The windows makefiles work again
libcurl-NSS acknowledges verifyhost
SIGSEGV when pipelined pipe unexpectedly breaks
data corruption issue with re-connected transfers
use after free if we're completed but easy_conn not NULL (pipelined)
missing strdup() return code check
CURLOPT_PROXY_TRANSFER_MODE could pass along wrong syntax
configure --with-gnutls=PATH fixed
ftp response reader bug on failed control connections
improved NSS error message on failed host name verifications
ftp NOBODY on re-used connection hang
configure uses pkg-config for cross-compiles as well
improved NSS detection in configure
cookie expiry date at 1970-jan-1 00:00:00
libcurl-OpenSSL failed to verify some certs with Subject Alternative Name
libcurl-OpenSSL can load CRL files with more than one certificate inside
received cookies without explicit path got saved wrong if the URL had a query part
don't shrink SO_SNDBUF on windows for those who have it set large already
connect next bug
invalid file name characters handling on Windows
double close() on the primary socket with libcurl-NSS
GSS negotiate infinite loop on bad credentials
memory leak in SCP/SFTP connections
use pkg-config to find out libssh2 installation details in configure
unparsable cookie expire dates make cookies get treated as session coookies
POST with Digest authentication and "Transfer-Encoding: chunked"
SCP connection re-use with wrong auth
CURLINFO_CONTENT_LENGTH_DOWNLOAD for 0 bytes transfers
CURLINFO_SIZE_DOWNLOAD for ldap transfers (-w size_download)

Fixed in 7.19.6 - August 12 2009

Release
contains security-related bug fix

Changes:

CURLOPT_FTPPORT (and curl's -P/--ftpport) support port ranges
Added CURLOPT_SSH_KNOWNHOSTS, CURLOPT_SSH_KEYFUNCTION, CURLOPT_SSH_KEYDATA
CURLOPT_QUOTE, CURLOPT_POSTQUOTE and CURLOPT_PREQUOTE can be told to ignore error responses when used with FTP

Bugfixes:

crash on bad socket close with FTP
leaking cookie memory when duplicate domains or paths were used
build fix for Symbian
CURLOPT_USERPWD set to NULL clears auth credentials
libcurl-NSS build fixes
configure script fixed for VMS
set Content-Length: with POST and PUT failed with NTLM auth
allow building libcurl for VxWorks
curl tool exit codes fixed for VMS
--no-buffer treated correctly
djgpp build fix
configure detection of GnuTLS now based on pkg-config as well
libcurl-NSS client cert handling segfaults
curl uploading from stdin/pipes now works in non-blocking way so that it continues the downloading even when the read stalls
ftp credentials are added to the url if needed for http proxies
curl -o - sends data to stdout using binary mode on windows
fixed the separators for "array" style string that CURLINFO_CERTINFO returns
auth problem over several hosts with re-used connection
improved the support for client certificates in libcurl+NSS
fix leak in gtls code
missing algorithms in libcurl+OpenSSL
with noproxy set you could still get a proxy if a proxy env was set
rand seeding on libcurl on windows built with OpenSSL was not thread-safe
fixed the zero byte inserted in cert name flaw in libcurl+OpenSSL
don't try SNI with SSLv2 or SSLv3 (OpenSSL and GnuTLS builds)
libcurl+OpenSSL would wrongly acknowledge a cert if CN matched but subjectAltName didn't
TFTP upload sent illegal TSIZE packets

Fixed in 7.19.5 - May 18 2009

Changes:

libcurl now closes all dead connections whenever you attempt to open a new connection
libssh2's version number can now be figured out run-time instead of using the build-time fixed number
CURLOPT_SEEKFUNCTION may now return CURL_SEEKFUNC_CANTSEEK
curl can now upload with resume even when reading from a pipe
a build-time configured curl_socklen_t is now used instead of socklen_t

Bugfixes:

NTLM authentication memory leak on SSPI enabled Windows builds
fixed the GnuTLS-using code to do correct return code checks
an alloc-related call in the OpenSSL-using code didn't check the return value
curl_easy_duphandle() failed to duplicate cookies at times
missing TELNET timeout support in Windows builds
missing Curl_read() and write callback result checking in TELNET transfers
more ciphers enabled in libcurl built to use NSS
properly return an error code in curl_easy_recv
Sun compilers specific preprocessor block removed from curlbuild.h.dist
allow creation of four way fat libcurl Mac OS X Framework
several memory leaks in libcurl+NSS
improved the CURLOPT_NOBODY set to 0 confusions
persistent connections when doing FTP over a HTTP proxy
--libcurl bogus strings where other data was pointed to
crash related to FTP and "Re-used connection seems dead, get a new one"
CURLINFO_APPCONNECT_TIME with the multi interface
Enhanced upload speeds on Windows
TFTP problems after a failed transfer to the same host
improved out of the box TPF compatibility
HTTP PUT protocol line endings portions mangled from CRLF to CRCRLF
Rejected SSL session ids are killed properly (for OpenSSL and GnuTLS builds)
Deal with the TFTP OACK packet
fixed roff mistakes in man pages
use SOCKS proxy with the multi interface
fixed the Curl_getoff_all_pipelines SIGSEGV
POST, NTLM and following a redirect hang
libcurl+NSS endless loop on incorrect password for private key
gzip decompression memory leak
no_proxy flaw with user name in URL

Fixed in 7.19.4 - March 3 2009

Changes:

Added CURLOPT_NOPROXY and the corresponding --noproxy
the OpenSSL-specific code disables TICKET (rfc5077) which is enabled by default in openssl 0.9.8j
Added CURLOPT_TFTP_BLKSIZE
Added CURLOPT_SOCKS5_GSSAPI_SERVICE and CURLOPT_SOCKS5_GSSAPI_NEC - with the corresponding curl options --socks5-gssapi-service and --socks5-gssapi-nec
Improved IPv6 support when built with with c-ares >= 1.6.1
Added CURLPROXY_HTTP_1_0 and --proxy1.0
Added docs/libcurl/symbols-in-versions
Added CURLINFO_CONDITION_UNMET
Added support for Digest and NTLM authentication using GnuTLS
CURLOPT_FTP_CREATE_MISSING_DIRS can now be set to 2 to retry the CWD even when MKD fails
GnuTLS initing moved to curl_global_init()
Added CURLOPT_REDIR_PROTOCOLS and CURLOPT_PROTOCOLS, see also the security advisory

Bugfixes:

missing ssh.obj in VS makefiles
FTP ;type=i URLs now work with CURLOPT_PROXY_TRANSFER_MODE in Turkish locale
realms with quoted quotation marks in HTTP Digest headers
VC9 makefiles are now really included
multi interface memory leak with CURLMOPT_MAXCONNECTS set
CURLINFO_CONTENT_LENGTH_DOWNLOAD size from file:// "transfers" with CURLOPT_NOBODY set true
memory leak on some libz errors for content encodings
NSS-enabled build is repaired
superfluous wait in SFTP downloads removed
FTP with the multi interface no longer kills the control connection as easily on transfer failures
compilation halting when using VS2008 to build a Windows 2000 target
ease creation of libcurl Mac OS X Framework
CURLINFO_CONTENT_LENGTH_DOWNLOAD and CURLINFO_CONTENT_LENGTH_UPLOAD are -1 if unknown
Negotiate proxy authentication
CURLOPT_INTERFACE and CURLOPT_LOCALPORT used together

Fixed in 7.19.3 - January 19 2009

Changes:

CURLAUTH_DIGEST_IE bit added for CURLOPT_HTTPAUTH and CURLOPT_PROXYAUTH
VC9 Makefiles were added to the release package

Bugfixes:

build failure when disabling FTP but enabling GSS
fixed several calls to memory functions that didn't check return codes
memory leak for SSL connects with libcurl/NSS when CURLOPT_ISSUERCERT was used
re-use of connections with the multi interface when multiple handles used the same server
memory leak with HTTP GSS/kerberos authentication
removed the default use of "Pragma: no-cache"
fix SCP/SFTP busyloop by using a new libssh2 1.0 function
bad fclose() after a fatal error in cookie code
curl_multi_remove_handle() when the handle was in use in a HTTP pipeline
GSS authentication infinite loop problem
550 response from SIZE no longer treated as missing file
ftps:// control connections now use explicit protection level
dotted IPv6 addresses longer than 39 bytes failed
curl_easy_duphandle() doesn't try to duplicate the connection cache pointer
build failure on OS/400 when enabling IPv6
better detection of SFTP failures
improved connection re-use for subsequent SCP and SFTP transfers
multi interface does less busy-loops for SCP and SFTP transfers with libssh2 1.0 or later
curl_multi_timeout() no longer returns timeout 0 when there's still more than 0 but less than 999 microseconds left
the multi_socket API and HTTP pipelining now work a lot better when combined
SFTP seek/resume beyond 32bit file sizes
fixed breakage with --with-ssl --disable-verbose
TTL "leak" in the DNS cache
improved NSS initing
curl_easy_reset now resets more options
rare Location: follow bug with the multi interface
the configure script can now detect gnutls with pkg-config
curlbuild.h was adjusted for SunPro compilers
CURLOPT_COOKIELIST set to "SESS" on an easy handle with no cookies data
fixed timeouts for TFTP
fixed PPC builds

Fixed in 7.19.2 - November 13 2008

Bugfixes:

build failure when using MSVC 6 makefile and on four platforms more
crash when using --interface name on Linux systems with a TEQL device
using the multi interface to download a HTTPS page with libcurl built powered by OpenSSL could download "rubbish" instead of actual content

Fixed in 7.19.1 - November 5 2008

Changes:

pkg-config can now show supported_protocols and supported_features
Added CURLOPT_CERTINFO and CURLINFO_CERTINFO
Added CURLOPT_POSTREDIR
Better detect HTTP 1.0 servers and don't do HTTP 1.1 requests on them
configure --disable-proxy disables proxy support
Added CURLOPT_USERNAME and CURLOPT_PASSWORD
--interface now works with IPv6 connections on glibc systems
Added CURLOPT_PROXYUSERNAME and CURLOPT_PROXYPASSWORD

Bugfixes:

MingW32 non-configure builds are now largefile feature enabled by default
NetWare LIBC builds are now largefile feature enabled by default
curl_easy_pause() could behave wrongly on unpause
cookies with invalid expire dates are now considered expired
HTTP pipelining over proxy
fix regression in configure script which affected OpenSSL builds on MSYS
GnuTLS-based multi interface doing HTTPS over proxy failed
recv() failures cause CURLE_RECV_ERROR
SFTP over SOCKS crash fixed
thread-safety issues addressed for NSS-powered libcurls
removed the use of mktime() and gmtime(_r)() in date parsing and conversions
HTTP Digest with a blank realm did wrong
CURLINFO_REDIRECT_URL didn't work with the multi interface
CURLOPT_RANGE now works for SFTP downloads
FTP SIZE response 550 now causes CURLE_REMOTE_FILE_NOT_FOUND
CURLINFO_PRIMARY_IP fixed for persistent connection re-use cases
remove_handle/add_handle multi interface timer callback flaw
CURLINFO_REDIRECT_URL memory leak and wrong-doing
case insensitive string matching works in Turkish too
Solaris builds get _REENTRANT defined properly and work again
Garbage sent on chunky upload after curl_easy_pause()
ipv4 name resolves when libcurl is built with ipv6-enabled c-ares
undersized IPv6 address internal buffer truncated long IPv6 addresses
CURLINFO_FILETIME works for file:// transfers as well

Fixed in 7.19.0 - September 1 2008

Changes:

curl_off_t gets its size/typedef somewhat differently than before. This _may_ cause an ABI change for you. See lib/README.curl_off_t for a full explanation.
Added CURLINFO_PRIMARY_IP
Added CURLOPT_CRLFILE and CURLE_SSL_CRL_BADFILE
Added CURLOPT_ISSUERCERT and CURLE_SSL_ISSUER_ERROR
curl's option parser for boolean options reworked
Added --remote-name-all
Now builds for the INTEGRITY operating system
Added CURLINFO_APPCONNECT_TIME
Added test selection by key word in runtests.pl
the curl tool's -w option support the %{ssl_verify_result} variable
Added CURLOPT_ADDRESS_SCOPE and scope parsing of the URL according to RFC4007
Support --append on SFTP uploads (not with OpenSSH, though)
Added curlbuild.h and curlrules.h to the external library interface

