Hi Everyone,
Curl 8.5.0 is now available on the ITUGLIB website. This release fixes a bunch of issues, including two CVEs:
https://curl.se/docs/CVE-2023-46218.html - cookie mixed case PSL bypass
https://curl.se/docs/CVE-2023-46219.html - HSTS long file name clears contents
Release notes are at:
https://curl.se/changes.html
The builds for Curl are for J-series and L-series, for OpenSSL 3.0/1, 1.1.1, and 1.0.2. Note that 1.1.1 and 1.0.2 are not supported unless you have an extended support contract with OpenSSL. There is no build yet for OpenSSL 3.2 as this release does not work yet on NonStop. Once it does, we will start building Curl for that release series. Note that OpenSSL 3.0 and 3.1 DLLs are binary compatible, so you can use either with the Curl OpenSSL 3.0 builds.
Regards,
Randall Becker
On Behalf of the ITUGLIB Technical Committee