Fixed in 7.19.5 - May 18 2009

Changes:

* libcurl now closes all dead connections whenever you attempt to open a new connection
* libssh2's version number can now be figured out run-time instead of using the build-time fixed number
* CURLOPT_SEEKFUNCTION may now return CURL_SEEKFUNC_CANTSEEK
* curl can now upload with resume even when reading from a pipe
* a build-time configured curl_socklen_t is now used instead of socklen_t

Bugfixes:

* NTLM authentication memory leak on SSPI enabled Windows builds
* fixed the GnuTLS-using code to do correct return code checks
* an alloc-related call in the OpenSSL-using code didn't check the return value
* curl_easy_duphandle() failed to duplicate cookies at times
* missing TELNET timeout support in Windows builds
* missing Curl_read() and write callback result checking in TELNET transfers
* more ciphers enabled in libcurl built to use NSS
* properly return an error code in curl_easy_recv
* Sun compilers specific preprocessor block removed from curlbuild.h.dist
* allow creation of four way fat libcurl Mac OS X Framework
* several memory leaks in libcurl+NSS
* improved the CURLOPT_NOBODY set to 0 confusions
* persistent connections when doing FTP over a HTTP proxy
* --libcurl bogus strings where other data was pointed to
* crash related to FTP and "Re-used connection seems dead, get a new one"
* CURLINFO_APPCONNECT_TIME with the multi interface
* Enhanced upload speeds on Windows
* TFTP problems after a failed transfer to the same host
* improved out of the box TPF compatibility
* HTTP PUT protocol line endings portions mangled from CRLF to CRCRLF
* Rejected SSL session ids are killed properly (for OpenSSL and GnuTLS builds)
* Deal with the TFTP OACK packet
* fixed roff mistakes in man pages
* use SOCKS proxy with the multi interface
* fixed the Curl_getoff_all_pipelines SIGSEGV
* POST, NTLM and following a redirect hang
* libcurl+NSS endless loop on incorrect password for private key
* gzip decompression memory leak
* no_proxy flaw with user name in URL

Fixed in 7.18.0 - January 28 2008

Changes:

* --data-urlencode
* CURLOPT_PROXY_TRANSFER_MODE
* --no-keepalive - now curl does connections with keep-alive enabled by default
* --socks4a added (proxy type CURLPROXY_SOCKS4A for libcurl)
* --socks5-hostname added (CURLPROXY_SOCKS5_HOSTNAME for libcurl)
* curl_easy_pause()
* CURLOPT_SEEKFUNCTION and CURLOPT_SEEKDATA
* --keepalive-time
* curl --help output was re-ordered

Bugfixes:

* curl-config --features and --protocols show the correct output when built with NSS, and also when SCP, SFTP and libz are not available
* free problem in the curl tool for users with empty home dir
* curl.h version 7.17.1 problem when building C++ apps with MSVC
* SFTP and SCP use persistent connections
* segfault on bad URL
* variable wrapping when using absolutely huge send buffer sizes
* variable wrapping when using debug callback and the HTTP request wasn't sent in one go
* SSL connections with NSS done with the multi-interface
* setting a share no longer activates cookies
* Negotiate now works on auth and proxy simultanouesly
* support HTTP Digest nonces up to 1023 letters
* resumed ftp upload no longer requires the read callback to return full buffers
* no longer default-appends ;type= on FTP URLs thru proxies
* SSL session id caching
* POST with callback over proxy requiring NTLM or Digest
* Expect: 100-continue flaw on re-used connection with POSTs
* build fix for MSVC 9.0 (VS2008)
* Windows curl builds failed file truncation when retry downloading
* SSL session ID cache memory leak
* bad connection re-use check with environment variable-activated proxy use
* --libcurl now generates a return statement as well
* socklen_t is no longer used in the public includes
* time zone offsets from -1400 to +1400 are now accepted by the date parser
* allows more spaces in WWW/Proxy-Authenticate: headers
* curl-config --libs skips /usr/lib64
* range support for file:// transfers
* libcurl hang with huge POST request and request-body read from callback
* removed extra newlines from many error messages
* improved pipelining
* improved OOM handling for data url encoded HTTP POSTs when read from a file
* test suite could pick wrong tool(s) if more than one existed in the PATH
* curl_multi_fdset() failed to return socket while doing CONNECT over proxy
* curl_multi_remove_handle() on a handle that is in used for a pipeline now break that pipeline
* CURLOPT_COOKIELIST memory leaks
* progress meter/callback during http proxy CONNECT requests
* auth for http proxy when the proxy closes connection after first response