Bugfixes:

Fixed curl-config --ca
Fixed the multi interface connection re-use with NSS-built libcurl
connection re-use when using the multi interface with pipelining enabled
curl_multi_socket() socket callback fix for close/re-create sockets case
SCP or SFTP over socks proxy crashed
RC4-MD5 cipher now works with NSS-built libcurl
range requests with --head are now done correctly
fallback to gettimeofday when monotonic clock is unavailable at run-time
range numbers could be made to wrongly get output as signed
unexpected 1xx responses hung transfers
FTP transfers segfault when using different CURLOPT_FTP_FILEMETHOD
c-ares powered libcurls can resolve/use IPv6 addresses
poll not working on Windows Vista due to POLLPRI being incorrectly used
user-agent in CONNECT with non-HTTP protocols
CURL_READFUNC_PAUSE problems fixed
--use-ascii now works on Symbian OS, MS-DOS and OS/2
CURLINFO_SSL_VERIFYRESULT is fixed
FTP URLs and IPv6 URLs mangled when sent to proxy with CURLOPT_PORT set
a user name in a proxy URL without a password was parsed incorrectly
library will now be built with _REENTRANT symbol defined only if needed
no longer link with gdi32 on Windows cross-compiled targets
HTTP PUT with -C - sent bad Content-Range: header
HTTP PUT or POST with redirect could lead to hang
re-use of connections with failed SSL connects in the multi interface
NTLM over proxy state was wrongly cleared when host connection was closed
Windows SSPI DLL loading is now done in curl_global_init()
runtests.pl has an improved find-stunnel-and-invoke
FTP sessions could go out of sync on a long header boundary condition
potential buffer overflows in the MS-DOS command-line port fixed
--stderr is now honoured with the -v option
memory leak in libcurl on Windows built with OpenSSL
improved curl_m*printf() integral data type size and signedness handling
error when --dump-header - used with more than one URL
proxy closing connect during CONNECT with auth with the multi interface
CURLOPT_UPLOAD sets HTTP method back to GET or HEAD when passed in a 0
shared cookies could get locked twice
deal with closed connection while doing POST/PUT

Fixed in 7.18.2 - June 4 2008

Changes:

CURLFORM_STREAM was added
CURLOPT_NOBODY is now supported over SFTP
curl can now run on Symbian OS
curl -w redirect_url and CURLINFO_REDIRECT_URL
added curl_easy_send() and curl_easy_recv()

Bugfixes:

CURLOPT_NOBODY first set to TRUE and then FALSE for HTTP no longer causes the confusion that could lead to a hung transfer
curl_easy_reset() resets the max redirect limit properly
configure now correctly recognizes Heimdal and MIT gssapi libraries
malloc() failure check in Negotiate
-i and -I together now work the same no matter what order they're used
the typechecker can be bypassed by defining CURL_DISABLE_TYPECHECK
a pointer mixup could make the FTP code send bad user+password under rare circumstances (found when using curlftpfs)
CURLOPT_OPENSOCKETFUNCTION can now be used to create a unix domain socket
CURLOPT_TCP_NODELAY crash due to getprotobyname() use
libcurl sometimes sent body twice when using CURLAUTH_ANY
configure detecting debug-enabled c-ares
microsecond resolution keys for internal splay trees
krb4 and krb5 ftp segfault
multi interface busy loop for CONNECT requests
internal time differences now use monotonic time source if available
several curl_multi_socket() fixes
builds fine for Haiku OS
follow redirect with only a new query string
SCP and SFTP memory leaks on aborted transfers
curl_multi_socket() and HTTP pipelining transfer stalls
lost telnet data on an EWOULDBLOCK condition

Fixed in 7.18.1 - March 30 2008

Changes:

added support for HttpOnly cookies
'make ca-bundle' downloads and generates an updated ca bundle file
we no longer distribute or install a ca cert bundle
SSLv2 is now disabled by default for SSL operations
the test509-style setting URL in callback is officially no longer supported
support a full chain of certificates in a given PKCS12 certificate
resumed transfers work with SFTP
added type checking macros for curl_easy_setopt() and curl_easy_getinfo(), watch out for new warnings in code using libcurl (needs gcc-4.3 and currently only works in C mode)
curl_easy_setopt(), curl_easy_getinfo(), curl_share_setopt() and curl_multi_setopt() uses are now checked to use exactly three arguments
--with-ca-path=DIR configure option allows to set an openSSL CApath instead of a default ca bundle.
supports server name indication (RFC 4366), aka SNI

Bugfixes:

improved pipelining
improved strdup replacement
GnuTLS-built libcurl failed when doing global cleanup and reinit
error message problem when unable to resolve a host on Windows
Accept: header replacing
not verifying server certs with GnuTLS still failed if gnutls had problems with the cert
when using the multi interface and a handle is removed while still having a transfer going on, the connection is now closed by force
bad re-use of SSL connections in non-complete state
test case 405 failures with GnuTLS builds
crash when connection cache size is 1 and Curl_do() failed
GnuTLS-built libcurl can now be forced to prefer SSLv3
crash when doing Negotiate again on a re-used connection
select/poll regression
better MIT kerberos configure check
curl_easy_reset() + SFTP re-used connection download crash
SFTP non-existing file + SFTP existing file error
sharing DNS cache between easy handles running in multiple threads could lead to crash
SFTP upload with CURLOPT_FTP_CREATE_MISSING_DIRS on re-used connection
SFTP infinite loop when given an invalid quote command
curl-config erroneously reported LDAPS support with missing LDAP libraries
SCP infinite loop when downloading a zero byte file
setting the CURLOPT_SSL_CTX_FUNCTION with libcurl built without OpenSSL now makes curl_easy_setopt() properly return failure
configure --with-libssh2 (with no given path)

Fixed in 7.18.0 - January 28 2008

Changes:

--data-urlencode
CURLOPT_PROXY_TRANSFER_MODE
--no-keepalive - now curl does connections with keep-alive enabled by default
--socks4a added (proxy type CURLPROXY_SOCKS4A for libcurl)
--socks5-hostname added (CURLPROXY_SOCKS5_HOSTNAME for libcurl)
curl_easy_pause()
CURLOPT_SEEKFUNCTION and CURLOPT_SEEKDATA
--keepalive-time
curl --help output was re-ordered

Bugfixes:

curl-config --features and --protocols show the correct output when built with NSS, and also when SCP, SFTP and libz are not available
free problem in the curl tool for users with empty home dir
curl.h version 7.17.1 problem when building C++ apps with MSVC
SFTP and SCP use persistent connections
segfault on bad URL
variable wrapping when using absolutely huge send buffer sizes
variable wrapping when using debug callback and the HTTP request wasn't sent in one go
SSL connections with NSS done with the multi-interface
setting a share no longer activates cookies
Negotiate now works on auth and proxy simultanouesly
support HTTP Digest nonces up to 1023 letters
resumed ftp upload no longer requires the read callback to return full buffers
no longer default-appends ;type= on FTP URLs thru proxies
SSL session id caching
POST with callback over proxy requiring NTLM or Digest
Expect: 100-continue flaw on re-used connection with POSTs
build fix for MSVC 9.0 (VS2008)
Windows curl builds failed file truncation when retry downloading
SSL session ID cache memory leak
bad connection re-use check with environment variable-activated proxy use
--libcurl now generates a return statement as well
socklen_t is no longer used in the public includes
time zone offsets from -1400 to +1400 are now accepted by the date parser
allows more spaces in WWW/Proxy-Authenticate: headers
curl-config --libs skips /usr/lib64
range support for file:// transfers
libcurl hang with huge POST request and request-body read from callback
removed extra newlines from many error messages
improved pipelining
improved OOM handling for data url encoded HTTP POSTs when read from a file
test suite could pick wrong tool(s) if more than one existed in the PATH
curl_multi_fdset() failed to return socket while doing CONNECT over proxy
curl_multi_remove_handle() on a handle that is in used for a pipeline now break that pipeline
CURLOPT_COOKIELIST memory leaks
progress meter/callback during http proxy CONNECT requests
auth for http proxy when the proxy closes connection after first response

Fixed in 7.17.1 - October 29 2007

Changes:

automatically append ";type=" when using HTTP proxies for FTP urls
improved NSS support
added --proxy-negotiate
added --post301 and CURLOPT_POST301
builds with c-ares 1.5.0
added CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 and --hostpubmd5
renamed CURLE_SSL_PEER_CERTIFICATE to CURLE_PEER_FAILED_VERIFICATION
added CURLOPT_OPENSOCKETFUNCTION and CURLOPT_OPENSOCKETDATA
CULROPT_COOKIELIST supports "FLUSH"
added CURLOPT_COPYPOSTFIELDS
added --static-libs to curl-config

Bugfixes:

curl-config --protocols now properly reports LDAPS, SCP and SFTP
ldapv3 support on Windows
ldap builds with the MSVC makefiles
no HOME and no key given caused SSH auth failure
Negotiate authentication over proxy
--ftp-method nocwd on directory listings
FTP, CURLOPT_NOBODY enabled and CURLOPT_HEADER disabled now does TYPE before SIZE
re-used handle transfers with SFTP
curl_easy_escape() problem with byte values >= 128
handles chunked-encoded CONNECT responses
misuse of ares_timeout() result
--local-port on TFTP transfers
CURLOPT_POSTFIELDS could fail to send binary data
specifying a proxy with a trailing slash didn't work (unless it also contained a port number)
redirect from HTTP to FTP or TFTP memory problems and leaks
re-used connections a bit too much when using non-SSL protocols tunneled over a HTTP proxy
embed the manifest in VC8 builds
use valgrind in the tests even when the lib is built shared with libtool
libcurl built with NSS can now ignore the peer verification even when the ca cert bundle is absent

Fixed in 7.17.0 - September 13 2007

Changes:

support for OS/400 Secure Sockets Layer library
curl_easy_setopt() now allocates strings passed to it
SCP and SFTP support now requires libssh2 0.16 or later
LDAP libraries are now linked "regularly" and not with dlopen
HTTP transfers have the download size info "available" earlier
FTP transfers have the download size info "available" earlier
builds and runs on OS/400
several error codes and options were marked as obsolete and subject to future removal (set CURL_NO_OLDIES to see if your application is using them)
SFTP errors can return more specific error codes

Bugfixes:

test cases 31, 46, 61, 506, 517 now work in time zones that use leap seconds
problem with closed proxy connection during HTTP CONNECT auth negotiation
transfer-encoding skipping didn't ignore the 407 response bodies properly
CURLOPT_SSL_VERIFYHOST set to 1
CONNECT endless loop
krb5 support builds with Heimdal
added returned error string for connection refused case
re-use of dead FTP control connections
login to FTP servers that don't require (nor understand) PASS after the USER command
bad free of memory from libssh2
the SFTP PWD command works
HTTP Digest auth on a re-used connection
FTPS data connection close
AIX 4 and 5 get to use non-blocking sockets
small POST with NTLM
resumed file:// transfers
CURLOPT_DNS_CACHE_TIMEOUT and CURLOPT_DNS_USE_GLOBAL_CACHE are 64 bit "clean"
memory leak when handling compressed data streams from broken servers
no NTLM unicode response
resume HTTP PUT using Digest authentication
FTP NOBODY requests on directories sent "SIZE (null)"
FTP NOBODY request on file crash
excessively long FTP server responses and response lines
file:// upload then FTP:// upload crash
TFTP error 0 is no longer treated as success
uploading empty file over FTP on re-used connection
superfluous CWD command on re-used FTP connections without subdirs used

Fixed in 7.16.4 - July 10 2007

Changes:

added CURLOPT_NEW_FILE_PERMS and CURLOPT_NEW_DIRECTORY_PERMS
improved hashing of sockets for the multi_socket API
ftp kerberos5 support added

Bugfixes:

adjusted how libcurl treats HTTP 1.1 responses without content-lenth or chunked encoding
fixed the 10-at-a-time.c example
FTP over SOCKS proxy
improved error messages on SCP upload failures
security flaw in which libcurl failed to properly reject some outdated or not yet valid server certificates when built with GnuTLS

