1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
|
curl and libcurl 8.19.0
Public curl releases: 273
Command line options: 273
curl_easy_setopt() options: 308
Public functions in libcurl: 100
Contributors: 3619
This release includes the following changes:
o we stopped the bug bounty [23]
o cmake: add `CURL_BUILD_EVERYTHING` option [51]
o initial support for MQTTS [81]
o tool: support fractions for --limit-rate and --max-filesize [79]
o tool_cb_hdr: with -J, use the redirect name as a backup [147]
o vquic: drop support for OpenSSL-QUIC [80]
o windows: add build option to use the native CA store [82]
o windows: bump minimum to Vista (from XP) [12]
This release includes the following bugfixes:
o altsvc: only accept 17 byte dates from files [22]
o asyn-ares: abort with OOM error when Curl_dnscache_mk_entry fails [107]
o async-ares: blocking resolve timeout handling, better [239]
o badwords: move into ./scripts, speed up [187]
o build: add missing `GENERATEDCERTS` files [210]
o build: adjust minimum version for some clang picky warnings [211]
o build: check `MSG_NOSIGNAL` directly, drop detection and interim macro [26]
o build: constify `memchr()`/`strchr()`/etc result variables (cont.) [85]
o build: detect and include `inttypes.h` again [13]
o build: do not include wolfSSL header in `curl_setup.h` [215]
o build: drop duplicate C includes [54]
o build: drop global suppression of `-Wformat-nonliteral`, fix fallouts [19]
o build: drop unused `snprintf()` feature check on Windows [261]
o build: fix `-Wunused-macros` warnings, and related tidy-ups [176]
o build: fix building rare combinations [109]
o build: fully omit verbose strings and code when disabled [113]
o build: globally suppress DJGPP warnings in `FD_SET()` [56]
o build: merge TrackMemory (`CURLDEBUG`) into debug-enabled option [46]
o build: move curl stat struct type to the curlx namespace [156]
o build: opt-in MSVC to C99-style verbose logging logic [108]
o build: require POSIX `strdup()` [159]
o build: tidy up and dedupe `strdup` functions [162]
o cf-socket: ignore SOCK_CLOEXEC etc for socktype equality checks [226]
o cf-socket: use SOCK_CLOEXEC in socket_open when available [130]
o checksrc-all.pl: skip non-repository files [144]
o checksrc: do not apply `BANNEDFUNC` to struct member functions [35]
o checksrc: warn for leading spaces before the preprocessor hash [72]
o clang-tidy: add missing and delete redundant parentheses [155]
o clang-tidy: add more missing parentheses in macro values [224]
o clang-tidy: avoid/silence `bugprone-not-null-terminated-result` [222]
o clang-tidy: check `bugprone-macro-parentheses`, fix fallouts [212]
o clang-tidy: drop redundant conditions reported by `misc-redundant-expression` [217]
o clang-tidy: enable `bugprone-signed-char-misuse`, fix fallouts [227]
o clang-tidy: enable more checks [225]
o clang-tidy: enable scanning headers [205]
o clang-tidy: fix issues found with build-fuzzing [275]
o clang-tidy: silence more minor issues found by v22 [276]
o cmake/FindMbedTLS: add workaround for missing static MSVC `mbedcrypto.lib` 4.0.0 [174]
o cmake: add `CURL_DROP_UNUSED` option to reduce binary sizes [105]
o cmake: add native clang-tidy support for tests, with concatenated sources [223]
o cmake: always build curlu and curltool test libs in unity mode [190]
o cmake: always define `CURL::win32_winsock` on Windows in `curl-config.cmake` [104]
o cmake: convert `curl_add_clang_tidy_test_target()` macro to function [281]
