Search…
README
How to read this book
The cURL project
How it started
The name
What does curl do?
Project communication
Mailing list etiquette
Mailing lists
Reporting bugs
Commercial support
Releases
Security
Trust
Code of Conduct
Development
The development team
Users of curl
Future
Network and protocols
Install curl
Source code
Build curl
Command line basics
Using curl
HTTP with curl
FTP with curl
Using libcurl
HTTP with libcurl
Bindings
libcurl internals
Index
Powered By GitBook
Security
Security is a primary concern for us in the curl project. We take it seriously and we work hard on providing secure and safe implementations of all protocols and related code. As soon as we get knowledge about a security related problem or just a suspected problem, we deal with it and we will attempt to provide a fix and security notice no later than in the next pending release.
We use a responsible disclosure policy, meaning that we prefer to discuss and work on security fixes out of the public eye and we alert the vendors on the openwall.org list a few days before we announce the problem and fix to the world. This, in an attempt to shorten the time span the bad guys can take advantage of a problem until a fixed version has been deployed.

Past security problems

During the years we have had our fair share of security related problems. We work hard on documenting every problem thoroughly with all details listed and clearly stated to aid users. Users of curl should be able to figure out what problems their particular curl versions and use cases are vulnerable to.
To help with this, we present this waterfall chart showing how all vulnerabilities affect which curl versions and we have this complete list of all known security problems since the birth of this project.
Previous
Releases
Next
Trust
Last modified 1yr ago
Export as PDF
Copy link
Edit on GitHub