Fixed in 7.16.3 - June 25 2007

Changes:

added curl_multi_socket_action()
deprecated curl_multi_socket()
uses less memory in non-pipelined use cases
CURLOPT_HTTP200ALIASES matched transfers assume HTTP 1.0 compliance
more than one test harness can run at the same time without conflict
SFTP now supports quote commands before a transfer
CURLMOPT_MAXCONNECTS added to curl_multi_setopt()
upload resume works for file:// URLs
asynchronous name resolves now require c-ares 1.4.0 or later
added SOCKS test cases
CURLOPT_FTP_CREATE_MISSING_DIRS and --ftp-create-dirs now work for SFTP operations as well

Bugfixes:

if2up too long interface name memory leak
test case 534 started to fail 2007-04-13 due to the existance of a new host on the net with the same silly domain the test was using for a host which was supposed not to exist.
test suite SSL certificate works better with newer stunnel
internal progress meter update frequency back to once per second
avoid some unnecessary calls to function gettimeofday
a double-free in the SSL-layer
GnuTLS free of NULL credentials
NSS-fix for closing down SSL
bad warning from configure when gnutls was selected
compilation on VMS 64-bit mode
SCP/SFTP downloads could hang on the last bytes of a transfer
curl_easy_duphandle() crash
curl -V / curl_version*() works even when GnuTLS is used on a system without a good random source
curl_multi_socket() not "noticing" newly added handles
lack of Content-Length and chunked encoding now requires HTTP 1.1 as well to be treated as without response body
connection cache growth in multi handles
better handling of out of memory conditions
overwriting an uploaded file with sftp now truncates it first
SFTP quote commands chmod, chown, chgrp can now set a value of 0
TFTP connect timouts less than 5 seconds
improved curl -w for TFTP transfers
memory leak when failed OpenSSL certificate CN field checking
memory leak when OpenSSL failed PKCS #12 parsing
FTP-SSL when built with NSS
out-of-boundary write in Curl_select()
-s/--silent can now be used to toggle off the silence again
builds fine on 64bit HP-UX
multi interface HTTP CONNECT glitch
list FTP root directories when login dir is not root
no longer slows down when getting very many URLs on the same command line
lock share before decreasing dirty counter
no-body FTP requests on re-used connections

Fixed in 7.16.2 - April 11 2007

Changes:

added CURLOPT_TIMEOUT_MS and CURLOPT_CONNECTTIMEOUT_MS
added CURLOPT_HTTP_CONTENT_DECODING, CURLOPT_HTTP_TRANSFER_DECODING and --raw
added support for using the NSS library for TLS/SSL
changed default anonymous FTP password
changed the CURLOPT_FTP_SSL_CCC option to handle active and passive CCC shutdown
added the --ftp-ssl-ccc-mode command line option
includes VC8 Makefiles in the release archive
--ftp-ssl-control is now honoured on ftps:// URLs
added experimental CURL_ACKNOWLEDGE_EINTR symbol definition check
--key and new --pubkey options for SSH public key file logins
--pass now works for a SSH public key file, too
select (2) support no longer needed to build the library if poll() used
CURLOPT_POSTQUOTE works for SFTP

Bugfixes:

in testsuite, update test cookies expiration from 2007-Feb-1 to year 2035
socks5 works
builds fine with VC2005
CURLOPT_RANGE set to NULL resets the range for FTP
curl_multi_remove_handle() rare crash
passive FTP transfers work with SOCKS
multi interface HTTPS connection re-use memory leak
libcurl.m4's --with-libcurl is improved
curl-config --libs and libcurl.pc no longer list unnecessary dependencies
fixed an issue with CCC not working on some servers
several HTTP pipelining problems
HTTP CONNECT thru a proxy is now less blocking when the multi interface is used
HTTP Digest header parsing fix for unquoted last word ending with CRLF
CURLOPT_PORT, HTTP proxy, re-using connections and non-HTTP protocols
CURLOPT_INTERFACE for ipv6
use-after-free issue with HTTP transfers with the multi interface
the progress callback can get called more frequently
timeout would restart when signal caught while awaiting socket events
curl -f with user+password embedded in the URL
26 flaws identified by coverity.com
builds on QNX 6 again

Fixed in 7.16.1 - January 29 2007

Changes:

Support for SCP and SFTP were added (powered by libssh2)
CURLOPT_CLOSEPOLICY is now deprecated
--ftp-ssl-ccc and CURLOPT_FTP_SSL_CCC were added
HTTP support for non-ASCII platforms
--libcurl was added

Bugfixes:

proxy close during CONNECT authentication is now dealt with nicely
the CURLOPT_DEBUGFUNCTION was sometimes called even when CURLOPT_VERBOSE was not enabled
multiple TFTP transfers on the same (easy or multi) handle could cause a crash
SIGSEGV when disconnecting on a transfer on a re-used handle when the host name didn't resolve
stack overwrite on 64bit Windows in the chunked decoding department
HTTP responses on persistent connections without Content-Length nor chunked encoding are now considered to be without response body
Content-Range: header parsing improved
CPU 100% load when HTTP upload connection broke
active FTP didn't work with multi interface
curl_getdate() could be off one hour for TZ time zones with DST, on windows
CURLOPT_FORBID_REUSE works again
CURLOPT_MAXCONNECTS set to zero caused libcurl to SIGSEGV
rate limiting works better
getting FTP response code errors when using the multi-interface caused libcurl to leak memory
no more SIGPIPE when GnuTLS is used
FTP downloading 2 zero byte files in a row
using proxy and URLs without protocol prefixes
first using a proxy and then accessing a site that 'no_proxy' matched, would still make libcurl use the proxy...
curl_easy_duphandle() now makes a handle that is valid for the multi interface since the magic number is set fine
libcurl.pc now uses Libs.private for "private" libs
--limit-rate (CURLOPT_MAX_SEND_SPEED_LARGE and CURLOPT_MAX_RECV_SPEED_LARGE) now work on windows again
improved download performance by avoiding the unconditional "double copying"
base64 encoding/decoding works on non-ASCII platforms
large file downloads
CURLOPT_COOKIELIST set to "ALL" crash
easy handle removal from multi handle before completion
TFTP upload memory leak
curl_easy_reset() now resets the CA bundle path correctly
two User-Agent headers in CONNECT requests with custom User-Agent

Fixed in 7.16.0 - October 30 2006

Changes:

the SONAME on the shared library was bumped from 3 to 4
Added CURLE_SSL_CACERT_BADFILE
Added CURLMOPT_TIMERFUNCTION and CURLMOPT_TIMERDATA
(FTP) the CURLOPT_SOURCE_* options are removed and so are the --3p* command line options
curl_multi_socket() and family are suitable to start using
uses WSAPoll() on Windows Vista
(FTP) --ftp-ssl-control was added
CURLOPT_SSL_SESSIONID_CACHE and --no-sessionid added
CURLMOPT_PIPELINING added for enabling HTTP pipelined transfers
multi handles now have a shared connection cache
Added support for other MS-DOS compilers (besides djgpp)
CURLOPT_SOCKOPTFUNCTION and CURLOPT_SOCKOPTDATA were added
(FTP) libcurl avoids sending TYPE if the desired type was already set
(FTP) CURLOPT_PREQUOTE works even when CURLOPT_NOBODY is set true

Bugfixes:

(HTTP) CURLOPT_FAILONERROR (curl -f) covers a few more reponse cases
curl_multi_socket() and the LOW_SPEED options
curl_multi_socket() expire timer during c-ares name resolves
curl_multi_add_handle on an already added handle now fails gracefully
multi interface crash if bad function call order was used for cleanup
put a new URL in saved cookie jar files
configure --with-gssapi-libs
SOCKS proxy connection fixes
(FTP) a failed upload does not invalidate the control connection
proxy URL with user name and empty password or no password at all now work
fixed a socket state problem with *multi_socket()
(HTTP) NTLM hostname fix
getsockname usage fixes
SOCKS5 proxy connects can now time-out
SOCKS5 connects that require auth no longer segfaults when auth not given
multi interface using asynch resolves could get stuck in wrong state
the 'running_handles' counter wasn't always updated properly when curl_multi_remove_handle() was used
(FTP) EPRT transfers with IPv6 didn't work properly
(FTP) SINGLECWD mode and using files in the root dir
(HTTP) Expect: header disabling work better
(HTTP) "Expect: 100-continue" disable on second POST on re-used connection
src/config.h.in is fixed
(HTTP) POST data logged to the debug callback function is now correctly tagged as data, not header

Fixed in 7.15.5 - August 7 2006

Changes:

added --ftp-ssl-reqd
modified the prototype for the socket callback set with CURLMOPT_SOCKETFUNCTION
added curl_multi_assign()
added CURLOPT_FTP_ALTERNATIVE_TO_USER and --ftp-alternative-to-user
added a vcproj file for building libcurl
added curl_formget()
added CURLOPT_MAX_SEND_SPEED_LARGE and CURLOPT_MAX_RECV_SPEED_LARGE
added configure --enable-hidden-symbols
Made -K on a file that couldn't be read cause a warning to be displayed

Bugfixes:

chunked encoding when custom header "Transfer-Encoding: chunked" is set
Curl_strerror() crash on unknown errors
changing Content-Type when doing formposts
added CURL_EXTERN to a few recent multi functions that lacked them
splay-tree related problems for internal expire time handling
FTP ASCII CRLF counter reset
cookie parser now compares paths case sensitive
an easy handle with shared DNS cache added to a multi handle caused a crash
couldn't override the Proxy-Connection: header for non-CONNECT requests
curl_multi_fdset() could wrongly return -1 as max_fd value

Fixed in 7.15.4 - June 12 2006

Changes:

NTLM2 session response support
CURLOPT_COOKIELIST set to "SESS" clears all session cookies
CURLINFO_LASTSOCKET returned sockets are now checked more before returned
curl-config got a --checkfor option to compare version numbers
line end conversions for FTP ASCII transfers
curl_multi_socket() API added (still mostly untested)
conversion callback options for EBCDIC <=> ASCII conversions
added CURLINFO_FTP_ENTRY_PATH
less blocking for the multi interface during (Open)SSL connect negotiation

Bugfixes:

builds fine on cygwin
md5-sess with Digest authentication
dict with letters such as space in a word
dict with url-encoded words in the URL
libcurl.m4 when default=yes but no libcurl was found
numerous bugs fixed in the TFTP code
possible memory leak when adding easy handles to multi stack
TFTP works in a more portable fashion (== on more platforms)
WSAGetLastError() is now used (better) on Windows
GnuTLS non-block case that could cause data trashing
deflate code survives lack of zlib header
CURLOPT_INTERFACE works with hostname
configure runs fine with ICC
closed control connection with FTP when easy handle was removed from multi
curl --trace crash when built with VS2005
SSL connect time-out
improved NTLM functionality
following redirects with more than one question mark in source URL
fixed debug build crash with -d
generates a fine AIX Toolbox RPM spec
treat FTP AUTH failures properly
TFTP transfers could trash data
-d + -G combo crash

Fixed in 7.15.3 - March 20 2006

Changes:

added docs for --ftp-method and CURLOPT_FTP_FILEMETHOD

Bugfixes:

TFTP Packet Buffer Overflow Vulnerability
properly detecting problems with sending the FTP command USER
wrong error message shown when certificate verification failed
multi-part formpost with multi interface crash
the CURLFTPSSL_CONTROL setting for CURLOPT_FTP_SSL is acknowledged
"SSL: couldn't set callback" is now treated as a less serious problem
Interix build fix
fixed curl "hang" when out of file handles at start
prevent FTP uploads to URLs with trailing slash

Fixed in 7.15.2 - February 27 2006

Changes:

Support for SOCKS4 proxies (added --socks4)
CURLOPT_CONNECT_ONLY and CURLINFO_LASTSOCKET added
CURLOPT_LOCALPORT and CURLOPT_LOCALPORTRANGE (--local-port) added
Dropped support for the LPRT ftp command
Gopher is now officially abandoned as a protocol (lib)curl tries to support
curl_global_init() and curl_global_cleanup() are now using a refcount so that it is now legal to call them multiple times. See updated info for details

