[Daniel's week] October 18, 2024
Daniel Stenberg
daniel at haxx.se
Fri Oct 18 16:24:10 CEST 2024
Hello!
It is already Friday again and I offer you a slightly shorter summary than
usual this week:
## libssh2 1.11.1
It has been a long time coming and this week I pressed the proper key
combinations and put together a new libssh2 release. It was about seventeen
months since the previous but now libssh2 1.11.1 is here [1]. Primarily with a
long range of bugfixes. If you use this library, an upgrade comes highly
recommended.
I should also clarify that even if I did this release, my participation in the
work leading up to this has been minuscule this time.
## Undefined behavior
Suddenly running a newer undefined behavior sanitizer on the curl code base
gave me some extra work this week and I wrote down my lessons in this blog
post [2].
## hackerone
We received yet another security report this week. It clearly identifies a
real bug, but as of this writing we have not yet decided if it actually is a
security problem or not. It probably needs a little more discussion and
weighing things back and forth before we decide.
## commit count
So far during 2024 we count 2049 merged commits, which is just 53 commits
fewer than the most active year in curl history, commit count wise: 2004 [3].
That year twenty years ago we did 2102 commits during the entire calendar
year. We did 1903 commits during the entire 2023.
As we have two and half months left of the year, there is no doubt that 2024
will become the year with the largest number of commits so far in curl
history.
## rock-solid curl
I am in the progress of setting up and creating a "Long Term Support" version
of curl - for support customers. I call it rock-solid curl. I have a first
mock-up version of a website in the works and I am about to create a git
repository and start putting together something that should go public later
this year.
The idea is to maintain a release for several years and only merge security
and stability patches into it. For customers who are really scared of and
concerned about the risk for regressions.
Its maintenance will be kept separate from the "normal" curl, and should not
interfere with it at all. curl will still be developed and get its releases
exactly as before even going forward. This is an extra offer that is coming
and is a way for me to attract more customers that can help paying for curl
maintenance and development.
There is nothing public to show, test or see yet, but you will of course be
told properly later once there is.
## Coming up
- the never-ending work on curl continues
## Links
[1] = https://github.com/libssh2/libssh2/releases/tag/libssh2-1.11.1
[2] = https://daniel.haxx.se/blog/2024/10/17/undefinedbehaviorsanitizers-unexpected-behavior/
[3] = https://curl.se/dashboard1.html#commits-per-year
--
/ daniel.haxx.se
More information about the daniel
mailing list