daniel.haxx.se

curl 8.19.0 is the 273rd release of the popular command-line transfer tool, shipping 8 changes, 264 bugfixes, and 4 security fixes across 538 commits. Security patches address CVEs including bad HTTP Negotiate connection reuse, a token leak with redirect and netrc, wrong proxy connection reuse with credentials, and a use-after-free in SMB connection reuse. Notable changes include initial MQTTS support, dropping OpenSSL-QUIC backend, fractional values for --limit-rate and --max-filesize, native Windows CA store support by default, and raising the minimum Windows version to Vista. The bug bounty program has been discontinued. Upcoming deprecations include NTLM and SMB becoming opt-in, RTMP removal, and TLS-SRP removal. The next release is planned for April 29.