o cmake: enable binutils ld workaround for all toolchains at build-time [57]
o cmake: fix `LOCATION` property access condition (debug) [241]
o cmake: fix `LOCATION` property read errors in target debug function [243]
o cmake: fix building with `CMAKE_FIND_PACKAGE_PREFER_CONFIG=ON` [254]
o cmake: fix confusing error when a dependency is undetected in `curl-config.cmake` [169]
o cmake: fix logic for openssl/zlib binutils ld workaround [71]
o cmake: fix passing system header directories to clang-tidy for tests [221]
o cmake: fix system include directory position for clang-tidy in tests [284]
o cmake: improve clang-tidy test command-line reproduction [242]
o cmake: minor fixes to test targets after prev [214]
o cmake: normalize uppercase hex winver (for display) [191]
o cmake: omit `curl.rc` from curltool lib [209]
o cmake: reference OpenSSL and ZLIB imported targets only when enabled [41]
o cmake: replace internal option with a new `tt` (test tools) target [220]
o cmake: silence potential unused var warnings in C++ test snippet [201]
o cmake: silence silly Apple clang warnings in C89 mode, test in CI [14]
o cmake: silence useless compiler warnings triggered by the FASTBuild generator [43]
o cmake: skip binutils ld hack if zlib/openssl target is not `IMPORTED` [90]
o cmake: warn for invalid `CURL_TARGET_WINDOWS_VERSION` values [192]
o cmke: add `*_USE_STATIC_LIBS` options for 9 dependencies [49]
o config-plan9: set `HAVE_STDINT_H` again [17]
o config2setopts: acknowledge OOM error from CURLOPT_MIMEPOST [120]
o config2setopts: fix for --disable-aws build configuration [34]
o configure: drop always true `if` check (Windows) [250]
o content_encoding: return 'identity' if none other exists [235]
o curl: add -I and -i to -h important [135]
o curl: limit Windows-specific code to Windows builds, other tidy-ups [48]
o curl_easy_nextheader.md: a new transfer invalidates 'prev' [69]
o curl_get_line: drop single-use macro [93]
o curl_multi_perform.md: resolve inconsistency [143]
o curl_ntlm_core: merge two `#if` blocks [177]
o curl_setup.h: drop extra header guard for internal include [91]
o curl_setup.h: merge back single-use internal header `curl_setup_once.h` [78]
o curl_setup.h: simplify curl memory macro mappings [163]
o curl_setup_once: allow CURL_DEBUGASSERT for customization [125]
o CURLINFO_CONTENT_LENGTH_DOWNLOAD_T.md: fix available protocols [97]
o curlx: drop unused `curlx_saferealloc()` [161]
o digest: escape double quotes and backslashes in realm and nonce [83]
o digest: fix memory leak in auth_create_digest_http_message() [263]
o digest: handle quotes in the path [50]
o docs/INSTALL: update configure details [45]
o docs/libcurl: unify WARNING use [89]
o docs: add LibreELEC to DISTROS.md
o docs: add reproducible example for generating man page [95]
o docs: avoid starting sentences with However, [175]
o docs: avoid using the word 'magic' [256]
o docs: clarify --ipv4 and --ipv6 [149]
o docs: document the need for a 64-bit type and stdint.h [118]
o docs: drop basically [229]
o docs: explicitly call out Slowloris as not a security flaw [6]
o docs: fix grammar nitpicks [128]
o docs: handle error in `curl_global_init*` examples [204]
o docs: replace instances of the vague qualifier 'quite' [171]
o docs: reword explanation of --variable option [150]
o docs: some nitpicks [277]
o docs: use dot instead of comma at end of sentences [168]
o easy: reset errorbuf on eyeballing success [179]
o easy: reset pausing when resetting request [218]
o examples/usercertinmem: use modern OpenSSL API, drop mentions of RSA [188]
