Curl 8.4.0 will be released on October 11 – a fix for a severity HIGH CVE(twitter.com)
twitter.com
Curl 8.4.0 will be released on October 11 – a fix for a severity HIGH CVE
https://twitter.com/bagder/status/1709103920914526525?s=46
7 comments
Probably stupid question, but what versions of curl does this affect?
We will know Oct 11 :)
Oof, that's a daunting thought.
We just did a quick snapshot of a small chunk of a customer's environment and they're running 10 different versions of curl in like 15 different images :(
We just did a quick snapshot of a small chunk of a customer's environment and they're running 10 different versions of curl in like 15 different images :(
Here's a link to something other than twitter for those who don't have an account, don't want to login, or don't want to enable javascript
https://github.com/curl/curl/discussions/12026
The CVEs:
CVE-2023-38545: severity HIGH (affects both libcurl and the curl tool)
CVE-2023-38546: severity LOW (affects libcurl only, not the tool)
I really wish people would just stop posting submissions to twitter at this point.
https://github.com/curl/curl/discussions/12026
The CVEs:
CVE-2023-38545: severity HIGH (affects both libcurl and the curl tool)
CVE-2023-38546: severity LOW (affects libcurl only, not the tool)
I really wish people would just stop posting submissions to twitter at this point.
> I really wish people would just stop posting submissions to twitter at this point.
I fully agree. You can also replace twitter.com with nitter.net
https://nitter.net/bagder/status/1709103920914526525?s=46
I fully agree. You can also replace twitter.com with nitter.net
https://nitter.net/bagder/status/1709103920914526525?s=46
Daniel is also on Mastodon: https://mastodon.social/@bagder/111167662713737288
Mastodon may not require a login, but for some reason it does insist on javascript