The utility for receiving and sending data over the curl network is 25 years old. In honor of this event, a new significant cURL 8.0 branch has been formed. The first release of the last branch of curl 7.x was formed in 2000 and since then the code base has increased from 17 to 155 thousand lines of code, the number of command line options has been increased to 249, support for 28 network protocols, 13 cryptographic libraries, 3 SSH libraries has been implemented. and 3 HTTP/3 libraries. The project code is distributed under the Curl license (a variant of the MIT license).
For HTTP/HTTPS, the utility provides the ability to flexibly generate a network request by setting parameters such as Cookie, user_agent, referer, and any other headers. In addition to HTTPS, HTTP/1.x, HTTP/2.0 and HTTP/3, the utility supports sending requests using SMTP, IMAP, POP3, SSH, Telnet, FTP, SFTP, SMB, LDAP, RTSP, RTMP and other network protocols. In parallel, the libcurl library is being developed, which provides an API for using all curl functions in programs in languages ββsuch as C, Perl, PHP, Python.
The new release of cURL 8.0 does not contain any major new or break-in-compatibility API or ABI changes. The change of numbering is due to the desire to celebrate the 25th anniversary of the project and finally reset the second digit of the version, which has been accumulating for more than 22 years.
The new version fixes 6 vulnerabilities in the TELNET, FTP, SFTP, GSS, SSH, HSTS protocol handlers, of which 5 are marked as minor, and one with a moderate level of severity (CVE-2023-27535, the ability to reuse a previously created FTP connection with others parameters, including if the user's credentials do not match). Of the changes not related to the elimination of vulnerabilities and errors, only the termination of assembly support on systems for which there are no working 64-bit data types is noted (assembly now requires the presence of the βlong longβ type).
Shortly after the release of 8.0.0, version 8.0.1 was released with a fix for a bug found in hot pursuit, leading to a crash in some test scenarios.
Source: opennet.ru