curl and libcurl 8.17.0

 Public curl releases:         271
 Command line options:         273
 curl_easy_setopt() options:   308
 Public functions in libcurl:  100
 Contributors:                 3519

This release includes the following changes:

 o build: drop Heimdal support [267]
 o build: drop the winbuild build system [81]
 o krb5: drop support for Kerberos FTP [43]
 o libssh2: up the minimum requirement to 1.9.0 [85]
 o multi: add notifications API [250]
 o progress: expand to use 6 characters per size [234]
 o ssl: support Apple SecTrust configurations [240]
 o tool_getparam: add --knownhosts [204]
 o vssh: drop support for wolfSSH [58]
 o wcurl: import v2025.09.27 [182]
 o write-out: make %header{} able to output *all* occurrences of a header [25]

This release includes the following bugfixes:

 o ares: fix leak in tracing [91]
 o asyn-ares: remove wrong comment about the callback argument [306]
 o asyn-ares: use the duped hostname pointer for all calls [158]
 o asyn-thrdd resolver: clear timeout when done [97]
 o asyn-thrdd: drop pthread_cancel [30]
 o autotools: add support for libgsasl auto-detection via pkg-config [112]
 o autotools: capitalize 'Rustls' in the log output [106]
 o autotools: fix duplicate `UNIX` and `BSD` flags in `buildinfo.txt` [113]
 o autotools: fix silly mistake in clang detection for `buildinfo.txt` [114]
 o autotools: make `--enable-code-coverage` support llvm/clang [79]
 o aws-lc: re-enable large read-ahead with v1.61.0 again [16]
 o base64: accept zero length argument to base64_encode [82]
 o build: address some `-Weverything` warnings, update picky warnings [74]
 o build: avoid overriding system `open` and `stat` symbols [141]
 o build: avoid overriding system symbols for fopen functions [150]
 o build: avoid overriding system symbols for socket functions [68]
 o build: show llvm/clang in platform flags and `buildinfo.txt` [126]
 o c-ares: when resolving failed, persist error [270]
 o cf-h2-proxy: break loop on edge case [140]
 o cf-ip-happy: mention unix domain path, not port number [161]
 o cf-socket: always check Curl_cf_socket_peek() return code [198]
 o cf-socket: check params and remove accept procondition [197]
 o cf-socket: set FD_CLOEXEC on all sockets opened [273]
 o cf-socket: tweak a memcpy() to read better [177]
 o cf-socket: use the right byte order for ports in bindlocal [61]
 o cfilter: unlink and discard [46]
 o checksrc: allow disabling warnings on FIXME/TODO comments [324]
 o checksrc: catch banned functions when preceded by `(` [146]
 o checksrc: fix possible endless loop when detecting `BANNEDFUNC` [149]
 o checksrc: fix possible endless loops/errors in the banned function logic [220]
 o checksrc: fix to handle `)` predecing a banned function [229]
 o checksrc: reduce directory-specific exceptions [228]
 o CI.md: refresh [280]
 o cmake/FindGSS: dedupe pkg-config module strings [277]
 o cmake/FindGSS: drop wrong header check for GNU GSS [278]
 o cmake/FindGSS: fix `pkg-config` fallback logic for CMake <3.16 [189]
 o cmake/FindGSS: simplify/de-dupe lib setup [253]
 o cmake/FindGSS: whitespace/formatting [268]
 o cmake: add `CURL_CODE_COVERAGE` option [78]
 o cmake: build the "all" examples source list dynamically [245]
 o cmake: clang detection tidy-ups [116]
 o cmake: drop exclamation in comment looking like a name [160]
 o cmake: fix building docs when the base directory contains `.3` [18]
 o cmake: minor Heimdal flavour detection fix [269]
 o cmake: pre-fill three more type sizes on Windows [244]
 o cmake: support building some complicated examples, build them in CI [235]
 o cmake: use modern alternatives for `get_filename_component()` [102]
 o cmake: use more `COMPILER_OPTIONS`, `LINK_OPTIONS` / `LINK_FLAGS` [152]
 o cmdline-docs: extended, clarified, refreshed [28]
 o cmdline-opts/_PROGRESS.md: explain the suffixes [154]
 o configure: add "-mt" for pthread support on HP-UX [52]
 o conn: fix hostname move on connection reuse [272]
 o connect: remove redundant condition in shutdown start [289]
 o cookie: avoid saving a cookie file if no transfer was done [11]
 o cpool: make bundle->dest an array; fix UB [218]
 o curl_easy_getinfo: error code on NULL arg [2]
 o curl_mem_undef.h: limit to `CURLDEBUG` for non-memalloc overrides [19]
 o curl_osslq: error out properly if BIO_ADDR_rawmake() fails [184]
 o Curl_resolv: fix comment. 'entry' argument is not optional [187]
 o curl_slist_append.md: clarify that a NULL pointer is not acceptable [72]
 o curl_threads: delete WinCE fallback branch [233]
 o CURLINFO_FTP_ENTRY_PATH.md: this is for SFTP as well [8]
 o CURLOPT_COOKIEFILE.md: clarify when the cookies are loaded [159]
 o CURLOPT_HEADER/WRITEFUNCTION.md: drop '* size' since size is always 1 [63]
 o CURLOPT_MAXLIFETIME_CONN: make default 24 hours [10]
 o CURLOPT_SSL_VERIFYHOST.md: add see-also to two other VERIFYHOST options [32]
 o CURLOPT_TIMECONDITION.md: works for FILE and FTP as well [27]
 o digest_sspi: fix two memory leaks in error branches [77]
 o dist: do not distribute `CI.md` [29]
 o docs/cmdline-opts: drop double quotes from GLOBBING and URL examples [238]
 o docs/libcurl: clarify some timeout option behavior [15]
 o docs/libcurl: remove ancient version references [7]
 o docs/libcurl: use lowercase must [5]
