We had already triaged a #curl security report and deemed it a vulnerability, and would just earlier today create a test case to work on a fix. As the test case refused not reproduce the issue we slowly realized... it isn't actually a security problem! Hooray!
How is your Saturday?
Welcome to #curl 8.15.0 rc1 => https://curl.se/rc/
Try it. Test it. Report all problems. But don't run it in production.
Welcome Fabrício Canedo as #curl commit author 1381: https://github.com/curl/curl/pull/17654
![In INSTALL.md file, the link that points to CURL-DISABLE was broken, so I fixed this issue changing the link from only "CURL-DISABLE.md" to "https://github.com/curl/curl/blob/master/...](https://eupolicy.social/system/cache/preview_cards/images/011/358/714/original/470bf080c109c00b.png "In INSTALL.md file, the link that points to CURL-DISABLE was broken, so I fixed this issue changing the link from only "CURL-DISABLE.md" to "https://github.com/curl/curl/blob/master/...")
Welcome Bartosz Ruszczak as #curl commit author 1379: https://github.com/curl/curl/pull/17616
Ubuntu Server discusses dropping wget in favor of #curl in 2026: https://discourse.ubuntu.com/t/ubuntu-server-seed-changes-for-25-10/61552
Ubuntu Server Weighing Tmux vs. Screen, Wget vs. Curl • Phoronix
「 For post Ubuntu 26.04 LTS, in the Ubuntu 26.10 cycle they might drop wget from Ubuntu Server by default and put it in supported, in favor of using Curl for command-line downloading needs. This change is still up in the air and with many scripting around "wget" and expecting it to be there, this change wouldn't happen until at least Ubuntu 26.10 」
#ubuntu #tmux #curl #wget
https://www.phoronix.com/news/Ubuntu-Server-2025-Changes
When is #curl right for my Internet transfer needs? A flow chart.
@cR0w too many.
http://github.com/kkarhan/windows-ca-backdoor-fix
So far testing by @ct_Magazin / @heiseonline (and myseof later on) revealed only few #Apps not vulnerable to this specifics #Govware:
Anything else that uses the CryptoAPI is, espechally *all #Chromium-Forks (aka. All Browsers except Firefox, Tor Browser, #dillo, #LynxBrowser…)
Reporting a „possible memory leak“ in a 7 year old curl version, because the RSS jumps from 6.2 to 7 MB once.
Could be.
But, dear reporter, we can only try our best to be a better curl *today*. There is no changing the past (hence the name).
We outstretch our hands to you! Come and live with us in the present! Let the ancestors rest and rejoyce among the living!
curlmin
Remove unnecessary headers, cookies, and query parameters from a #curl command while ensuring the response remains the same.
So today it is Friday the 13th and apparently I should have stayed in my bed.
Just spent way too much time troubleshooting why the curl requests I got from Firefox by using "copy request to cUrl" did not work. Turns out it is a Firefox bug. For unknown reason it adds a caret "^" before each parameter separator in the query string in the curl request, breaking everything. 
Of course you include a #curl command line when you want to show the billionth repository on GitHub.
Starting in June 2025, #curl only supports TLS libraries that supports TLS 1.3
https://daniel.haxx.se/blog/2025/06/11/dropping-some-tls-laggards/
5,000 game titles has been released so far *this year* on Steam - that use #curl
Almost 30%.
oldest #curl version in a bug report filed today, and we're not even at 9am yet: 7.4 years
Today is another day with customer products getting flashed with dedicated system images, to validate a new version getting prepared, and to validate the upgrade path from previous versions.
Thanks to #curl author @bagder (and #curl contributors overall!), the procedure is quite easy and can be done over the network.
Full story, written 2 years ago but still valid today: https://debamax.com/blog/2023/02/06/groundhog-day-reflashing-made-easy/
