info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
ITUGLIB Update: Curl 8.5.0 Available
15 views
Skip to first unread message
Randall
Dec 6, 2023, 5:58:21 PM12/6/23
to
Hi Everyone,
Curl 8.5.0 is now available on the ITUGLIB website. This release fixes a bunch of issues, including two CVEs:
https://curl.se/docs/CVE-2023-46218.html - cookie mixed case PSL bypass
https://curl.se/docs/CVE-2023-46219.html - HSTS long file name clears contents
Release notes are at: https://curl.se/changes.html
The builds for Curl are for J-series and L-series, for OpenSSL 3.0/1, 1.1.1, and 1.0.2. Note that 1.1.1 and 1.0.2 are not supported unless you have an extended support contract with OpenSSL. There is no build yet for OpenSSL 3.2 as this release does not work yet on NonStop. Once it does, we will start building Curl for that release series. Note that OpenSSL 3.0 and 3.1 DLLs are binary compatible, so you can use either with the Curl OpenSSL 3.0 builds.
Regards,
Randall Becker
On Behalf of the ITUGLIB Technical Committee
Curl 8.5.0 is now available on the ITUGLIB website. This release fixes a bunch of issues, including two CVEs:
https://curl.se/docs/CVE-2023-46218.html - cookie mixed case PSL bypass
https://curl.se/docs/CVE-2023-46219.html - HSTS long file name clears contents
Release notes are at: https://curl.se/changes.html
The builds for Curl are for J-series and L-series, for OpenSSL 3.0/1, 1.1.1, and 1.0.2. Note that 1.1.1 and 1.0.2 are not supported unless you have an extended support contract with OpenSSL. There is no build yet for OpenSSL 3.2 as this release does not work yet on NonStop. Once it does, we will start building Curl for that release series. Note that OpenSSL 3.0 and 3.1 DLLs are binary compatible, so you can use either with the Curl OpenSSL 3.0 builds.
Regards,
Randall Becker
On Behalf of the ITUGLIB Technical Committee
0 new messages