Skip to main content

curl Prepares for Significant Security Flaw in Latest Update

The widely-used curl project is preparing to release curl 8.4 early to address a severe vulnerability in the library. Details on the vulnerability are limited, as it is still under embargo, but curl lead developer Daniel Stenberg has described it as “probably the worst curl security flaw in a long time.” The release, scheduled for October 11, will include fixes for this high severity vulnerability, as well as a low severity one. Stenberg has not provided specific details about which version range is affected, but he has stated that it impacts all curl versions from the past few years. This vulnerability is expected to be particularly impactful for users of the libcurl library and curl command-line tool.

Source: Phoronix.