A ranar 29 ga Afrilu, bayan fiye da wata guda na ci gaba, an yi wa mutane 521 aiki da kuma gyara kurakurai 282, an fitar da kayan aikin wasan bidiyo da ɗakin karatu na 8.20.0 (274th) a matsayin kayan aiki na dandamali. Curlan rubuta a cikin C kuma an rarraba ƙarƙashin lasisi Curl.
Manyan canje-canje
Tsaro
Kamar yadda aka ambata a baya (Rikici mai inganci"), an sami ƙaruwa sosai a rahotannin raunin tsaro kwanan nan. A wannan karon, an buga bayanai game da sabbin raunin tsaro guda takwas a cikin curl:
- CVE-2026-7168: Tantance Tantance Yanayin Zubar da Jini tsakanin Sabar Wakili;
- CVE-2026-7009: Kewaya ta hanyar amfani da Apple SecTrust ta hanyar amfani da OCSP Pinning Bypass;
- CVE-2026-6429: Bayanan netrc suna ɓuɓɓugarwa yayin sake amfani da haɗin wakili;
- CVE-2026-6276: An ba wa mai amfani da kukis ɗin da ya tsufa izinin ɓoye kukis;
- CVE-2026-6253: Zubar da takardun shaida yayin tura wakili;
- CVE-2026-5773: Sake Amfani da Haɗin SMB mara daidai;
- CVE-2026-5545: Tattaunawar HTTP Ba daidai ba Sake Amfani da Haɗin Kai;
- CVE-2026-4873: An yi watsi da buƙatun TLS yayin sake amfani da haɗin haɗi.
Sauran canje-canje
- yanzu yana amfani da wurin zare da layi don warwarewa;
- Ana kashe NTLM ta hanyar tsoho;
- An daina tallafawa CMake 3.17 da tsofaffin sigar;
- An dakatar da tallafin ɗakin karatu na c-ares har zuwa sigar 1.16.0;
- Ana kashe SMB ta hanyar tsoho;
- An ƙara tutar CURLMNWC_CLEAR_ALL don duk canje-canjen hanyar sadarwa;
- An dakatar da tallafin RTMP.
Shirye-shiryen da ke tafe don gogewa
- aiwatar da algorithms na ɓoye bayanai na gida;
- NTLM;
- Babban Jami'in Kuɗi;
- Tallafin TLS-SRP.
Idan kuna da wata damuwa game da ɗaya daga cikin waɗannan abubuwan da ke sama, da fatan za a ba da rahoton su ga ma'ajiyar curl da wuri-wuri.
source: linux.org.ru
