Hey all,
(cross-posted to both curl-users and curl-library to reach widely, please send
responses to the proper single list.)
Nobody missed Heartbleed[1] this past week I'm sure. If you did, you must've
been on an awesomely disconnected vacation.
Anyway, I've gotten numerous questions
Daniel Stenberg wrote:
Heartbleed is a flaw in OpenSSL in a certain version span. Clients are
*also* vulnerable to this flaw, which means that if you run curl or libcurl
with a vulnerable OpenSSL version a rogue server can read client memory.
Again, this is an OpenSSL flaw but since OpenSSL is
