curl

Including the pending #curl CVEs, the top-20 most long-standing vulnerabilities ever found in curl are *all* older than 20 years. The oldest over 25 years.

A human in control. In #curl development.

https://daniel.haxx.se/blog/2026/06/10/a-human-in-control/

Since March 1st 2026, we have received 143 vulnerability reports to the #curl project. One new every 17 hours.

Welcome A Johnston as #curl commit author 1485: https://github.com/curl/curl/pull/21809

@joshbressers in the #curl project we are about to announce the "curl summer of bliss". We will pause all work on vulnerabilities during the whole of July 2026. Details pending...

Out of the 16 pending #curl CVEs:

13 are severity LOW
3 are severity MEDIUM
9 of them are libcurl only (not the tool)
3 are "C mistakes"
2 are younger than six months old
1 is older than 25 years

Since the latest #curl release, we have received one confirmed vulnerability every 59th hour on average.

#curl 8.21.0-rc2 is up at https://curl.se/rc/

Take it for a spin. Report any issues. Thanks for flying curl.

Welcome alhudz as #curl commit author 1484: https://github.com/curl/curl/pull/21896

at 15 pending security advisories for #curl

Automattic sponsors the #curl project with 1,000 USD/month!

https://automattic.com/

CodeRabbit sponsors the #cURL project with 1,000 USD/month!

https://www.coderabbit.ai/

Eliminating ~2000 lines in #curl

(I cheated: it is all from the recent HTTP/3 proxy contribution.😌)

https://github.com/curl/curl/pull/21871

RE: https://mas.to/@zekjur/116693890612062942

Perhaps something for #curl? Instead of -4 or -6, specify -5.1 for a healthy mix?

We have plenty of #curl talks, explainers and deep-dives collected on the curl site.

https://curl.se/docs/videos/

@sethmlarson ack, the #curl version of roughly the same slide:

Number of Hackerone submissions to #curl the first five months of 2026 compared to the same period of 2025. Counted weekly. The blue is 2026. The yellow is 2025.

Welcome Josef Cejka as #curl commit author 1482: https://github.com/curl/curl/pull/21706

#curl 8.21.0-rc1 is up at https://curl.se/rc/

Welcome htasta as #curl commit author 1481: https://github.com/curl/curl/pull/21355

#curl up 2026 summary:

https://daniel.haxx.se/blog/2026/05/28/curl-up-2026-summary/

The state of #curl 2026 with Daniel Stenberg

https://youtu.be/zt4qMZN2xDU

Welcome ambikeesshh as #curl commit author 1480: https://github.com/curl/curl/pull/21728

Oops, I almost missed that the #curl logo celebrates 10 years these days:

https://daniel.haxx.se/blog/2016/05/27/a-new-curl-logo/

Welcome Aritra Basu as #curl commit author 1479: https://github.com/curl/curl/pull/21153

"libcurl in the real world" with Dan Fandrich. The first recording from #curl up 2026 is here.

Dan Fandrich researched how Open Source applications are using the libcurl API. Then told us about it.

The slides: https://telarity.com/~dan/personal/libcurl%20in%20the%20real%20world.pdf

https://youtu.be/AYq-DiieLxI

It took a while but #curl is officially at more than 13 test cases per 1000 lines of source code since today.

Welcome mik as #curl commit author 1478: https://github.com/curl/curl/pull/21705

we are at twelve pending #curl CVEs

The pressure

for us in the #curl project right now

https://daniel.haxx.se/blog/2026/05/26/the-pressure/