o examples: improve OpenSSL certificate examples [248]
o examples: omit forward declarations, apply misc fixes [60]
o FAQ: syntax improvements [230]
o fopen.h: simplify curl memory macro mappings [160]
o ftp: replace a `curlx_free()` with `curlx_dyn_free()` [86]
o ftp: split ftp_state_use_port into sub functions [172]
o GOVERNANCE.md: Post-Daniel BDFL [31]
o gss: exclude verbose error logic from non-verbose builds [122]
o h2+h3: align stream close handling [131]
o hostip.c: fix leak of addrinfo [11]
o hostip6: remove debug-only code [24]
o hostip: fix unreachable code in rare build configuration [74]
o http/3: add description for known server error codes [15]
o http1: fix potential NULL dereference in `Curl_h1_req_parse_read()` [268]
o http: only send bearer if auth is allowed [228]
o http_aws_sigv4: fix query normalization of %2b [117]
o imap: add a check for Curl_meta_get() [157]
o imap: check `imap_sendf()` printf masks at compile-time [67]
o imap: skip literals inside quoted strings [30]
o include: avoid recursive macros [182]
o include: mask computed auth/proto bitmasks to 32 bits [145]
o INSTALL-CMAKE.md: document Apple framework options [53]
o INSTALL.md: fix typo [278]
o INSTALL.md: suggest `-Wl,-dead_strip` for Apple targets [68]
o KNOWN_BUGS.md: absolute Unix domain filename for SOCKS on Windows [37]
o ldap: silence clang-tidy v22 warning [279]
o ldap: silence potential unused variable warning (OS400) [55]
o lib: delete unused local includes [181]
o lib: disable websockets early if no http [140]
o lib: make sigpipe handling more lazy [52]
o lib: reorder protocol functions to avoid forward declarations (email) [76]
o lib: reorder protocol functions to avoid forward declarations (ftp) [75]
o lib: reorder protocol functions to avoid forward declarations (misc cont.) [66]
o lib: reorder protocol functions to avoid forward declarations (misc) [77]
o lib: reorder protocol functions to avoid forward declarations (ssh) [65]
o lib: separate scheme info from protocol implementation [42]
o lib: skip compiling code with features disabled [189]
o lib: use (u)int64_t instead of long long [39]
o libcurl docs: reduce 'since ...' in descriptions [28]
o libcurl-security.md: fix typos and add a point about URLs
o libtests: drop two redundant `memset()`s [110]
o Makefile.am: delete RPM targets referencing non-existent files [9]
o Makefile.am: drop stray VC project files from dist [5]
o managen: silence Perl warnings [141]
o mbedtls: guard TLS 1.3 + session tickets usage inside ifdef [260]
o mbedtls: no pinnedpubkey wo MBEDTLS_SSL_KEEP_PEER_CERTIFICATE [29]
o mbedtls: remove newline from failf() call [25]
o mbedtls: split mbed_connect_step1 into sub functions [166]
o md4, md5: drop redundant forward declarations [64]
o md4, md5: replace custom types with `uint32_t` [111]
o memdebug: include `backtrace.h` as system header [148]
o mime: drop fallback for unused `R_OK` macro [58]
o mimepost: allocate main struct on-demand [20]
o mk-ca-bundle.pl: drop support for obsolete/insecure fingerprint algos [138]
o mod_curltest: silence unused argument compiler warning [63]
o mprintf: drop old sprintf fallback [7]
o mprintf: rename internal enum to avoid collision with AmigaOS symbol [183]
o mprintf: silence clang-tidy `readability-suspicious-call-argument` [262]
o mprintf: use `_snprintf()` when compiled with VS2013 and older [280]
o mqtt: better too-big-message-check [73]
o mqtt: fix EOF handling [231]
o mqtt: verify Remaining Length for CONNACK and PUBACK [153]
