake phase is non-blocking
 BGF -J/--remote-header-name strips CRLF
 BGF MSVC makefiles now use ws2_32.lib instead of wsock32.lib
 BGF -O crash on windows
 BGF SSL handshake timeout underflow in libcurl-NSS
 BGF multi interface missed storing connection time
 BGF broken CRL support in libcurl-NSS
 BGF ignore response-body on redirect even if compressed
 BGF OpenSSL handshake state-machine for multi interface
 BGF TFTP timeout option sent correctly
 BGF TFTP block id wrap
 BGF curl_multi_socket_action() timeout handles inaccuracy in timers better
 BGF SCP/SFTP failure to respect the timeout
 BGF spurious SSL connection aborts with OpenSSL
</ul>

<a name="7_20_1"></a>
SUBTITLE(Fixed in 7.20.1 - April 14 2010)
<p> Changes:
<ul class="changes">
 CHG The 'ares' subtree has been removed from the source repository
 CHG smoother rate limiting
 CHG allow user+password in the URL for all protocols
 CHG POP3: Get message listing if no mailbox in URL
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF VMS builder bad behavior when used in a batch job
 BGF multiple recipients with SMTP
 BGF fixed the CURL_FORMAT_* defines when building with cmake
 BGF missing quote in libcurl.m4
 BGF SMTP: now waits for 250 after the DATA transfer
 BGF SMTP: use angle brackets in RCPT TO
 BGF curl --trace-time not using local time
 BGF off-by-one in the chunked encoding trailer parser
 BGF superfluous blocking for OpenSSL-based SSL connects and multi interface
 BGF TFTP upload
 BGF FTP timeouts after file transferred completely
 BGF skip poll() on Interix
 BGF CURLOPT_CERTINFO memory leak
 BGF sub-second timeouts improvements
 BGF configure fixes for GSSAPI
 BGF threaded resolver double free when closing curl handle
 BGF configure fixes for building with the clang compiler
 BGF easy interix rate limiting logic
 BGF curl_multi_remove_handle() caused use after free
 BGF TFTP improved error codes
 BGF TFTP fixed TSIZE handling for uploads
 BGF SSL possible double free when reusing curl handle
 BGF alarm()-based DNS timeout bug
 BGF re-used FTP connection multi interface crash
 BGF chunked-encoding with Content-Length: header problem
 BGF multi interface HTTP POST over a proxy using PROXYTUNNEL
 BGF RTSP GET_PARAMETER
 BGF timeout after last data chunk was handled
 BGF SFTP download hang
 BGF FTP quote commands prefixed with '*' now can fail without aborting
</ul>

<a name="7_20_0"></a>
SUBTITLE(Fixed in 7.20.0 - February 9 2010)
<a href="https://curl.haxx.se/docs/CVE-2010-0734.html"><img src="/pix/alert.png"
align="right" title="Release contains security-related bug fix" alt="Release
contains security-related bug fix" border="0"></a>
<p> Changes:
<ul class="changes">
 CHG support SSL_FILETYPE_ENGINE for client certificate
 CHG curl-config can now show the arguments used when building curl
 CHG non-blocking TFTP
 CHG send Expect: 100-continue for POSTs with unknown sizes
 CHG added support for IMAP(S), POP3(S), SMTP(S) and RTSP
 CHG added new curl_easy_setopt() options for SMTP and RTSP
 CHG added --mail-from and --mail-rcpt for SMTP
 CHG VMS build system enhancements
 CHG added support for the PRET ftp command
 CHG curl supports --ssl and --ssl-reqd
 CHG added -J/--remote-header-name for using server-provided filename with -O
 CHG enhanced asynchronous DNS lookups
 CHG symbol CURL_FORMAT_OFF_T is obsoleted
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF progress meter percentage and transfer time estimates fixes
 BGF portability enhancement for OS's without orthogonal directory tree structure
 BGF progress meter/callback during FTP connection
 BGF DNS cache timeout while transfer in progress
 BGF compilation when configured --with-gssapi having GNU GSS installed
 BGF SSL connection reused with mismatched protection level
 BGF configure --with-nss is set but not "yes"
 BGF don't store LDFLAGS in pkg-config file
 BGF never-pruned DNS cached entries
 BGF HTTP proxy tunnel re-used connection even if tunnel got disabled
 BGF SSL lib post-close write
 BGF curl failed to report write errors for tiny failed downloads
 BGF TFTP BLKSIZE
 BGF Expect: 100-continue handling when set by the application
 BGF multi interface with OpenSSL read already freed memory when closing down
 BGF --retry didn't do right for FTP transient errors
 BGF some *_proxy environment variables didn't function
 BGF libcurl-OpenSSL engine cleanup
 BGF header include fix for FreeBSD versions before v8
 BGF fragment part of URLs are no longer sent to the server
 BGF progress callback called repeatedly with c-ares for resolving
 BGF OpenSSL session id ref count leak
 BGF progress callback called repeatedly during slow connects
 BGF curl_multi_fdset() would return -1 too often during SCP/SFTP transfers
 BGF FTP file size checks with ASCII transfers
 BGF HTTP Cookie: headers sort cookies based on specified path lengths
 BGF CURLM_CALL_MULTI_PERFORM fix for multi socket timeout calls
 BGF <a href="https://curl.haxx.se/docs/CVE-2010-0734.html">libcurl data callback excessive length</a>

</ul>

<a name="7_19_7"></a>
SUBTITLE(Fixed in 7.19.7 - November 4 2009)
<p> Changes:
<ul class="changes">
 CHG -T. is now for non-blocking uploading from stdin
 CHG SYST handling on FTP for OS/400 FTP server cases
 CHG libcurl refuses to read a single HTTP header longer than 100K
 CHG added the --crlfile option to curl
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF The windows makefiles work again
 BGF libcurl-NSS acknowledges verifyhost
 BGF SIGSEGV when pipelined pipe unexpectedly breaks
 BGF data corruption issue with re-connected transfers
 BGF use after free if we're completed but easy_conn not NULL (pipelined)
 BGF missing strdup() return code check
 BGF CURLOPT_PROXY_TRANSFER_MODE could pass along wrong syntax
 BGF configure --with-gnutls=PATH fixed
 BGF ftp response reader bug on failed control connections
 BGF improved NSS error message on failed host name verifications
 BGF ftp NOBODY on re-used connection hang
 BGF configure uses pkg-config for cross-compiles as well
 BGF improved NSS detection in configure
 BGF cookie expiry date at 1970-jan-1 00:00:00
 BGF libcurl-OpenSSL failed to verify some certs with Subject Alternative Name
 BGF libcurl-OpenSSL can load CRL files with more than one certificate inside
 BGF received cookies without explicit path got saved wrong if the URL had a
   query part
 BGF don't shrink SO_SNDBUF on windows for those who have it set large already
 BGF connect next bug
 BGF invalid file name characters handling on Windows
 BGF double close() on the primary socket with libcurl-NSS
 BGF GSS negotiate infinite loop on bad credentials
 BGF memory leak in SCP/SFTP connections
 BGF use pkg-config to find out libssh2 installation details in configure
 BGF unparsable cookie expire dates make cookies get treated as session coookies
 BGF POST with Digest authentication and "Transfer-Encoding: chunked"
 BGF SCP connection re-use with wrong auth
 BGF CURLINFO_CONTENT_LENGTH_DOWNLOAD for 0 bytes transfers
 BGF CURLINFO_SIZE_DOWNLOAD for ldap transfers (-w size_download)
</ul>

<a name="7_19_6"></a>
SUBTITLE(Fixed in 7.19.6 - August 12 2009)
<a href="https://curl.haxx.se/docs/CVE-2009-2417.html"><img src="/pix/alert.png"
align="right" title="Release contains security-related bug fix" alt="Release
contains security-related bug fix" border="0"></a>
<p> Changes:
<ul class="changes">
 CHG CURLOPT_FTPPORT (and curl's -P/--ftpport) support port ranges
 CHG Added CURLOPT_SSH_KNOWNHOSTS, CURLOPT_SSH_KEYFUNCTION, CURLOPT_SSH_KEYDATA
 CHG CURLOPT_QUOTE, CURLOPT_POSTQUOTE and CURLOPT_PREQUOTE can be told to ignore
   error responses when used with FTP
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF crash on bad socket close with FTP
 BGF leaking cookie memory when duplicate domains or paths were used
 BGF build fix for Symbian
 BGF CURLOPT_USERPWD set to NULL clears auth credentials
 BGF libcurl-NSS build fixes
 BGF configure script fixed for VMS
 BGF set Content-Length: with POST and PUT failed with NTLM auth
 BGF allow building libcurl for VxWorks
 BGF curl tool exit codes fixed for VMS
 BGF --no-buffer treated correctly
 BGF djgpp build fix
 BGF configure detection of GnuTLS now based on pkg-config as well
 BGF libcurl-NSS client cert handling segfaults
 BGF curl uploading from stdin/pipes now works in non-blocking way so that it
   continues the downloading even when the read stalls
 BGF ftp credentials are added to the url if needed for http proxies
 BGF curl -o - sends data to stdout using binary mode on windows
 BGF fixed the separators for "array" style string that CURLINFO_CERTINFO returns
 BGF auth problem over several hosts with re-used connection
 BGF improved the support for client certificates in libcurl+NSS
 BGF fix leak in gtls code
 BGF missing algorithms in libcurl+OpenSSL
 BGF with noproxy set you could still get a proxy if a proxy env was set
 BGF rand seeding on libcurl on windows built with OpenSSL was not thread-safe
 BGF fixed the zero byte inserted in cert name flaw in libcurl+OpenSSL
 BGF don't try SNI with SSLv2 or SSLv3 (OpenSSL and GnuTLS builds)
 BGF libcurl+OpenSSL would wrongly acknowledge a cert if CN matched but
   subjectAltName didn't
 BGF TFTP upload sent illegal TSIZE packets
</ul>

<a name="7_19_5"></a>
SUBTITLE(Fixed in 7.19.5 - May 18 2009)
<p> Changes:
<ul class="changes">
 CHG libcurl now closes all dead connections whenever you attempt to open a new
   connection
 CHG libssh2's version number can now be figured out run-time instead of using
   the build-time fixed number
 CHG CURLOPT_SEEKFUNCTION may now return CURL_SEEKFUNC_CANTSEEK
 CHG curl can now upload with resume even when reading from a pipe
 CHG a build-time configured curl_socklen_t is now used instead of socklen_t
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF NTLM authentication memory leak on SSPI enabled Windows builds
 BGF fixed the GnuTLS-using code to do correct return code checks
 BGF an alloc-related call in the OpenSSL-using code didn't check the return value
 BGF curl_easy_duphandle() failed to duplicate cookies at times
 BGF missing TELNET timeout support in Windows builds
 BGF missing Curl_read() and write callback result checking in TELNET transfers
 BGF more ciphers enabled in libcurl built to use NSS
 BGF properly return an error code in curl_easy_recv
 BGF Sun compilers specific preprocessor block removed from curlbuild.h.dist
 BGF allow creation of four way fat libcurl Mac OS X Framework
 BGF several memory leaks in libcurl+NSS
 BGF improved the CURLOPT_NOBODY set to 0 confusions
 BGF persistent connections when doing FTP over a HTTP proxy
 BGF --libcurl bogus strings where other data was pointed to
 BGF crash related to FTP and "Re-used connection seems dead, get a new one"
 BGF CURLINFO_APPCONNECT_TIME with the multi interface
 BGF Enhanced upload speeds on Windows
 BGF TFTP problems after a failed transfer to the same host
 BGF improved out of the box TPF compatibility
 BGF HTTP PUT protocol line endings portions mangled from CRLF to CRCRLF
 BGF Rejected SSL session ids are killed properly (for OpenSSL and GnuTLS builds)
 BGF Deal with the TFTP OACK packet
 BGF fixed roff mistakes in man pages
 BGF use SOCKS proxy with the multi interface
 BGF fixed the Curl_getoff_all_pipelines SIGSEGV
 BGF POST, NTLM and following a redirect hang
 BGF libcurl+NSS endless loop on incorrect password for private key
 BGF gzip decompression memory leak
 BGF no_proxy flaw with user name in URL
</ul>

<a name="7_19_4"></a>
SUBTITLE(Fixed in 7.19.4 - March 3 2009)
<a href="https://curl.haxx.se/docs/CVE-2009-0037.html"><img src="/pix/alert.png"
align="right" title="Release contains security-related bug fix" alt="Release
contains security-related bug fix" border="0"></a>

<p> Changes:
<ul class="changes">
 CHG Added CURLOPT_NOPROXY and the corresponding --noproxy
 CHG the OpenSSL-specific code disables TICKET (rfc5077) which is enabled by
   default in openssl 0.9.8j
 CHG Added CURLOPT_TFTP_BLKSIZE
 CHG Added CURLOPT_SOCKS5_GSSAPI_SERVICE and CURLOPT_SOCKS5_GSSAPI_NEC - with
   the corresponding curl options --socks5-gssapi-service and
   --socks5-gssapi-nec
 CHG Improved IPv6 support when built with with c-ares >= 1.6.1
 CHG Added CURLPROXY_HTTP_1_0 and --proxy1.0
 CHG Added docs/libcurl/symbols-in-versions
 CHG Added CURLINFO_CONDITION_UNMET
 CHG Added support for Digest and NTLM authentication using GnuTLS
 CHG CURLOPT_FTP_CREATE_MISSING_DIRS can now be set to 2 to retry the CWD even
   when MKD fails
 CHG GnuTLS initing moved to curl_global_init()
 CHG Added CURLOPT_REDIR_PROTOCOLS and CURLOPT_PROTOCOLS, see also the <a href="https://curl.haxx.se/docs/CVE-2009-0037.html">security advisory</a>
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF missing ssh.obj in VS makefiles
 BGF FTP ;type=i URLs now work with CURLOPT_PROXY_TRANSFER_MODE in Turkish
   locale
 BGF realms with quoted quotation marks in HTTP Digest headers
 BGF VC9 makefiles are now really included
 BGF multi interface memory leak with CURLMOPT_MAXCONNECTS set
 BGF CURLINFO_CONTENT_LENGTH_DOWNLOAD size from file:// "transfers" with
   CURLOPT_NOBODY set true
 BGF memory leak on some libz errors for content encodings
 BGF NSS-enabled build is repaired
 BGF superfluous wait in SFTP downloads removed
 BGF FTP with the multi interface no longer kills the control connection as
   easily on transfer failures
 BGF compilation halting when using VS2008 to build a Windows 2000 target
 BGF ease creation of libcurl Mac OS X Framework
 BGF CURLINFO_CONTENT_LENGTH_DOWNLOAD and CURLINFO_CONTENT_LENGTH_UPLOAD are -1
   if unknown
 BGF Negotiate proxy authentication
 BGF CURLOPT_INTERFACE and CURLOPT_LOCALPORT used together
</ul>

<a name="7_19_3"></a>
SUBTITLE(Fixed in 7.19.3 - January 19 2009)
<p> Changes:
<ul class="changes">
 CHG CURLAUTH_DIGEST_IE bit added for CURLOPT_HTTPAUTH and CURLOPT_PROXYAUTH
 CHG VC9 Makefiles were added to the release package
</ul>

<p> Bugfixes:
<ul class="bugfixes">
 BGF build failure when disabling FTP but enabling GSS
 BGF fixed several calls to memory functions that didn't check return codes
 BGF memory leak for SSL connects with libcurl/NSS when CURLOPT_ISSUERCERT was
   used
 BGF re-use of connections with the multi interface when multiple handles used
   the same server
 BGF memory leak with HTTP GSS/kerberos authentication
 BGF removed the default use of "Pragma: no-cache"
 BGF fix SCP/SFTP busyloop by using a new libssh2 1.0 function
 BGF bad fclose() after a fatal error in cookie code
 BGF curl_multi_remove_handle() when the handle was in use in a HTTP pipeline
 BGF GSS authentication infinite loop problem
 BGF 550 response from SIZE no longer treated as missing file
 BGF ftps:// control connections now use explicit protection level
 BGF dotted IPv6 addresses longer than 39 bytes failed
 BGF curl_easy_duphandle() doesn't try to duplicate the connection cache pointer
 BGF build failure on OS/400 when enabling IPv6
 BGF better detection of SFTP failures
 BGF improved connection re-use for subsequent SCP and SFTP transfers
 BGF multi interface does less busy-loops for SCP and SFTP transfers with libssh2
   1.0 or later
 BGF curl_multi_timeout() no longer returns timeout 0 when there's still more
   than 0 but less than 999 microseconds left
 BGF the multi_socket API and HTTP pipelining now work a lot better when combined
 BGF SFTP seek/resume beyond 32bit file sizes
 BGF fixed breakage with --with-ssl --disable-verbose
 BGF TTL "leak" in the DNS cache
 BGF improved NSS initing
 BGF curl_easy_reset now resets more options
 BGF rare Location: follow bug with the multi interface
 BGF the configure script can now detect gnutls with pkg-config
 BGF curlbuild.h was adjusted for SunPro compilers
 BGF CURLOPT_COOKIELIST set to "SESS" on an easy handle with no cookies data
 BGF fixed timeouts for TFTP
 BGF fixed PPC builds
</ul>

