This includes the fix that was causing issues with http2/tls 1.3/Windows 11 that caused the last release to be yanked. I have tested on Windows 11 and it seems to be working now.
CVE-2022-42916: HSTS bypass via IDN
CVE-2022-42915: HTTP proxy double-free
CVE-2022-35260: .netrc parser out-of-bounds access
CVE-2022-32221: POST following PUT confusion
This release also adds support for websockets. However, I did not add any explicit support for that, though.
alexcrichton
commented
1 year ago
This updates to curl 7.86.0
This includes the fix that was causing issues with http2/tls 1.3/Windows 11 that caused the last release to be yanked. I have tested on Windows 11 and it seems to be working now.
Changelog: https://curl.se/changes.html#7_86_0
There are 4 CVE fixes in this release:
CVE-2022-42916: HSTS bypass via IDN CVE-2022-42915: HTTP proxy double-free CVE-2022-35260: .netrc parser out-of-bounds access CVE-2022-32221: POST following PUT confusion
This release also adds support for websockets. However, I did not add any explicit support for that, though.