[Daniel's week] April 4, 2026
Daniel Stenberg
daniel at haxx.se
Sat Apr 4 23:48:25 CEST 2026
Hello!
## curl up registration
I sent out an email this week and I want to make it known that the
registration for curl up 2026 is open[1]!
## Feature window
This time around the curl release cycle is a week shorter, which means the
feature window has already closed again for this round. We got some nice stuff
merged but we are also seeing lovely new works piling up as new PRs that now
have a little extra time to prepare for when the window opens again!
## Thirty years of curl
My talk at NDC Security in Oslo in early March went online and can be watched
on YouTube [2]. Not too much news to readers of this email I guess.
## Swedish interview
I did an interview and a photoshoot a few weeks ago in my house, and this week
I got to be featured in several big name Swedish media outlets including
Aftonbladet [3] and the print version of Svenska Dagbladet.
## Stefan’s curl name resolving series
Stefan Eissing has done an excellent series of blog posts detailing his recent
work on improving curl’s name resolving. Part 1 [4], Part 2 [5], part 3 [6].
## Security
We seem to have two issues queued up now that are confirmed curl security
vulnerabilities and that we will publish in sync with the pending release.
The frequency of vulnerability reports keeps being high. We received ten new
reports last week.
## Graphs
I couldn’t help myself. I added a “number of words” graph [7] with some
comparison lines showing a few big literary works and the number of words they
contain. I am not claiming it is a fair comparison and yes, those books use
longer words.
We also got the release weekday heatmap graph added [8], created by Federico
Hernandez, and once he laid out the foundation for doing heatmaps so nicely I
followed up and made an author commit UTC week hour heatmap [9] as well.
Days per command line option [10] is also a new one, showing that we basically
do one new option every 40 days on average.
The number of graphs [11] was also corrected and I found a bug in my plot
division script that now makes several of the blabla per blabla graphs look
nicer than they did before.
## website headers
Viktor Szakats and Dan Fandrich worked on tweaking some of the security
related HTTP headers the curl.se site returns and as a result both
securityheaders.com and Mozilla’s HTTP Observatory [12] rate the site even
higher now. From A to A+ with the first checker and 105/100 to 120/100 with
the second.
It’s such a broken system when we need to add a bunch of headers to increase
security instead of the other way around...
## rc1
As we closed the feature window we also shipped curl 8.20.0-rc1 [13]. The
first release candidate for the pending release. I hope people take it for a
spin and let us know how it behaves.
## Coming up
- mostly likely a flood of new security reports
## Links
[1] = https://github.com/curl/curl-up/wiki/2026
[2] = https://youtu.be/_n2vN-Bgq4U
[3] = https://www.aftonbladet.se/nyheter/a/JOOGBJ/han-kan-slacka-halva-internet-vi-maste-skydda-oss
[4] = https://eissing.org/icing/posts/curl-dns-2026
[5] = https://eissing.org/icing/posts/curl-dns-options
[6] = https://eissing.org/icing/posts/curl-dns-async/
[7] = https://curl.se/dashboard1.html#number%20of%20words
[8] = https://curl.se/dashboard1.html#release%20weekdays%20heatmap
[9] = https://curl.se/dashboard1.html#commit%20hour%20heatmap
[10] = https://curl.se/dashboard1.html#days%20per%20new%20command%20line%20option
[11] = https://curl.se/dashboard1.html#graphs%20on%20the%20dashboard
[12] = https://developer.mozilla.org/en-US/observatory/analyze?host=curl.se
[13] = https://curl.se/rc/
--
/ daniel.haxx.se
More information about the daniel
mailing list