<a name="7_19_2"></a>
SUBTITLE(Fixed in 7.19.2 - November 13 2008)
<p> Bugfixes:
<ul class="bugfixes">
 BGF build failure when using MSVC 6 makefile and on four platforms more
 BGF crash when using --interface name on Linux systems with a TEQL device
 BGF using the multi interface to download a HTTPS page with libcurl built
   powered by OpenSSL could download "rubbish" instead of actual content
</ul>

<a name="7_19_1"></a>
SUBTITLE(Fixed in 7.19.1 - November 5 2008)
<p> Changes:
<ul class="changes">
 CHG pkg-config can now show supported_protocols and supported_features
 CHG Added CURLOPT_CERTINFO and CURLINFO_CERTINFO
 CHG Added CURLOPT_POSTREDIR
 CHG Better detect HTTP 1.0 servers and don't do HTTP 1.1 requests on them
 CHG configure --disable-proxy disables proxy support
 CHG Added CURLOPT_USERNAME and CURLOPT_PASSWORD
 CHG --interface now works with IPv6 connections on glibc systems
 CHG Added CURLOPT_PROXYUSERNAME and CURLOPT_PROXYPASSWORD
</ul>

<p> Bugfixes:
<ul class="bugfixes">
 BGF MingW32 non-configure builds are now largefile feature enabled by default
 BGF NetWare LIBC builds are now largefile feature enabled by default
 BGF curl_easy_pause() could behave wrongly on unpause
 BGF cookies with invalid expire dates are now considered expired
 BGF HTTP pipelining over proxy
 BGF fix regression in configure script which affected OpenSSL builds on MSYS
 BGF GnuTLS-based multi interface doing HTTPS over proxy failed
 BGF recv() failures cause CURLE_RECV_ERROR
 BGF SFTP over SOCKS crash fixed
 BGF thread-safety issues addressed for NSS-powered libcurls
 BGF removed the use of mktime() and gmtime(_r)() in date parsing and conversions
 BGF HTTP Digest with a blank realm did wrong
 BGF CURLINFO_REDIRECT_URL didn't work with the multi interface
 BGF CURLOPT_RANGE now works for SFTP downloads
 BGF FTP SIZE response 550 now causes CURLE_REMOTE_FILE_NOT_FOUND
 BGF CURLINFO_PRIMARY_IP fixed for persistent connection re-use cases
 BGF remove_handle/add_handle multi interface timer callback flaw
 BGF CURLINFO_REDIRECT_URL memory leak and wrong-doing
 BGF case insensitive string matching works in Turkish too
 BGF Solaris builds get _REENTRANT defined properly and work again
 BGF Garbage sent on chunky upload after curl_easy_pause()
 BGF ipv4 name resolves when libcurl is built with ipv6-enabled c-ares
 BGF undersized IPv6 address internal buffer truncated long IPv6 addresses
 BGF CURLINFO_FILETIME works for file:// transfers as well
</ul>

<a name="7_19_0"></a>
SUBTITLE(Fixed in 7.19.0 - September 1 2008)
<p> Changes:
<ul class="changes">
 CHG curl_off_t gets its size/typedef somewhat differently than before. This _may_
   cause an ABI change for you. See <a href="https://curl.haxx.se/lxr/source/lib/README.curl_off_t">lib/README.curl_off_t</a> for a full explanation.
 CHG Added CURLINFO_PRIMARY_IP
 CHG Added CURLOPT_CRLFILE and CURLE_SSL_CRL_BADFILE
 CHG Added CURLOPT_ISSUERCERT and CURLE_SSL_ISSUER_ERROR
 CHG curl's option parser for boolean options reworked
 CHG Added --remote-name-all
 CHG Now builds for the INTEGRITY operating system
 CHG Added CURLINFO_APPCONNECT_TIME
 CHG Added test selection by key word in runtests.pl
 CHG the curl tool's -w option support the %{ssl_verify_result} variable
 CHG Added CURLOPT_ADDRESS_SCOPE and scope parsing of the URL according to RFC4007
 CHG Support --append on SFTP uploads (not with OpenSSH, though)
 CHG Added curlbuild.h and curlrules.h to the external library interface
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF Fixed curl-config --ca
 BGF Fixed the multi interface connection re-use with NSS-built libcurl
 BGF connection re-use when using the multi interface with pipelining enabled
 BGF curl_multi_socket() socket callback fix for close/re-create sockets case
 BGF SCP or SFTP over socks proxy crashed
 BGF RC4-MD5 cipher now works with NSS-built libcurl
 BGF range requests with --head are now done correctly
 BGF fallback to gettimeofday when monotonic clock is unavailable at run-time
 BGF range numbers could be made to wrongly get output as signed
 BGF unexpected 1xx responses hung transfers
 BGF FTP transfers segfault when using different CURLOPT_FTP_FILEMETHOD
 BGF c-ares powered libcurls can resolve/use IPv6 addresses
 BGF poll not working on Windows Vista due to POLLPRI being incorrectly used
 BGF user-agent in CONNECT with non-HTTP protocols
 BGF CURL_READFUNC_PAUSE problems fixed
 BGF --use-ascii now works on Symbian OS, MS-DOS and OS/2
 BGF CURLINFO_SSL_VERIFYRESULT is fixed
 BGF FTP URLs and IPv6 URLs mangled when sent to proxy with CURLOPT_PORT set
 BGF a user name in a proxy URL without a password was parsed incorrectly
 BGF library will now be built with _REENTRANT symbol defined only if needed
 BGF no longer link with gdi32 on Windows cross-compiled targets
 BGF HTTP PUT with -C - sent bad Content-Range: header
 BGF HTTP PUT or POST with redirect could lead to hang
 BGF re-use of connections with failed SSL connects in the multi interface
 BGF NTLM over proxy state was wrongly cleared when host connection was closed
 BGF Windows SSPI DLL loading is now done in curl_global_init()
 BGF runtests.pl has an improved find-stunnel-and-invoke
 BGF FTP sessions could go out of sync on a long header boundary condition
 BGF potential buffer overflows in the MS-DOS command-line port fixed
 BGF --stderr is now honoured with the -v option
 BGF memory leak in libcurl on Windows built with OpenSSL
 BGF improved curl_m*printf() integral data type size and signedness handling
 BGF error when --dump-header - used with more than one URL
 BGF proxy closing connect during CONNECT with auth with the multi interface
 BGF CURLOPT_UPLOAD sets HTTP method back to GET or HEAD when passed in a 0
 BGF shared cookies could get locked twice
 BGF deal with closed connection while doing POST/PUT
</ul>

<a name="7_18_2"></a>
SUBTITLE(Fixed in 7.18.2 - June 4 2008)
<p> Changes:
<ul class="changes">
 CHG CURLFORM_STREAM was added
 CHG CURLOPT_NOBODY is now supported over SFTP
 CHG curl can now run on Symbian OS
 CHG curl -w redirect_url and CURLINFO_REDIRECT_URL
 CHG added curl_easy_send() and curl_easy_recv()
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF CURLOPT_NOBODY first set to TRUE and then FALSE for HTTP no longer causes
   the confusion that could lead to a hung transfer
 BGF curl_easy_reset() resets the max redirect limit properly
 BGF configure now correctly recognizes Heimdal and MIT gssapi libraries
 BGF malloc() failure check in Negotiate
 BGF -i and -I together now work the same no matter what order they're used
 BGF the typechecker can be bypassed by defining CURL_DISABLE_TYPECHECK
 BGF a pointer mixup could make the FTP code send bad user+password under rare
   circumstances (found when using curlftpfs)
 BGF CURLOPT_OPENSOCKETFUNCTION can now be used to create a unix domain socket
 BGF CURLOPT_TCP_NODELAY crash due to getprotobyname() use
 BGF libcurl sometimes sent body twice when using CURLAUTH_ANY
 BGF configure detecting debug-enabled c-ares
 BGF microsecond resolution keys for internal splay trees
 BGF krb4 and krb5 ftp segfault
 BGF multi interface busy loop for CONNECT requests
 BGF internal time differences now use monotonic time source if available
 BGF several curl_multi_socket() fixes
 BGF builds fine for Haiku OS
 BGF follow redirect with only a new query string
 BGF SCP and SFTP memory leaks on aborted transfers
 BGF curl_multi_socket() and HTTP pipelining transfer stalls
 BGF lost telnet data on an EWOULDBLOCK condition
</ul>

<a name="7_18_1"></a>
SUBTITLE(Fixed in 7.18.1 - March 30 2008)
<p> Changes:
<ul class="changes">
 CHG added support for HttpOnly cookies
 CHG 'make ca-bundle' downloads and generates an updated ca bundle file
 CHG we no longer distribute or install a ca cert bundle
 CHG SSLv2 is now disabled by default for SSL operations
 CHG the test509-style setting URL in callback is officially no longer supported
 CHG support a full chain of certificates in a given PKCS12 certificate
 CHG resumed transfers work with SFTP
 CHG added type checking macros for curl_easy_setopt() and curl_easy_getinfo(),
   watch out for new warnings in code using libcurl (needs gcc-4.3 and
   currently only works in C mode)
 CHG curl_easy_setopt(), curl_easy_getinfo(), curl_share_setopt() and
   curl_multi_setopt() uses are now checked to use exactly three arguments
 CHG --with-ca-path=DIR configure option allows to set an openSSL CApath instead
   of a default ca bundle.
 CHG supports server name indication (RFC 4366), aka SNI
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF improved pipelining
 BGF improved strdup replacement
 BGF GnuTLS-built libcurl failed when doing global cleanup and reinit
 BGF error message problem when unable to resolve a host on Windows
 BGF Accept: header replacing
 BGF not verifying server certs with GnuTLS still failed if gnutls had
   problems with the cert
 BGF when using the multi interface and a handle is removed while still having
   a transfer going on, the connection is now closed by force
 BGF bad re-use of SSL connections in non-complete state
 BGF test case 405 failures with GnuTLS builds
 BGF crash when connection cache size is 1 and Curl_do() failed
 BGF GnuTLS-built libcurl can now be forced to prefer SSLv3
 BGF crash when doing Negotiate again on a re-used connection
 BGF select/poll regression
 BGF better MIT kerberos configure check
 BGF curl_easy_reset() + SFTP re-used connection download crash
 BGF SFTP non-existing file + SFTP existing file error
 BGF sharing DNS cache between easy handles running in multiple threads could
   lead to crash
 BGF SFTP upload with CURLOPT_FTP_CREATE_MISSING_DIRS on re-used connection
 BGF SFTP infinite loop when given an invalid quote command
 BGF curl-config erroneously reported LDAPS support with missing LDAP libraries
 BGF SCP infinite loop when downloading a zero byte file
 BGF setting the CURLOPT_SSL_CTX_FUNCTION with libcurl built without OpenSSL
   now makes curl_easy_setopt() properly return failure
 BGF configure --with-libssh2 (with no given path)
</ul>

<a name="7_18_0"></a>
SUBTITLE(Fixed in 7.18.0 - January 28 2008)
<p> Changes:
<ul class="changes">
 CHG --data-urlencode
 CHG CURLOPT_PROXY_TRANSFER_MODE
 CHG --no-keepalive - now curl does connections with keep-alive enabled by
   default
 CHG --socks4a added (proxy type CURLPROXY_SOCKS4A for libcurl)
 CHG --socks5-hostname added (CURLPROXY_SOCKS5_HOSTNAME for libcurl)
 CHG curl_easy_pause()
 CHG CURLOPT_SEEKFUNCTION and CURLOPT_SEEKDATA
 CHG --keepalive-time
 CHG curl --help output was re-ordered
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF curl-config --features and --protocols show the correct output when built
   with NSS, and also when SCP, SFTP and libz are not available
 BGF free problem in the curl tool for users with empty home dir
 BGF curl.h version 7.17.1 problem when building C++ apps with MSVC
 BGF SFTP and SCP use persistent connections
 BGF segfault on bad URL
 BGF variable wrapping when using absolutely huge send buffer sizes
 BGF variable wrapping when using debug callback and the HTTP request wasn't sent
   in one go
 BGF SSL connections with NSS done with the multi-interface
 BGF setting a share no longer activates cookies
 BGF Negotiate now works on auth and proxy simultanouesly
 BGF support HTTP Digest nonces up to 1023 letters
 BGF resumed ftp upload no longer requires the read callback to return full
   buffers
 BGF no longer default-appends ;type= on FTP URLs through proxies
 BGF SSL session id caching
 BGF POST with callback over proxy requiring NTLM or Digest
 BGF Expect: 100-continue flaw on re-used connection with POSTs
 BGF build fix for MSVC 9.0 (VS2008)
 BGF Windows curl builds failed file truncation when retry downloading
 BGF SSL session ID cache memory leak
 BGF bad connection re-use check with environment variable-activated proxy use
 BGF --libcurl now generates a return statement as well
 BGF socklen_t is no longer used in the public includes
 BGF time zone offsets from -1400 to +1400 are now accepted by the date parser
 BGF allows more spaces in WWW/Proxy-Authenticate: headers
 BGF curl-config --libs skips /usr/lib64
 BGF range support for file:// transfers
 BGF libcurl hang with huge POST request and request-body read from callback
 BGF removed extra newlines from many error messages
 BGF improved pipelining
 BGF improved OOM handling for data url encoded HTTP POSTs when read from a file
 BGF test suite could pick wrong tool(s) if more than one existed in the PATH
 BGF curl_multi_fdset() failed to return socket while doing CONNECT over proxy
 BGF curl_multi_remove_handle() on a handle that is in used for a pipeline now
   break that pipeline
 BGF CURLOPT_COOKIELIST memory leaks
 BGF progress meter/callback during http proxy CONNECT requests
 BGF auth for http proxy when the proxy closes connection after first response
</ul>

<a name="7_17_1"></a>
SUBTITLE(Fixed in 7.17.1 - October 29 2007)
<p> Changes:
<ul class="changes">
 CHG automatically append ";type=<a|i>" when using HTTP proxies for FTP urls
 CHG improved NSS support
 CHG added --proxy-negotiate
 CHG added --post301 and CURLOPT_POST301
 CHG builds with c-ares 1.5.0
 CHG added CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 and --hostpubmd5
 CHG renamed CURLE_SSL_PEER_CERTIFICATE to CURLE_PEER_FAILED_VERIFICATION
 CHG added CURLOPT_OPENSOCKETFUNCTION and CURLOPT_OPENSOCKETDATA
 CHG CULROPT_COOKIELIST supports "FLUSH"
 CHG added CURLOPT_COPYPOSTFIELDS
 CHG added --static-libs to curl-config
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF curl-config --protocols now properly reports LDAPS, SCP and SFTP
 BGF ldapv3 support on Windows
 BGF ldap builds with the MSVC makefiles
 BGF no HOME and no key given caused SSH auth failure
 BGF Negotiate authentication over proxy
 BGF --ftp-method nocwd on directory listings
 BGF FTP, CURLOPT_NOBODY enabled and CURLOPT_HEADER disabled now does TYPE
   before SIZE
 BGF re-used handle transfers with SFTP
 BGF curl_easy_escape() problem with byte values >= 128
 BGF handles chunked-encoded CONNECT responses
 BGF misuse of ares_timeout() result
 BGF --local-port on TFTP transfers
 BGF CURLOPT_POSTFIELDS could fail to send binary data
 BGF specifying a proxy with a trailing slash didn't work (unless it also
   contained a port number)
 BGF redirect from HTTP to FTP or TFTP memory problems and leaks
 BGF re-used connections a bit too much when using non-SSL protocols tunneled
   over a HTTP proxy
 BGF embed the manifest in VC8 builds
 BGF use valgrind in the tests even when the lib is built shared with libtool
 BGF libcurl built with NSS can now ignore the peer verification even when the
   ca cert bundle is absent
</ul>

