|
|
|
|
|
|
by kinow
3515 days ago
|
|
|
Change log for this release Fixed in 7.51.0 - November 2 2016 Changes: nss: additional cipher suites are now accepted by CURLOPT_SSL_CIPHER_LIST
New option: CURLOPT_KEEP_SENDING_ON_ERROR
Bugfixes: CVE-2016-8615: cookie injection for other servers
CVE-2016-8616: case insensitive password comparison
CVE-2016-8617: OOB write via unchecked multiplication
CVE-2016-8618: double-free in curl_maprintf
CVE-2016-8619: double-free in krb5 code
CVE-2016-8620: glob parser write/read out of bounds
CVE-2016-8621: curl_getdate read out of bounds
CVE-2016-8622: URL unescape heap overflow via integer truncation
CVE-2016-8623: Use-after-free via shared cookies
CVE-2016-8624: invalid URL parsing with '#'
CVE-2016-8625: IDNA 2003 makes curl use wrong host
openssl: fix per-thread memory leak using 1.0.1 or 1.0.2
http: accept "Transfer-Encoding: chunked" for HTTP/2 as well
LICENSE-MIXING.md: update with mbedTLS dual licensing
examples/imap-append: Set size of data to be uploaded
test2048: fix url
darwinssl: disable RC4 cipher-suite support
CURLOPT_PINNEDPUBLICKEY.3: fix the AVAILABILITY formatting
openssl: don’t call CRYTPO_cleanup_all_ex_data
libressl: fix version output
easy: Reset all statistical session info in curl_easy_reset
curl_global_cleanup.3: don't unload the lib with sub threads running
dist: add CurlSymbolHiding.cmake to the tarball
docs: Remove that --proto is just used for initial retrieval
configure: Fixed builds with libssh2 in a custom location
curl.1: --trace supports % for sending to stderr!
cookies: same domain handling changed to match browser behavior
formpost: trying to attach a directory no longer crashes
CURLOPT_DEBUGFUNCTION.3: fixed unused argument warning
formpost: avoid silent snprintf() truncation
ftp: fix Curl_ftpsendf
mprintf: return error on too many arguments
smb: properly check incoming packet boundaries
GIT-INFO: remove the Mac 10.1-specific details
resolve: add error message when resolving using SIGALRM
cmake: add nghttp2 support
dist: remove PDF and HTML converted docs from the releases
configure: disable poll() in macOS builds
vtls: only re-use session-ids using the same scheme
pipelining: skip to-be-closed connections when pipelining
win: fix Universal Windows Platform build
curl: do not set CURLOPT_SSLENGINE to DEFAULT automatically
maketgz: make it support "only" generating version info
Curl_socket_check: add extra check to avoid integer overflow
gopher: properly return error for poll failures
curl: set INTERLEAVEDATA too
polarssl: clear thread array at init
polarssl: fix unaligned SSL session-id lock
polarssl: reduce #ifdef madness with a macro
curl_multi_add_handle: set timeouts in closure handles
configure: set min version flags for builds on mac
INSTALL: converted to markdown => INSTALL.md
curl_multi_remove_handle: fix a double-free
multi: fix inifinte loop in curl_multi_cleanup()
nss: fix tight loop in non-blocking TLS handhsake over proxy
mk-ca-bundle: Change URL retrieval to HTTPS-only by default
mbedtls: stop using deprecated include file
docs: fix req->data in multi-uv example
configure: Fix test syntax for monotonic clock_gettime
CURLMOPT_MAX_PIPELINE_LENGTH.3: Clarify it's not for HTTP/2
|
|
|