o msvc: drop exception, make `BIT()` a bitfield with Visual Studio [2]
o msvc: VS2026: unlock picky warning in cmake, test in CI [198]
o multi: avoid a theoretical 32-bit wrap [186]
o multi: fix unreachable code compiler warning [264]
o multi: probe for IPv6 functionality in multi_init() [114]
o multi: split multi_runsingle into sub functions [197]
o multi: update timer unconditionally in multi_remove_handle [158]
o ngtcp2: stabilize recv [18]
o noproxy: simplify, don't mix const non-const in strchr() [88]
o openldap: avoid forward declarations in ldaps code [62]
o openssl+ech: workaround for insecure handshakes [238]
o openssl: adapt to OpenSSL master adding const to more APIs [253]
o OpenSSL: check reuse of sessions for verify status [142]
o openssl: disable local keylog feature if built-in upstream [178]
o openssl: fix compiler warning with OpenSSL master [193]
o openssl: fix potential NULL dereference when loading certs (Windows) [165]
o openssl: fix potential OOB read in debug/verbose logging [216]
o plan9: drop special build and orphaned references [33]
o proxy-auth: additional tests [232]
o pytest: remove 03_02 [127]
o quiche: use PRIu64 for outputting the stream id [184]
o rand: drop impossible preprocessor branches (wincrypt) [246]
o rand: drop scan-build silencer [245]
o ratelimit: download finetune [16]
o request.h: rename parameter 'buf' to 'req' in Curl_req_send [219]
o REUSE: drop broken reference to `MAIL-ETIQUETTE` [59]
o rtsp: fix assertion failure on zero-length RTP payload [180]
o rtspd: fix to check `realloc()` result [173]
o runtests: pass config filename to stunnel in native format (Windows) [94]
o schannel: refactor: reduce variable scopes, fix comment, fix indent [196]
o send: drop `CURL_UNCONST()` from buffer argument on most platforms [116]
o setopt: fix checking range for CURLOPT_MAXCONNECTS [92]
o setopt: refuse blobs with zero length [167]
o setup-os400.h: drop no longer used custom type `u_int32_t` [112]
o sigpipe: unset SA_SIGINFO since it is using sa_handler [40]
o silent.md: also mention it shuts off warning messages [213]
o smb: free the path in the request struct properly [137]
o smb: include arpa/inet.h for NonStop [195]
o socket: check result of SO_NOSIGPIPE [124]
o socketpair: clear 'err' when retrying due to EINTR [233]
o socketpair: set SO_NOSIGPIPE where possible [103]
o socks: ensure DNS is freed in failure cases. [247]
o src: simplify declaring `curl_ca_embed` [185]
o ssh: dedupe state change function [99]
o stop using the word 'just' [257]
o sws: prevent "connection monitor" to say disconnect twice
o synctime: fix use of uninitialized buffer on non-Windows [234]
o system_win32: replace manual init code with `curlx_now_init()` call [170]
o tests/server/sockfilt: avoid possible endless loop on Windows [101]
o tests/server: drop unused `curlx/version_win32.c` [151]
o tests/server: fix to clear the complete `srvr_sockaddr_union_t` variable [207]
o tests/server: tidy-up error messages (Windows) [102]
o tests: avoid assignment in `if` conditions in `first.h` [126]
o tests: convert base64 data to %b64[] [87]
o tftp: correct the filename length check [70]
o timeout handling: auto-detect effective timeout [121]
o tls: add new SSLSUPP flags for several options [32]
o tls: remove checks for DEFAULT [136]
o tool: enable header separation for HTTPS proxies [106]
o tool: improve config error messaging [208]
o tool: improve error/warning messages when output filename sanitization fails [36]
