I added a sentence to the #curl hackerone submission page:
"Please present your case briefly and to the point. Do not use an AI to help you blab hundreds of lines that will exhaust us to death instead of making us understand your claim."
*Twelve* Hackerone submissions against #curl within the last seven days.
Zero of them turned out a confirmed vulnerability.
Several of them found, reported, phrased-in-far-too-many-words and mislead by stupid word completion machines.
If your company needs #curl support for OpenSSL 1.1 in 2026, just say so and we can have you covered in no time.
OpenSSL 1 support is dropped from the regular #curl releases but is available as a commercial offer.
make a photo realistic embroidered wall piece with the words "never expect two independent URL parsers to treat every URL identically"
okay, that failed
"again without repeating any words"
*ripping my eyes out*
This is not working. The number of #hackerone report submissions for #curl in 2025 is going through the roof, while the quality is going through the floor.
And the year isn't over yet.
If you've been wanting to speak securely to your garage door or whatever MQTTS capable devices you want to control with your #curl command lines, look no further:
(this is planned to merge in time for the March 2026 release)
Today, twenty-nine awesome years ago, httpget 0.2 shipped. Unfortunately, both the source and the changelog for this release have been lost in time (like tears in rain).
httpget was the precursor to what later would become #curl
The internet, and the web, was different in 1996.
Five years ago I started getting these emails about #curl from NASA. Months later we learned this probably was related to them using curl in the Mars Helicopter mission.