<a name="7_17_0"></a>
SUBTITLE(Fixed in 7.17.0 - September 13 2007)
<p> Changes:
<ul class="changes">
 CHG support for OS/400 Secure Sockets Layer library
 CHG curl_easy_setopt() now allocates strings passed to it
 CHG SCP and SFTP support now requires libssh2 0.16 or later
 CHG LDAP libraries are now linked "regularly" and not with dlopen
 CHG HTTP transfers have the download size info "available" earlier
 CHG FTP transfers have the download size info "available" earlier
 CHG builds and runs on OS/400
 CHG several error codes and options were marked as obsolete and subject to
   future removal (set CURL_NO_OLDIES to see if your application is using them)
 CHG SFTP errors can return more specific error codes
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF test cases 31, 46, 61, 506, 517 now work in time zones that use leap seconds
 BGF problem with closed proxy connection during HTTP CONNECT auth negotiation
 BGF transfer-encoding skipping didn't ignore the 407 response bodies properly
 BGF CURLOPT_SSL_VERIFYHOST set to 1
 BGF CONNECT endless loop
 BGF krb5 support builds with Heimdal
 BGF added returned error string for connection refused case
 BGF re-use of dead FTP control connections
 BGF login to FTP servers that don't require (nor understand) PASS after the
   USER command
 BGF bad free of memory from libssh2
 BGF the SFTP PWD command works
 BGF HTTP Digest auth on a re-used connection
 BGF FTPS data connection close
 BGF AIX 4 and 5 get to use non-blocking sockets
 BGF small POST with NTLM
 BGF resumed file:// transfers
 BGF CURLOPT_DNS_CACHE_TIMEOUT and CURLOPT_DNS_USE_GLOBAL_CACHE are 64 bit
   "clean"
 BGF memory leak when handling compressed data streams from broken servers
 BGF no NTLM unicode response
 BGF resume HTTP PUT using Digest authentication
 BGF FTP NOBODY requests on directories sent "SIZE (null)"
 BGF FTP NOBODY request on file crash
 BGF excessively long FTP server responses and response lines
 BGF file:// upload then FTP:// upload crash
 BGF TFTP error 0 is no longer treated as success
 BGF uploading empty file over FTP on re-used connection
 BGF superfluous CWD command on re-used FTP connections without subdirs used
</ul>

<a name="7_16_4"></a>
SUBTITLE(Fixed in 7.16.4 - July 10 2007)
<a href="https://curl.haxx.se/docs/CVE-2007-3564.html"><img src="/pix/alert.png"
align="right" title="Release contains security-related bug fix" alt="Release
contains security-related bug fix" border="0"></a>

<p> Changes:
<ul class="changes">
 CHG added CURLOPT_NEW_FILE_PERMS and CURLOPT_NEW_DIRECTORY_PERMS
 CHG improved hashing of sockets for the multi_socket API
 CHG ftp kerberos5 support added
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF adjusted how libcurl treats HTTP 1.1 responses without content-lenth or
   chunked encoding
 BGF fixed the 10-at-a-time.c example
 BGF FTP over SOCKS proxy
 BGF improved error messages on SCP upload failures
 BGF <a href="https://curl.haxx.se/docs/CVE-2007-3564.html">security flaw</a> in which libcurl
   failed to properly reject some outdated or not yet valid server certificates
   when built with GnuTLS
</ul>

<a name="7_16_3"></a>
SUBTITLE(Fixed in 7.16.3 - June 25 2007)
<p> Changes:
<ul class="changes">
 CHG added curl_multi_socket_action()
 CHG deprecated curl_multi_socket()
 CHG uses less memory in non-pipelined use cases
 CHG CURLOPT_HTTP200ALIASES matched transfers assume HTTP 1.0 compliance
 CHG more than one test harness can run at the same time without conflict
 CHG SFTP now supports quote commands before a transfer
 CHG CURLMOPT_MAXCONNECTS added to curl_multi_setopt()
 CHG upload resume works for file:// URLs
 CHG asynchronous name resolves now require c-ares 1.4.0 or later
 CHG added SOCKS test cases
 CHG CURLOPT_FTP_CREATE_MISSING_DIRS and --ftp-create-dirs now work for SFTP
   operations as well
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF if2up too long interface name memory leak
 BGF test case 534 started to fail 2007-04-13 due to the existence of a
   new host on the net with the same silly domain the test was using
   for a host which was supposed not to exist.
 BGF test suite SSL certificate works better with newer stunnel
 BGF internal progress meter update frequency back to once per second
 BGF avoid some unnecessary calls to function gettimeofday
 BGF a double-free in the SSL-layer
 BGF GnuTLS free of NULL credentials
 BGF NSS-fix for closing down SSL
 BGF bad warning from configure when gnutls was selected
 BGF compilation on VMS 64-bit mode
 BGF SCP/SFTP downloads could hang on the last bytes of a transfer
 BGF curl_easy_duphandle() crash
 BGF curl -V / curl_version*() works even when GnuTLS is used on a system without
   a good random source
 BGF curl_multi_socket() not "noticing" newly added handles
 BGF lack of Content-Length and chunked encoding now requires HTTP 1.1 as well
   to be treated as without response body
 BGF connection cache growth in multi handles
 BGF better handling of out of memory conditions
 BGF overwriting an uploaded file with sftp now truncates it first
 BGF SFTP quote commands chmod, chown, chgrp can now set a value of 0
 BGF TFTP connect timouts less than 5 seconds
 BGF improved curl -w for TFTP transfers
 BGF memory leak when failed OpenSSL certificate CN field checking
 BGF memory leak when OpenSSL failed PKCS #12 parsing
 BGF FTP-SSL when built with NSS
 BGF out-of-boundary write in Curl_select()
 BGF -s/--silent can now be used to toggle off the silence again
 BGF builds fine on 64bit HP-UX
 BGF multi interface HTTP CONNECT glitch
 BGF list FTP root directories when login dir is not root
 BGF no longer slows down when getting very many URLs on the same command line
 BGF lock share before decreasing dirty counter
 BGF no-body FTP requests on re-used connections
</ul>

<a name="7_16_2"></a>
SUBTITLE(Fixed in 7.16.2 - April 11 2007)
<p> Changes:
<ul class="changes">
 CHG added CURLOPT_TIMEOUT_MS and CURLOPT_CONNECTTIMEOUT_MS
 CHG added CURLOPT_HTTP_CONTENT_DECODING, CURLOPT_HTTP_TRANSFER_DECODING and
   --raw
 CHG added support for using the NSS library for TLS/SSL
 CHG changed default anonymous FTP password
 CHG changed the CURLOPT_FTP_SSL_CCC option to handle active and passive
   CCC shutdown
 CHG added the --ftp-ssl-ccc-mode command line option
 CHG includes VC8 Makefiles in the release archive
 CHG --ftp-ssl-control is now honoured on ftps:// URLs
 CHG added experimental CURL_ACKNOWLEDGE_EINTR symbol definition check
 CHG --key and new --pubkey options for SSH public key file logins
 CHG --pass now works for a SSH public key file, too
 CHG select (2) support no longer needed to build the library if poll() used
 CHG CURLOPT_POSTQUOTE works for SFTP
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF in testsuite, update test cookies expiration from 2007-Feb-1 to year 2035
 BGF socks5 works
 BGF builds fine with VC2005
 BGF CURLOPT_RANGE set to NULL resets the range for FTP
 BGF curl_multi_remove_handle() rare crash
 BGF passive FTP transfers work with SOCKS
 BGF multi interface HTTPS connection re-use memory leak
 BGF libcurl.m4's --with-libcurl is improved
 BGF curl-config --libs and libcurl.pc no longer list unnecessary dependencies
 BGF fixed an issue with CCC not working on some servers
 BGF several HTTP pipelining problems
 BGF HTTP CONNECT through a proxy is now less blocking when the multi interface
   is used
 BGF HTTP Digest header parsing fix for unquoted last word ending with CRLF
 BGF CURLOPT_PORT, HTTP proxy, re-using connections and non-HTTP protocols
 BGF CURLOPT_INTERFACE for ipv6
 BGF use-after-free issue with HTTP transfers with the multi interface
 BGF the progress callback can get called more frequently
 BGF timeout would restart when signal caught while awaiting socket events
 BGF curl -f with user+password embedded in the URL
 BGF 26 flaws identified by coverity.com
 BGF builds on QNX 6 again
</ul>

<a name="7_16_1"></a>
SUBTITLE(Fixed in 7.16.1 - January 29 2007)
<p> Changes:
<ul class="changes">
 CHG Support for SCP and SFTP were added (powered by libssh2)
 CHG CURLOPT_CLOSEPOLICY is now deprecated
 CHG --ftp-ssl-ccc and CURLOPT_FTP_SSL_CCC were added
 CHG HTTP support for non-ASCII platforms
 CHG --libcurl was added
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF proxy close during CONNECT authentication is now dealt with nicely
 BGF the CURLOPT_DEBUGFUNCTION was sometimes called even when CURLOPT_VERBOSE
   was not enabled
 BGF multiple TFTP transfers on the same (easy or multi) handle could cause a
   crash
 BGF SIGSEGV when disconnecting on a transfer on a re-used handle when the
   host name didn't resolve
 BGF stack overwrite on 64bit Windows in the chunked decoding department
 BGF HTTP responses on persistent connections without Content-Length nor chunked
   encoding are now considered to be without response body
 BGF Content-Range: header parsing improved
 BGF CPU 100% load when HTTP upload connection broke
 BGF active FTP didn't work with multi interface
 BGF curl_getdate() could be off one hour for TZ time zones with DST, on windows
 BGF CURLOPT_FORBID_REUSE works again
 BGF CURLOPT_MAXCONNECTS set to zero caused libcurl to SIGSEGV
 BGF rate limiting works better
 BGF getting FTP response code errors when using the multi-interface caused
   libcurl to leak memory
 BGF no more SIGPIPE when GnuTLS is used
 BGF FTP downloading 2 zero byte files in a row
 BGF using proxy and URLs without protocol prefixes
 BGF first using a proxy and then accessing a site that 'no_proxy' matched,
   would still make libcurl use the proxy...
 BGF curl_easy_duphandle() now makes a handle that is valid for the multi
   interface since the magic number is set fine
 BGF libcurl.pc now uses Libs.private for "private" libs
 BGF --limit-rate (CURLOPT_MAX_SEND_SPEED_LARGE and CURLOPT_MAX_RECV_SPEED_LARGE)
   now work on windows again
 BGF improved download performance by avoiding the unconditional "double copying"
 BGF base64 encoding/decoding works on non-ASCII platforms
 BGF large file downloads
 BGF CURLOPT_COOKIELIST set to "ALL" crash
 BGF easy handle removal from multi handle before completion
 BGF TFTP upload memory leak
 BGF curl_easy_reset() now resets the CA bundle path correctly
 BGF two User-Agent headers in CONNECT requests with custom User-Agent
</ul>

<a name="7_16_0"></a>
SUBTITLE(Fixed in 7.16.0 - October 30 2006)
<p> Changes:
<ul class="changes">
 CHG the SONAME on the shared library was bumped from 3 to 4
 CHG Added CURLE_SSL_CACERT_BADFILE
 CHG Added CURLMOPT_TIMERFUNCTION and CURLMOPT_TIMERDATA
 CHG (FTP) the CURLOPT_SOURCE_* options are removed and so are the --3p* command
   line options
 CHG curl_multi_socket() and family are suitable to start using
 CHG uses WSAPoll() on Windows Vista
 CHG (FTP) --ftp-ssl-control was added
 CHG CURLOPT_SSL_SESSIONID_CACHE and --no-sessionid added
 CHG CURLMOPT_PIPELINING added for enabling HTTP pipelined transfers
 CHG multi handles now have a shared connection cache
 CHG Added support for other MS-DOS compilers (besides djgpp)
 CHG CURLOPT_SOCKOPTFUNCTION and CURLOPT_SOCKOPTDATA were added
 CHG (FTP) libcurl avoids sending TYPE if the desired type was already set
 CHG (FTP) CURLOPT_PREQUOTE works even when CURLOPT_NOBODY is set true
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF (HTTP) CURLOPT_FAILONERROR (curl -f) covers a few more response cases
 BGF curl_multi_socket() and the LOW_SPEED options
 BGF curl_multi_socket() expire timer during c-ares name resolves
 BGF curl_multi_add_handle on an already added handle now fails gracefully
 BGF multi interface crash if bad function call order was used for cleanup
 BGF put a new URL in saved cookie jar files
 BGF configure --with-gssapi-libs
 BGF SOCKS proxy connection fixes
 BGF (FTP) a failed upload does not invalidate the control connection
 BGF proxy URL with user name and empty password or no password at all now work
 BGF fixed a socket state problem with *multi_socket()
 BGF (HTTP) NTLM hostname fix
 BGF getsockname usage fixes
 BGF SOCKS5 proxy connects can now time-out
 BGF SOCKS5 connects that require auth no longer segfaults when auth not given
 BGF multi interface using asynch resolves could get stuck in wrong state
 BGF the 'running_handles' counter wasn't always updated properly when
   curl_multi_remove_handle() was used
 BGF (FTP) EPRT transfers with IPv6 didn't work properly
 BGF (FTP) SINGLECWD mode and using files in the root dir
 BGF (HTTP) Expect: header disabling work better
 BGF (HTTP) "Expect: 100-continue" disable on second POST on re-used connection
 BGF src/config.h.in is fixed
 BGF (HTTP) POST data logged to the debug callback function is now correctly
   tagged as data, not header
</ul>

<a name="7_15_5"></a>
SUBTITLE(Fixed in 7.15.5 - August 7 2006)
<p> Changes:
<ul class="changes">
 CHG added --ftp-ssl-reqd
 CHG modified the prototype for the socket callback set with
   CURLMOPT_SOCKETFUNCTION
 CHG added curl_multi_assign()
 CHG added CURLOPT_FTP_ALTERNATIVE_TO_USER and --ftp-alternative-to-user
 CHG added a vcproj file for building libcurl
 CHG added curl_formget()
 CHG added CURLOPT_MAX_SEND_SPEED_LARGE and CURLOPT_MAX_RECV_SPEED_LARGE
 CHG added configure --enable-hidden-symbols
 CHG Made -K on a file that couldn't be read cause a warning to be displayed
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF chunked encoding when custom header "Transfer-Encoding: chunked" is set
 BGF Curl_strerror() crash on unknown errors
 BGF changing Content-Type when doing formposts
 BGF added CURL_EXTERN to a few recent multi functions that lacked them
 BGF splay-tree related problems for internal expire time handling
 BGF FTP ASCII CRLF counter reset
 BGF cookie parser now compares paths case sensitive
 BGF an easy handle with shared DNS cache added to a multi handle caused a crash
 BGF couldn't override the Proxy-Connection: header for non-CONNECT requests
 BGF curl_multi_fdset() could wrongly return -1 as max_fd value
</ul>

<a name="7_15_4"></a>
SUBTITLE(Fixed in 7.15.4 - June 12 2006)
<p> Changes:
<ul class="changes">
 CHG NTLM2 session response support
 CHG CURLOPT_COOKIELIST set to "SESS" clears all session cookies
 CHG CURLINFO_LASTSOCKET returned sockets are now checked more before returned
 CHG curl-config got a --checkfor option to compare version numbers
 CHG line end conversions for FTP ASCII transfers
 CHG curl_multi_socket() API added (still mostly untested)
 CHG conversion callback options for EBCDIC <=> ASCII conversions
 CHG added CURLINFO_FTP_ENTRY_PATH
 CHG less blocking for the multi interface during (Open)SSL connect negotiation
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF builds fine on cygwin
 BGF md5-sess with Digest authentication
 BGF dict with letters such as space in a word
 BGF dict with url-encoded words in the URL
 BGF libcurl.m4 when default=yes but no libcurl was found
 BGF numerous bugs fixed in the TFTP code
 BGF possible memory leak when adding easy handles to multi stack
 BGF TFTP works in a more portable fashion (== on more platforms)
 BGF WSAGetLastError() is now used (better) on Windows
 BGF GnuTLS non-block case that could cause data trashing
 BGF deflate code survives lack of zlib header
 BGF CURLOPT_INTERFACE works with hostname
 BGF configure runs fine with ICC
 BGF closed control connection with FTP when easy handle was removed from multi
 BGF curl --trace crash when built with VS2005
 BGF SSL connect time-out
 BGF improved NTLM functionality
 BGF following redirects with more than one question mark in source URL
 BGF fixed debug build crash with -d
 BGF generates a fine AIX Toolbox RPM spec
 BGF treat FTP AUTH failures properly
 BGF TFTP transfers could trash data
 BGF -d + -G combo crash
</ul>

