An alert on the upcoming 7.51.0 release

From : Daniel Stenberg < : Daniel Stenberg < daniel_at_haxx.se





Hi friends,



In two weeks time, on Wednesday November 2nd, we will release curl and libcurl

7.51.0 unless something earth shattering happens.



This release will bundle no less than _eleven_ security advisories and their

associated fixes (unless we get more reported in the time we have left). Each

individual security issue will be documented in detail in their own advisories

as usual and sent out as separate emails and get documented on the curl web

site. Chances are big several of these affects your use of curl.



We have never before handled anywhere close to this many security problems in

a single release. We have notified both Apple and distros_at_openwall so the

major distributions should be aware of what's coming.



Merging eleven previously non-disclosed branches into master just before a

release is not ideal but done so to minimize the security impact on existing

users when the problems get known. My plan is to merge them all into master

and push around 48 hours before release, watch the autobuilds closesly, have a

few extra coverity scans done and then fix up what's found before the release.



I will also prepare to do a follow-up patch release within the following week

if we find serious enough problems in the shipped product.

