Closed julik closed 8 years ago
According to CURL devs this is not detectable, so I think I'll just go and enable it. If people are running curl that is older they are exposing themselves to vulnerabilities. Also we should document the minimum supported curl in the README
LGTM. I have been traveling the last few days, thanks for following up on this.
I think this is going to be a good security-minded check (see the imgur SSRF drama, which involved leading curl to a non-authorised URL by doing a remote-fetch-by-proxy).