So I'm thinking of adding support for %time{} in #curl's -w function.
One reason for doing this is for users who use -w for logging and want to include the time of the event (post-transfer) in a convenient way.
https://github.com/curl/curl/pull/18119
Feel free to share your opinion!
Tumbleweed brought major upgrades like #hwinfo 25, #systemd‑rpm‑macros 26, & #Amarok 3.3.0 in July. Plus enhancements to #GStreamer, #curl 8.15.0 and #nvme‑cli 2.15. Tons of new features & security fixes! #openSUSE #Linux https://news.opensuse.org/2025/08/01/tw-monthly-update-july/
#curl adds parallel host control
https://daniel.haxx.se/blog/2025/08/01/curl-adds-parallel-host-control/
On this day 26 years ago, the #curl website premiered on the host "curl.haxx.nu", as it moved over from having been hosted on my personal [company]/~dast/curl sub page previously.
Less than a year later we switched again to curl.haxx.se. We could not use the .se domain earlier because of limits in the TLD ruleset before that point.
We would then stay on that hostname for some twenty years.
This calm and lovely night, #curl got its 271st command line option merged and we call this baby --parallel-max-host
Enjoy!
Bring us your feedback on this idea and PR: make #curl output its cheat-sheet.
Option parsing in #curl. Something we can start using in two years or so.
https://daniel.haxx.se/blog/2025/07/31/option-parsing-in-curl/
I'm happy to report that the glitches that could happen in #curl when you did more than 2.2 billion transfers in a single invoke are now history.
The "good" people at Emerson for some reason couldn't think for themselves when I responded to them on behalf of #curl and instead continue and send the same questions to the #libssh2 project with the same "demands".
"This is a gentle reminder regarding our earlier request for your input on the cybersecurity risk assessment of the software component “libssh2” version 1.11.0, as part of our compliance efforts with the EU Cyber Resilience Act (CRA)."
Treating FOSS as public infrastructure is fine—but don’t make EU taxpayers subsidize Big Tech. If OSS is critical, fund it by taxing the corporations that depend on it. Microsoft, Google & Amazon rely on software like, #curl , yet pay little. A "Sovereign" fund that funds U.S. firms' supply chains? That’s not resilience, it’s outsourcing.
Output nothing with #curl --out-null
https://daniel.haxx.se/blog/2025/07/30/output-nothing-with-out-null/
Adding HTTP/3 Proxy CONNECT & MASQUE (CONNECT-UDP) Support to #cURL
@mana_z @bagder Bounties are only expected for vulnerabilities that are practically exploitable. Initially, I thought this particular issue had potential to be exploitable, but it remained unclear until the potential attack vectors were identified. These vectors involved using SSL library functions that, when called with bogus SSL pointers, could lead to code execution. However, none of these vectors could be argued to be found in real-world applications.
Therefore, no bounty.
P.S. In theory, the quality of the report doesn't matter, but the technical facts. However, I consider it professional courtesy to always try to make the report as good quality as possible. I know @bagder and the people in the #curl project well, and I know the pain they're suffering when dealing with the AI slop reports. So, even though I'm reporting a potentially nasty vulnerability, at least they don't have to suffer the slop that language models generate.
Carving out msh3. #curl drops an HTTP/3 backend.
This is the current weather using wttr for the PBM aitport in SR / SA
As you can see wttr has a very flexible manner of asking for weather, is opensource, has a lovely API and can be used in countless manners. For me the fact that I can call it up from bash (and any shell) is smooth nice and amazing
--out-null is #curl's 270th command line option.
Discard all response output of a transfer silently. This is the more efficient
and portable version of
curl https://host.example -o /dev/null
The transfer is done in full, all data is received and checked, but the bytes are not written anywhere. --out-null is associated with a single URL. Use it once per URL when you use several URLs in a command line.