Fixed in 7.17.1 - October 29 2007

Changes:

* automatically append ";type=" when using HTTP proxies for FTP urls
* improved NSS support
* added --proxy-negotiate
* added --post301 and CURLOPT_POST301
* builds with c-ares 1.5.0
* added CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 and --hostpubmd5
* renamed CURLE_SSL_PEER_CERTIFICATE to CURLE_PEER_FAILED_VERIFICATION
* added CURLOPT_OPENSOCKETFUNCTION and CURLOPT_OPENSOCKETDATA
* CULROPT_COOKIELIST supports "FLUSH"
* added CURLOPT_COPYPOSTFIELDS
* added --static-libs to curl-config

Bugfixes:

* curl-config --protocols now properly reports LDAPS, SCP and SFTP
* ldapv3 support on Windows
* ldap builds with the MSVC makefiles
* no HOME and no key given caused SSH auth failure
* Negotiate authentication over proxy
* --ftp-method nocwd on directory listings
* FTP, CURLOPT_NOBODY enabled and CURLOPT_HEADER disabled now does TYPE before SIZE
* re-used handle transfers with SFTP
* curl_easy_escape() problem with byte values >= 128
* handles chunked-encoded CONNECT responses
* misuse of ares_timeout() result
* --local-port on TFTP transfers
* CURLOPT_POSTFIELDS could fail to send binary data
* specifying a proxy with a trailing slash didn't work (unless it also contained a port number)
* redirect from HTTP to FTP or TFTP memory problems and leaks
* re-used connections a bit too much when using non-SSL protocols tunneled over a HTTP proxy
* embed the manifest in VC8 builds
* use valgrind in the tests even when the lib is built shared with libtool
* libcurl built with NSS can now ignore the peer verification even when the ca cert bundle is absent

Fixed in 7.16.4 - July 10 2007
Release contains security-related bug fix

Changes:

* added CURLOPT_NEW_FILE_PERMS and CURLOPT_NEW_DIRECTORY_PERMS
* improved hashing of sockets for the multi_socket API
* ftp kerberos5 support added

Bugfixes:

* adjusted how libcurl treats HTTP 1.1 responses without content-lenth or chunked encoding
* fixed the 10-at-a-time.c example
* FTP over SOCKS proxy
* improved error messages on SCP upload failures
* security flaw in which libcurl failed to properly reject some outdated or not yet valid server certificates when built with GnuTLS

What's new in this version:

* added curl_multi_socket_action()
* deprecated curl_multi_socket()
* uses less memory in non-pipelined use cases
* CURLOPT_HTTP200ALIASES matched transfers assume HTTP 1.0 compliance
* more than one test harness can run at the same time without conflict
* SFTP now supports quote commands before a transfer
* CURLMOPT_MAXCONNECTS added to curl_multi_setopt()
* upload resume works for file:// URLs
* asynchronous name resolves now require c-ares 1.4.0 or later
* added SOCKS test cases
* CURLOPT_FTP_CREATE_MISSING_DIRS and --ftp-create-dirs now work for SFTP operations as well
* if2up too long interface name memory leak
* test case 534 started to fail 2007-04-13 due to the existance of a new host on the net with the same silly domain the test was using for a host which was supposed not to exist.
* test suite SSL certificate works better with newer stunnel
* internal progress meter update frequency back to once per second
* avoid some unnecessary calls to function gettimeofday
* a double-free in the SSL-layer
* GnuTLS free of NULL credentials
* NSS-fix for closing down SSL
* bad warning from configure when gnutls was selected
* compilation on VMS 64-bit mode
* SCP/SFTP downloads could hang on the last bytes of a transfer
* curl_easy_duphandle() crash
* curl -V / curl_version*() works even when GnuTLS is used on a system without a good random source
* curl_multi_socket() not "noticing" newly added handles
* lack of Content-Length and chunked encoding now requires HTTP 1.1 as well to be treated as without response body
* connection cache growth in multi handles
* better handling of out of memory conditions
* overwriting an uploaded file with sftp now truncates it first
* SFTP quote commands chmod, chown, chgrp can now set a value of 0
* TFTP connect timouts less than 5 seconds
* improved curl -w for TFTP transfers
* memory leak when failed OpenSSL certificate CN field checking
* memory leak when OpenSSL failed PKCS #12 parsing
* FPL-SSL when built with NSS
* out-of-boundary write in Curl_select()
* -s/--silent can now be used to toggle off the silence again
* builds fine on 64bit HP-UX
* multi interface HTTP CONNECT glitch
* list FTP root directories when login dir is not root
* no longer slows down when getting very many URLs on the same command line
* lock share before decreasing dirty counter
* no-body FTP requests on re-used connections

