Tueddelmors 3h ago

Wusstet ihr, dass `curl` dieses Jahr 26 wird? 🎂 Das Tool läuft auf schätzungsweise 10 Milliarden Geräten – von Kühlschränken bis zur ISS. Und Daniel Stenberg pflegt es immer noch hauptberuflich als Ein-Personen-Projekt. Open Source auf höchstem Level, fast unsichtbar, absolut unverzichtbar. 🛰️

#OpenSource #curl #Linux #Technik #SoftwareEngineering

openSUSE Linux12h ago
Security was a big theme for #Tumbleweed in March. Major #CVE fixes across #FreeRDP, #curl, libsoup2, the #Linux kernel, and a massive sweep of #ImageMagick and #GraphicsMagick patches. Update now! #openSUSE 🔒 https://news.opensuse.org/2026/04/02/tw-monthly-update-march/
Tumbleweed Monthly Update - March 2026

There were several software package updates for openSUSE Tumbleweed during March. Tumbleweed saw three Plasma 6.6 updates bringing progressive bugfixes to KW...

openSUSE News
Show threadgoedelchen13h ago

@n_dimension @bagder first you change your tone.

Then please explain which part of "If your Open Source project sees a steep increase in number of high quality security reports (mostly done with AI) right now (#curl, Linux kernel, glibc confirmed) please tell me the name of this project. " you don't understand resp. where do you see something indicating not wanting machine generated reports.

daniel:// stenberg://17h ago
#curl is git cloned every second second
daniel:// stenberg://1d ago

RFC 9421 HTTP Message Signatures support in #curl maybe?

https://github.com/curl/curl/pull/21239

kpcyrd 🏴1d ago

I pushed curl-rustls-8.19.0-3-x86_64.pkg.tar.zst to Arch Linux, with this version it's now possible to encrypt the TLS client hello:

curl-rustls -sSv --ech hard --doh-url='https://dns.mullvad.net/dns-query' 'https://defo.ie/ech-check.php'

Should display:

<p>SSL_ECH_OUTER_SNI: cover.defo.ie <br />
SSL_ECH_INNER_SNI: defo.ie <br />

The --doh-url is mandatory, otherwise curl won't query the `https` dns records (dig +short https defo.ie).

For opportunistic ECH use `--ech true`.

#archlinux #curl #ech

daniel:// stenberg://1d ago

Seven years ago we ditched HTTP Pipelining support in #curl.

https://daniel.haxx.se/blog/2019/04/06/curl-says-bye-bye-to-pipelining/

curl says bye bye to pipelining

HTTP/1.1 Pipelining is the protocol feature where the client sends off a second HTTP/1.1 request already before the answer to the previous request has arrived (completely) from the server. It is defined in the original HTTP/1.1 spec and is a way to avoid waiting times. To reduce latency. HTTP/1.1 Pipelining was badly supported by curl … Continue reading curl says bye bye to pipelining →

daniel.haxx.se
daniel:// stenberg://2d ago

There is virtually **no** AI slop security reports anymore submitted about #curl. They don't seem to happen any longer.

Almost everyone still uses AI though.

daniel:// stenberg://2d ago
Hackerone submissions to #curl per quarter, Jan 1st 2023 to end of March 2026.
daniel:// stenberg://2d ago

We have received more security reports against #curl in 2026 so far than we did during the entire year back in 2024.

During the first three months we have received twice the amount of reports/week as we did last year.