Updated: curl, libcurl{4, -devel, -doc}, mingw64-{x86_64, i686}-curl 7.74

Brian Inglis Brian.Inglis@SystematicSW.ab.ca
Mon Dec 14 19:51:36 GMT 2020

The following packages have been upgraded in the Cygwin distribution:

* curl			7.74
* libcurl4		7.74
* libcurl-devel		7.74
* libcurl-doc		7.74
* mingw64-x86_64-curl	7.74
* mingw64-i686-curl	7.74

Command line tool and Library supporting transferring files with
FILE, SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form
based upload, proxies, cookies, user+password authentication (Basic,
Digest, NTLM, Negotiate...), file transfer resume, proxy tunneling and a
busload of other useful tricks.

For more information see the project home page:


This release enables debug mode, previously a default:

For debug builds be a little stricter and error on any SSL_ERROR_SYSCALL.
For example a server may have closed the connection abruptly without a
close_notify alert.

*Curl users should be aware that deviations from strict protocol are
deprecated and will be reported as errors unconditionally in a near
future release.*

As there are multiple components and many changes each release please
see below or read /usr/share/doc/curl/RELEASE-NOTES after installation
for complete details:


curl and libcurl 7.74.0

This release includes the following changes:

* hsts: add experimental support for Strict-Transport-Security [37]

This release includes the following bugfixes:

* CVE-2020-8286: Inferior OCSP verification [93]
* CVE-2020-8285: FTP wildcard stack overflow [95]
* CVE-2020-8284: trusting FTP PASV responses [97]
* alt-svc: enable (in the build) by default [20]
* connect: repair build without ipv6 availability [19]
* curl.1: add an "OUTPUT" section at the top of the manpage [32]
* curl.se: new home [59]
* curl: only warn not fail, if not finding the home dir [15]
* docs: document the 8MB input string limit [57]
* header.d: mention the "Transfer-Encoding: chunked" handling [45]
* httpput-postfields.c: new example doing PUT with POSTFIELDS [35]
* libssh2: fix transport over HTTPS proxy [31]
* ngtcp2: adapt to recent nghttp3 updates [49]
* ngtcp2: advertise h3 ALPN unconditionally [72]
* ngtcp2: Fix build error due to symbol name change [90]
* ngtcp2: use the minimal version of QUIC supported by ngtcp2 [67]
* range.d: clarify that curl will not parse multipart responses [36]
* scripts/completion.pl: parse all opts [101]
* socks: check for DNS entries with the right port number [74]
* tool_help: make "output" description less confusing [21]
* tool_operate: --retry for HTTP 408 responses too [43]
* tool_operate: bail out proper on errors during parallel transfers [29]
* urlapi: don't accept blank port number field without scheme [98]
* urlapi: URL encode a '+' in the query part [14]

More information about the Cygwin-announce mailing list