<a name="7_15_3"></a>
SUBTITLE(Fixed in 7.15.3 - March 20 2006)
<a href="https://curl.haxx.se/docs/CVE-2006-1061.html"><img src="/pix/alert.png"
align="right" alt="Release contains security-related bug fix" border="0"></a>
<p> Changes:
<ul class="changes">
 CHG added docs for --ftp-method and CURLOPT_FTP_FILEMETHOD
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="https://curl.haxx.se/docs/CVE-2006-1061.html">TFTP Packet Buffer Overflow Vulnerability</a>
 BGF properly detecting problems with sending the FTP command USER
 BGF wrong error message shown when certificate verification failed
 BGF multi-part formpost with multi interface crash
 BGF the CURLFTPSSL_CONTROL setting for CURLOPT_FTP_SSL is acknowledged
 BGF "SSL: couldn't set callback" is now treated as a less serious problem
 BGF Interix build fix
 BGF fixed curl "hang" when out of file handles at start
 BGF prevent FTP uploads to URLs with trailing slash
</ul>

<a name="7_15_2"></a>
SUBTITLE(Fixed in 7.15.2 - February 27 2006)
<p> Changes:
<ul class="changes">
 CHG Support for SOCKS4 proxies (added --socks4)
 CHG CURLOPT_CONNECT_ONLY and CURLINFO_LASTSOCKET added
 CHG CURLOPT_LOCALPORT and CURLOPT_LOCALPORTRANGE (--local-port) added
 CHG Dropped support for the LPRT ftp command
 CHG Gopher is now officially abandoned as a protocol (lib)curl tries to support
 CHG curl_global_init() and curl_global_cleanup() are now using a refcount so
   that it is now legal to call them multiple times. See updated info for
   details
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF two bugs concerning using curl_multi_remove_handle() before the transfer
   was complete
 BGF multi-pass authentication and compressed content
 BGF minor format string mistake in the GSS/Negotiate code
 BGF cached DNS entries could remain in the cache too long
 BGF improved GnuTLS check in configure
 BGF re-used FTP connections when the second request didn't do a transfer
 BGF plain --limit-rate [num] means bytes
 BGF re-creating a dead connection is no longer counted internally as a followed
   redirect and thus prevents a weird error that would occur if a FTP
   connection died on an attempted re-use
 BGF Try PASV after failing to connect to the port the EPSV response contained
 BGF -P [IP] with non-local address with ipv6-enabled curl
 BGF -P [hostname] with ipv6-disabled curl
 BGF libcurl.m4 was updated
 BGF configure no longer warns if the current path contains a space
 BGF test suite kill race condition
 BGF FTP_SKIP_PASV_IP and FTP_USE_EPSV when doing FTP over HTTP proxy
 BGF Doing a second request with FTP on the same bath path, would make libcurl
   confuse what current working directory it had
 BGF FTP over HTTP proxy now sends the second CONNECT properly
 BGF numerous compiler warnings and build quirks for various compilers have
   been addressed
 BGF supports name and passwords up to 255 bytes long, embedded in URLs
 BGF the HTTP_ONLY define disables the TFTP support
</ul>

<a name="7_15_1"></a>
SUBTITLE(Fixed in 7.15.1 - December 7 2005)
<a href="https://curl.haxx.se/docs/CVE-2005-4077.html"><img src="/pix/alert.png" align="right" alt="Release contains security-related bug fix" border="0"></a>
<p> Changes:
<ul class="changes">
 CHG the libcurl.pc pkgconfig file now gets installed on make install
 CHG URL globbing now offers "range steps": [1-100:10]
 CHG LDAPv3 is now the preferred LDAP protocol version
 CHG --max-redirs and CURLOPT_MAXREDIRS set to 0 limits redirects
 CHG improved MSVC makefile
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF <a href="https://curl.haxx.se/docs/CVE-2005-4077.html">URL buffer overflow problem</a>
 BGF using file:// on non-existing files are properly handled
 BGF builds fine on DJGPP
 BGF CURLOPT_ERRORBUFFER is now always filled in on errors
 BGF curl outputs error on bad --limit-rate units
 BGF fixed libcurl's use of poll() on cygwin
 BGF the GnuTLS code didn't support client certificates
 BGF TFTP over IPv6 works
 BGF no reverse lookups on IP addresses when ipv6-enabled
 BGF SSPI compatibility fix: using the proper DLLs
 BGF binary LDAP properties are now shown base64 encoded
 BGF Windows uploads from stdin using curl can now contain ctrl-Z bytes
 BGF -r [num] would produce an invalid HTTP Range: header
 BGF multi interface with multi IP hosts could leak socket descriptors
 BGF the GnuTLS code didn't handle rehandshakes
 BGF re-use of a dead FTP connection
 BGF name resolve error codes fixed for Windows builds
 BGF double WWW-Authenticate Digest headers are now handled
 BGF curl-config --vernum fixed
</ul>

<a name="7_15_0"></a>
SUBTITLE(Fixed in 7.15.0 - October 13 2005)
<a href="https://curl.haxx.se/docs/CVE-2005-3185.html"><img src="/pix/alert.png" align="right" alt="Release contains security-related bug fix" border="0"></a>
<p> Changes:
<ul class="changes">
 CHG --ftp-skip-pasv-ip / CURLOPT_FTP_SKIP_PASV_IP (sponsored by CU*Answers)
 CHG TFTP support added
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF user+domain name <a href="https://curl.haxx.se/docs/CVE-2005-3185.html">buffer overflow</a> in the NTLM code (security flaw)
 BGF -z over FTP now considers equal timestamps "not modified since"
 BGF Weird characters removed from the configure script
 BGF Fixed time zone offsets for MEST and CEST for the time parser
 BGF HTTP Content-Range header parser crash
 BGF FTPS negotiation timeouts/errors
 BGF SSPI works even for Windows 9x
 BGF crash in --dump-header on FTP
 BGF test 56 runs better
</ul>

<a name="7_14_1"></a>
SUBTITLE(Fixed in 7.14.1 - September 1 2005)
<p> Changes:
<ul class="changes">
 CHG GNU GSS support
 CHG --ignore-content-length and CURLOPT_IGNORE_CONTENT_LENGTH added
 CHG negotiates data connection SSL earlier when doing FTPS with PASV
 CHG CURLOPT_COOKIELIST and CURLINFO_COOKIELIST
 CHG trailer support for chunked encoded data streams
 CHG -x/CURL_PROXY strings may now contain user+password
 CHG --trace-time now outputs the full microsecond, all 6 digits
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF MSVC build problem with the DSP file
 BGF windows threaded resolver access violation with multi interface
 BGF test suite works with valgrind 3
 BGF CA cert verification with GnuTLS builds
 BGF handles expiry times in cookie files that go beyond 32 bits in size
 BGF several client problems with files, such as doing -d @file when the file
   isn't readable now gets a warning displayed
 BGF write callback abort didn't always "take"
 BGF the curl -z "bad syntax" warning is now hidden when -s is used
 BGF curl -d @nonexisting no longer makes a GET
 BGF minor debug callback data size
 BGF date parsing of dates including daylight savings time zone names
 BGF using NTLM over proxy with an FTP URL
 BGF curl-config --features now displays SSL when built with GnuTLS too
 BGF CURLOPT_HTTPGET, CURLOPT_POST and CURLOPT_HTTPPOST reset CURLOPT_NOBODY
 BGF builds fine on AmigaOS again
 BGF corrected date parsing on Windows with auto-DST-adjust enabled
 BGF treats CONNECT 407 responses with bodies better during Digest/NTLM auth
 BGF improved strerror_r() API guessing when cross-compiling
 BGF debug builds work on Tru64
 BGF improved libcurl.m4
 BGF possible memory leak in windows name resolves
 BGF c-ares enabled build with mingw
 BGF proxy host set with numerical IPv6 address
 BGF better treatment of binary zeroes in HTTP response headers
 BGF fixed the notorious FTP server failure in the test suite
 BGF better checking of text output in the test suite on windows
 BGF FTP servers' TYPE command response check made less strict
 BGF URL-without-slash as in http://example?data
 BGF strerror_r() configure check for HP-UX 10.20 (and others)
 BGF time parse work-around on HP-UX 10.20 since its gmtime_r() is broken
</ul>

<a name="7_14_0"></a>
SUBTITLE(Fixed in 7.14.0 - May 16 2005)
<p> Changes:
<ul class="changes">
 CHG modified default HTTP request headers
 CHG curl --trace-time added for time stamping trace logs
 CHG curl now respects the SSL_CERT_DIR and SSL_CERT_PATH environment variables
 CHG more search paths for curl's default .curlrc config file check
 CHG GnuTLS support, use configure --with-gnutls. Work on this was sponsored
   by The Written Word.
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF uses select() instead of poll() even on Mac OS X 10.4
 BGF reconnected proxy use with NTLM auth on the same handle
 BGF warns about bad -z date syntax
 BGF docs/THANKS now contains all known contributors
 BGF builds out-of-the-box on (presumably ipv6-enabled) AIX 4.3 hosts
 BGF curl --head could wrongly complain on bad chunked-encoding
 BGF --interface SIGSEGVed on a bad address
 BGF kill the HTTPS server better when stopping the test suite
 BGF builds fine with VS2005 on x64
 BGF auth fix for HTTP redirects and .netrc usage
 BGF FTP uploads show the progress meter easier
 BGF MSVC makefile fixes for static libcurl builds
 BGF configure fix for static libcurl build on Windows
 BGF --retry-delay
 BGF POST with read callback now uses Expect: 100-continue
 BGF CURLOPT_PORT didn't actually use the set port number
 BGF HTTP 304 response with Content-Length: header
 BGF time-conditioned FTP uploads
</ul>

<a name="7_13_2"></a>
SUBTITLE(Fixed in 7.13.2 - April 4 2005)
<p> Changes:
<ul class="changes">
 CHG Added --form-string
 CHG libcurl can be built with SSPI support. curl_version_info() then returns
   a new feature bit: CURL_VERSION_SSPI. configure --enable-sspi added
 CHG Added --proxy-anyauth
 CHG Added runtests.1 and testcurl.1 man pages
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF the MSVC libcurl Makefile was fixed
 BGF libcurl on Windows crash if resolver was active when easy handle was killed
 BGF HTTP POST with auth and an initial 100 response before the 401/407
 BGF configure's SSL-detection for msys/mingw
 BGF better connection keep-alive when POSTing with HTTP Digest
 BGF FTP-SSL
 BGF reading FTP server response in multiple reads
 BGF picking one out of multiple proxy auth methods
 BGF inet_ntoa_r() when built with uClibc
 BGF the so name issue for the LDAP library dynamic load
 BGF crash when using SOCKS4 proxy
 BGF a debug printf() was removed
 BGF CURLOPT_FILETIME when downloading FTP corrupted data
 BGF FTP upload resume now works even if no file is present on the site
 BGF SSL seeding no longer attempts to read the whole random file
</ul>

<a name="7_13_1"></a>
SUBTITLE(Fixed in 7.13.1 - March 4 2005)
<a href="/docs/security.html#BID12615"><img src="/pix/alert.png" align="right" alt="Release contains security-related bug fix" border="0"></a>
<p> Changes:
<ul class="changes">
 CHG CURLOPT_COOKIEFILE set to "" is now activating the cookie engine
 CHG FTP code overhaul => multi interface much less blocking
 CHG Added CURLE_LOGIN_DENIED to be returned when curl is denied login to FTP
   servers
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF -# crash when more data than expected was retrieved
 BGF <a href="/docs/security.html#BID12615">NTLM</a>/<a href="/docs/security.html#BID12616">krb4</a> buffer overflow fixed
 BGF proxy auth bug when following redirects to another host
 BGF socket leak when local bind failed
 BGF HTTP POST with --anyauth picking NTLM
 BGF SSL problems when downloading exactly 16KB data
 BGF out of memory conditions preserve error codes better
 BGF a few crashes at out of memory
 BGF inflate buffer usage bugfix
 BGF better DICT protocol adherence
 BGF disable valgrind-checking while testing if libcurl is built shared
 BGF locale names in some date strings
</ul>

<a name="7_13_0"></a>
SUBTITLE(Fixed in 7.13.0 - February 1 2005)
<p> Changes:
<ul class="changes">
 CHG added --ftp-account and CURLOPT_FTP_ACCOUNT
 CHG added CURLOPT_SOURCE_URL and CURLOPT_SOURCE_QUOTE
 CHG obsoleted CURLOPT_SOURCE_HOST, CURLOPT_SOURCE_PATH, CURLOPT_SOURCE_PORT
   and CURLOPT_PASV_HOST
 CHG added --3p-url, --3p-user and --3p-quote
 CHG -Q "+[command]" was added
 CHG src/getpass.c license issue sorted (code was rewritten)
 CHG curl -w now supports 'http_connect' for the proxy's response to CONNECT
 CHG introducing "curl-config --protocols"
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF re-sending a request when retrying on a fresh connection with multi
   interface
 BGF improved valgrind report parser in the test suite
 BGF several valgrind reports
 BGF CURLOPT_FTPPORT and -P work when built ipv6-enabled
 BGF FTP third party transfers was much improved
 BGF proxy environment variables are now ignored when built HTTP-disabled
 BGF CURLOPT_PROXY can now disable HTTP proxy even when built HTTP-disabled
 BGF "curl dictionary.com" no longer assumes DICT protocol
 BGF re-invoke some system calls on EINTR
 BGF duplicate Host: when failed connection re-use
 BGF SOCKS5 version check
 BGF memory problem with cleaning up multi interface
 BGF SSL certificate name memory leak
 BGF -d with -G to multiple URLs crashed
 BGF double va_list access crash fixed
 BGF minor memory leak when "version" is set in a cookie header
 BGF builds fine on BeOS and NetBSD
 BGF builds and runs fine on FreeBSD
</ul>

<p>
<a name="7_12_3"></a>
SUBTITLE(Fixed in 7.12.3 - December 20 2004)
<p>Changes:
<ul class="changes">
 CHG PKCS12 certificate support added
 CHG added CURLINFO_SSL_ENGINES (and "--engine list")
 CHG new configure options: --disable-cookies, --disable-crypto-auth and
   --disable-verbose
 CHG persistent ftp request improvements
 CHG CURLOPT_IOCTLFUNCTION and CURLOPT_IOCTLDATA added. If your app uses HTTP
   Digest, NTLM or Negotiate authentication, you will most likely want to use
   these
 CHG -w time_redirect and num_redirects
 CHG no longer uses libcurl.def for building on Windows, OS/2 and Netware
 CHG builds on Windows CE
 CHG request retrying, --retry and family added
 CHG FTP 3rd party transfers with source and dest on the same host now works
 CHG added CURLINFO_NUM_CONNECTS
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF curl -E on windows accepts "c:/path" with forward-slash
 BGF several improvements for large file support on windows
 BGF file handle leak in aborted multipart formpost file upload
 BGF -T upload multiple files with backslashes in file names
 BGF modified credentials between two requests on a persistent http connection
 BGF large file file:// resumes on Windows
 BGF URLs with username and IPv6 numerical addresses
 BGF configure works better with SSL libs in a "non-standard ld.so dir"
 BGF curl-config --vernum zero prefixed
 BGF bad memory access in the NTLM code
 BGF EPSV on multi-homed servers now works correctly
 BGF chunked-encoded transfers could get closed pre-maturely without error
 BGF proxy CONNECT now default timeouts after 3600 seconds
 BGF disabling EPSV or EPRT is ignored when connecting to an IPv6 FTP server
 BGF no extra progress meter newline output after each Location: followed
 BGF HTTP PUT/POST with Digest, NTLM or Negotiate no longer uses HEAD
 BGF works with or gracefully bails out when exceeding FD_SETSIZE file
   descriptors
 BGF CURLINFO_REDIRECT_TIME works
 BGF building with gssapi libs and hdeaders in the default dirs
 BGF curl_getdate() parsing of dates later than year 2037 with 32 bit time_t
 BGF curl -v when stderr is closed wrote debug messages to the network socket
 BGF build failure with libidn 0.3.X or older
 BGF huge POSTs on VMS
 BGF configure no longer uses pkg-config on cross-compiles
 BGF potential gzip decompress memory leak
 BGF "-C - --fail" on a HTTP page already downloaded
 BGF formposting a zero byte file
 BGF use setlocale() for better IDN functionality by default
</ul>

