cURL 8.17.0 Released: Key Security Fixes, New Features, and Dropped Support
The cURL 8.17.0 release introduces critical security patches for CVE‑2025‑10966, adds several new capabilities such as an expanded progress indicator and Apple SecTrust support, and removes legacy features like Heimdal and wolfSSH, marking a significant update for developers and system administrators.
After more than a month of development, the cURL console utility and library version 8.17.0 (release 271) has been officially released.
The release mainly fixes CVE‑2025‑10966, addressing missing SFTP host verification when using wolfSSH and correcting errors in curl’s SSH connection handling.
Deprecated features in this version include:
Heimdal
winbuild build system
Kerberos FTP
wolfSSH
New enhancements include:
Minimum libssh2 version raised to 1.9.0
Added notification API for multi‑interface
Progress indicator size increased to six characters per dimension, allowing display up to 999 999 bytes and using a single‑space separator
Support for Apple SecTrust with a localized CA store (added to the knownhosts option)
Introduced wcurl with version 2025.11.04
Output header placeholder %header{} now prints all header occurrences
The project claims a new record of fixing at least 448 bugs since the previous release.
Author: Luo Yi Reference: https://curl.se/ch/8.17.0.html
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
21CTO
21CTO (21CTO.com) offers developers community, training, and services, making it your go‑to learning and service platform.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.