Bugfixes:

two bugs concerning using curl_multi_remove_handle() before the transfer was complete
multi-pass authentication and compressed content
minor format string mistake in the GSS/Negotiate code
cached DNS entries could remain in the cache too long
improved GnuTLS check in configure
re-used FTP connections when the second request didn't do a transfer
plain --limit-rate [num] means bytes
re-creating a dead connection is no longer counted internally as a followed redirect and thus prevents a weird error that would occur if a FTP connection died on an attempted re-use
Try PASV after failing to connect to the port the EPSV response contained
-P [IP] with non-local address with ipv6-enabled curl
-P [hostname] with ipv6-disabled curl
libcurl.m4 was updated
configure no longer warns if the current path contains a space
test suite kill race condition
FTP_SKIP_PASV_IP and FTP_USE_EPSV when doing FTP over HTTP proxy
Doing a second request with FTP on the same bath path, would make libcurl confuse what current working directory it had
FTP over HTTP proxy now sends the second CONNECT properly
numerous compiler warnings and build quirks for various compilers have been addressed
supports name and passwords up to 255 bytes long, embedded in URLs
the HTTP_ONLY define disables the TFTP support

Fixed in 7.15.1 - December 7 2005

Changes:

the libcurl.pc pkgconfig file now gets installed on make install
URL globbing now offers "range steps": [1-100:10]
LDAPv3 is now the preferred LDAP protocol version
--max-redirs and CURLOPT_MAXREDIRS set to 0 limits redirects
improved MSVC makefile

Bugfixes:

URL buffer overflow problem
using file:// on non-existing files are properly handled
builds fine on DJGPP
CURLOPT_ERRORBUFFER is now always filled in on errors
curl outputs error on bad --limit-rate units
fixed libcurl's use of poll() on cygwin
the GnuTLS code didn't support client certificates
TFTP over IPv6 works
no reverse lookups on IP addresses when ipv6-enabled
SSPI compatibility fix: using the proper DLLs
binary LDAP properties are now shown base64 encoded
Windows uploads from stdin using curl can now contain ctrl-Z bytes
-r [num] would produce an invalid HTTP Range: header
multi interface with multi IP hosts could leak socket descriptors
the GnuTLS code didn't handle rehandshakes
re-use of a dead FTP connection
name resolve error codes fixed for Windows builds
double WWW-Authenticate Digest headers are now handled
curl-config --vernum fixed

Fixed in 7.15.0 - October 13 2005

Changes:

--ftp-skip-pasv-ip / CURLOPT_FTP_SKIP_PASV_IP (sponsored by CU*Answers)
TFTP support added

Bugfixes:

user+domain name buffer overflow in the NTLM code (security flaw)
-z over FTP now considers equal timestamps "not modified since"
Weird characters removed from the configure script
Fixed time zone offsets for MEST and CEST for the time parser
HTTP Content-Range header parser crash
FTPS negotiation timeouts/errors
SSPI works even for Windows 9x
crash in --dump-header on FTP
test 56 runs better

Fixed in 7.14.1 - September 1 2005

Changes:

GNU GSS support
--ignore-content-length and CURLOPT_IGNORE_CONTENT_LENGTH added
negotiates data connection SSL earlier when doing FTPS with PASV
CURLOPT_COOKIELIST and CURLINFO_COOKIELIST
trailer support for chunked encoded data streams
-x/CURL_PROXY strings may now contain user+password
--trace-time now outputs the full microsecond, all 6 digits

Bugfixes:

MSVC build problem with the DSP file
windows threaded resolver access violation with multi interface
test suite works with valgrind 3
CA cert verification with GnuTLS builds
handles expiry times in cookie files that go beyond 32 bits in size
several client problems with files, such as doing -d @file when the file isn't readable now gets a warning displayed
write callback abort didn't always "take"
the curl -z "bad syntax" warning is now hidden when -s is used
curl -d @nonexisting no longer makes a GET
minor debug callback data size
date parsing of dates including daylight savings time zone names
using NTLM over proxy with an FTP URL
curl-config --features now displays SSL when built with GnuTLS too
CURLOPT_HTTPGET, CURLOPT_POST and CURLOPT_HTTPPOST reset CURLOPT_NOBODY
builds fine on AmigaOS again
corrected date parsing on Windows with auto-DST-adjust enabled
treats CONNECT 407 responses with bodies better during Digest/NTLM auth
improved strerror_r() API guessing when cross-compiling
debug builds work on Tru64
improved libcurl.m4
possible memory leak in windows name resolves
c-ares enabled build with mingw
proxy host set with numerical IPv6 address
better treatment of binary zeroes in HTTP response headers
fixed the notorious FTP server failure in the test suite
better checking of text output in the test suite on windows
FTP servers' TYPE command response check made less strict
URL-without-slash as in http://somehost?data
strerror_r() configure check for HP-UX 10.20 (and others)
time parse work-around on HP-UX 10.20 since its gmtime_r() is broken

Fixed in 7.14.0 - May 16 2005

Changes:

modified default HTTP request headers
curl --trace-time added for time stamping trace logs
curl now respects the SSL_CERT_DIR and SSL_CERT_PATH environment variables
more search paths for curl's default .curlrc config file check
GnuTLS support, use configure --with-gnutls. Work on this was sponsored by The Written Word.

Bugfixes:

uses select() instead of poll() even on Mac OS X 10.4
reconnected proxy use with NTLM auth on the same handle
warns about bad -z date syntax
docs/THANKS now contains all known contributors
builds out-of-the-box on (presumably ipv6-enabled) AIX 4.3 hosts
curl --head could wrongly complain on bad chunked-encoding
--interface SIGSEGVed on a bad address
kill the HTTPS server better when stopping the test suite
builds fine with VS2005 on x64
auth fix for HTTP redirects and .netrc usage
FTP uploads show the progress meter easier
MSVC makefile fixes for static libcurl builds
configure fix for static libcurl build on Windows
--retry-delay
POST with read callback now uses Expect: 100-continue
CURLOPT_PORT didn't actually use the set port number
HTTP 304 response with Content-Length: header
time-conditioned FTP uploads

Fixed in 7.13.2 - Apr 4 2005

Changes:

Added --form-string
libcurl can be built with SSPI support. curl_version_info() then returns a new feature bit: CURL_VERSION_SSPI. configure --enable-sspi added
Added --proxy-anyauth
Added runtests.1 and testcurl.1 man pages

Bugfixes:

the MSVC libcurl Makefile was fixed
libcurl on Windows crash if resolver was active when easy handle was killed
HTTP POST with auth and an initial 100 response before the 401/407
configure's SSL-detection for msys/mingw
better connection keep-alive when POSTing with HTTP Digest
FTP-SSL
reading FTP server response in multiple reads
picking one out of multiple proxy auth methods
inet_ntoa_r() when built with uClibc
the so name issue for the LDAP library dynamic load
crash when using SOCKS4 proxy
a debug printf() was removed
CURLOPT_FILETIME when downloading FTP corrupted data
FTP upload resume now works even if no file is present on the site
SSL seeding no longer attempts to read the whole random file

Fixed in 7.13.1 - Mar 4 2005

Changes:

CURLOPT_COOKIEFILE set to "" is now activating the cookie engine
FTP code overhaul => multi interface much less blocking
Added CURLE_LOGIN_DENIED to be returned when curl is denied login to FTP servers

Bugfixes:

-# crash when more data than expected was retrieved
NTLM/krb4 buffer overflow fixed
proxy auth bug when following redirects to another host
socket leak when local bind failed
HTTP POST with --anyauth picking NTLM
SSL problems when downloading exactly 16KB data
out of memory conditions preserve error codes better
a few crashes at out of memory
inflate buffer usage bugfix
better DICT protocol adherence
disable valgrind-checking while testing if libcurl is built shared
locale names in some date strings

Fixed in 7.13.0 - Feb 1 2005

Changes:

added --ftp-account and CURLOPT_FTP_ACCOUNT
added CURLOPT_SOURCE_URL and CURLOPT_SOURCE_QUOTE
obsoleted CURLOPT_SOURCE_HOST, CURLOPT_SOURCE_PATH, CURLOPT_SOURCE_PORT and CURLOPT_PASV_HOST
added --3p-url, --3p-user and --3p-quote
-Q "+[command]" was added
src/getpass.c license issue sorted (code was rewritten)
curl -w now supports 'http_connect' for the proxy's response to CONNECT
introducing "curl-config --protocols"

Bugfixes:

re-sending a request when retrying on a fresh connection with multi interface
improved valgrind report parser in the test suite
several valgrind reports
CURLOPT_FTPPORT and -P work when built ipv6-enabled
FTP third party transfers was much improved
proxy environment variables are now ignored when built HTTP-disabled
CURLOPT_PROXY can now disable HTTP proxy even when built HTTP-disabled
"curl dictionary.com" no longer assumes DICT protocol
re-invoke some system calls on EINTR
duplicate Host: when failed connection re-use
SOCKS5 version check
memory problem with cleaning up multi interface
SSL certificate name memory leak
-d with -G to multiple URLs crashed
double va_list access crash fixed
minor memory leak when "version" is set in a cookie header
builds fine on BeOS and NetBSD
builds and runs fine on FreeBSD

Fixed in 7.12.3 - Dec 20 2004

Changes:

PKCS12 certificate support added
added CURLINFO_SSL_ENGINES (and "--engine list")
new configure options: --disable-cookies, --disable-crypto-auth and --disable-verbose
persistent ftp request improvements
CURLOPT_IOCTLFUNCTION and CURLOPT_IOCTLDATA added. If your app uses HTTP Digest, NTLM or Negotiate authentication, you will most likely want to use these
-w time_redirect and num_redirects
no longer uses libcurl.def for building on Windows, OS/2 and Netware
builds on Windows CE
request retrying, --retry and family added
FTP 3rd party transfers with source and dest on the same host now works
added CURLINFO_NUM_CONNECTS

Bugfixes:

curl -E on windows accepts "c:/path" with forward-slash
several improvements for large file support on windows
file handle leak in aborted multipart formpost file upload
-T upload multiple files with backslashes in file names
modified credentials between two requests on a persistent http connection
large file file:// resumes on Windows
URLs with username and IPv6 numerical addresses
configure works better with SSL libs in a "non-standard ld.so dir"
curl-config --vernum zero prefixed
bad memory access in the NTLM code
EPSV on multi-homed servers now works correctly
chunked-encoded transfers could get closed pre-maturely without error
proxy CONNECT now default timeouts after 3600 seconds
disabling EPSV or EPRT is ignored when connecting to an IPv6 FTP server
no extra progress meter newline output after each Location: followed
HTTP PUT/POST with Digest, NTLM or Negotiate no longer uses HEAD
works with or gracefully bails out when exceeding FD_SETSIZE file descriptors
CURLINFO_REDIRECT_TIME works
building with gssapi libs and hdeaders in the default dirs
curl_getdate() parsing of dates later than year 2037 with 32 bit time_t
curl -v when stderr is closed wrote debug messages to the network socket
build failure with libidn 0.3.X or older
huge POSTs on VMS
configure no longer uses pkg-config on cross-compiles
potential gzip decompress memory leak
"-C - --fail" on a HTTP page already downloaded
formposting a zero byte file
use setlocale() for better IDN functionality by default

Fixed in 7.12.2 - Oct 18 2004

Changes:

the IDN code now verifies that only TLD-legitmate letters are used in the name or a warning is displayed (when verbose is enabled)
provides error texts for IDN errors
file upload parts in formposts now get their directory names cut off
added CURLINFO_OS_ERRNO
added CURLOPT_FTPSSLAUTH to allow ftp connects to attempt "AUTH TLS" instead before "AUTH SSL"
curl_getdate() completely rewritten: may affect rare curl -z use cases

Bugfixes:

CURLOPT_FTP_CREATE_MISSING_DIRS works for third party transfers
memory leak for cookies received with max-age set
potential memory leaks in the window name resolver
URLs with ?-letters in the user name or password fields
libcurl error message is now provided when send() fails
no more SIGPIPE on Mac OS X and other SO_NOSIGPIPE-supporting platforms
HTTP resume was refused if redirected
configure's gethostbyname check when both nsl and socket libs are required
configure --with-libidn now checks the given path before defaults
a race condition sometimes resulting in CURLE_COULDNT_RESOLVE_HOST in the windows threaded name resolver code
isspace() invokes with negative values in the cookie code
a case of read-already-freed-data when CURLOPT_VERBOSE is used and a (very) persistent connection
now includes descriptive error messages for IDN errors
more forgivning PASS response code check for better working with proftpd
curl/multi.h works better included in winsock-using apps
curl_easy_reset() no longer enables the progress meter
build fix for SSL disabled curl with SSL Engine support present
configure --with-ssl=PATH now ignores pkg-config path info
CURLOPT_SSLENGINE can be set to NULL even if no engine support is available
LDAP crash when more than one record was received
connect failures properly stores an error message in the errorbuffer
Rare Location:-following problem with bad original URL
-F can now add Content-Type on non-file sections
double Host: header when following Location: with replaced Host:
curl_multi_add_handle() return code
"Proxy-Connection: close" is now understood and properly dealt with
curl_getdate() crash
downloading empty files now calls the write callback properly
no reverse DNS lookups for ip-only addresses with ipv6-enabled libcurl
file handler leak when getting an empty file:// URL
libcurl works better multi-threaded on AIX (when built with xlc)
cookies over proxy didn't match the path properly
MSVC makefile fixes to build better
FTP response 530 on 'PASS' now sends back a better error message