o tool: rename curl handle and result variable in `--libcurl`-generated code [146]
o tool: return code variable consistency [84]
o tool_cb_hdr: suppress header output when --out-null [10]
o tool_cb_prg: drop duplicate preprocessor logic [119]
o tool_dirhie: drop superfluous `F_OK` fallback (Windows) [8]
o tool_doswin: avoid memory-leak with CURL_FN_SANITIZE_* [236]
o tool_doswin: avoid Windowsisms in socket code (cont.) [134]
o tool_doswin: avoid Windowsisms in socket code [139]
o tool_doswin: document `ENABLE_VIRTUAL_TERMINAL_PROCESSING` toolchain support [44]
o tool_getparam: avoid `-Wcomma` with Apple clang in C89 mode [38]
o tool_operate: remove 'else' for VMS [3]
o tool_operate: reset the URL --url-query between --next [237]
o typos: silence false positives found in C code [164]
o unit3205: suppress two clang-tidy false positives [206]
o URL-SYNTAX.md: fix port number mistakes for IMAP and LDAP [200]
o url.c: code/comment cleanup around conn creation [132]
o url.h: fix `-Wdocumentation` [61]
o url: fix reuse of connections using HTTP Negotiate [100]
o urlapi: use U_CURLU_URLDECODE when toggling it off unsigned [255]
o urldata.h: remove two forward-declared structs not used [4]
o urldata: byebye `conn->hostname_resolve` [240]
o urldata: change 'keep_post' into three distinct bitfields [21]
o urldata: convert 'long' fields to fixed variable types [47]
o urldata: switch to uint* types [1]
o usercertinmem: use the correct cert BIO [249]
o verbose.md: explain the { and } prefixes [96]
o vquic: fix unused variable warning reported by clang-tidy [152]
o vquic: handle SOCKEMSGSIZE correctly [129]
o vtls: dedupe common on-session-reuse logic [98]
o vtls: use ALPN http/1.0 & http/1.1 for HTTP/1.0 requests [123]
o VULN-DISCLOSURE-POLICY.md: push reports to the web form [154]
o VULN-DISCLOSURE-POLICY.md: use hackerone [202]
o winapi: use FormatMessageA instead of FormatMessageW [115]
o windows: `USE_WINSOCK` to guard winsock2 code (where missing) [133]
o windows: determine `RtlVerifyVersionInfo` address on global init [258]
o windows: tidy up `wincrypt.h` / BoringSSL/AWS-LC coexist workaround [203]
o wolfssl: fix build without USE_BIO_CHAIN [27]
o ws/tftp: include header file even when protocol disabled [194]
o x509asn1: make encodeOID stop on too long input [199]
This release includes the following known bugs:
See https://curl.se/docs/knownbugs.html
For all changes ever done in curl:
See https://curl.se/changes.html
Planned upcoming removals include:
o NTLM support becomes opt-in
o RTMP support
o SMB support becomes opt-in
o Support for c-ares versions before 1.16.0
o Support for CMake 3.17 and earlier
o TLS-SRP support
See https://curl.se/dev/deprecate.html
This release would not have looked like this without help, code, reports and
advice from friends like these:
aisle-research-bot, Andrei Rybak, Andrew Kvalheim, Anna Liberty,
Arnav Purushotam, Arnav-Purushotam-CUBoulder, Augment code, Billy O'Neal,
calm329, Christian Schmitz, Christian Schmitza, cooldadpresident on github,
Dag Haavi Finstad, dahmono on github, Dan Fandrich, Daniel Díaz,
Daniel Gustafsson, Daniel Lublin, Daniel Stenberg, Daniel Wade,
Daniil Gentili, David Korczynski, dbalsom, dEajL3kA, dependabot[bot],
Dexter Gerig, Diogo Correia, Florian Imdahl, Frank Buss, gudyuu on hackerone,
Hamza Bensliman, huanghuihui0904, Itay Bookstein, Jacek Migacz, James Fuller,
Jan Macku, jhauga, John Rodriguez, Joshua Vandaële, Juan Belon, Kai Pastor,
Maksim Ściepanienka, Marcel Raad, Max Dymond, Megamouse on github,
