Hi Everyone,
Somewhat quick turnaround on this release. I was notified at 2am today about it, and curl 8.4.0 is now on the ITUGLIB website. My sense is that this release resulted from the CVE discussed below.
There are a lot of fixes in this release, so please upgrade if you can.
Most importantly, CVE-2023-38545, described here
https://curl.se/docs/CVE-2023-38545.html, reported on 30 Sept 2023 is fixed in this release. This is a High Severity vulnerability relating to SOCKS5 that you should review for your environment overall.
The usual builds for TNS/E, TNS/X+V are there for OpenSSL 3.0, 1.1.1, and 1.0.2, are present. Note that you can use the OpenSSL 3.0 build with OpenSSL 3.1 because those two are have binary compatible DLLs. No build is done for OpenSSL 3.2 until that
moves into a more stable state (currently at alpha2).
Regards,
Randall Becker
On Behalf of the ITUGLIB Technical Committee
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)