<p>
<a name="7_12_2"></a>
SUBTITLE(Fixed in 7.12.2 - October 18 2004)
<p>Changes:
<ul class="changes">
 CHG the IDN code now verifies that only TLD-legitmate letters are used in the
   name or a warning is displayed (when verbose is enabled)
 CHG provides error texts for IDN errors
 CHG file upload parts in formposts now get their directory names cut off
 CHG added CURLINFO_OS_ERRNO
 CHG added CURLOPT_FTPSSLAUTH to allow ftp connects to attempt "AUTH TLS" instead
   before "AUTH SSL"
 CHG curl_getdate() completely rewritten: may affect rare curl -z use cases
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF CURLOPT_FTP_CREATE_MISSING_DIRS works for third party transfers
 BGF memory leak for cookies received with max-age set
 BGF potential memory leaks in the window name resolver
 BGF URLs with ?-letters in the user name or password fields
 BGF libcurl error message is now provided when send() fails
 BGF no more SIGPIPE on Mac OS X and other SO_NOSIGPIPE-supporting platforms
 BGF HTTP resume was refused if redirected
 BGF configure's gethostbyname check when both nsl and socket libs are required
 BGF configure --with-libidn now checks the given path before defaults
 BGF a race condition sometimes resulting in CURLE_COULDNT_RESOLVE_HOST in the
   windows threaded name resolver code
 BGF isspace() invokes with negative values in the cookie code
 BGF a case of read-already-freed-data when CURLOPT_VERBOSE is used and a (very)
   persistent connection
 BGF now includes descriptive error messages for IDN errors
 BGF more forgivning PASS response code check for better working with proftpd
 BGF curl/multi.h works better included in winsock-using apps
 BGF curl_easy_reset() no longer enables the progress meter
 BGF build fix for SSL disabled curl with SSL Engine support present
 BGF configure --with-ssl=PATH now ignores pkg-config path info
 BGF CURLOPT_SSLENGINE can be set to NULL even if no engine support is available
 BGF LDAP crash when more than one record was received
 BGF connect failures properly stores an error message in the errorbuffer
 BGF Rare Location:-following problem with bad original URL
 BGF -F can now add Content-Type on non-file sections
 BGF double Host: header when following Location: with replaced Host:
 BGF curl_multi_add_handle() return code
 BGF "Proxy-Connection: close" is now understood and properly dealt with
 BGF curl_getdate() crash
 BGF downloading empty files now calls the write callback properly
 BGF no reverse DNS lookups for ip-only addresses with ipv6-enabled libcurl
 BGF file handler leak when getting an empty file:// URL
 BGF libcurl works better multi-threaded on AIX (when built with xlc)
 BGF cookies over proxy didn't match the path properly
 BGF MSVC makefile fixes to build better
 BGF FTP response 530 on 'PASS' now sends back a better error message
</ul>
<p>
<a name="7_12_1"></a>
SUBTITLE(Fixed in 7.12.1 - August 10 2004)
<p>Changes:
<ul class="changes">
 CHG the version string now only contains info about (sub) package versions,
   while for example krb4 and ipv6 now only are available as 'features'
 CHG added curl_easy_reset()
 CHG socks proxy support even when libcurl is built ipv6-enabled
 CHG read callbacks can stop the transfer by returning CURL_READFUNC_ABORT
 CHG libcurl-tutorial.3 is the new man page formerly known as libcurl-the-guide
 CHG additional SSL trace data might be sent to the debug callback using two new
   types: CURLINFO_SSL_DATA_IN and CURLINFO_SSL_DATA_OUT
 CHG multipart formposts can upload files larger than system memory
 CHG the curl tool continues with the next URL even if one transfer fails
 CHG FTP 3rd party transfer support - seven new setopt() options
</ul>

<p> Bugfixes:
<ul class="bugfixes">
 BGF UTF-8 encoded certificate names can now be verified properly
 BGF krb4 link problem
 BGF HTTP Negotiate service name now provided in uppercase
 BGF no longer accepts any cookies with domain set to just a TLD
 BGF HTTP Digest properties without quotes in the header
 BGF bad Host: header case on re-used connections over proxy
 BGF duplicate Host: header case on re-used connections
 BGF curl -o name#[num] now works when no globbing for [num] exists
 BGF test suite runs fine with valgrind 2.1.x
 BGF negative Content-Length is ignored
 BGF test 505 runs fine on windows
 BGF curl_share_cleanup() crash
 BGF --trace files now get the final info lines too
 BGF multi interface connects fine to multi-IP resolving hosts
 BGF --limit-rate works on Mac OS X (and other systems with bad poll()s)
 BGF cookies can now hold 4999 bytes of content
 BGF HTTP POST/PUT with NTLM/Digest/Negotiate to a URL returning 3XX
 BGF HTTPS POST/PUT over a proxy requiring NTLM/Digest/Negotiate
 BGF less restrictive libidn requirements, 0.4.1 or later is fine
 BGF HTTP POST or PUT with Digest/Negotiate/NTLM selected but the server
   didn't require any authentication
 BGF win32 file:// transfer free memory bug
 BGF configure --disable-http builds a libcurl without HTTP support
 BGF CURLOPT_FILETIME had wrong type in curl.h, it expects a long argument
 BGF builds fine with Borland on Windows
 BGF the msvc curllib.dsp now builds the libcurl.lib file
 BGF builds fine on VMS
 BGF builds fine on NetWare
 BGF HTTP Digest authentication with proxies uses correct user name + password
 BGF builds fine with lcc-win32
</ul>

<p>
<a name="7_12_0"></a>
SUBTITLE(Fixed in 7.12.0 - June 2 2004)
<p>Changes:
<ul class="changes">
 CHG added ability to "upload" to file:// URLs
 CHG added curl_global_init_mem()
 CHG removed curl_formparse()
 CHG the MSVC project file in the release archive is automatically built
 CHG curl --proxy-digest is a new command line option
 CHG the Windows version of libcurl can use wldap32.dll for LDAP
 CHG added curl_easy_strerror(), curl_multi_strerror() and curl_share_strerror()
 CHG IPv6-enabled Windows hosts now resolves names threaded/asynch as well
 CHG configure --with-libidn can be used to point out the root dir of a libidn
   installation (version 0.4.5 or later) for curl to use, then libcurl can
   resolve and use IDNA names (domain names with "international" letters)
</ul>

<p> Bugfixes:
<ul class="bugfixes">
 BGF incoming cookies with domains set with a prefixed dot now works better
 BGF CURLOPT_COOKIEFILE and CURLOPT_COOKIE can be used in the same request
 BGF improved peer certificate name verification
 BGF allocation failures cause no leaks nor crashes
 BGF the progress meter display now handles file sizes up to full 8 exabytes
   (which is as high a signed 64 bit number can reach)
 BGF general HTTP authentication improvements
 BGF HTTP Digest authentication with the proxy works
 BGF mulipart formposting with -F and file names with spaces work again
 BGF curl_easy_duphandle() now works when ares-enabled
 BGF HTTP Digest authentication works a lot more like the RFC says
 BGF curl works with telnet and stdin properly on Windows
 BGF configure --without-ssl works even when pkg-config has OpenSSL details
 BGF src/hugehelp.c builds correct again in non-configure build environments
</ul>

<p>
<a name="7_11_2"></a>
SUBTITLE(Fixed in 7.11.2 - April 26 2004)
<p>Changes:
<ul class="changes">
 CHG removed maximum user+password+hostname size limit
 CHG removed maximum dir depth limit for FTP
 CHG the ares build now requires c-ares 1.2.0 or later
 CHG --tcp-nodelay and CURLOPT_TCP_NODELAY were added
 CHG curl/curlver.h contains the libcurl version info now
</ul>

<p> Bugfixes:
<ul class="bugfixes">
 BGF configure --disable-manual works better
 BGF removed a memory leak when doing a windows threaded resolve and it failed
 BGF --proxy-ntlm now checks if libcurl supports NTLM before using it
 BGF minor --fail with authentication bugfix
 BGF CURLOPT_IPRESOLVE set to CURL_IPRESOLVE_V6 will now cause a returned error
   if the host only can resolve ipv4 addresses
 BGF curl -4/-6 now actually sets the requested option in libcurl
 BGF multi interface on Windows without ares works again
 BGF improved resolution for the CURLINFO_*_TIME info variables
 BGF getting only a 100 Continue response and nothing else, when talking HTTP,
   is now treated as an error by libcurl
 BGF fixed minor memory leak in libcurl for Windows when statically linked
 BGF POST/PUT using Digest/NTLM/Negotiate (including anyauth) now work better
 BGF --limit-rate with high speed rates is a lot more accurate now, and supports
   limiting to speeds >2GB/sec on systems with Large File support.
 BGF curl_strnqual.3 "refer-to" man page fix
 BGF fixed a minor very old progress meter final update bug
 BGF added checks for a working NI_WITHSCOPEID before that is used
 BGF fixed a flaw that prevented ares name resolve timeouts to occur
 BGF getting user name from http_proxy env variable works now
 BGF fixed too early name resolve timeouts with ares
 BGF HTTP Digest "re-negotiation" works now
 BGF CURLOPT_FAILONERROR (-f/--fail) works with all kinds of authentication
 BGF better thread-safety thanks to the internal strerror() replacement
 BGF better thread-safety on AIX thanks to better function detection
 BGF minor ipv6 build fix for windows
 BGF the test suite runs fine with mingw-built curl
 BGF the postit2.c example works now
 BGF better error message when --interface fails on windows
 BGF the progress meter now displays very long times better
 BGF CURLINFO_CONTENT_LENGTH_DOWNLOAD with CURLOPT_NOBODY set TRUE now works
 BGF passwords longer than 14 letters work with NTLM
 BGF 'make netware' in the root dir works now
 BGF builds fine on VMS again and even nicer than before
</ul>

<a name="7_11_1"></a>
SUBTITLE(Fixed in 7.11.1 - March 19 2004)
<p> Changes:
<ul class="changes">
 CHG CURLOPT_POSTFIELDSIZE_LARGE added to offer POSTs larger than 2GB
 CHG CURL_VERSION_LARGEFILE is a feature bit returned by libcurls that feature
   large file support
 CHG libcurl only requires winsock 1.1 on windows now
 CHG when doing FTP, curl now sends QUIT before disconnecting
 CHG name resolves can now timeout on windows too
 CHG $HOME is now recognized better when looking for .netrc files
 CHG now re-uses the ares handle when re-using curl handles
 CHG SO_BINDTODEVICE is used for network interface binding
 CHG configure --disable-manual disables the built-in huge manual from the
   command line tool
 CHG the default Accept: header used in HTTP requests changed
 CHG asynch dns lookups now require the c-ares library
 CHG curl --socks can be used to set a SOCKS5 proxy to use
 CHG response-headers received after a (proxy) CONNECT request are now passed
   to the header callback just like other headers
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF builds and runs on Novell NetWare
 BGF Windows builds now report OS as "i386-pc-win32"
 BGF received signals during SSL connect is handled better
 BGF improved PUT/POST with NTLM/Digest authentication
 BGF following redirects and doing NTLM/Digest (where the first connection gets
   closed) with the multi interface work better now
 BGF file: progress meter and getinfo variables work now
 BGF CURLOPT_FRESH_CONNECT and CURLAUTH_NTLM now work when set together
 BGF share interface usage without (un)lock functions segfaulted
 BGF --limit-rate no longer cripples the --speed-limit feature
 BGF fixed verbose output problem with ipv6-enabled re-used connections
 BGF fixed the socks5 code to check version in the socks response properly
 BGF dns cache bug - fixed the 'inuse' counter
 BGF large file fix for Content-Length
 BGF better docs for the share interface
 BGF several configure fixes for mingw/msys
 BGF setting a Host: header is no longer affecting the Host: header used when
   libcurl follows a Location:
 BGF fixed numerous compiler warnings on several operating systems and compilers
 BGF PUTting from stdin couldn't disable chunked transfer-encoding
 BGF corrected the mingw makefiles
 BGF improved the configure libz detection
 BGF fixed EPRT/PORT use when doing FTP on ipv6-enabled AIX hosts
 BGF *nroff commands that only support -mandoc and not -man are now supported
   (for the built-in manual text in the command line tool)
 BGF fixed the unconditional #include of config.h in hugehelp.c
 BGF builds fine on MPE/iX
 BGF upload using chunked transfer-encoding now sends the last chunk properly
   teriminated with an extra CRLF
 BGF Fixed the progress meter display for files >2GB
 BGF persistent connections over a proxy messed up the proxy name/password
 BGF the socks5 code segfaulted if no username/password was set
 BGF the *_LARGE options now take curl_off_t types as parameters and this will
   make it possible to handle large files on windows too
 BGF builds with large file support even on systems without strtoll()
</ul>

<a name="7_11_0"></a>
SUBTITLE(Fixed in 7.11.0 - January 22 2004)
<p> Changes:
<ul class="changes">
 CHG allows the URL to be set by a callback when using the multi interface
 CHG large file support was added. Use one of the new options: INFILESIZE_LARGE,
   RESUME_FROM_LARGE and MAXFILESIZE_LARGE
 CHG the new --ftp-pasv overrides a previous --ftpport
 CHG CURLOPT_FTPSSL and ftps:// now do ssl over FTP "The Right Way" (the curl
   tool now features the --ftp-ssl option)
 CHG The Windows DLLs are built with an added "resource file"
 CHG New LIBCURL_VERSION_* defines for easier checking version number
 CHG Included Mac OS X 'framework' makefile in the release archive
 CHG Removed the TRUE and FALSE #defines from the public curl header file
 CHG Added CURLOPT_NETRC_FILE
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF improved config file parsing for options with required parameters
 BGF using --trace with a bad file name could crash
 BGF release archive contains compressed help text
 BGF the win32 password prompting supports backspace
 BGF builds natively on AmigaOS (without unix emulation)
 BGF ftps:// now uses port 990 by default
 BGF the "configure --with-spnego" action was improved
 BGF fixed a rare follow-redirect problem
 BGF curl-config --feature now outputs AsynchDNS if enabled
 BGF occasional re-use of freed-memory problem fixed
 BGF curl-config --libs now include the ares link directory
 BGF configure --enable-ares now accepts a given path
 BGF -lz no longer appear twice on the link line
 BGF more descriptive error message if the FTP response reader fails
 BGF curl-config --feature now shows 'AsynchDNS' when built with ares
 BGF VMS build up-to-date and clarified source code
 BGF resolve bug caused socks5 to fail
 BGF Content-Length: is ignored when getting chunked Transfer-Encoding
 BGF POST over proxy to https server failed
 BGF improved how libcurl deals with persistent connections over FTP when a
   transfer fails
 BGF accessing a proxy that requires Basic auth without password caused a hang
 BGF a free free-twice problem in the server certificate code
 BGF minor memory leak when using ranges on persistent connections
 BGF formpost parts sending files with .html extensions now use "Content-Type:
   text/html"
 BGF formpost parts now default to "Content-Type: application/octet-stream"
 BGF --progress-bar was slightly improved
 BGF Failing to connect to localhost, using the multi interface on Solaris
   showed a connect problem now fixed.
 BGF The generated ca-bundle.h file is now generated in the build dir, not the
   source dir
 BGF The FTP-EPSV response parser for the 229 code was fixed
 BGF curl finds the user's home dir slightly different and hopefully better on
   Windows
 BGF testcurl.sh can now be used to autotest daily tarballs
 BGF a couple of command line options now check that the underlying library
   actually supports the features before trying to enable them
 BGF uninitialized variable fix
 BGF better html versions of the man pages
</ul>

