cmb69
commented
2 weeks ago Ah forgot: if we roll 8.11.0 out with Websocket support, we need to apply the following patch to php-src:
ext/curl/tests/check_win_config.phpt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ext/curl/tests/check_win_config.phpt b/ext/curl/tests/check_win_config.phpt
index b3beb044a7..8330a95564 100644
--- a/ext/curl/tests/check_win_config.phpt
+++ b/ext/curl/tests/check_win_config.phpt
@@ -54,7 +54,7 @@
ZSTD => No
HSTS => Yes
GSASL => No
-Protocols => dict, file, ftp, ftps, gopher, %r(gophers, )?%rhttp, https, imap, imaps, ldap, ldaps, %r(mqtt, )?%rpop3, pop3s, rtsp, scp, sftp, smb, smbs, smtp, smtps, telnet, tftp
+Protocols => dict, file, ftp, ftps, gopher, %r(gophers, )?%rhttp, https, imap, imaps, ldap, ldaps, %r(mqtt, )?%rpop3, pop3s, rtsp, scp, sftp, smb, smbs, smtp, smtps, telnet, tftp%r(, ws, wss)?%r
Host => %s-pc-win32
SSL Version => OpenSSL/%s
ZLib Version => %s
nielsdos
cURL 8.11.0 has been released, fixing CVE-2024-9681. Given that is a low severity issue, it might not be necessary to update stable branches right away (should wait after GA at least). I've already pushed the update to master, and did quick testing as usual, and found that now Websocket support is enabled by default. Probably not a problem, since that seems to require special support in ext/curl; otherwise I'd be wary to roll it out to stable versions.
Note that nghttp2 1.64.0 is available to be built as prerequisite for the cURL update.
@nielsdos, any thoughts about the update?