Michał Antoniak, Muhamad Arga Reksapati, Nathan-M-code on github,
Natris on github, nono303 on github, Nuno Goncalves, Patrick Monnerat,
Paul Howarth, programmerlexi on github, Randall S. Becker, Ray Satiro,
renovate[bot], Rudi Heitbaum, sammydono on github, Samuel Henrique,
Sascha Frinken, spectreglobalsec on hackerone, Spenser Black, Stefan Eissing,
tawmoto on github, Tenant HellTower, Thibault de Villèle,
Tim Friedrich Brüggemann, Tomáš Malý, tommy, Valerie Snyder, Viktor Szakats,
Wyuer on github, xmoezzz on github, z2_, Zhicheng Chen, Йоте
(77 contributors)
References to bug reports and discussions on issues:
[1] = https://curl.se/bug/?i=20209
[2] = https://curl.se/bug/?i=20142
[3] = https://curl.se/bug/?i=20221
[4] = https://curl.se/bug/?i=20206
[5] = https://curl.se/bug/?i=20272
[6] = https://curl.se/bug/?i=20219
[7] = https://curl.se/bug/?i=20218
[8] = https://curl.se/bug/?i=20214
[9] = https://curl.se/bug/?i=20270
[10] = https://curl.se/bug/?i=20235
[11] = https://curl.se/bug/?i=20465
[12] = https://curl.se/bug/?i=17985
[13] = https://curl.se/bug/?i=20208
[14] = https://curl.se/bug/?i=20363
[15] = https://curl.se/bug/?i=20202
[16] = https://curl.se/bug/?i=20228
[17] = https://curl.se/bug/?i=20201
[18] = https://curl.se/bug/?i=20220
[19] = https://curl.se/bug/?i=20366
[20] = https://curl.se/bug/?i=20260
[21] = https://curl.se/bug/?i=20262
[22] = https://curl.se/bug/?i=20259
[23] = https://curl.se/bug/?i=20312
[24] = https://curl.se/bug/?i=20334
[25] = https://curl.se/bug/?i=20333
[26] = https://curl.se/bug/?i=20559
[27] = https://curl.se/bug/?i=20250
[28] = https://curl.se/bug/?i=20369
[29] = https://curl.se/bug/?i=20319
[30] = https://curl.se/bug/?i=20320
[31] = https://curl.se/bug/?i=20325
[32] = https://curl.se/bug/?i=20364
[33] = https://curl.se/bug/?i=20243
[34] = https://curl.se/bug/?i=20368
[35] = https://curl.se/bug/?i=20323
[36] = https://curl.se/bug/?i=20044
[37] = https://curl.se/bug/?i=20236
[38] = https://curl.se/bug/?i=20362
[39] = https://curl.se/bug/?i=20233
[40] = https://curl.se/bug/?i=20278
[41] = https://curl.se/bug/?i=20217
[42] = https://curl.se/bug/?i=20351
[43] = https://curl.se/bug/?i=20230
[44] = https://curl.se/bug/?i=20315
[45] = https://curl.se/bug/?i=20301
[46] = https://curl.se/bug/?i=20331
[47] = https://curl.se/bug/?i=20227
[48] = https://curl.se/bug/?i=20213
[49] = https://curl.se/bug/?i=20015
[50] = https://curl.se/bug/?i=20295
[51] = https://curl.se/bug/?i=20429
[52] = https://curl.se/bug/?i=20326
[53] = https://curl.se/bug/?i=20350
[54] = https://curl.se/bug/?i=20303
[55] = https://curl.se/bug/?i=20302
[56] = https://curl.se/bug/?i=20299
[57] = https://curl.se/bug/?i=20382
[58] = https://curl.se/bug/?i=20298
[59] = https://curl.se/bug/?i=20348
[60] = https://curl.se/bug/?i=20296
[61] = https://curl.se/bug/?i=20294
[62] = https://curl.se/bug/?i=20293
[63] = https://curl.se/bug/?i=20292
[64] = https://curl.se/bug/?i=20291
[65] = https://curl.se/bug/?i=20290
[66] = https://curl.se/bug/?i=20289
[67] = https://curl.se/bug/?i=20287
[68] = https://curl.se/bug/?i=20346
[69] = https://curl.se/bug/?i=20285
[70] = https://hackerone.com/reports/3508321
[71] = https://curl.se/bug/?i=20382
[72] = https://curl.se/bug/?i=20282
[73] = https://hackerone.com/reports/3508500
[74] = https://curl.se/bug/?i=20344
[75] = https://curl.se/bug/?i=20276
[76] = https://curl.se/bug/?i=20275
[77] = https://curl.se/bug/?i=20274
[78] = https://curl.se/bug/?i=20555
[79] = https://curl.se/bug/?i=20266
