On Tue, 28 Apr 2020, K. York wrote:
[1] = https://curl.haxx.se/docs/security.html
Minor note: I think you were trying to say "retracted", not "redacted". This
spelling is still on the security.html page.
Thank you, I've updated the web page now and it should be visible soon.
--
/
On Mon, 16 Mar 2020, Daniel Stenberg via curl-users wrote:
When first realizing this, the curl team tried to filter out such attempts
in order to protect applications for inadvertent probes of for example
internal networks etc. This resulted in CVE-2019-15601 and the associated
security fix.
On Tue, Mar 17, 2020 at 03:25:15AM +, Norton, Mike via curl-users wrote:
> If it's a "feature you're seldom interested in" then I don't see how you can
> say the "benefits of supporting it are great". It seems to me you are
> interested in accessing resources on the local disk, not
On Mon, Mar 16, 2020 at 07:37:42PM +, Norton, Mike via curl-users wrote:
> No, the benefits of supporting "a resource on the local disk" are great. But
> TIL that "file:" is not supposed to be a synonym for "a resource on the local
> disk". The benefits of supporting "file:" in its entire
On Mon, Mar 16, 2020 at 03:14:31PM +, Norton, Mike via curl-users wrote:
> One might argue that since file:// does not specify a transfer protocol, it
> doesn't belong in a transfer tool as a choice of protocol.
The benefits of supporting file: are great, though. I've used curl in places
On Mon, 16 Mar 2020, Jeffrey Walton wrote:
The conclusion we have come to is that this is a weakness or feature in the
Windows operating system itself, that we as an application cannot safely
protect users against.
How did someone manage to get CVE-2019-15601 assigned to cURL for this? More
On Mon, Mar 16, 2020 at 3:19 AM Daniel Stenberg via curl-library
wrote:
>
> This is a general note and warning to users of curl and libcurl running on
> Windows and using FILE:// transfers.
>
> The Windows operating system will automatically, and without any way for
> applications to disable it,
Hi friends!
This is a general note and warning to users of curl and libcurl running on
Windows and using FILE:// transfers.
The Windows operating system will automatically, and without any way for
applications to disable it, try to establish a connection to another host over
the network and