Fixed in 7.12.1 - Aug 10 2004

Changes:

the version string now only contains info about (sub) package versions, while for example krb4 and ipv6 now only are available as 'features'
added curl_easy_reset()
socks proxy support even when libcurl is built ipv6-enabled
read callbacks can stop the transfer by returning CURL_READFUNC_ABORT
libcurl-tutorial.3 is the new man page formerly known as libcurl-the-guide
additional SSL trace data might be sent to the debug callback using two new types: CURLINFO_SSL_DATA_IN and CURLINFO_SSL_DATA_OUT
multipart formposts can upload files larger than system memory
the curl tool continues with the next URL even if one transfer fails
FTP 3rd party transfer support - seven new setopt() options

Bugfixes:

UTF-8 encoded certificate names can now be verified properly
krb4 link problem
HTTP Negotiate service name now provided in uppercase
no longer accepts any cookies with domain set to just a TLD
HTTP Digest properties without quotes in the header
bad Host: header case on re-used connections over proxy
duplicate Host: header case on re-used connections
curl -o name#[num] now works when no globbing for [num] exists
test suite runs fine with valgrind 2.1.x
negative Content-Length is ignored
test 505 runs fine on windows
curl_share_cleanup() crash
--trace files now get the final info lines too
multi interface connects fine to multi-IP resolving hosts
--limit-rate works on Mac OS X (and other systems with bad poll()s)
cookies can now hold 4999 bytes of content
HTTP POST/PUT with NTLM/Digest/Negotiate to a URL returning 3XX
HTTPS POST/PUT over a proxy requiring NTLM/Digest/Negotiate
less restrictive libidn requirements, 0.4.1 or later is fine
HTTP POST or PUT with Digest/Negotiate/NTLM selected but the server didn't require any authentication
win32 file:// transfer free memory bug
configure --disable-http builds a libcurl without HTTP support
CURLOPT_FILETIME had wrong type in curl.h, it expects a long argument
builds fine with Borland on Windows
the msvc curllib.dsp now builds the libcurl.lib file
builds fine on VMS
builds fine on NetWare
HTTP Digest authentication with proxies uses correct user name + password
builds fine with lcc-win32

Fixed in 7.12.0 - Jun 2 2004

Changes:

added ability to "upload" to file:// URLs
added curl_global_init_mem()
removed curl_formparse()
the MSVC project file in the release archive is automatically built
curl --proxy-digest is a new command line option
the Windows version of libcurl can use wldap32.dll for LDAP
added curl_easy_strerror(), curl_multi_strerror() and curl_share_strerror()
IPv6-enabled Windows hosts now resolves names threaded/asynch as well
configure --with-libidn can be used to point out the root dir of a libidn installation (version 0.4.5 or later) for curl to use, then libcurl can resolve and use IDNA names (domain names with "international" letters)

Bugfixes:

incoming cookies with domains set with a prefixed dot now works better
CURLOPT_COOKIEFILE and CURLOPT_COOKIE can be used in the same request
improved peer certificate name verification
allocation failures cause no leaks nor crashes
the progress meter display now handles file sizes up to full 8 exabytes (which is as high a signed 64 bit number can reach)
general HTTP authentication improvements
HTTP Digest authentication with the proxy works
mulipart formposting with -F and file names with spaces work again
curl_easy_duphandle() now works when ares-enabled
HTTP Digest authentication works a lot more like the RFC says
curl works with telnet and stdin properly on Windows
configure --without-ssl works even when pkg-config has OpenSSL details
src/hugehelp.c builds correct again in non-configure build environments

Fixed in 7.11.2 - Apr 26 2004

Changes:

removed maximum user+password+hostname size limit
removed maximum dir depth limit for FTP
the ares build now requires c-ares 1.2.0 or later
--tcp-nodelay and CURLOPT_TCP_NODELAY were added
curl/curlver.h contains the libcurl version info now

Bugfixes:

configure --disable-manual works better
removed a memory leak when doing a windows threaded resolve and it failed
--proxy-ntlm now checks if libcurl supports NTLM before using it
minor --fail with authentication bugfix
CURLOPT_IPRESOLVE set to CURL_IPRESOLVE_V6 will now cause a returned error if the host only can resolve ipv4 addresses
curl -4/-6 now actually sets the requested option in libcurl
multi interface on Windows without ares works again
improved resolution for the CURLINFO_*_TIME info variables
getting only a 100 Continue response and nothing else, when talking HTTP, is now treated as an error by libcurl
fixed minor memory leak in libcurl for Windows when statically linked
POST/PUT using Digest/NTLM/Negotiate (including anyauth) now work better
--limit-rate with high speed rates is a lot more accurate now, and supports limiting to speeds >2GB/sec on systems with Large File support.
curl_strnqual.3 "refer-to" man page fix
fixed a minor very old progress meter final update bug
added checks for a working NI_WITHSCOPEID before that is used
fixed a flaw that prevented ares name resolve timeouts to occur
getting user name from http_proxy env variable works now
fixed too early name resolve timeouts with ares
HTTP Digest "re-negotiation" works now
CURLOPT_FAILONERROR (-f/--fail) works with all kinds of authentication
better thread-safety thanks to the internal strerror() replacement
better thread-safety on AIX thanks to better function detection
minor ipv6 build fix for windows
the test suite runs fine with mingw-built curl
the postit2.c example works now
better error message when --interface fails on windows
the progress meter now displays very long times better
CURLINFO_CONTENT_LENGTH_DOWNLOAD with CURLOPT_NOBODY set TRUE now works
passwords longer than 14 letters work with NTLM
'make netware' in the root dir works now
builds fine on VMS again and even nicer than before

Fixed in 7.11.1 - Mar 19 2004

Changes:

CURLOPT_POSTFIELDSIZE_LARGE added to offer POSTs larger than 2GB
CURL_VERSION_LARGEFILE is a feature bit returned by libcurls that feature large file support
libcurl only requires winsock 1.1 on windows now
when doing FTP, curl now sends QUIT before disconnecting
name resolves can now timeout on windows too
$HOME is now recognized better when looking for .netrc files
now re-uses the ares handle when re-using curl handles
SO_BINDTODEVICE is used for network interface binding
configure --disable-manual disables the built-in huge manual from the command line tool
the default Accept: header used in HTTP requests changed
asynch dns lookups now require the c-ares library
curl --socks can be used to set a SOCKS5 proxy to use
response-headers received after a (proxy) CONNECT request are now passed to the header callback just like other headers

Bugfixes:

builds and runs on Novell NetWare
Windows builds now report OS as "i386-pc-win32"
received signals during SSL connect is handled better
improved PUT/POST with NTLM/Digest authentication
following redirects and doing NTLM/Digest (where the first connection gets closed) with the multi interface work better now
file: progress meter and getinfo variables work now
CURLOPT_FRESH_CONNECT and CURLAUTH_NTLM now work when set together
share interface usage without (un)lock functions segfaulted
--limit-rate no longer cripples the --speed-limit feature
fixed verbose output problem with ipv6-enabled re-used connections
fixed the socks5 code to check version in the socks response properly
dns cache bug - fixed the 'inuse' counter
large file fix for Content-Length
better docs for the share interface
several configure fixes for mingw/msys
setting a Host: header is no longer affecting the Host: header used when libcurl follows a Location:
fixed numerous compiler warnings on several operating systems and compilers
PUTing from stdin couldn't disable chunked transfer-encoding
corrected the mingw makefiles
improved the configure libz detection
fixed EPRT/PORT use when doing FTP on ipv6-enabled AIX hosts
*nroff commands that only support -mandoc and not -man are now supported (for the built-in manual text in the command line tool)
fixed the unconditional #include of config.h in hugehelp.c
builds fine on MPE/iX
upload using chunked transfer-encoding now sends the last chunk properly teriminated with an extra CRLF
Fixed the progress meter display for files >2GB
persistant connections over a proxy messed up the proxy name/password
the socks5 code segfaulted if no username/password was set
the *_LARGE options now take curl_off_t types as parameters and this will make it possible to handle large files on windows too
builds with large file support even on systems without strtoll()

Fixed in 7.11.0 - Jan 22 2004

Changes:

allows the URL to be set by a callback when using the multi interface
large file support was added. Use one of the new options: INFILESIZE_LARGE, RESUME_FROM_LARGE and MAXFILESIZE_LARGE
the new --ftp-pasv overrides a previous --ftpport
CURLOPT_FTPSSL and ftps:// now do ssl over FTP "The Right Way" (the curl tool now features the --ftp-ssl option)
The Windows DLLs are built with an added "resource file"
New LIBCURL_VERSION_* defines for easier checking version number
Included Mac OS X 'framework' makefile in the release archive
Removed the TRUE and FALSE #defines from the public curl header file
Added CURLOPT_NETRC_FILE

Bugfixes:

improved config file parsing for options with required parameters
using --trace with a bad file name could crash
release archive contains compressed help text
the win32 password prompting supports backspace
builds natively on AmigaOS (without unix emulation)
ftps:// now uses port 990 by default
the "configure --with-spnego" action was improved
fixed a rare follow-redirect problem
curl-config --feature now outputs AsynchDNS if enabled
occational re-use of freed-memory problem fixed
curl-config --libs now include the ares link directory
configure --enable-ares now accepts a given path
-lz no longer appear twice on the link line
more descriptive error message if the FTP response reader fails
curl-config --feature now shows 'AsynchDNS' when built with ares
VMS build up-to-date and clarified source code
resolve bug caused socks5 to fail
Content-Length: is ignored when getting chunked Transfer-Encoding
POST over proxy to https server failed
improved how libcurl deals with persistant connections over FTP when a transfer fails
accessing a proxy that requires Basic auth without password caused a hang
a free free-twice problem in the server certificate code
minor memory leak when using ranges on persistant connections
formpost parts sending files with .html extensions now use "Content-Type: text/html"
formpost parts now default to "Content-Type: application/octet-stream"
--progress-bar was slightly improved
Failing to connect to localhost, using the multi interface on Solaris showed a connect problem now fixed.
The generated ca-bundle.h file is now generated in the build dir, not the source dir
The FTP-EPSV response parser for the 229 code was fixed
curl finds the user's home dir slightly different and hopefully better on Windows
testcurl.sh can now be used to autotest daily tarballs
a couple of command line options now check that the underlying library actually supports the features before trying to enable them
uninitialized variable fix
better html versions of the man pages

Fixed in 7.10.8 - Nov 1 2003

Changes:

--head now works on file:// URLs too
file: URLs with only one initial slash now works too
RELEASE-NOTES document added to the release archive to summarize the big and visible changes and bugfixes
CURLOPT_MAXFILESIZE was added, and --max-filesize
CURLOPT_PASSWDFUNCTION and CURLOPT_PASSWDDATA are no longer supported
IPv6 is now supported on Windows builds too
CURLOPT_IPRESOLVE lets you select pure IPv6 or IPv4 resolved addresses (curl offers the command line options -4/--ipv4 and -6/--ipv6)
GSS-Negotiate works fine with the MIT kerberos library
SPNEGO support added, if libcurl is built with the FBopenssl libraries, curl_version_info() can return a feature bit for it and curl -V displays SPNEGO as a feature if libcurl is built with it enabled
easy handles added to a multi handle now share DNS cache automaticly
CURLINFO_HTTPAUTH_AVAIL and CURLINFO_PROXYAUTH_AVAIL were added
CURLOPT_FTP_RESPONSE_TIMEOUT was added
NTLM, Digest and GSS-Negotiate authentications also work for HTTPS over proxies
curl supports multiple -T flags to allow serveral uploaded files using a single command line
CURLINFO_RESPONSE_CODE can return the last FTP response code