<a name="7_10_8"></a>
SUBTITLE(Fixed in 7.10.8 - November 1 2003)
<p> Changes:
<ul class="changes">
 CHG --head now works on file:// URLs too
 CHG file: URLs with only one initial slash now works too
 CHG RELEASE-NOTES document added to the release archive to summarize the big
   and visible changes and bugfixes
 CHG CURLOPT_MAXFILESIZE was added, and --max-filesize
 CHG CURLOPT_PASSWDFUNCTION and CURLOPT_PASSWDDATA are no longer supported
 CHG IPv6 is now supported on Windows builds too
 CHG CURLOPT_IPRESOLVE lets you select pure IPv6 or IPv4 resolved addresses
   (curl offers the command line options -4/--ipv4 and -6/--ipv6)
 CHG GSS-Negotiate works fine with the MIT kerberos library
 CHG SPNEGO support added, if libcurl is built with the FBopenssl libraries,
   curl_version_info() can return a feature bit for it and curl -V displays
   SPNEGO as a feature if libcurl is built with it enabled
 CHG easy handles added to a multi handle now share DNS cache automatically
 CHG CURLINFO_HTTPAUTH_AVAIL and CURLINFO_PROXYAUTH_AVAIL were added
 CHG CURLOPT_FTP_RESPONSE_TIMEOUT was added
 CHG NTLM, Digest and GSS-Negotiate authentications also work for HTTPS over
   proxies
 CHG curl supports multiple -T flags to allow several uploaded files using
   a single command line
 CHG CURLINFO_RESPONSE_CODE can return the last FTP response code
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF added work-around for a name resolve problem on some glibc versions
 BGF a rare ERRORBUFFER single-byte overflow was fixed
 BGF HTTP-resuming an already downloaded file works better
 BGF builds better on Solaris 8+ with gcc
 BGF --disable-eprt works now
 BGF improved CA cert verification
 BGF --anyauth could bug when the first response had no body contents
 BGF double password prompting when doing NTLM fixed
 BGF improved performance when used multi-threaded on windows
 BGF share-locking during DNS lookups was modified
 BGF resume was not possible to switch off properly once enabled
 BGF fixed the ipv4 connect code when a DNS entry has multiple IPs
 BGF now checks subjectAltNames when matching certs
 BGF HTTP POST using read callback works again
 BGF builds fine on BeOS now
 BGF CURLOPT_COOKIE set to NULL no longer sends the previously set cookie
 BGF if an FTP transfer used a bad path, the next transfer could fail too
 BGF ares-built libcurl resolves IP-only names properly
 BGF changed the curl_lock_function proto to prevent warnings on some compilers
 BGF builds fine on QNX 6.2.x now
 BGF PUT with --digest works now
 BGF --anyauth that picks NTLM and then follows a redirect (and does NTLM again)
   works now
 BGF asynch resolves now work on NT4 too
 BGF a DNS cache trash (possible segfault) was fixed
 BGF runtests.pl clears all proxy environment variables before the test is run
 BGF Microsoft's "Negotiate" authentication is now supported by the existing
   GSSNEGOTIATE option
 BGF A set zero-length proxy name confused libcurl
 BGF Digest authentication works again without OpenSSL on 64bit architectures
 BGF configure --enable-thread works now
 BGF buffer problems in the test suite's web server were fixed
 BGF improved proxy password handling
 BGF LDAP is again working nicely with the current OpenLDAP
 BGF asynch name lookup for non-resolving hosts now return a proper error message
 BGF CURLOPT_SSL_VERIFYHOST set to 1 no longer aborts if no CN field is
   obtainable, it will merely warn about it
 BGF name resolve segfault with uClibc fixed
 BGF multi interface and multi-part/formpost could end in segfault
 BGF curl_multi_info_read() sets the msgs_in_queue to 0 when returning NULL
 BGF multi interface, ares and non-resolving host caused a segfault
 BGF minor single SSL memory leak fixed
 BGF Setting CURLOPT_WRITEFUNCTION or CURLOPT_READFUNCTION to NULL resets them
   to default
</ul>

<a name="7_10_7"></a>
SUBTITLE(Fixed in 7.10.7 - August 15 2003)
<p> Changes:
<ul class="changes">
 CHG CURLOPT_PROXYAUTH was added to allow different authentication methods on
   proxies (--proxy-ntlm was added to the curl tool).
 CHG --ftp-create-dirs and CURLOPT_FTP_CREATE_MISSING_DIRS were added
 CHG optional and still experimetal asynch name resolve support
 CHG getting headers-only and no-body from FTP can now reply "Accept-Ranges"
   if the server seems to support REST.
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF fixed a memory leak on re-used connections with proxy-authentication
 BGF cookies with no contents are sent off too now
 BGF 64bit-related bugfix for uploads
 BGF file:// URLs with drive letters now work on windows and OS/2
 BGF The output numbering (#[num]) on url globbing didn't work due to a bug
   in curl_msprintf()
 BGF FTP persitent download directory re-use problem fixed
 BGF cookie parser now only requires two dots in cookie domain
 BGF FOLLOWLOCATION (or -L) did not always ignore the redirect page properly
 BGF <a href="/docs/security.html#BID8432">information leak</a> fixed.  When proxy authentication is used in a CONNECT
   request (as used for all SSL connects and otherwise enforced
   tunnel-thru-proxy requests), the same authentication header was also
   wrongly sent to the remote host.
 BGF the VC++ Makefiles were updated
 BGF builds better on VMS
 BGF src/hugehelp.c is now distributed uncompressed in the source package
 BGF the mkhelp script now compresses properly on DOS/Windows
</ul>

<a name="7_10_6"></a>
SUBTITLE(Fixed in 7.10.6 - July 28 2003)
<p> Changes:
<ul class="changes">
 CHG CURLOPT_SSL_CTX_FUNCTION allows a custom callback for SSL connections
 CHG multiple patches lets curl build and run on DOS
 CHG libcurl now deals with spaces in Location: redirects and URLifies them
 CHG curl --version shows more detailed info
 CHG curl_version_info() now returns info on NTLM, GSS-Negotiate and Debug
 CHG curl_version() includes "GSS" in the string if built with GSSAPI available
 CHG Pick-best-authentication option added (--anyauth, using the
   CURLOPT_HTTPAUTH set to CURLAUTH_ANY)
 CHG NTLM authentication support (--ntlm and CURLAUTH_NTLM)
 CHG GSS-Negotiate authentication support (--negotiate and CURLAUTH_GSSNEGOTIATE)
 CHG Digest authentication support added (--digest and CURLAUTH_DIGEST)
 CHG Allow curl to switch (back to) to Basic authentication (--basic)
 CHG libcurl supports name and password in proxy environment variables

</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF double slash after the host name on a FTP URL again points out the root dir
 BGF obscure and rare DNS cache problem was fixed
 BGF multiple FTP connections to the same host with different user names
      didn't work properly
 BGF no more CWD commands without arguments for ftp connections
 BGF curl no longer uses setvbuf() due to portability problems
 BGF VMS build fixes
 BGF the curl tool has the -M manual compressed internally if built with libz
 BGF url globbing syntax error could cause segfault
 BGF Huge (>40-60KB) GET requests over HTTPS failed.
 BGF Content-Length now overrides socket-closed as a means of knowing when the
   response body is complete.
 BGF --progress-bar takes the initial size into account when doing resumed
   downloads
 BGF work around SSL bugs better
 BGF libcurl typically issues POST requests with less send() calls
 BGF better main makefile
 BGF external headers improved portability
 BGF Listing FTP directories without contents could leak a socket
 BGF Getting HTTP contents in one line without headers failed
 BGF bugfixed the socks5-proxy usage (twice)
 BGF h_aliases name-lookup rare crash fixed
 BGF improved curl -M output
 BGF curl_unescape() now only unescapes valid %HH codes
</ul>

<a name="7_10_5"></a>
SUBTITLE(Fixed in 7.10.5 - May 19 2003)
<p> Changes:
<ul class="changes">
 CHG support for Content-Encoding: gzip was added
 CHG test cases modified to include server requirement in each test case file
 CHG CURLOPT_FTP_USE_EPRT was added, --disable-eprt with the tool
 CHG setting CURLOPT_ENCODING to "" automatically enables all supported encodings
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF libcurl now calls the progress meter during slow ftp responses as well
 BGF a write loop resulting in badly updated progress meter was fixed
 BGF non-blocking sockets fix for PORT ftp downloads
 BGF CURLOPT_INTERFACE performance fix on Linux
 BGF EAGAIN-fix improves HPUX (at least) functionality
 BGF configure script fix for the writable argv check and cross-compiles
 BGF features more verbose error message when some OpenSSL read errors occur
 BGF improved ftp compliance with RFC1738, now performs individual CWD commands
   for each path part in the URL
 BGF cookie overhaul: fixed jarsaving, improved path treatment and stricter
   cookie receiving, adjusts to Hosts: headers
 BGF CURLINFO_CONNECT_TIME works with the multi interface too
 BGF curl_easy_setopt() now returns correct error codes
 BGF formposting .html files set Content-Type text/html now
 BGF curl reports a new huge and verbose error message on CA cert problems
 BGF libcurl now returns CURLE_SSL_CACERT on CA cert problems
 BGF chunked-transfer deflate downloads work
 BGF FTP-server responses to CWD are now more liberally treated
 BGF fixed url parsing when '?' is used after the host name without '/'.
 BGF curl -I on ftp files outputs the date with correct time zone (GMT)
 BGF curl -z now works for FTP files (CURLOPT_TIMECONDITION)
 BGF the default DEBUGFUNCTION outputs incoming headers as well
 BGF Content-Type extraction did wrong if there was no space after the colon
 BGF the MSVC project file was fixed
 BGF no longer installs the ca bundle when built --without-ssl
 BGF the boundary strings in formposts now look very similar to the ones IE uses
 BGF test suite runs on cygwin
</ul>

<a name="7_10_4"></a>
SUBTITLE(Fixed in 7.10.4 - April 2 2003)
<p> Changes:
<ul class="changes">
 CHG the curl tool now "clears" sensitive commands line args
 CHG no more emacs local variables in the source files
 CHG script for distributed, automatic, multi-platform testing added. Please
   join up and help us test the bleeding edge curl on various platforms!
 CHG the "scratch buffer" is now only allocated when actually needed
 CHG removed the strequal and strnequal macros from curl/curl.h
 CHG added CURLOPT_UNRESTRICTED_AUTH / --location-trusted
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF "curl -O" only, now outputs an error message accordingly
 BGF builds fine on Redhat Linux 9 (configure fix)
 BGF the CA cert bundle included a demo cert now removed
 BGF changing some attributes between two transfers when re-using a connection
   did not "take effect" properly
 BGF the test suite runs faster and hopefully a bit more reliably
 BGF improved configure check for presence of functions, needed for HPUX
 BGF the curl tool now makes a correct URL escaping when appending to the URL
   when using -T and the file name is appended to the URL.
 BGF configure --enable-libgcc now explicitly add -lgcc to the linker
 BGF better configure checks for headers (since some platforms got nasty
   warnings output previously)
 BGF configure --help looks nicer
 BGF data transfer bug on HP-UX systems
 BGF improved random seeding for systems without a reliable random source
 BGF 64bit Sparc compiler warnings removed
 BGF a case where a connect failure didn't return an error string
 BGF DNS cache problem in AIX 4.3 and later was fixed
 BGF a POST-then-GET problem when re-using the same handle in libcurl
 BGF extra precaution added for FTP servers returning 0 bytes to SIZE commands
 BGF looping issue in the receive function (i.e badly updated progress meter)
 BGF Fixed the 'Expect: 100-continue' behavior
 BGF CURLOPT_MAXCONNECTS segfault fixed
 BGF multi-interface connecting on Windows to non-listening ports fixed
 BGF Curl_base64_encode() now encodes zero-bytes too properly
 BGF fixed the infamous SSL error:00000000 outputs
 BGF zlib build fix in the mingw makefile
 BGF don't check for ca cert env variable if --insecure is used
 BGF always use strict cert name check unless --insecure is used
 BGF content-type extracting fixed
 BGF DEBUGFUNCTION could be called with wrong arguments in uploads
 BGF ftp downloads could wrongly return CURLE_PARTIAL_FILE in some conditions
 BGF the fopen.c example code didn't work
 BGF content-type extracting memory leak fixed
 BGF curl/multi.h was fixed for C++ compiles
 BGF .netrc file scanning for names+passwored fixed
 BGF curl-config --cflags works even when include dirs isn't /usr/include
 BGF CURLINFO_PRIVATE can return NULL properly
</ul>

<a name="7_10_3"></a>
SUBTITLE(Fixed in 7.10.3 - January 14 2003)
<p> Changes:
<ul class="changes">
 CHG Added CURLOPT_PRIVATE and CURLINFO_PRIVATE
 CHG Added CURLOPT_HTTP200ALIASES
 CHG Added --create-dirs
 CHG libcurl test cases have been added
 CHG configure --enable-maintainer-mode was added
</ul>

<p> Bugfixes:
<ul class="bugfixes">
 BGF Transfer-Encoding: chunked for uploads works
 BGF Test cases 306 and 402 now run fine
 BGF configure script bug related to CONTENT_ENCODING fixed
 BGF Borland Makefiles up-to-date
 BGF Name resolve fix to correct the 7.10.2-fix!
 BGF curl/curl.h now has a more proper extern "C" for C++
 BGF CURL_MAX_WRITE_SIZE lowered to 16KB: improves performance on Windows
 BGF configure --enable-debug now cuts off -O* options to the compiler
 BGF Using multi interface and proxy to non-listening port caused a hang
 BGF CURLOPT_USERPWD-imposed memory leak removed
 BGF Verbose connect message crash removed
 BGF curl-config --cflags
 BGF better SSL-reading with no CPU-eating loop left
 BGF A base64 decoding bug was fixed (affected kerberos4)
 BGF The MSVC++ Makefile for debug targets was improved
 BGF Initing the global DNS cache is now done better
 BGF "curl -I ftp://domain/non-existing-file" was flawed
 BGF fixed wildcard name checks in server certificates
</ul>

<a name="7_10_2"></a>
SUBTITLE(Fixed in 7.10.2 - November 18 2002)
<p> Changes:
<ul class="changes">
 CHG PDF versions of much documentation are included in the tarball
 CHG Transfer-Encoding: chunked for uploads are now supported
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF builds fine on MSVC again
 BGF CURLOPT_CONNECTTIMEOUT works better
 BGF name resolving failed with glibc 2.2.93
 BGF libtool build fix for -no-undefined
 BGF the follow location code could crash occasionally
 BGF multi interface and FOLLOWLOCATION didn't work properly
 BGF curl -j (CURLOPT_COOKIESESSION) didn't work properly
 BGF config file parser could crash on the presence of CRLF newlines
 BGF downloading HTTP without headers sometimes corrupted the data
 BGF connecting to a bad port number with the multi interface did wrong
</ul>

<a name="7_10_1"></a>
SUBTITLE(Fixed in 7.10.1 - October 11 2002)
<p> Changes:
<ul class="changes">
 CHG configure --without-zlib explicitly disables zlib in builds
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF junk data could get inserted when saving HTTP headers
 BGF telnet connections timeout properly
 BGF make install when built outside source tree works again
 BGF FOLLOW_LOCATION works for the multi interface too
 BGF HTTP Location following now deals with ./ and ../ cases
 BGF The OpenSSL ENGINE check was improved in the configure script
</ul>

<a name="7_10"></a>
SUBTITLE(Fixed in 7.10 - October 1 2002)
<p> Changes:
<ul class="changes">
 CHG curl -x "" now disables proxy-usage completely
 CHG The libcurl and thus the curl version string too are modified slightly
 CHG added curl_version_info() for various runtime version info
 CHG added curl_free() that allows freeing data libcurl malloced()
 CHG CURLOPT_ENCODING added, supports decompression of compressed downloaded data
   This is used with 'curl --compressed'. This feature uses the libz library,
   if present.
 CHG MIT-licensed only, no dual-stuff. That is history. Old. Gone. Forgotten.
 CHG libcurl does peer certificate verification by default. This needs to be
   disabled if you need to talk to SSL servers in an insecure way! (curl -k
   does this). See further details in the UPGRADE document.
 CHG SOCKS5-proxy support was added (somewhat flawed, see CHANGES for details)
 CHG More SSL error codes was added
 CHG CURLOPT_NOSIGNAL was added for multi-threaded programs to use
 CHG --limit-rate is now supported
 CHG CURLOPT_BUFFERSIZE sets a desired read buffer size
 CHG The FTP PORT command uses a better default IP address
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF transfer after a failed connect when using the multi interface
 BGF headerless HTTP downloads
 BGF "-C -" on multiple file downloads
 BGF resume on file:// downloads
 BGF memory leak in libcurl on repeated resume http downloads
 BGF crashes on 64bit machines solved
 BGF IPv6 IP-address only URLs sent bad Host: headers
 BGF --silent is more silent when doing URL globbing fetches
 BGF *multi_perform() now returns control properly when waiting for connect
 BGF curl_formadd man page was corrected
 BGF curl_escape() and curl_unescape() no longer deals with '+'
 BGF improved performance on persistent transfers on windows
 BGF no longer closes ftp connections unncessarily often
 BGF -N works again
 BGF the windows DLL now builds with the multi interface enabled
 BGF the internal password prompt now uses stderr instead of stdout
 BGF minor cookie parsing bug when no space came after the header colon
 BGF better #ifdef conditions in the global curl header files
 BGF the curl tool didn't allow POST of zero contents
 BGF literal RFC2732-style IPv6 addresses didn't work
</ul>