* added CURLOPT_TIMEOUT_MS and CURLOPT_CONNECTTIMEOUT_MS
* added CURLOPT_HTTP_CONTENT_DECODING, CURLOPT_HTTP_TRANSFER_DECODING and --raw
* added support for using the NSS library for TLS/SSL
* changed default anonymous FTP password
* changed the CURLOPT_FTP_SSL_CCC option to handle active and passive CCC shutdown
* added the --ftp-ssl-ccc-mode command line option
* includes VC8 Makefiles in the release archive
* --ftp-ssl-control is now honoured on ftps:// URLs
* added experimental CURL_ACKNOWLEDGE_EINTR symbol definition check
* --key and new --pubkey options for SSH public key file logins
* --pass now works for a SSH public key file, too
* select (2) support no longer needed to build the library if poll() used
* CURLOPT_POSTQUOTE works for SFTP

Changes:

* Support for SCP and SFTP were added (powered by libssh2)
* CURLOPT_CLOSEPOLICY is now deprecated
* --ftp-ssl-ccc and CURLOPT_FTP_SSL_CCC were added
* HTTP support for non-ASCII platforms
* --libcurl was added

Bugfixes:

* proxy close during CONNECT authentication is now dealt with nicely
* the CURLOPT_DEBUGFUNCTION was sometimes called even when CURLOPT_VERBOSE was not enabled
* multiple TFTP transfers on the same (easy or multi) handle could cause a crash
* SIGSEGV when disconnecting on a transfer on a re-used handle when the host name didn't resolve
* stack overwrite on 64bit Windows in the chunked decoding department
* HTTP responses on persistent connections without Content-Length nor chunked encoding are now considered to be without response body
* Content-Range: header parsing improved
* CPU 100% load when HTTP upload connection broke
* active FTP didn't work with multi interface
* curl_getdate() could be off one hour for TZ time zones with DST, on windows
* CURLOPT_FORBID_REUSE works again
* CURLOPT_MAXCONNECTS set to zero caused libcurl to SIGSEGV
* rate limiting works better
* getting FTP response code errors when using the multi-interface caused libcurl to leak memory
* no more SIGPIPE when GnuTLS is used
* FTP downloading 2 zero byte files in a row
* using proxy and URLs without protocol prefixes
* first using a proxy and then accessing a site that 'no_proxy' matched, would still make libcurl use the proxy...
* curl_easy_duphandle() now makes a handle that is valid for the multi interface since the magic number is set fine
* libcurl.pc now uses Libs.private for "private" libs
* --limit-rate (CURLOPT_MAX_SEND_SPEED_LARGE and CURLOPT_MAX_RECV_SPEED_LARGE) now work on windows again
* improved download performance by avoiding the unconditional "double copying"
* base64 encoding/decoding works on non-ASCII platforms
* large file downloads
* CURLOPT_COOKIELIST set to "ALL" crash
* easy handle removal from multi handle before completion
* TFTP upload memory leak
* curl_easy_reset() now resets the CA bundle path correctly
* two User-Agent headers in CONNECT requests with custom User-Agent