Bugfixes:

added work-around for a name resolve problem on some glibc versions
a rare ERRORBUFFER single-byte overflow was fixed
HTTP-resuming an already downloaded file works better
builds better on Solaris 8+ with gcc
--disable-eprt works now
improved CA cert verification
--anyauth could bug when the first response had no body contents
double password prompting when doing NTLM fixed
improved performance when used multi-threaded on windows
share-locking during DNS lookups was modified
resume was not possible to switch off properly once enabled
fixed the ipv4 connect code when a DNS entry has multiple IPs
now checks subjectAltNames when matching certs
HTTP POST using read callback works again
builds fine on BeOS now
CURLOPT_COOKIE set to NULL no longer sends the previously set cookie
if an FTP transfer used a bad path, the next transfer could fail too
ares-built libcurl resolves IP-only names properly
changed the curl_lock_function proto to prevent warnings on some compilers
builds fine on QNX 6.2.x now
PUT with --digest works now
--anyauth that picks NTLM and then follows a redirect (and does NTLM again) works now
asynch resolves now work on NT4 too
a DNS cache trash (possible segfault) was fixed
runtests.pl clears all proxy environment variables before the test is run
Microsoft's "Negotiate" authentication is now supported by the existing GSSNEGOTIATE option
A set zero-length proxy name confused libcurl
Digest authentication works again without OpenSSL on 64bit architectures
configure --enable-thread works now
buffer problems in the test suite's web server were fixed
improved proxy password handling
LDAP is again working nicely with the current OpenLDAP
asynch name lookup for non-resolving hosts now return a proper error message
CURLOPT_SSL_VERIFYHOST set to 1 no longer aborts if no CN field is obtainable, it will merely warn about it
name resolve segfault with uClibc fixed
multi interface and multi-part/formpost could end in segfault
curl_multi_info_read() sets the msgs_in_queue to 0 when returning NULL
multi interface, ares and non-resolving host caused a segfault
minor single SSL memory leak fixed
Setting CURLOPT_WRITEFUNCTION or CURLOPT_READFUNCTION to NULL resets them to default

Fixed in 7.10.7 - Aug 15 2003

Changes:

CURLOPT_PROXYAUTH was added to allow different authentication methods on proxies (--proxy-ntlm was added to the curl tool).
--ftp-create-dirs and CURLOPT_FTP_CREATE_MISSING_DIRS were added
optional and still experimetal asynch name resolve support
getting headers-only and no-body from FTP can now reply "Accept-Ranges" if the server seems to suppport REST.

Bugfixes:

fixed a memory leak on re-used connections with proxy-authentication
cookies with no contents are sent off too now
64bit-related bugfix for uploads
file:// URLs with drive letters now work on windows and OS/2
The output numbering (#[num]) on url globbing didn't work due to a bug in curl_msprintf()
FTP persitent download directory re-use problem fixed
cookie parser now only requires two dots in cookie domain
FOLLOWLOCATION (or -L) did not always ignore the redirect page properly
information leak fixed. When proxy authentication is used in a CONNECT request (as used for all SSL connects and otherwise enforced tunnel-thru-proxy requests), the same authentication header was also wrongly sent to the remote host.
the VC++ Makefiles were updated
builds better on VMS
src/hugehelp.c is now distributed uncompressed in the source package
the mkhelp script now compresses properly on DOS/Windows

Fixed in 7.10.6 - Jul 28 2003

Changes:

CURLOPT_SSL_CTX_FUNCTION allows a custom callback for SSL connections
multiple patches lets curl build and run on DOS
libcurl now deals with spaces in Location: redirects and URLifies them
curl --version shows more detailed info
curl_version_info() now returns info on NTLM, GSS-Negotiate and Debug
curl_version() includes "GSS" in the string if built with GSSAPI available
Pick-best-authentication option added (--anyauth, using the CURLOPT_HTTPAUTH set to CURLAUTH_ANY)
NTLM authentication support (--ntlm and CURLAUTH_NTLM)
GSS-Negotiate authentication support (--negotiate and CURLAUTH_GSSNEGOTIATE)
Digest authentication support added (--digest and CURLAUTH_DIGEST)
Allow curl to switch (back to) to Basic authentication (--basic)
libcurl supports name and password in proxy environment variables

Bugfixes:

double slash after the host name on a FTP URL again points out the root dir
obscure and rare DNS cache problem was fixed
multiple FTP connections to the same host with different user names didn't work properly
no more CWD commands without arguments for ftp connections
curl no longer uses setvbuf() due to portability problems
VMS build fixes
the curl tool has the -M manual compressed internally if built with libz
url globbing syntax error could cause segfault
Huge (>40-60KB) GET requests over HTTPS failed.
Content-Length now overrides socket-closed as a means of knowing when the response body is complete.
--progress-bar takes the initial size into account when doing resumed downloads
work around SSL bugs better
libcurl typically issues POST requests with less send() calls
better main makefile
external headers improved portability
Listing FTP directories without contents could leak a socket
Getting HTTP contents in one line without headers failed
bugfixed the socks5-proxy usage (twice)
h_aliases name-lookup rare crash fixed
improved curl -M output
curl_unescape() now only unescapes valid %HH codes

Fixed in 7.10.5 - May 19 2003

Changes:

support for Content-Encoding: gzip was added
test cases modified to include server requirement in each test case file
CURLOPT_FTP_USE_EPRT was added, --disable-eprt with the tool
setting CURLOPT_ENCODING to "" automaticly enables all supported encodings

Bugfixes:

libcurl now calls the progress meter during slow ftp responses as well
a write loop resulting in badly updated progress meter was fixed
non-blocking sockets fix for PORT ftp downloads
CURLOPT_INTERFACE performance fix on Linux
EAGAIN-fix improves HPUX (at least) functionality
configure script fix for the writable argv check and cross-compiles
features more verbose error message when some OpenSSL read errors occur
improved ftp compliance with RFC1738, now performs individual CWD commands for each path part in the URL
cookie overhaul: fixed jarsaving, improved path treatment and stricter cookie receiving, adjusts to Hosts: headers
CURLINFO_CONNECT_TIME works with the multi interface too
curl_easy_setopt() now returns correct error codes
formposting .html files set Content-Type text/html now
curl reports a new huge and verbose error message on CA cert problems
libcurl now returns CURLE_SSL_CACERT on CA cert problems
chunked-transfer deflate downloads work
FTP-server responses to CWD are now more liberally treated
fixed url parsing when '?' is used after the host name without '/'.
curl -I on ftp files outputs the date with correct time zone (GMT)
curl -z now works for FTP files (CURLOPT_TIMECONDITION)
the default DEBUGFUNCTION outputs incoming headers as well
Content-Type extraction did wrong if there was no space after the colon
the MSVC project file was fixed
no longer installs the ca bundle when built --without-ssl
the boundary strings in formposts now look very similar to the ones IE uses
test suite runs on cygwin

Fixed in 7.10.4 - Apr 2 2003

Changes:

the curl tool now "clears" sensitive commands line args
no more emacs local variables in the source files
script for distributed, automatic, multi-platform testing added. Please join up and help us test the bleeding edge curl on various platforms!
the "scratch buffer" is now only allocated when actually needed
removed the strequal and strnequal macros from curl/curl.h
added CURLOPT_UNRESTRICTED_AUTH / --location-trusted

Bugfixes:

"curl -O" only, now outputs an error message accordingly
builds fine on Redhat Linux 9 (configure fix)
the CA cert bundle included a demo cert now removed
changing some attributes between two transfers when re-using a connection did not "take effect" properly
the test suite runs faster and hopefully a bit more reliably
improved configure check for presence of functions, needed for HPUX
the curl tool now makes a correct URL escaping when appending to the URL when using -T and the file name is appended to the URL.
configure --enable-libgcc now explicitly add -lgcc to the linker
better configure checks for headers (since some platforms got nasty warnings output previously)
configure --help looks nicer
data transfer bug on HP-UX systems
improved random seeding for systems without a reliable random source
64bit Sparc compiler warnings removed
a case where a connect failure didn't return an error string
DNS cache problem in AIX 4.3 and later was fixed
a POST-then-GET problem when re-using the same handle in libcurl
extra precaution added for FTP servers returning 0 bytes to SIZE commands
looping issue in the receive function (i.e badly updated progress meter)
Fixed the 'Expect: 100-continue' behavior
CURLOPT_MAXCONNECTS segfault fixed
multi-interface connecting on Windows to non-listening ports fixed
Curl_base64_encode() now encodes zero-bytes too properly
fixed the infamous SSL error:00000000 outputs
zlib build fix in the mingw makefile
don't check for ca cert env variable if --insecure is used
always use strict cert name check unless --insecure is used
content-type extracting fixed
DEBUGFUNCTION could be called with wrong arguments in uploads
ftp downloads could wrongly return CURLE_PARTIAL_FILE in some conditions
the fopen.c example code didn't work
content-type extracting memory leak fixed
curl/multi.h was fixed for C++ compiles
.netrc file scanning for names+passwored fixed
curl-config --cflags works even when include dirs isn't /usr/include
CURLINFO_PRIVATE can return NULL properly

Fixed in 7.10.3 - Jan 14 2003

Changes:

Added CURLOPT_PRIVATE and CURLINFO_PRIVATE
Added CURLOPT_HTTP200ALIASES
Added --create-dirs
libcurl test cases have been added
configure --enable-maintainer-mode was added

Bugfixes:

Transfer-Encoding: chunked for uploads works
Test cases 306 and 402 now run fine
configure script bug related to CONTENT_ENCODING fixed
Borland Makefiles up-to-date
Name resolve fix to correct the 7.10.2-fix!
curl/curl.h now has a more proper extern "C" for C++
CURL_MAX_WRITE_SIZE lowered to 16KB: improves performance on Windows
configure --enable-debug now cuts off -O* options to the compiler
Using multi interface and proxy to non-listening port caused a hang
CURLOPT_USERPWD-imposed memory leak removed
Verbose connect message crash removed
curl-config --cflags
better SSL-reading with no CPU-eating loop left
A base64 decoding bug was fixed (affected kerberos4)
The MSVC++ Makefile for debug targets was improved
Initing the global DNS cache is now done better
"curl -I ftp://domain/non-existing-file" was flawed
fixed wildcard name checks in server certificates

Fixed in 7.10.2 - Nov 18 2002

Changes:

PDF versions of much documentation are included in the tarball
Transfer-Encoding: chunked for uploads are now supported

Bugfixes:

builds fine on MSVC again
CURLOPT_CONNECTTIMEOUT works better
name resolving failed with glibc 2.2.93
libtool build fix for -no-undefined
the follow location code could crash occasionally
multi interface and FOLLOWLOCATION didn't work properly
curl -j (CURLOPT_COOKIESESSION) didn't work properly
config file parser could crash on the presense of CRLF newlines
downloading HTTP without headers sometimes corrupted the data
connecting to a bad port number with the multi interface did wrong

Fixed in 7.10.1 - Oct 11 2002

Changes:

configure --without-zlib explicitly disables zlib in builds

Bugfixes:

junk data could get inserted when saving HTTP headers
telnet connections timeout properly
make install when built outside source tree works again
FOLLOW_LOCATION works for the multi interface too
HTTP Location following now deals with ./ and ../ cases
The OpenSSL ENGINE check was improved in the configure script

Fixed in 7.10 - Oct 1 2002

Changes:

curl -x "" now disables proxy-usage completely
The libcurl and thus the curl version string too are modified slightly
added curl_version_info() for various runtime version info
added curl_free() that allows freeing data libcurl malloced()
CURLOPT_ENCODING added, supports decompression of compressed downloaded data This is used with 'curl --compressed'. This feature uses the libz library, if present.
MIT-licensed only, no dual-stuff. That is history. Old. Gone. Forgotten.
libcurl does peer certificate verification by default. This needs to be disabled if you need to talk to SSL servers in an insecure way! (curl -k does this). See further details in the UPGRADE document.
SOCKS5-proxy support was added (somewhat flawed, see CHANGES for details)
More SSL error codes was added
CURLOPT_NOSIGNAL was added for multi-threaded programs to use
--limit-rate is now supported
CURLOPT_BUFFERSIZE sets a desired read buffer size
The FTP PORT command uses a better default IP address

Bugfixes:

transfer after a failed connect when using the multi interface
headerless HTTP downloads
"-C -" on multiple file downloads
resume on file:// downloads
memory leak in libcurl on repeated resume http downloads
crashes on 64bit machines solved
IPv6 IP-address only URLs sent bad Host: headers
--silent is more silent when doing URL globbing fetches
*multi_perform() now returns control properly when waiting for connect
curl_formadd man page was corrected
curl_escape() and curl_unescape() no longer deals with '+'
improved performance on persistent transfers on windows
no longer closes ftp connections unncessarily often
-N works again
the windows DLL now builds with the multi interface enabled
the internal password prompt now uses stderr instead of stdout
minor cookie parsing bug when no space came after the header colon
better #ifdef conditions in the global curl header files
the curl tool didn't allow POST of zero contents
literal RFC2732-style IPv6 addresses didn't work

Fixed in 7.9.8 - Jun 13 2002

Changes:

curl_formadd() can do file upload parts from buffer
libcurl can be built with specific protocols disabled
should build nicely with modified OpenSSL 0.9.7 API
win32 timers now use higher resolution
CURLOPT_CAPATH was added (--capath on the command line)
CURLOPT_NETRC now supports optional or required netrc mode
curl_formadd() now returns a CURLFORMcode type, not a plain int.

