The most recent stable version of curl is version 7.30.0, released on 12th of April 2013 http://curl.haxx.se/download/curl-7.30.0.tar.bz2 Reproducible: Always Fixed in 7.30.0 - April 12 2013 Release contains security-related bug fix Changes: imap: Changed response tag generation to be completely unique imap: Added support for SASL-IR extension imap: Added support for the list command imap: Added support for the append command imap: Added custom request parsing imap: Added support to the fetch command for UID and SECTION properties imap: Added parsing and verification of the UIDVALIDITY mailbox attribute darwinssl: Make certificate errors less techy imap/pop3/smtp: Added support for the STARTTLS capability checksrc: ban use of sprintf, vsprintf, strcat, strncat and gets curl_global_init() now accepts the CURL_GLOBAL_ACK_EINTR flag Added CURLMOPT_MAX_HOST_CONNECTIONS, CURLMOPT_MAX_TOTAL_CONNECTIONS for new multi interface connection handling Added CURLMOPT_MAX_PIPELINE_LENGTH, CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE, CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE, CURLMOPT_PIPELINING_SITE_BL and CURLMOPT_PIPELI NING_SERVER_BL for new pipelining control Bugfixes: SECURITY ADVISORY: cookie tailmatching to avoid cross-domain leakage darwinssl: Fix build under Leopard DONE: consider callback-aborted transfers premature ntlm: Fixed memory leaks smtp: Fixed an issue when processing EHLO failure responses pop3: Fixed incorrect return value from pop3_endofresp() pop3: Fixed SASL authentication capability detection pop3: Fixed blocking SSL connect when connecting via POP3S imap: Fixed memory leak when performing multiple selects nss: fix misplaced code enabling non-blocking socket mode AddFormData: prevent only directories from being posted darwinssl: fix infinite loop if server disconnected abruptly metalink: fix improbable crash parsing metalink filename show proper host name on failed resolve MacOSX-Framework: Make script work in Xcode 4.0 and later strlcat: remove function darwinssl: Fix send glitchiness with data > 32 or so KB polarssl: better 1.1.x and 1.2.x support various documentation improvements multi: NULL pointer reference when closing an unused multi handle SOCKS: fix socks proxy when noproxy matched install-sh: updated to support multiple source files as arguments PolarSSL: added human readable error strings resolver_error: remove wrong error message output docs: updates HTML index and general improvements curlbuild.h.dist: enhance non-configure GCC ABI detection logic sasl: Fixed null pointer reference when decoding empty digest challenge easy: do not ignore poll() failures other than EINTR darwinssl: disable ECC ciphers under Mountain Lion by default CONNECT: count received headers build: fixes for VMS CONNECT: clear 'rewindaftersend' on success HTTP proxy: insert slash in URL if missing hiperfifo: updated to use current libevent API getinmemory.c: abort the transfer nicely if not enough memory improved win32 memorytracking corrected proxy header response headers count FTP quote operations on re-used connection tcpkeepalive on win32 tcpkeepalive on Mac OS X easy: acknowledge the CURLOPT_MAXCONNECTS option properly easy interface: restore default MAXCONNECTS to 5 win32: don't set SO_SNDBUF for windows vista or later versions HTTP: made cookie sort function more deterministic winssl: Fixed memory leak if connection was not successful FTP: wait on both connections during active STOR state connect: treat a failed local bind of an interface as a non-fatal error darwinssl: disable insecure ciphers by default FTP: handle "rubbish" in front of directory name in 257 responses mk-ca-bundle: Fixed lost OpenSSL output with "-t"
*** This bug has been marked as a duplicate of bug 465678 ***