[80] = https://curl.se/bug/?i=20226
[81] = https://curl.se/bug/?i=19418
[82] = https://curl.se/bug/?i=18279
[83] = https://curl.se/bug/?i=20482
[84] = https://curl.se/bug/?i=20426
[85] = https://curl.se/bug/?i=20420
[86] = https://curl.se/bug/?i=20494
[87] = https://curl.se/bug/?i=20547
[88] = https://curl.se/bug/?i=20425
[89] = https://curl.se/bug/?i=20561
[90] = https://curl.se/bug/?i=20419
[91] = https://curl.se/bug/?i=20544
[92] = https://curl.se/bug/?i=20414
[93] = https://curl.se/bug/?i=20542
[94] = https://curl.se/bug/?i=20413
[95] = https://curl.se/bug/?i=20699
[96] = https://curl.se/bug/?i=20386
[97] = https://curl.se/mail/lib-2026-01/0033.html
[98] = https://curl.se/bug/?i=20475
[99] = https://curl.se/bug/?i=20473
[100] = https://curl.se/bug/?i=20534
[101] = https://curl.se/bug/?i=20478
[102] = https://curl.se/bug/?i=20477
[103] = https://curl.se/bug/?i=20397
[104] = https://curl.se/bug/?i=20382
[105] = https://curl.se/bug/?i=20357
[106] = https://curl.se/bug/?i=20398
[107] = https://curl.se/bug/?i=20385
[108] = https://curl.se/bug/?i=20387
[109] = https://curl.se/bug/?i=20712
[110] = https://curl.se/bug/?i=20649
[111] = https://curl.se/bug/?i=20469
[112] = https://curl.se/bug/?i=20470
[113] = https://curl.se/bug/?i=20341
[114] = https://curl.se/bug/?i=20383
[115] = https://curl.se/bug/?i=20261
[116] = https://curl.se/bug/?i=20463
[117] = https://curl.se/bug/?i=20543
[118] = https://curl.se/bug/?i=20384
[119] = https://curl.se/bug/?i=20531
[120] = https://curl.se/bug/?i=20375
[121] = https://curl.se/bug/?i=20347
[122] = https://curl.se/bug/?i=20551
[123] = https://curl.se/bug/?i=20487
[124] = https://curl.se/bug/?i=20370
[125] = https://curl.se/bug/?i=19744
[126] = https://curl.se/bug/?i=20646
[127] = https://curl.se/bug/?i=20458
[128] = https://curl.se/bug/?i=20518
[129] = https://curl.se/bug/?i=20440
[130] = https://curl.se/bug/?i=20442
[131] = https://curl.se/bug/?i=20207
[132] = https://curl.se/bug/?i=20464
[133] = https://curl.se/bug/?i=20455
[134] = https://curl.se/bug/?i=20457
[135] = https://curl.se/bug/?i=20483
[136] = https://curl.se/bug/?i=20453
[137] = https://curl.se/bug/?i=20854
[138] = https://curl.se/bug/?i=20527
[139] = https://curl.se/bug/?i=20452
[140] = https://curl.se/bug/?i=20526
[141] = https://curl.se/bug/?i=20707
[142] = https://curl.se/bug/?i=20435
[143] = https://curl.se/bug/?i=20444
[144] = https://curl.se/bug/?i=20439
[145] = https://curl.se/bug/?i=20242
[146] = https://curl.se/bug/?i=20437
[147] = https://curl.se/bug/?i=20430
[148] = https://curl.se/bug/?i=20642
[149] = https://curl.se/bug/?i=20585
[150] = https://curl.se/bug/?i=20636
[151] = https://curl.se/bug/?i=20855
[152] = https://curl.se/bug/?i=20752
[153] = https://curl.se/bug/?i=20513
[154] = https://curl.se/bug/?i=20515
[155] = https://curl.se/bug/?i=20749
[156] = https://curl.se/bug/?i=20508
[157] = https://curl.se/bug/?i=20510
[158] = https://curl.se/bug/?i=20498
[159] = https://curl.se/bug/?i=20505
[160] = https://curl.se/bug/?i=20506
[161] = https://curl.se/bug/?i=20504
[162] = https://curl.se/bug/?i=20497
[163] = https://curl.se/bug/?i=20499
[164] = https://curl.se/bug/?i=20500
[165] = https://curl.se/bug/?i=20634
[166] = https://curl.se/bug/?i=20689
[167] = https://curl.se/bug/?i=20705
[168] = https://curl.se/bug/?i=20700
[169] = https://curl.se/bug/?i=20737
[170] = https://curl.se/bug/?i=20852
[171] = https://curl.se/bug/?i=20841
[172] = https://curl.se/bug/?i=20685
[173] = https://curl.se/bug/?i=20621
[174] = https://curl.se/bug/?i=20616
