Pinned toot

"I will slaughter you" - some emails penetrate even my thick open source maintainer skin. Like this threat.
daniel.haxx.se/blog/2021/02/19

curl --fail-with-body is here daniel.haxx.se/blog/2021/02/11 - the 238th command line option might just be the one you've looked for!

curl supports rustls daniel.haxx.se/blog/2021/02/09 - say hello to curl's 14th supported TLS library and join in and help us improve it!

What if GitHub is the devil? daniel.haxx.se/blog/2021/01/28 - tldr: if they shut down or go bad it'd be annoying but not lethal for the curl project

More on less curl memory daniel.haxx.se/blog/2021/01/21 - curl now uses a mere 30K of dynamic memory for downloading a large HTTP file,
plus the size of the download buffer.

bye bye svn.haxx.se daniel.haxx.se/blog/2021/01/20 - After having run the unofficial svn mail archive for twenty years, I've handed it over to the Apache people.

Food on the table while giving away code daniel.haxx.se/blog/2021/01/15
I’m living the open source dream, working full time on the project I created myself: curl. But it's not entirely easy.

RT @bagder
I think Cloudflare's blog has the best explanation and illustrations for the curl timing options: blog.cloudflare.com/a-question

CVE-2020-8286: This flaw would allow an attacker, who perhaps could have breached a TLS server, to provide a fraudulent OCSP stapling response that would appear fine to curl. Possibly avoiding for example a revoked cert to be detected. curl.se/docs/CVE-2020-8286.htm

Show thread

CVE-2020-8285: A malicious server can DOS a libcurl-using application that uses FTP wildcard matching and that skips certain entries, by providing as skipped entries until libcurl overflows the stack due to recursive calls. curl.se/docs/CVE-2020-8285.htm

Show thread

CVE-2020-8284: A malicious server can use a `PASV` response to trick curl into connecting to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed. curl.se/docs/CVE-2020-8284.htm

Show thread
Show older
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!