Bugfixes:

name resolves can now time-out properly (on unix-like systems)
an empty connect failure error message was filled in
when curl_easy_perform() failed on an ftp transfer, it could leak a socket
a curl_multi_remove_handle() crash was removed
windows versions will no longer complain on "weak seeding"
64bit architectures could crash in the resolve code
CURLINFO_REQUEST_SIZE now works as documented
CURLINFO_REDIRECT_TIME returns a correct time now
getting an empty FTP file does not cause an error anymore
curl_multi_perform() works without curl_multi_fdset()
re-using a connection over a proxy could do bad Host: headers
CURLOPT_POST with a "" string could lead to a crash.
better certificate loading
Name resolve crash on platforms without *_r() functions removed
minor compiler problems on FreeBSD fixed

Fixed in 7.9.7 - May 10 2002

Changes:

CURLOPT_COOKIESESSION (-j with the client) starts a new cookie session
--trace or --trace-ascii dump a full network/debug dump to a given file
Added: curl_multi_info_read() is now implemented as documented
Added CURLINFO_REDIRECT_TIME and CURLINFO_REDIRECT_COUNT

Bugfixes:

CURLOPT_DEBUGFUNCTION gets called as documented
-D with multiple URLs will append all headers in the same file
multi interface transfers work better
multiple transfers reset download counters better in between
Pruning now prevents the DNS cache from growing out of proportions
no_proxy didn't work when URL contained port numbers
--interface didn't work for IPv6 enabled libcurls
the TIMECOND defines are now using CURL_ prefixes
Now uses less memory for name resolves on most operating systems
pack_hostent works with 64 bit pointers
Prunes old DNS cache entries
HTTP 301 response after a POST now treated differently
rfc1867-formposting a non-existent file now causes a failure

Fixed in 7.9.6 - Apr 14 2002

Changes:

Added CURLOPT_DEBUGFUNCTION
Added multi interface man pages, examples and public header files.
All CURLFORM_* options can now be given in an array
Added: -F supports filename= (using the new CURLFORM_FILENAME)

Bugfixes:

libcurl skips preceeding white spaces in cookie contents
CURLINFO_CONNECT_TIME is now set even when connect fails
-x didn't use the documented default port
RISC OS version now offers --environment
HTTP/1.0 304-replies are dealt with better
.curlrc is read from current directory if HOME isn't set
The include file curl/curl.h compiles on pre-ISO compilers
getting http headers-only could "hang" during 1 second extra
verbose passive ftp transfers on AIX could crash
improved re-use of dead proxy connections
binary HTTP POSTs on Windows did not work (client-code problem)
CRLF replacing in uploads was not working
-G and -d work together again
using verbose when doing ftp passive transfers could core dump
IPv6 name lookups work again
HTTP POST with data passed in with the read callback now works
curl -O segfault
--progress-bar
Bugfixed a missing newline after --progress-bar output

Fixed in 7.9.5 - Mar 7 2002

Changes:

Added CURLOPT_PREQUOTE
-w now supports %{content_type}

Bugfixes:

fixed the client-side backslash treatment in URLs
Mofied the file hierarchy in the archive somewhat
fixed the dowloaded header size counter
fixed the cookie parser
Replaced the former test HTTP server with a new one written in C
fixed the total time counter that could end up blank at times
Minor portability changes
Tweaked name resolves with getaddrinfo() to run faster on Linux
fixed big HTTP requests (such as big POSTs)
fixed connection timeouts
fixed Host: lines on multiple requests over proxy
fixed 64bit archtitecture builds.
fixed Expect: header disabling
Improved the Windows makefiles and install documentation
fixed multipart formposts
fixed CURLINFO_CONTENT_TYPE
fixed another SSL download problem

Fixed in 7.9.4 - Mar 4 2002

Changes:

Introduced CURLINFO_CONTENT_TYPE
CURLOPT_CUSTOMREQUEST can now be used with CURLOPT_POSTFIELDS

Bugfixes:

Improved the gethostbyname_r configure check for HP-UX 11.00
Bugfixed the DNS cache
Bugfixed SSL download (due to the non-blocking sockets)
Only seed SSL once for a program's life time
IPv4-only Linux machines could crash on name resolves
curl_getdate() is now fully reentrant
The header length counter is now reset in each curl_easy_perform()
Normal HTTP POSTs no longer append an extra set of CRLF
Location: following on persistant connections work
No longer installs the multi examples on make install.

Fixed in 7.9.3 - Jan 23 2002

Changes:

introduced a DNS lookup cache
OpenSSL ENGINE support (read CHANGES for full details)
CURLFORM_CONTENTHEADER let's you add headers in form posts

Bugfixes:

fixed multipart formposts with non-existing files
builds with OpenSSL versions prior to 0.9.5 again
SSL session cache crashed when filled
improved timeouts with HTTPS
bugfixed the cookie engine and parser
HTTP code 204 is now treated properly
libcurl now provides the FTP response lines to the header callback
64bit-architecture fixes
bugfixed using proxy specified in an environment variable
made libcurl support FTP operations without any transfer
error messages are now stored without newlines
-T file names get the path stripped before used remotely
minor compiling problems fixed for some platforms

Fixed in 7.9.2 - Dec 5 2001

Changes:

--disable-epsv is a new option to the curl command line tool
added CURLOPT_FTP_USE_EPSV
added CURLINFO_STARTTRANSFER_TIME
added the -1/--TLSv1 option

Bugfixes:

compiles and builds on the good old Mac OS (in addition to Mac OS X)
bugfixed persistant connections over proxy with multiple protocols
bugfixed verbose ftp output on Tru64 unix
passive ftp download works with IPv6
always return proper error code on failed connects
bugfixed FTP response reader
bugfixed verbose telnet
bugfixed conditional HTTP fetches based on time
multiple calls to curl_global_init() is now treated better
bugfixed multiple ftp requests
made -p/--proxytunnel work for plain HTTP as well
"current speed" progress meter bugfix
improved the name resolver configure check
libcurl now restores signal handlers and timeouts properly
improved SSL over HTTP-proxy when using weird proxies(!)
bugfixed LDAP transfers

Fixed in 7.9.1 - Nov 4 2001

Changes:

CURLE_GOT_NOTHING is a new possible error code
-0/--http1.0 can now be used to set HTTP 1.0 operations
'curl' no longer uses curl_formparse()
non-blocking connects

Bugfixes:

much better connection re-use validity check
bugfixed connection re-use for FTP urls containing name and password
LDAP transfers no longer "hang"
a memory leak in the cookie engine was removed
curl_easy_duphandle() now duplicates cookie parser status too
--fail now only returns error if HTTP code is >= 400
a possible memory leak when a transfer failed was removed
builds better in cygwin
"current speed" meter more accurate
-c without -b saves the cookies now
bugfixed libcurl for "thread-hopping" on Windows
removed memory leak in IPv6-enabled libcurl
bugfixed curl_formadd()
bugfixed CURLINFO_FILETIME
bugfixed cookiejar

Fixed in 7.9 - Sep 23 2001

Changes:

-R sets the timestamp of a downloaded file to the same as the remote file
-c writes all cookies to a specified file (based on the new libcurl option CURLOPT_COOKIEJAR)
SSL session ID caching is being done for multiple requests to the same hosts
displays certificate expire date with SSL and verbose output
curl_formadd() is a new function to replace the now deprecated curl_formparse() one, for building rfc1867 form posts.
release archive now includes all docs as HTML pages too

Bugfixes:

now properly returns an error code when connection to an SSL server with a non-legitimate certificate.
CURLOPT_COOKIEFILE can now be specified any number of times
fixed portability issue in the SSL code
-G improvements, now works with -I and on URLs including question mark.
various windows compile, build and makefile fixes
multiple curl_easy_perform() invokes when a previous invoke followed a Location: could lead to a crash
rfc1867-posts are now done including the Expect: 100-continue header.
flushes the progress meter stream to improve look on windows
fixed the configure script --with-ssl problem

Fixed in 7.8.1 - Aug 20 2001

Changes:

added CURLOPT_HTTPGET

Bugfixes:

the configure script now sets up socklen_t properly
added the -G option that converts -d posts to use GET requests
bugfix: CURLOPT_POST without postfields caused libcurl crash
bugfixed the URL parser for IPv6 IP addresses (RFC 2732)
corrected some minor size_t mixups in the code
rfc1867-style form posts no longer has any size-limit
bugfixed the redirected stderr feature
more test cases added
libcurl now verifies the CN name of server certificates when SSLing
curl -E supports file names with driver letters now on windows
curl-config --libs now includes the path to the installed libcurl
file:// with "relative" paths now work like other tools/libs
curl builds under RISC OS and OpenVMS now
libcurl groks the NCSA httpd 1.5.x weirdo (non-standard) replies
curl_escape() no longer tries to skip already encoded data
progress callback minor bugfix
bugfixed the main transfer select() loop!
corrected FTP range downloads
better treatment of cut off FTP transfers
corrected the libcurl shared library version number
improved configure --with-ssl handling
multiple file download with resume works better
formpost with field names containing space works now
the ftp tests now run OK on IPv6 enabled hosts
verifying certificates bugfixed

Fixed in 7.8 - Jun 7 2001

Changes:

'curl-config --vernum' shows version number as a hexadecimal number
libcurl's got two new functions (for global init/cleanup)

Bugfixes:

SSL memory leak fixed
new file format for the tests in the test suite
netscape/mozilla cookie file parser bugfix
everything is now built with autoconf 2.50, libtool 1.4 and automake 1.4-p1
libcurl's own version of 'strlcat' no longer pollutes the name space
libcurl now treats an already completed resumed download as a successful operation, and not as an error like before
https and ftps test cases added to the test suite (depend on stunnel)
better white space awareness when parsing HTTP headers
curl -I now plays ball even if the ftp server doesn't grok SIZE
corrected resumed transfers on re-used persistent connections
FTP PORT works again when libcurl is IPv6-enabled
corrected path usage when doing multiple FTP transfers
several Location: header related bugs corrected

Fixed in 7.7.3 - May 4 2001

Bugfixes:

we've discovered that TELNET does not work under win32
HTTP Content-Length: 0 works better
HTTP 304-replies are better treated
persistent connections with mixed chunked and non-chunked transfers work now
connection re-use for non-proxy connections on non-default ports work
corrected the OpenSSL version string output

Fixed in 7.7.2 - Apr 22 2001

Changes:

'curl-config' was added to help applications use libcurl
A Tcl interface has been written
A Java interface has been written
A Ruby interface was announced

Bugfixes:

The Perl interface is improved a lot
Fixed download resumes on persistent connections
connection timeouts work in windows
HTTP_PROXY in uppercase is no longer used
curl_escape() with a 0 length argument works now
the MSVC projects files were updated
the Borland makefiles were updated
displays OpenSSL 0.9.6a properly in the version string
The Host: headers could get wrong on persistent connections

Fixed in 7.7.1 - Apr 3 2001

Bugfixes:

location:-fix
two crash reasons removed
ftps:// support added
the perl interface corrected to work with 7.7
bugfixed the HTTP/1.0 persistent connection support
Passing a read-only URL to libcurl could make it crash on http redirects
HEAD responses are now always headers-only
curl could re-use connections a little too much
different treatment of HTTP error 302
following http redirects on persistent connections could reach the maxredirs amount accidentally
curl_escape() don't re-encode already encoded letters anymore