<a name="7_9_8"></a>
SUBTITLE(Fixed in 7.9.8 - June 13 2002)
<p> Changes:
<ul class="changes">
 CHG curl_formadd() can do file upload parts from buffer
 CHG libcurl can be built with specific protocols disabled
 CHG should build nicely with modified OpenSSL 0.9.7 API
 CHG win32 timers now use higher resolution
 CHG CURLOPT_CAPATH was added (--capath on the command line)
 CHG CURLOPT_NETRC now supports optional or required netrc mode
 CHG curl_formadd() now returns a CURLFORMcode type, not a plain int.
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF name resolves can now time-out properly (on unix-like systems)
 BGF an empty connect failure error message was filled in
 BGF when curl_easy_perform() failed on an ftp transfer, it could leak a socket
 BGF a curl_multi_remove_handle() crash was removed
 BGF windows versions will no longer complain on "weak seeding"
 BGF 64bit architectures could crash in the resolve code
 BGF CURLINFO_REQUEST_SIZE now works as documented
 BGF CURLINFO_REDIRECT_TIME returns a correct time now
 BGF getting an empty FTP file does not cause an error anymore
 BGF curl_multi_perform() works without curl_multi_fdset()
 BGF re-using a connection over a proxy could do bad Host: headers
 BGF CURLOPT_POST with a "" string could lead to a crash.
 BGF better certificate loading
 BGF Name resolve crash on platforms without *_r() functions removed
 BGF minor compiler problems on FreeBSD fixed
</ul>

<a name="7_9_7"></a>
SUBTITLE(Fixed in 7.9.7 - May 10 2002)
<p> Changes:
<ul class="changes">
 CHG CURLOPT_COOKIESESSION (-j with the client) starts a new cookie session
 CHG --trace or --trace-ascii dump a full network/debug dump to a given file
 CHG Added: curl_multi_info_read() is now implemented as documented
 CHG Added CURLINFO_REDIRECT_TIME and CURLINFO_REDIRECT_COUNT
</ul
<p> Bugfixes:
<ul class="bugfixes">
 BGF CURLOPT_DEBUGFUNCTION gets called as documented
 BGF -D with multiple URLs will append all headers in the same file
 BGF multi interface transfers work better
 BGF multiple transfers reset download counters better in between
 BGF Pruning now prevents the DNS cache from growing out of proportions
 BGF no_proxy didn't work when URL contained port numbers
 BGF --interface didn't work for IPv6 enabled libcurls
 BGF the TIMECOND defines are now using CURL_ prefixes
 BGF Now uses less memory for name resolves on most operating systems
 BGF pack_hostent works with 64 bit pointers
 BGF Prunes old DNS cache entries
 BGF HTTP 301 response after a POST now treated differently
 BGF rfc1867-formposting a non-existent file now causes a failure
</ul>

<a name="7_9_6"></a>
SUBTITLE(Fixed in 7.9.6 - April 14 2002)
<p> Changes:
<ul class="changes">
 CHG Added CURLOPT_DEBUGFUNCTION
 CHG Added multi interface man pages, examples and public header files.
 CHG All CURLFORM_* options can now be given in an array
 CHG Added: -F supports filename= (using the new CURLFORM_FILENAME)
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF libcurl skips preceding white spaces in cookie contents
 BGF CURLINFO_CONNECT_TIME is now set even when connect fails
 BGF -x didn't use the documented default port
 BGF RISC OS version now offers --environment
 BGF HTTP/1.0 304-replies are dealt with better
 BGF .curlrc is read from current directory if HOME isn't set
 BGF The include file curl/curl.h compiles on pre-ISO compilers
 BGF getting http headers-only could "hang" during 1 second extra
 BGF verbose passive ftp transfers on AIX could crash
 BGF improved re-use of dead proxy connections
 BGF binary HTTP POSTs on Windows did not work (client-code problem)
 BGF CRLF replacing in uploads was not working
 BGF -G and -d work together again
 BGF using verbose when doing ftp passive transfers could core dump
 BGF IPv6 name lookups work again
 BGF HTTP POST with data passed in with the read callback now works
 BGF curl -O segfault
 BGF --progress-bar
 BGF Bugfixed a missing newline after --progress-bar output
</ul>

<a name="7_9_5"></a>
SUBTITLE(Fixed in 7.9.5 - March 7 2002)
<p> Changes:
<ul class="changes">
 CHG Added CURLOPT_PREQUOTE
 CHG -w now supports %{content_type}
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF fixed the client-side backslash treatment in URLs
 BGF Mofied the file hierarchy in the archive somewhat
 BGF fixed the dowloaded header size counter
 BGF fixed the cookie parser
 BGF Replaced the former test HTTP server with a new one written in C
 BGF fixed the total time counter that could end up blank at times
 BGF Minor portability changes
 BGF Tweaked name resolves with getaddrinfo() to run faster on Linux
 BGF fixed big HTTP requests (such as big POSTs)
 BGF fixed connection timeouts
 BGF fixed Host: lines on multiple requests over proxy
 BGF fixed 64bit archtitecture builds.
 BGF fixed Expect: header disabling
 BGF Improved the Windows makefiles and install documentation
 BGF fixed multipart formposts
 BGF fixed CURLINFO_CONTENT_TYPE
 BGF fixed another SSL download problem
</ul>

<a name="7_9_4"></a>
SUBTITLE(Fixed in 7.9.4 - March 4 2002)
<p> Changes:
<ul class="changes">
 CHG Introduced CURLINFO_CONTENT_TYPE
 CHG CURLOPT_CUSTOMREQUEST can now be used with CURLOPT_POSTFIELDS
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF Improved the gethostbyname_r configure check for HP-UX 11.00
 BGF Bugfixed the DNS cache
 BGF Bugfixed SSL download (due to the non-blocking sockets)
 BGF Only seed SSL once for a program's life time
 BGF IPv4-only Linux machines could crash on name resolves
 BGF curl_getdate() is now fully reentrant
 BGF The header length counter is now reset in each curl_easy_perform()
 BGF Normal HTTP POSTs no longer append an extra set of CRLF
 BGF Location: following on persistent connections work
 BGF No longer installs the multi examples on make install.
</ul>

<a name="7_9_3"></a>
SUBTITLE(Fixed in 7.9.3 - January 23 2002)
<p> Changes:
<ul class="changes">
 CHG introduced a DNS lookup cache
 CHG OpenSSL ENGINE support (read CHANGES for full details)
 CHG CURLFORM_CONTENTHEADER let's you add headers in form posts
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF fixed multipart formposts with non-existing files
 BGF builds with OpenSSL versions prior to 0.9.5 again
 BGF SSL session cache crashed when filled
 BGF improved timeouts with HTTPS
 BGF bugfixed the cookie engine and parser
 BGF HTTP code 204 is now treated properly
 BGF libcurl now provides the FTP response lines to the header callback
 BGF 64bit-architecture fixes
 BGF bugfixed using proxy specified in an environment variable
 BGF made libcurl support FTP operations without any transfer
 BGF error messages are now stored without newlines
 BGF -T file names get the path stripped before used remotely
 BGF minor compiling problems fixed for some platforms
</ul>

<a name="7_9_2"></a>
SUBTITLE(Fixed in 7.9.2 - December 5 2001)
<p> Changes:
<ul class="changes">
 CHG --disable-epsv is a new option to the curl command line tool
 CHG added CURLOPT_FTP_USE_EPSV
 CHG added CURLINFO_STARTTRANSFER_TIME
 CHG added the -1/--TLSv1 option
</ul>

<p> Bugfixes:
<ul class="bugfixes">
 BGF compiles and builds on the good old Mac OS (in addition to Mac OS X)
 BGF bugfixed persistent connections over proxy with multiple protocols
 BGF bugfixed verbose ftp output on Tru64 unix
 BGF passive ftp download works with IPv6
 BGF always return proper error code on failed connects
 BGF bugfixed FTP response reader
 BGF bugfixed verbose telnet
 BGF bugfixed conditional HTTP fetches based on time
 BGF multiple calls to curl_global_init() is now treated better
 BGF bugfixed multiple ftp requests
 BGF made -p/--proxytunnel work for plain HTTP as well
 BGF "current speed" progress meter bugfix
 BGF improved the name resolver configure check
 BGF libcurl now restores signal handlers and timeouts properly
 BGF improved SSL over HTTP-proxy when using weird proxies(!)
 BGF bugfixed LDAP transfers
</ul>

<a name="7_9_1"></a>
SUBTITLE(Fixed in 7.9.1 - November 4 2001)
<p> Changes:
<ul class="changes">
 CHG CURLE_GOT_NOTHING is a new possible error code
 CHG -0/--http1.0 can now be used to set HTTP 1.0 operations
 CHG 'curl' no longer uses curl_formparse()
 CHG non-blocking connects
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF much better connection re-use validity check
 BGF bugfixed connection re-use for FTP urls containing name and password
 BGF LDAP transfers no longer "hang"
 BGF a memory leak in the cookie engine was removed
 BGF curl_easy_duphandle() now duplicates cookie parser status too
 BGF --fail now only returns error if HTTP code is >= 400
 BGF a possible memory leak when a transfer failed was removed
 BGF builds better in cygwin
 BGF "current speed" meter more accurate
 BGF -c without -b saves the cookies now
 BGF bugfixed libcurl for "thread-hopping" on Windows
 BGF removed memory leak in IPv6-enabled libcurl
 BGF bugfixed curl_formadd()
 BGF bugfixed CURLINFO_FILETIME
 BGF bugfixed cookiejar
</ul>

<a name="7_9"></a>
SUBTITLE(Fixed in 7.9 - September 23 2001)
<p> Changes:
<ul class="changes">
 CHG -R sets the timestamp of a downloaded file to the same as the remote file
 CHG -c writes all cookies to a specified file (based on the new libcurl
      option CURLOPT_COOKIEJAR)
 CHG SSL session ID caching is being done for multiple requests to the same
      hosts
 CHG displays certificate expire date with SSL and verbose output
 CHG curl_formadd() is a new function to replace the now deprecated
   curl_formparse() one, for building rfc1867 form posts.
 CHG release archive now includes all docs as HTML pages too
</ul>

<p> Bugfixes:
<ul class="bugfixes">
 BGF now properly returns an error code when connection to an SSL server with
 a non-legitimate certificate.
 BGF CURLOPT_COOKIEFILE can now be specified any number of times
 BGF fixed portability issue in the SSL code
 BGF -G improvements, now works with -I and on URLs including question mark.
 BGF various windows compile, build and makefile fixes
 BGF multiple curl_easy_perform() invokes when a previous invoke followed a
   Location: could lead to a crash
 BGF rfc1867-posts are now done including the Expect: 100-continue header.
 BGF flushes the progress meter stream to improve look on windows
 BGF fixed the configure script --with-ssl problem
</ul>

<a name="7_8_1"></a>
SUBTITLE(Fixed in 7.8.1 - August 20 2001)
<p> Changes:
<ul class="changes">
 CHG added CURLOPT_HTTPGET
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF the configure script now sets up socklen_t properly
 BGF added the -G option that converts -d posts to use GET requests
 BGF bugfix: CURLOPT_POST without postfields caused libcurl crash
 BGF bugfixed the URL parser for IPv6 IP addresses (RFC 2732)
 BGF corrected some minor size_t mixups in the code
 BGF rfc1867-style form posts no longer has any size-limit
 BGF bugfixed the redirected stderr feature
 BGF more test cases added
 BGF libcurl now verifies the CN name of server certificates when SSLing
 BGF curl -E supports file names with driver letters now on windows
 BGF curl-config --libs now includes the path to the installed libcurl
 BGF file:// with "relative" paths now work like other tools/libs
 BGF curl builds under RISC OS and OpenVMS now
 BGF libcurl groks the NCSA httpd 1.5.x weirdo (non-standard) replies
 BGF curl_escape() no longer tries to skip already encoded data
 BGF progress callback minor bugfix
 BGF bugfixed the main transfer select() loop!
 BGF corrected FTP range downloads
 BGF better treatment of cut off FTP transfers
 BGF corrected the libcurl shared library version number
 BGF improved configure --with-ssl handling
 BGF multiple file download with resume works better
 BGF formpost with field names containing space works now
 BGF the ftp tests now run OK on IPv6 enabled hosts
 BGF verifying certificates bugfixed
</ul>

<a name="7_8"></a>
SUBTITLE(Fixed in 7.8 - June 7 2001)
<p> Changes:
<ul class="changes">
 CHG 'curl-config --vernum' shows version number as a hexadecimal number
 CHG libcurl's got two new functions (for global init/cleanup)
</ul>

<p> Bugfixes:
<ul class="bugfixes">
 BGF SSL memory leak fixed
 BGF new file format for the tests in the test suite
 BGF netscape/mozilla cookie file parser bugfix
 BGF everything is now built with autoconf 2.50, libtool 1.4 and automake
     1.4-p1
 BGF libcurl's own version of 'strlcat' no longer pollutes the name space
 BGF libcurl now treats an already completed resumed download as a successful
      operation, and not as an error like before
 BGF https and ftps test cases added to the test suite (depend on stunnel)
 BGF better white space awareness when parsing HTTP headers
 BGF curl -I now plays ball even if the ftp server doesn't grok SIZE
 BGF corrected resumed transfers on re-used persistent connections
 BGF FTP PORT works again when libcurl is IPv6-enabled
 BGF corrected path usage when doing multiple FTP transfers
 BGF several Location: header related bugs corrected
</ul>

<a name="7_7_3"></a>
SUBTITLE(Fixed in 7.7.3 - May 4 2001)
<p> Bugfixes:
<ul class="changes">
 CHG we've discovered that TELNET does not work under win32
 CHG HTTP Content-Length: 0 works better
 CHG HTTP 304-replies are better treated
 CHG persistent connections with mixed chunked and non-chunked transfers
     work now
 CHG connection re-use for non-proxy connections on non-default ports work
 CHG corrected the OpenSSL version string output
</ul>

<a name="7_7_2"></a>
SUBTITLE(Fixed in 7.7.2 - April 22 2001)
<p> Changes:
<ul class="bugfixes">
 BGF 'curl-config' was added to help applications use libcurl
 BGF A <a href="/libcurl/tcl/">Tcl interface</a> has been written
 BGF A <a href="/libcurl/java/">Java interface</a> has been written
 BGF A <a href="/libcurl/ruby/">Ruby interface</a> was announced
</ul>
<p> Bugfixes:
<ul class="changes">
 CHG The <a href="/libcurl/perl/">Perl interface</a> is improved a lot
 CHG Fixed download resumes on persistent connections
 CHG connection timeouts work in windows
 CHG HTTP_PROXY in uppercase is no longer used
 CHG curl_escape() with a 0 length argument works now
 CHG the MSVC projects files were updated
 CHG the Borland makefiles were updated
 CHG displays OpenSSL 0.9.6a properly in the version string
 CHG The Host: headers could get wrong on persistent connections
</ul>

<a name="7_7_1"></a>
SUBTITLE(Fixed in 7.7.1 - April 3 2001)
<p> Bugfixes:
<ul class="bugfixes">
 BGF location:-fix
 BGF two crash reasons removed
 BGF ftps:// support added
 BGF the perl interface corrected to work with 7.7
 BGF bugfixed the HTTP/1.0 persistent connection support
 BGF Passing a read-only URL to libcurl could make it crash on http redirects
 BGF HEAD responses are now always headers-only
 BGF curl could re-use connections a little too much
 BGF different treatment of HTTP error 302
 BGF following http redirects on persistent connections could reach the maxredirs amount accidentally
 BGF curl_escape() don't re-encode already encoded letters anymore
</ul>

<a name="7_7"></a>
SUBTITLE(Fixed in 7.7 - March 22 2001)
<p> Changes:
<ul class="changes">
 CHG supports HTTP proxy with IPv6
 CHG curl_escape and curl_unescape are now part of the official libcurl interface
 CHG libcurl speaks HTTP/1.1 lingo now
 CHG persistent connection support
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF the .netrc parser finds the home directory better
 BGF fixed a crash that could happen with redirects and authentication
 BGF improved random seeding for SSL connections
 BGF improved TELNET functionality
</ul>

