curl 8.9.0
cURL version 8.9.0 was released on July 24, 2024, featuring 11 changes, 260 bug fixes, and addressing two security vulnerabilities, while introducing new options and enhancing performance for TLS connections.
Read original article
cURL version 8.9.0 was released on July 24, 2024, marking the 258th release with significant updates. This version includes 11 changes, 260 bug fixes, and 423 commits. Notably, it introduces one new option for curl_easy_setopt() and four new command line options. The release addresses two security vulnerabilities: CVE-2024-6197, which involves a stack buffer issue in the ASN.1 parser, and CVE-2024-6874, related to a buffer overread in the macidn IDN backend. New features include options for setting IP Type of Service, enabling Multipath TCP, and specifying VLAN priority. Additionally, the release enhances CA caching support for gnutls and wolfssl, improving performance for TLS connections. The URL API has been updated to include CURLU_NO_GUESS_SCHEME, and several bug fixes have been implemented, including improvements to the handling of DoH, memory leaks, and compatibility with OpenSSL. The next release, 8.10.0, is anticipated on September 11, 2024, following a shortened feature window due to the extended release cycle of 8.9.0. The release presentation for curl 8.9.0 will be live-streamed, with a recorded video available afterward. Overall, this update reflects ongoing efforts to enhance functionality and security within the cURL and libcurl projects.
Related
OpenSSL CVE-2024-5535: `SSL_select_next_proto` buffer overread
A bug, CVE-2024-5535, in OpenSSL since 2011 allows heap data leakage. Impacts Python <= 3.9, Node.js <= 9. NPN support removal in newer versions reduces risk. Bug affects SSL_select_next_proto in OpenSSL, BoringSSL, LibreSSL. Memory safety risks demand caution and updates.
OpenSSH Race condition resulting in potential remote code execution
OpenSSH 9.8, released on July 1, 2024, addresses critical security issues like ObscureKeystrokeTiming vulnerabilities in sshd(8) and ssh(1), plans to deprecate DSA support, and introduces penalties for failed authentications. Various improvements included.
Wcurl: a curl wrapper to download files
Samuel Henrique introduces "wcurl," a wrapper for curl simplifying file downloads via the terminal. It offers default settings for common use cases, aiming to ease file downloads without complex curl parameters. Available in Debian unstable since July 2, 2024, with plans for wider distribution.
What's New in MySQL 9.0
Oracle released MySQL 9.0 with new features like Vector datatype and JavaScript Stored Programs. It removes SHA-1 for security and plans regular updates for improved functionalities and security. Users should update regularly.
GNU C Library version 2.40 fixes 5 CVEs
The GNU C Library version 2.40 emphasizes portability, performance, and standards compliance. Updates include GCC 14.1 support, new function families, security enhancements, and improvements for 32-bit architectures. Users can find release notes and contributors on the GNU C Library webpage.
0 commentsRelated
OpenSSL CVE-2024-5535: `SSL_select_next_proto` buffer overread
A bug, CVE-2024-5535, in OpenSSL since 2011 allows heap data leakage. Impacts Python <= 3.9, Node.js <= 9. NPN support removal in newer versions reduces risk. Bug affects SSL_select_next_proto in OpenSSL, BoringSSL, LibreSSL. Memory safety risks demand caution and updates.
OpenSSH Race condition resulting in potential remote code execution
OpenSSH 9.8, released on July 1, 2024, addresses critical security issues like ObscureKeystrokeTiming vulnerabilities in sshd(8) and ssh(1), plans to deprecate DSA support, and introduces penalties for failed authentications. Various improvements included.
Wcurl: a curl wrapper to download files
Samuel Henrique introduces "wcurl," a wrapper for curl simplifying file downloads via the terminal. It offers default settings for common use cases, aiming to ease file downloads without complex curl parameters. Available in Debian unstable since July 2, 2024, with plans for wider distribution.
What's New in MySQL 9.0
Oracle released MySQL 9.0 with new features like Vector datatype and JavaScript Stored Programs. It removes SHA-1 for security and plans regular updates for improved functionalities and security. Users should update regularly.
GNU C Library version 2.40 fixes 5 CVEs
The GNU C Library version 2.40 emphasizes portability, performance, and standards compliance. Updates include GCC 14.1 support, new function families, security enhancements, and improvements for 32-bit architectures. Users can find release notes and contributors on the GNU C Library webpage.