[Daniel's week] July 19, 2024

Daniel Stenberg daniel at haxx.se
Fri Jul 19 23:39:29 CEST 2024 

Hello friends!

## vacation

I'm still on vacation and I will be for another week. What I did this week
clearly did not really happen.

## merges

With the 8.9.0 release coming next week I've made sure to merge PRs with fixes
we want shipped, even if of course it has been done at a slower pace than
normal weeks.

This release is about to break a new record in number of bugfixes in a single
release more than 250 has already been logged - in 58 days.

## AVAILABILITY

I landed a rather large overhaul of libcurl man pages [2], in which a new
mandatory meta-data field called Added-in has been introduced. For all libcurl
functions and options that are documented this must be specified, and this
field is then used when generating the corresponding AVAILABILITY section in
the subsequent generated manpage.

This, because it turned out we previously did not provide this information for
many options, many were wrong and many AVAILABILITY sections contains text
that actually rather belonged in the main description section.

End result: better data in almost 500 manpages displayed in a consistent
manner.

Having it a separate easy-to-parse mandatory meta-data in the file also makes
it easier to extract the information using scripts, as I plan to in some
coming website improvements.

## CVE

Over at hackerone we got a second valid security vulnerability reported this
week, rated severity low. Both pending curl CVEs will of course be published
in association with the release next week, together with all the information
you need to understand and, if necessary, patch them.

## top-10 committer

Stefan Eissing reached curl commit author number ten this week, ranked by the
number of commits done to the source code repository [3]. This, in less than
three years since his first commit was merged.

Ranked by number of added lines he is author number four.

Hooray for Stefan and thanks a lot for your valuable contributions. I hope we
will see many more!

## website links

I made sure to add links to the curl changelog page [4]: from every release
there is a link to an overview of all published security vulnerabilities for
it. Those page are always up-to-date with the current public information. I
also refreshed the wording somewhat on those vulnerability summary pages.

Further, I made the version numbers that appear in all rendered libcurl
manpages on the website get links directly to the changelog entry for that
particular release.

All in the spirit of making it easy to find related information.

## coming up

- curl 8.9.0 release on July 24 (including live-streamed presentation [1])
- publish two new curl CVEs

## links

[1] = https://www.twitch.tv/curlhacker
[2] = https://curl.se/libcurl/c/
[3] = https://curl.se/gitstats/authors.html
[4] = https://curl.se/changes.html

-- 

  / daniel.haxx.se

More information about the daniel mailing list