daniel.haxx.se

daniel.haxx.se

Daniel Stenberg

I’m Daniel Stenberg, an internet protocol geek and developer of network related open source projects. I live and work in Sweden. daniel.haxx.se is my site and I post what I feel like.

Latest Posts

Over the years, we have received, read and handled way over one thousand vulnerability reports filed against curl. We have seen most kinds. It is time for me to try to help future reporters by providing a short guide on how to submit a...
One of my favorite visuals for known vulnerabilities in curl is the mountain. It shows how many currently known vulnerabilities were present in the code through-out curl’s history. In the end of June 2026 it looks like this: Over time we...
Trailing dots after hostnames in URLs remain my worst enemies. I wrote about several problems with them in the past that involved those nasty things. They are still painful. When we shipped curl 8.21.0 on June 24 2026 we fixed at least...
A few years years ago the curl project signed up and became a CNA. This means that we are masters of and can allocate our own CVE identifiers. For any security problems within our territory, it is we who decides if the issue should get a...
Release presentation At 09:00 UTC (11:00 CEST) today I will do a traditional live-streamed release presentation of this release over on my Twitch channel. Numbers the 275th release6 changes56 days (total: 10,817)276 bugfixes (total:...
RFC 10008 is brand new a specification detailing the new HTTP method called QUERY: This specification defines the QUERY method for HTTP. A QUERY requests that the request target process the enclosed content in a safe and idempotent...
The curl project will not accept or otherwise handle any vulnerability reports during the month of July 2026. We call it the curl summer of bliss. curl’s submission form on Hackerone will be paused starting July 1, 2026. Summer of bliss...
There seems to be a fair amount of people in either extremes in the current AI landscape. At one side we see the “vibe coders” who use agents and allow them to merge code without any person even looking at the source, while on the other...
Getting curl developers and related enthusiasts into a single room to hang out in the real world for a whole weekend once a year is awesome. We find inspiration, we share experiences, we learn from each other and we dream and plan of...
I’m doing Open Source primarily because I love it. The social aspects, the for-the-good angle and for the challenge of engineering this to work for everyone. I also do it because it is my full-time job and getting food on the table and...
One of the established power features of the curl command line tool is its support for “globbing”. It is a built-in way to specify ranges and sets in different ways and have curl iterate over them to simplify repeated transfers. For...
yes, as in singular one. Back in April 2026 Anthropic caused a lot of media noise when they concluded that their new AI model Mythos is dangerously good at finding security flaws in source code. Apparently Mythos was so good at this that...
In this era of powerful tools to find software bugs, we now see tools find a lot of problems at a high speed. This causes problems for developers, as dealing with the growing list of issues is hard. It may take a longer time to address...
The picture was taken by mr Nasser and shared on social media In appendix A of the book Root cause: Stories and lessons from two decades of Backend Engineering Bugs, author Hussein Nasser has these wonderful words to say about me: Daniel...
You always find the new curl releases on the curl site! Release presentation At 10:00 CEST (08:00 UTC) I will do my transitional live-streamed video presentation of curl 8.20.0 on my twitch channel. Numbers the 274th release8 changes49...
Search Random