1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-22 16:18:48 -05:00

RELEASE-NOTES: synced with 70f71bb99f

Synced and prepared for 7.24.0 release. Two security problems, one bug fix,
two more contributors.
This commit is contained in:
Daniel Stenberg 2012-01-24 08:37:40 +01:00
parent 70f71bb99f
commit a8e063b087

View File

@ -7,6 +7,13 @@ Curl and libcurl 7.24.0
Known libcurl bindings: 39 Known libcurl bindings: 39
Contributors: 907 Contributors: 907
This release includes the following security fixes:
o curl was vulnerable to a data injection attack for certain protocols
http://curl.haxx.se/docs/adv_20120124.html
o curl was vulnerable to a SSL CBC IV vulnerability when built to use OpenSSL
http://curl.haxx.se/docs/adv_20120124B.html
This release includes the following changes: This release includes the following changes:
o CURLOPT_QUOTE: SFTP supports the '*'-prefix now [24] o CURLOPT_QUOTE: SFTP supports the '*'-prefix now [24]
@ -71,6 +78,7 @@ This release includes the following bugfixes:
o polarssl: havege_rand is not present in version 1.1.0 WARNING, we still o polarssl: havege_rand is not present in version 1.1.0 WARNING, we still
use the old API which is said to be insecure. See use the old API which is said to be insecure. See
http://polarssl.org/trac/wiki/SecurityAdvisory201102 http://polarssl.org/trac/wiki/SecurityAdvisory201102
o gnutls: enforced use of SSLv3 [43]
This release includes the following known bugs: This release includes the following known bugs:
@ -86,7 +94,8 @@ advice from friends like these:
Alessandro Ghedini, Cedric Deltheil, Toni Moreno, Bernhard Reutner-Fischer, Alessandro Ghedini, Cedric Deltheil, Toni Moreno, Bernhard Reutner-Fischer,
Sven Wegener, Alex Vinnik, Kamil Dudka, Mamoru Tasaka, Patrice Guerin, Sven Wegener, Alex Vinnik, Kamil Dudka, Mamoru Tasaka, Patrice Guerin,
Armel Asselin, Arthur Murray, Steve H Truong, Peter Sylvester, Armel Asselin, Arthur Murray, Steve H Truong, Peter Sylvester,
Johannes Bauer, Brandon Wang, Pierre Joye, Robert Schumann Johannes Bauer, Brandon Wang, Pierre Joye, Robert Schumann,
Christian Grothoff, Nikos Mavrogiannopoulos
Thanks! (and sorry if I forgot to mention someone) Thanks! (and sorry if I forgot to mention someone)
@ -134,3 +143,4 @@ References to bug reports and discussions on issues:
[40] = http://curl.haxx.se/mail/lib-2012-01/0096.html [40] = http://curl.haxx.se/mail/lib-2012-01/0096.html
[41] = http://curl.haxx.se/mail/lib-2012-01/0049.html [41] = http://curl.haxx.se/mail/lib-2012-01/0049.html
[42] = http://curl.haxx.se/bug/view.cgi?id=3474308 [42] = http://curl.haxx.se/bug/view.cgi?id=3474308
[43] = http://curl.haxx.se/mail/lib-2012-01/0225.html