<a name="7_6_1"></a>
SUBTITLE(Fixed in 7.6.1 - February 9 2001)
<p> Changes:
<ul class="changes">
 CHG partial IPv6 support (HTTP without proxy and only "active" FTP so far)
 CHG two new options to curl_easy_getinfo() for file sizes were added
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF following Location: when using Range: requests work
 BGF telnet works again (7.6 crashed)
 BGF Corrected the HTTP PUT resume
 BGF Better Location: and HTTP return code (3xx) treatment
 BGF Resumed transfer status is displayed in progress meter (though simple)
 BGF HTTP download resume again complains if Range isn't supported
</ul>

<a name="7_6"></a>
SUBTITLE(Fixed in 7.6 - January 26 2001)
<p> Changes:
<ul class="changes">
 CHG -g/--globoff was added to disable the URL globbing
 CHG command line options can be written "merged" -ofile equals -o file
 CHG initial but still basic IPv6 adjustments
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF fixed 'total time' counter to be more accurate
 BGF possible SSL-read problem fixed (which could make curl return empty HTML)
 BGF no length restrictions on URLs anywhere in the libcurl code
 BGF supports building outside the source-tree
 BGF includes make-target for 'automatic' RPM package creation
 BGF added multiple URL support on the command line
 BGF krb4-ftp fixed
 BGF massive symbol renaming of libcurl internals to decrease name pollution
</ul>

<a name="7_5_2"></a>
SUBTITLE(Fixed in 7.5.2 - January 4 2001)
<p> Changes:
<ul class="changes">
 CHG new licensing, MPL or MIT/X
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF updated man page
 BGF FTP commands are now sent in single write()s
 BGF removed a file descriptor leak when doing PORT ftp
 BGF improved quote command error checks (FTP)
 BGF misaligned free() crash removed (<a href="https://curl.haxx.se/mail/archive-2000-12/0053.html">patch</a>)
</ul>

<a name="7_5_1"></a>
SUBTITLE(Fixed in 7.5.1 - December 11 2000)
<p> Changes:
<ul class="changes">
 CHG added Borland makefiles
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF portability fixes for SCO and HPUX
 BGF using an -o file name that is longer than the URL works (<a href="https://curl.haxx.se/mail/archive-2000-12/0030.html">patch</a>)
 BGF multiple URLs and -o or -O works better! (<a href="https://curl.haxx.se/mail/archive-2000-12/0031.html">patch</a>)
</ul>

<a name="7_5"></a>
SUBTITLE(Fixed in 7.5 - December 1 2000)
<p> Changes:
<ul class="changes">
 CHG new --max-redirs option and corresponding CURLOPT_MAXREDIRS libcurl option.
 CHG libcurl now supports getting the time of a remote file
 CHG --head on a ftp file shows the modification time if available
 CHG --cacert lets you specify a CA certificate to verify peer certificates
 against when doing HTTPS connections
 CHG curl_formfree() added to libcurl
 CHG added --url to allow URLs to be specified easier in the config file
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF the shared libcurl library gets a proper version number now
 BGF the MSVC++ makefiles are updated to work
 BGF the test suite is much extended and enhanced
 BGF supports any URL lengths
 BGF ftp CWD could use wrong directory name (with trailing slash)
 BGF ftp transfer failure could leak memory
 BGF curl_unescape() could return a too long string
 BGF deals with lowercase environment variables for proxy settings
 BGF corrected spelling in a few error messages
 BGF memory leaks removed
 BGF improved config file parser
 BGF config file parser crash fixed
 BGF § in HTTP usernames or passwords made bad authorization headers.
</ul>

<a name="7_4_2"></a>
SUBTITLE(Fixed in 7.4.2 - November 15 2000)
<p> Changes:
<ul class="changes">
 CHG an initial attempt to make a test suite is included
 CHG binary/custom package information is added
 CHG possibility to verify the peer's certificate for HTTPS connections (libcurl)
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF configure now attempts to find openssl libs better
 BGF the Host: port number could be wrong on HTTPS requests
 BGF -T and -o can be used on the same command line (bugfix)
 BGF file:// bugfix (free() twice)
 BGF ftp --head now sets type first, as some servers report different sizes for different types
 BGF ftp upload resume could hang if the whole file was already uploaded
 BGF another cookie parser fix
 BGF added possibility to replace the internal 'enter password' function (libcurl)
 BGF encoded username/password in URL is now supported
 BGF username in http-URL bugfix
 BGF fixed the timers when location: headers were followed
 BGF timeouts are now working as supposed (under unix)!
 BGF the interactive password input on win32 no longer echoes the password
 BGF config file parser bugfix
 BGF multiple -d options are now concatenated
 BGF the memory debug system compiles on more systems
 BGF passwords specified with -u can now properly contain @!
 BGF The Host: header no longer sets port number for default ports (HTTP) (<a href="https://curl.haxx.se/feedback/display.cgi?id=9719807264522&support=yes">as suggested</a>)
 BGF -Y/-y bug fix (<a href="https://curl.haxx.se/archive-2000-10/0040.html">bug report</a>)
 BGF more informative error message when https has not been built-in
</ul>

<a name="7_4_1"></a>
SUBTITLE(Fixed in 7.4.1 - October 16 2000)
<p> Bugfixes:
<ul class="bugfixes">
 BGF Corrected the makefiles in the release archive!
</ul>

<a name="7_4"></a>
SUBTITLE(Fixed in 7.4 - October 16 2000)
<p> Bugfixes:
<ul class="bugfixes">
 BGF possible buffer overflow by an evil ftp server fixed
 BGF removed typedef bool from the public include file
 BGF more PHP-friendly multi-part posts (no more Content-Transfer-Encoding header)
 BGF FTP forced ASCII transfers fixed
 BGF memory leaks removed
 BGF the --longoption parser was corrected
 BGF HTTP download resume bugfix
 BGF more information available with -w and curl_easy_getinfo()
 BGF the HTTP request is now sent in one shot (single write())
 BGF -w stuff moved out from the libcurl, the information is now served with the new library function curl_easy_getinfo()
 BGF uploading with curl uses a smaller buffer to start with, to make a better progress meter
</ul>

<a name="7_3"></a>
SUBTITLE(Fixed in 7.3 - September 28 2000)
<p> Changes:
<ul class="changes">
 CHG --proxytunnel, non-HTTP tunneled through a http proxy is added
 CHG --interface allows you to specify outgoing interface
 CHG --krb4 enables kerberos for ftp transfers
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF file:// was fixed
 BGF cookie parser bugfixed
 BGF OpenSSL 0.9.6 usage fixed
 BGF multiple downloaded files bugfix
 BGF more resolver fixes
</ul>

<a name="7_2_1"></a>
SUBTITLE(Fixed in 7.2.1 - August 31 2000)
<p> Bugfixes:
<ul class="bugfixes">
 BGF Linux name resolve check in the configure script is fixed
 BGF -I on ftp was fixed
 BGF ftp files with + in the file name was corrected.
</ul>

<a name="7_2"></a>
SUBTITLE(Fixed in 7.2 - August 30 2000)
<p> Changes:
<ul class="changes">
 CHG --data-binary was added to allow fully binary -d style posts.
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF Name resolving problems fixed for AIX, HPUX, Digital Unix/Tru64...
 BGF Updated the VC++ makefile
</ul>

<a name="7_1_1"></a>
SUBTITLE(Fixed in 7.1.1 - August 21 2000)
<p> Bugfixes:
<ul class="bugfixes">
 BGF No user but password in a URL is now working properly
 BGF curl now allows replacing of the Content-Type: and Content-Length: headers when doing -d posts
 BGF fixed a name resolving problem that appeared at times
 BGF rearranged the gethostbyname_r() configure test
 BGF -w did not do well when used with multiple URLs
</ul>

<a name="7_1"></a>
SUBTITLE(Fixed in 7.1 - August 7 2000)
<p> Changes:
<ul class="changes">
 CHG CURLOPT_PROXYPORT added to curl_easy_setopt() in the lib
 CHG Now features an 'auto referer' so that curl can set the "correct" referer
     when following location:
 CHG removed CURLOPT_PROGRESSMODE from the lib
 CHG libcurl offers a progress meter callback
 CHG Lots of symbol renamings in the libcurl public stuff.
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF builds libcurl as a shared library with libtool
 BGF JavaWebServer's incorrect Content-Range headers are supported
 BGF localtime_r() is now used if available instead of localtime()
 BGF 'make install' installs the include files properly
 BGF Replacing an internal HTTP header with one that has no content removes the header
 BGF user+password is now restricted and sent only to the first host when
  Location: is followed to another host
 BGF FTP command response reading now times out properly, even on win32
 BGF rfc1867 form-posting was extended for use with large text posts
 BGF FTP transferring (converted) ASCII could make curl wrongly believe the
  transfer was only partial, there is no way can tell the expected size of
  a file downloaded in FTP ASCII
 BGF various manual corrections
 BGF FTP transfers now accept 250 as well as 226 as a positive end-of-transfer
  result
 BGF The configure check for requiring the nsl and socket lib at once was
  re-added
 BGF Host: was not displaying the port number as supposed on non-standard ports
 BGF HTTPS connection failures could slip through and make curl attempt reading
  at a dead socket
 BGF Using -F, -I or -d in any weird mix now causes the curl client to alert
 BGF FTP PORT command bug fixed
 BGF HTTP POST and then following Location: now causes all except the first
     requests to become GET.
 BGF win32 now sends data binary to stdout unless -B / --use-ascii is specified
 BGF added a README.win32 file
 BGF Custom headers when doing location: works again
 BGF libcurl is much more threadsafe
 BGF Many portability issues have been smoothened out
 BGF The FTP range support were buggy and is now corrected
 BGF <b>Major</b> re-organisation of all library internals to allow for a new
     library interface.
 BGF A buffer overflow (with URLs larger than 4096 characters) was fixed
 BGF The FTP sessions are slightly modified and now they're using CWD to
     change to the directory where the operation is requested.
 BGF FTP URLs are now treated more like the RFC specifies (minor change)
 BGF now sends user agent string when talking ftp through a http proxy
 BGF made the progress meter nicer for sizes between 10 and 100 megabytes
 BGF no longer checks for install twice in the configure script
 BGF improved win32 headers for VC++ compiling
 BGF minor fix when using libcurl in a multi-threaded program
 BGF the OS/2 port was slightly adjusted
 BGF location following through a http proxy on a specified non-default port didn't work
 BGF location following to an absolute URL on a different port didn't work
</ul>

<a name="6_5_2"></a>
SUBTITLE(Fixed in 6.5.2 - March 21 2000)
<p> Bugfixes:
<ul class="bugfixes">
 BGF corrected the -D mockup that caused 6.5.1 to crash
</ul>

<a name="6_5_1"></a>
SUBTITLE(Fixed in 6.5.1 - March 20 2000)
<p> Bugfixes:
<ul class="bugfixes">
 BGF curl_unescape() buffer overrun removed
 BGF -w 'http_code' works!
 BGF OS/2 port
 BGF adjusted to compile smoothly with MS VC++
 BGF -D/--dump-header now only writes the file when needed, and not before
</ul>

<a name="6_5"></a>
SUBTITLE(Fixed in 6.5 - March 13 2000)
<p> Changes:
<ul class="changes">
 CHG -N now disables output buffering
 CHG the new -w/--write-out allows for script writers to specify what curl should output after a successful request
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF now sends cookies space separated
 BGF Corrected OpenSSL 0.9.5 compliance problems
 BGF the perl scripts are moved out from the distribution
 BGF Ultrix port
 BGF -K config files no longer have a max line length
 BGF new progress meter to better show both upload and download
 BGF MacOS X port
 BGF upload and download now performs simultaneously in case of need. This will make posting of big forms that are "echoed back" to finally work.
 BGF the cookie parser shouldn't crash on empty cookie names, nor should it send empty cookies to the server anymore.
 BGF -b now supports both @[filename] and @- for stdin
 BGF unlimited line lengths in the config file
 BGF Compiles on sunos4 again
 BGF Corrected the removed possibility to chose the progress bar
 BGF Made the max display width with progress bar 79 when the COLUMNS variable
      isn't set.
</ul>

<a name="6_4"></a>
SUBTITLE(Fixed in 6.4 - January 17 2000)
<p> Changes:
<ul class="changes">
 CHG Ability to run --quote commands <i>after</i> ftp transfers now, as well as before
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF Improved progress meter
 BGF Getting files with URL syntax codes (%-stuff) from a ftp server was not dealt with nicely
 BGF -b corrupted the cookie header lines when they were read off a server
 BGF Cleaned up the interface between the lib and the curl tool.
 BGF Made the -X's long option change name to --request and now you can specify full request command for ftp listings (like "LIST -l").
 BGF Improved the --stderr workings for win32.
 BGF BeOS port by Lars J. Aas!
</ul>

<a name="6_3_1"></a>
SUBTITLE(Fixed in 6.3.1 - November 23 1999)
<p> Bugfixes:
<ul class="bugfixes">
 BGF posting an empty variable with -F, like "name=" did cause curl to hang
 BGF when the download from a http server gets cut off curl now warns about it
 BGF better error checks when fwrite()ing the output
 BGF minor fix that may correct the amiga-port problem
 BGF A <b>lethal</b> cookie bug was fixed.

</ul>

<a name="6_3"></a>
SUBTITLE(Fixed in 6.3 - November 10 1999)
<p> Changes:
<ul class="changes">
 CHG -b/--cookie is now capable of parsing and understanding the cookies saved
   in a netscape cookie file. This is useful when you want your script to
   better inherit the properties of your previous browser session.
 CHG -H/--header now is capable of replacing internal headers. If you add
   a header that would've been used internally, the added will be used instead.
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF -z (date-dependent HTTP fetches) now works better since we're doing a
   date comparison in the client as well.
 BGF Corrected several mistakes in the man page.
 BGF -I now works for ftp-files too. It merely shows the file size now.
 BGF Simple range support added for ftp downloads.
 BGF Following location: in a https:// header could lead to a crash.
</ul>

<a name="6_2"></a>
SUBTITLE(Fixed in 6.2 - October 21 1999)
<p> Changes:
<ul class="changes">
 CHG --stderr now supports redirecting the stderr stream to stdout or a file
   now. This is mainly for victims of Windows.
 CHG the configure script understands --without-ssl now!
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF another bug in loction: following with proxies when the protocol part
  isn't specified was fixed
 BGF fixed the lib Makefile to not include getpass twice when linking
 BGF removed core-dump due to bad free after download was complete in src/main.c
 BGF removed double text output when ftp-downloading
 BGF config.guess recognizes Mac OS X
 BGF HTTP headers are now parsed case insensitive!
</ul>

<a name="6_1"></a>
SUBTITLE(Fixed in 6.1 - October 17 1999)
<p> Bugfixes:
<ul class="bugfixes">
 BGF zlib proved not to be as easy to add as I had anticipated. I'll keep
      it on hold for now.
 BGF moved the libcurl include files into a subdir named curl
 BGF #include zlib.h fixes
 BGF adjusted the maketgz script to reduce reruns of the configure when
      building
</ul>

<a name="6_1beta"></a>
SUBTITLE(Fixed in 6.1 beta)
<p> Bugfixes:
<ul class="bugfixes">
 BGF -d now can get data from a file or stdin
 BGF HTTP: "Accept-Encoding: gzip,compress,deflate" - experiments
 BGF Misc: Multiple URL download capacity
 BGF HTTP: Made the -F form posting accept files from stdin as well.
</ul>

<a name="6_0"></a>
SUBTITLE(Fixed in 6.0 - September 13 1999)
<p> Changes:
<ul class="changes">
 CHG <b>ldap://</b> with <a href="https://www.openldap.org/">openldap</a>
 CHG <b>file://</b> works, for unix and win32
</ul>
<p> Bugfixes:
<ul class="bugfixes">
 BGF cookie matching when using HTTP proxy
 BGF better cookie sending (single line)
 BGF QUOT fix for ftp
 BGF ftp upload through http proxy is now allowed using HTTP PUT
 BGF improved configure openssl path specifier
 BGF enabled "custom" http requests (like DELETE or TRACE)
</ul>

<p> Earlier changes elsewhere

#include "_footer.html"
</BODY>
</HTML>