| website | https://daniel.haxx.se/ |
| github | https://github.com/bagder |
| GPG key : 27ED EAF2 2F3A BCEB 50DB 9A12 5CC9 08FD B71E 12C2 | https://daniel.haxx.se/mykey.asc |
Security Policy of @octoprint overhauled with expected report contents, clearer response & mitigation timeline and some more clarification on expected AI disclosure.
Also: Announcement of participation in Summer of Bliss.
https://octoprint.org/security/
cc @bagder
With #curl 8.21.0 out the door, we count a total of eleven curl CVEs found by AISLE so far (starting last autumn). Six of the eighteen ones in the last batch.
Thanks!
curl 8.21.0 with Daniel Stenberg
The coolest wall of text in curl is this:
At least 3731 persons have provided code, feedback, advice etc that have improved curl
CVE-2026-8932 is the oldest #curl vulnerability reported so far. 25.25 years old. Shipped in releases since curl version 7.7, released on March 22 2001
Still rather benign and it probably hurt about three users, at most.
#curl 8.21.0 is 180,656 lines of code
582 authors have their names on at least one line of production code when git blamed.
892 lines of code still remain last touched before the year 2000
The curl.1 man page is now at 7257 lines.
The original hackerone reports for all these new vulnerabilities are about to get disclosed as well over the next few days.
You should be able to track and see our work on every security issue from the start to the end.
Gina Häußge
vsz