[175] = https://curl.se/bug/?i=20834
[176] = https://curl.se/bug/?i=20593
[177] = https://curl.se/bug/?i=20620
[178] = https://curl.se/bug/?i=20611
[179] = https://curl.se/bug/?i=20608
[180] = https://curl.se/bug/?i=20735
[181] = https://curl.se/bug/?i=20607
[182] = https://curl.se/bug/?i=20597
[183] = https://curl.se/bug/?i=20584
[184] = https://curl.se/bug/?i=20849
[185] = https://curl.se/bug/?i=20601
[186] = https://curl.se/bug/?i=20742
[187] = https://curl.se/bug/?i=20869
[188] = https://curl.se/bug/?i=20595
[189] = https://curl.se/bug/?i=20587
[190] = https://curl.se/bug/?i=20677
[191] = https://curl.se/bug/?i=20586
[192] = https://curl.se/bug/?i=20582
[193] = https://curl.se/bug/?i=20681
[194] = https://curl.se/bug/?i=20568
[195] = https://curl.se/bug/?i=20579
[196] = https://curl.se/bug/?i=20569
[197] = https://curl.se/bug/?i=20573
[198] = https://curl.se/bug/?i=20577
[199] = https://curl.se/bug/?i=20871
[200] = https://curl.se/bug/?i=20679
[201] = https://curl.se/bug/?i=20736
[202] = https://curl.se/bug/?i=20683
[203] = https://curl.se/bug/?i=20567
[204] = https://curl.se/bug/?i=20866
[205] = https://curl.se/bug/?i=20720
[206] = https://curl.se/bug/?i=20731
[207] = https://curl.se/bug/?i=20730
[208] = https://curl.se/bug/?i=20598
[209] = https://curl.se/bug/?i=20671
[210] = https://curl.se/bug/?i=20728
[211] = https://curl.se/bug/?i=20665
[212] = https://curl.se/bug/?i=20647
[213] = https://curl.se/bug/?i=20664
[214] = https://curl.se/bug/?i=20727
[215] = https://curl.se/bug/?i=20726
[216] = https://curl.se/bug/?i=20654
[217] = https://curl.se/bug/?i=20644
[218] = https://curl.se/bug/?i=20641
[219] = https://curl.se/bug/?i=20660
[220] = https://curl.se/bug/?i=20708
[221] = https://curl.se/bug/?i=20670
[222] = https://curl.se/bug/?i=20723
[223] = https://curl.se/bug/?i=20667
[224] = https://curl.se/bug/?i=20721
[225] = https://curl.se/bug/?i=20622
[226] = https://curl.se/bug/?i=20808
[227] = https://curl.se/bug/?i=20654
[228] = https://curl.se/bug/?i=20843
[229] = https://curl.se/bug/?i=20835
[230] = https://curl.se/bug/?i=20812
[231] = https://curl.se/bug/?i=20815
[232] = https://curl.se/bug/?i=20837
[233] = https://curl.se/bug/?i=20809
[234] = https://curl.se/bug/?i=20806
[235] = https://curl.se/bug/?i=20805
[236] = https://curl.se/bug/?i=20804
[237] = https://curl.se/bug/?i=20802
[238] = https://curl.se/bug/?i=20655
[239] = https://curl.se/bug/?i=20819
[240] = https://curl.se/bug/?i=20833
[241] = https://curl.se/bug/?i=20838
[242] = https://curl.se/bug/?i=20829
[243] = https://curl.se/bug/?i=20828
[245] = https://curl.se/bug/?i=20860
[246] = https://curl.se/bug/?i=20859
[247] = https://curl.se/bug/?i=20813
[248] = https://curl.se/bug/?i=20807
[249] = https://curl.se/bug/?i=20800
[250] = https://curl.se/bug/?i=20858
[253] = https://curl.se/bug/?i=20797
[254] = https://curl.se/bug/?i=20729
[255] = https://curl.se/bug/?i=20753
[256] = https://curl.se/bug/?i=20796
[257] = https://curl.se/bug/?i=20793
[258] = https://curl.se/bug/?i=20853
[260] = https://curl.se/bug/?i=20789
[261] = https://curl.se/bug/?i=20790
[262] = https://curl.se/bug/?i=20791
[263] = https://curl.se/bug/?i=20862
[264] = https://curl.se/bug/?i=20788
[268] = https://curl.se/bug/?i=20779
[275] = https://curl.se/bug/?i=20774
[276] = https://curl.se/bug/?i=20770
[277] = https://curl.se/bug/?i=20748
[278] = https://curl.se/bug/?i=20766
[279] = https://curl.se/bug/?i=20762
[280] = https://curl.se/bug/?i=20761
[281] = https://curl.se/bug/?i=20760
[284] = https://curl.se/bug/?i=20751
|