Fixed in 7.7 - Mar 22 2001

Changes:

supports HTTP proxy with IPv6
curl_escape and curl_unescape are now part of the official libcurl interface
libcurl speaks HTTP/1.1 lingo now
persistent connection support

Bugfixes:

the .netrc parser finds the home directory better
fixed a crash that could happen with redirects and authentication
improved random seeding for SSL connections
improved TELNET functionality

Fixed in 7.6.1 - Feb 9 2001

Changes:

partial IPv6 support (HTTP without proxy and only "active" FTP so far)
two new options to curl_easy_getinfo() for file sizes were added

Bugfixes:

following Location: when using Range: requests work
telnet works again (7.6 crashed)
Corrected the HTTP PUT resume
Better Location: and HTTP return code (3xx) treatment
Resumed transfer status is displayed in progress meter (though simple)
HTTP download resume again complains if Range isn't supported

Fixed in 7.6 - Jan 26 2001

Changes:

-g/--globoff was added to disable the URL globbing
command line options can be written "merged" -ofile equals -o file
initial but still basic IPv6 adjustments

Bugfixes:

fixed 'total time' counter to be more accurate
possible SSL-read problem fixed (which could make curl return empty HTML)
no length restrictions on URLs anywhere in the libcurl code
supports building outside the source-tree
includes make-target for 'automatic' RPM package creation
added multiple URL support on the command line
krb4-ftp fixed
massive symbol renaming of libcurl internals to decrease name pollution

Fixed in 7.5.2 - Jan 4 2001

Changes:

new licensing, MPL or MIT/X

Bugfixes:

updated man page
FTP commands are now sent in single write()s
removed a file descriptor leak when doing PORT ftp
improved quote command error checks (FTP)
misaligned free() crash removed (patch)

Fixed in 7.5.1 - Dec 11 2000

Changes:

added Borland makefiles

Bugfixes:

portability fixes for SCO and HPUX
using an -o file name that is longer than the URL works (patch)
multiple URLs and -o or -O works better! (patch)

Fixed in 7.5 - Dec 1 2000

Changes:

new --max-redirs option and corrresponding CURLOPT_MAXREDIRS libcurl option.
libcurl now supports getting the time of a remote file
--head on a ftp file shows the modification time if available
--cacert lets you specify a CA certificate to verify peer certificates against when doing HTTPS connections
curl_formfree() added to libcurl
added --url to allow URLs to be specified easier in the config file

Bugfixes:

the shared libcurl library gets a proper version number now
the MSVC++ makefiles are updated to work
the test suite is much extened and enhanced
supports any URL lengths
ftp CWD could use wrong directory name (with trailing slash)
ftp transfer failure could leak memory
curl_unescape() could return a too long string
deals with lowercase environment variables for proxy settings
corrected spelling in a few error messages
memory leaks removed
improved config file parser
config file parser crash fixed
§ in HTTP usernames or passwords made bad authorization headers.

Fixed in 7.4.2 - Nov 15 2000

Changes:

an initial attempt to make a test suite is included
binary/custom package information is added
possibility to verify the peer's certificate for HTTPS connections (libcurl)

Bugfixes:

configure now attempts to find openssl libs better
the Host: port number could be wrong on HTTPS requests
-T and -o can be used on the same command line (bugfix)
file:// bugfix (free() twice)
ftp --head now sets type first, as some servers report different sizes for different types
ftp upload resume could hang if the whole file was already uploaded
another cookie parser fix
added possibilty to replace the internal 'enter password' function (libcurl)
encoded username/password in URL is now supported
username in http-URL bugfix
fixed the timers when location: headers were followed
timeouts are now working as supposed (under unix)!
the interactive password input on win32 no longer echoes the password
config file parser bugfix
multiple -d options are now concatenated
the memory debug system compiles on more systems
passwords specified with -u can now properly contain @!
The Host: header no longer sets port number for default ports (HTTP) (as suggested)
-Y/-y bug fix (bug report)
more informative error message when https has not been built-in

Fixed in 7.4.1 - Oct 16 2000

Bugfixes:

Corrected the makefiles in the release archive!

Fixed in 7.4 - Oct 16 2000

Bugfixes:

possible buffer overflow by an evil ftp server fixed
removed typedef bool from the public include file
more PHP-friendly multi-part posts (no more Content-Transfer-Encoding header)
FTP forced ASCII transfers fixed
memory leaks removed
the --longoption parser was corrected
HTTP download resume bugfix
more information available with -w and curl_easy_getinfo()
the HTTP request is now sent in one shot (single write())
-w stuff moved out from the libcurl, the information is now served with the new library function curl_easy_getinfo()
uploading with curl uses a smaller buffer to start with, to make a better progress meter

Fixed in 7.3 - Sep 28 2000

Changes:

--proxytunnel, non-HTTP tunneled through a http proxy is added
--interface allows you to specify outgoing interface
--krb4 enables kerberos for ftp transfers

Bugfixes:

file:// was fixed
cookie parser bugfixed
OpenSSL 0.9.6 usage fixed
multiple downloaded files bugfix
more resolver fixes

Fixed in 7.2.1 - Aug 31 2000

Bugfixes:

Linux name resolve check in the configure script is fixed
-I on ftp was fixed
ftp files with + in the file name was corrected.

Fixed in 7.2 - Aug 30 2000

Changes:

--data-binary was added to allow fully binary -d style posts.

Bugfixes:

Name resolving problems fixed for AIX, HPUX, Digital Unix/Tru64...
Updated the VC++ makefile

Fixed in 7.1.1 - Aug 21 2000

Bugfixes:

No user but password in a URL is now working properly
curl now allows replacing of the Content-Type: and Content-Length: headers when doing -d posts
fixed a name resolving problem that appeared at times
rearranged the gethostbyname_r() configure test
-w did not do well when used with multiple URLs

Fixed in 7.1 - Aug 7 2000

Changes:

CURLOPT_PROXYPORT added to curl_easy_setopt() in the lib
Now features an 'auto referer' so that curl can set the "correct" referer when following location:
removed CURLOPT_PROGRESSMODE from the lib
libcurl offers a progress meter callback
Lots of symbol renamings in the libcurl public stuff.

Bugfixes:

builds libcurl as a shared library with libtool
JavaWebServer's incorrect Content-Range headers are supported
localtime_r() is now used if available instead of localtime()
'make install' installs the include files properly
Replacing an internal HTTP header with one that has no content removes the header
user+password is now restricted and sent only to the first host when Location: is followed to another host
FTP command response reading now times out properly, even on win32
rfc1867 form-posting was extended for use with large text posts
FTP transfering (converted) ASCII could make curl wrongly believe the transfer was only partial, there is no way can tell the expected size of a file downloaded in FTP ASCII
various manual corrections
FTP transfers now accept 250 as well as 226 as a positive end-of-transfer result
The configure check for requiring the nsl and socket lib at once was re-added
Host: was not displaying the port number as supposed on non-standard ports
HTTPS connection failures could slip through and make curl attempt reading at a dead socket
Using -F, -I or -d in any weird mix now causes the curl client to alert
FTP PORT command bug fixed
HTTP POST and then following Location: now causes all except the first requests to become GET.
win32 now sends data binary to stdout unless -B / --use-ascii is specified
added a README.win32 file
Custom headers when doing location: works again
libcurl is much more threadsafe
Many portability issues have been smoothened out
The FTP range support were buggy and is now corrected
Major re-organisation of all library internals to allow for a new library interface.
A buffer overflow (with URLs larger than 4096 characters) was fixed
The FTP sessions are slightly modified and now they're using CWD to change to the directory where the operation is requested.
FTP URLs are now treated more like the RFC specifies (minor change)
now sends user agent string when talking ftp through a http proxy
made the progress meter nicer for sizes between 10 and 100 megabytes
no longer checks for install twice in the configure script
improved win32 headers for VC++ compiling
minor fix when using libcurl in a multi-threaded program
the OS/2 port was slightly adjusted
location following through a http proxy on a specified non-default port didn't work
location following to an absolute URL on a different port didn't work

Fixed in 6.5.2 - Mar 21 2000

Bugfixes:

corrected the -D mockup that caused 6.5.1 to crash

Fixed in 6.5.1 - Mar 20 2000

Bugfixes:

curl_unescape() buffer overrun removed
-w 'http_code' works!
OS/2 port
adjusted to compile smoothly with MS VC++
-D/--dump-header now only writes the file when needed, and not before

Fixed in 6.5 - Mar 13 2000

Changes:

-N now disables output buffering
the new -w/--write-out allows for script writers to specify what curl should output after a successful request

Bugfixes:

now sends cookies space separated
Corrected OpenSSL 0.9.5 compliance problems
the perl scripts are moved out from the distribution
Ultrix port
-K config files no longer have a max line length
new progress meter to better show both upload and download
MacOS X port
upload and download now performs simultaneously in case of need. This will make posting of big forms that are "echoed back" to finally work.
the cookie parser shouldn't crash on empty cookie names, nor should it send empty cookies to the server anymore.
-b now supports both @[filename] and @- for stdin
unlimited line lengths in the config file
Compiles on sunos4 again
Corrected the removed possibility to chose the progress bar
Made the max display width with progress bar 79 when the COLUMNS variable isn't set.

Fixed in 6.4 - Jan 17 2000

Changes:

Ability to run --quote commands after ftp transfers now, as well as before

Bugfixes:

Improved progress meter
Getting files with URL syntax codes (%-stuff) from a ftp server was not dealt with nicely
-b corrupted the cookie header lines when they were read off a server
Cleaned up the interface between the lib and the curl tool.
Made the -X's long option change name to --request and now you can specify full request command for ftp listings (like "LIST -l").
Improved the --stderr workings for win32.
BeOS port by Lars J. Aas!

Fixed in 6.3.1 - Nov 23 1999

Bugfixes:

posting an empty variable with -F, like "name=" did cause curl to hang
when the download from a http server gets cut off curl now warns about it
better error checks when fwrite()ing the output
minor fix that may correct the amiga-port problem
A lethal cookie bug was fixed.

Fixed in 6.3 - Nov 10 1999

Changes:

-b/--cookie is now capable of parsing and understanding the cookies saved in a netscape cookie file. This is useful when you want your script to better inherit the properties of your previous browser session.
-H/--header now is capable of replacing internal headers. If you add a header that would've been used internally, the added will be used instead.

Bugfixes:

-z (date-dependent HTTP fetches) now works better since we're doing a date comparison in the client as well.
Corrected several mistakes in the man page.
-I now works for ftp-files too. It merely shows the file size now.
Simple range support added for ftp downloads.
Following location: in a https:// header could lead to a crash.

Fixed in 6.2 - Oct 21 1999

Changes:

--stderr now supports redirecting the stderr stream to stdout or a file now. This is mainly for victims of Windows.
the configure script understands --without-ssl now!

Bugfixes:

another bug in loction: following with proxies when the protocol part isn't specified was fixed
fixed the lib Makefile to not include getpass twice when linking
removed core-dump due to bad free after download was complete in src/main.c
removed double text output when ftp-downloading
config.guess recognizes Mac OS X
HTTP headers are now parsed case insensitive!

Fixed in 6.1 - Oct 17 1999

Bugfixes:

zlib proved not to be as easy to add as I had anticipated. I'll keep it on hold for now.
moved the libcurl include files into a subdir named curl
#include zlib.h fixes
adjusted the maketgz script to reduce reruns of the configure when building

Fixed in 6.1 beta

Bugfixes:

-d now can get data from a file or stdin
HTTP: "Accept-Encoding: gzip,compress,deflate" - experiments
Misc: Multiple URL download capacity
HTTP: Made the -F form posting accept files from stdin as well.

Fixed in 6.0 - Sep 13 1999

Changes:

ldap:// with openldap
file:// works, for unix and win32

Bugfixes:

cookie matching when using HTTP proxy
better cookie sending (single line)
QUOT fix for ftp
ftp upload through http proxy is now allowed using HTTP PUT
improved configure openssl path specifier
enabled "custom" http requests (like DELETE or TRACE)

Earlier changes elsewhere

Page updated December 8, 2009.
web site info

File upload with ASP.NET