 o docs: expand on quoting rules for file names in SFTP quote [300]
 o docs: fix/tidy code fences [87]
 o doswin: CloseHandle the thread on shutdown [307]
 o easy_getinfo: check magic, Curl_close safety [3]
 o examples/sessioninfo: cast printf string mask length to int [232]
 o examples/sessioninfo: do not disable security [255]
 o examples/synctime: fix null termination assumptions [297]
 o examples/synctime: make the sscanf not overflow the local buffer [252]
 o examples/usercertinmem: avoid stripping const [247]
 o examples: call `curl_global_cleanup()` where missing [323]
 o examples: check more errors, fix cleanups, scope variables [318]
 o examples: drop unused `curl/mprintf.h` includes [224]
 o examples: fix build issues in 'complicated' examples [243]
 o examples: fix two build issues surfaced with WinCE [223]
 o examples: fix two issues found by CodeQL [35]
 o examples: fix two more cases of `stat()` TOCTOU [147]
 o examples: improve global init, error checks and returning errors [321]
 o examples: return `curl_easy_perform()` results [322]
 o form.md: drop reference to MANUAL [178]
 o ftp: add extra buffer length check [195]
 o ftp: fix ftp_do_more returning with *completep unset [122]
 o ftp: fix port number range loop for PORT commands [66]
 o ftp: fix the 213 scanner memchr buffer limit argument [196]
 o ftp: improve fragile check for first digit > 3 [194]
 o ftp: remove misleading comments [193]
 o ftp: replace strstr() in ;type= handling [313]
 o ftp: simplify the 150/126 size scanner [288]
 o gnutls: check conversion of peer cert chain [275]
 o gtls: avoid potential use of uninitialized variable in trace output [83]
 o hostip: don't store negative resolves due unrelated errors [256]
 o hostip: remove leftover INT_MAX check in Curl_dnscache_prune [88]
 o http2: check push header names by length first [261]
 o http2: cleanup pushed newhandle on fail [260]
 o http2: ingress handling edge cases [259]
 o http: handle user-defined connection headers [165]
 o http: look for trailing 'type=' in ftp:// without strstr [315]
 o http: make Content-Length parser more WHATWG [183]
 o httpsrr: free old pointers when storing new [57]
 o INSTALL-CMAKE.md: document useful build targets [215]
 o INTERNALS: drop Winsock 2.2 from the dependency list [162]
 o ip-happy: do not set unnecessary timeout [95]
 o ip-happy: prevent event-based stall on retry [155]
 o kerberos: bump minimum to 1.3 (2003-07-08), drop legacy logic [279]
 o kerberos: drop logic for MIT Kerberos <1.2.3 (pre-2002) versions [285]
 o kerberos: stop including `gssapi/gssapi_generic.h` [282]
 o krb5: return appropriate error on send failures [22]
 o krb5_gssapi: fix memory leak on error path [190]
 o krb5_sspi: the chlg argument is NOT optional [200]
 o ldap: avoid null ptr deref on failure [284]
 o ldap: do not base64 encode zero length string [42]
 o ldap: tidy-up types, fix error code confusion [191]
 o lib1514: fix return code mixup [304]
 o lib: drop unused include and duplicate guards [226]
 o lib: fix build error and compiler warnings with verbose strings disabled [173]
 o lib: remove personal names from comments [168]
 o lib: SSL connection reuse [301]
 o lib: stop NULL-checking conn->passwd and ->user [309]
 o lib: upgrade/multiplex handling [136]
 o libcurl-multi.md: added curl_multi_get_offt mention [53]
 o libcurl-security.md: mention long-running connections [6]
 o libssh/libssh2: reject quote command lines with too much data [299]
 o libssh/sftp: fix resume corruption by avoiding O_APPEND with rresume [263]
 o libssh2/sftp: fix resume corruption by avoiding O_APPEND with rresume [262]
 o libssh2/sftp_realpath: change state consistently [185]
 o libssh2: avoid risking using an uninitialized local struct field [209]
 o libssh2: bail out on chgrp and chown number parsing errors [202]
 o libssh2: clarify that sshp->path is always at least one byte [201]
 o libssh2: drop two redundant null-terminations [26]
 o libssh2: error check and null-terminate in ssh_state_sftp_readdir_link() [34]
 o libssh2: fix EAGAIN return in ssh_state_auth_agent [290]
 o libssh2: fix return code for EAGAIN [186]
 o libssh2: use sockindex consistently [302]
 o libssh: acknowledge SSH_AGAIN in the SFTP state machine [89]
 o libssh: catch a resume point larger than the size [281]
 o libssh: clarify myssh_block2waitfor [92]
 o libssh: drop two unused assignments [104]
 o libssh: error on bad chgrp number [71]
 o libssh: error on bad chown number and store the value [64]
 o libssh: fix range parsing error handling mistake [120]
 o libssh: make atime and mtime cap the timestamp instead of wrap [283]
 o libssh: react on errors from ssh_scp_read [24]
 o libssh: return out of memory correctly if aprintf fails [60]
 o Makefile.example: fix option order [231]
 o Makefile.example: simplify and make it configurable [20]
 o managen: ignore version mentions < 7.66.0 [55]
 o managen: render better manpage references/links [54]
 o managen: strict protocol check [109]
 o managen: verify the options used in example lines [181]
 o mbedtls: check result of setting ALPN [127]
 o mbedtls: handle WANT_WRITE from mbedtls_ssl_read() [145]
 o mdlinkcheck: reject URLs containing quotes [174]
 o memdup0: handle edge case [241]
 o multi.h: add CURLMINFO_LASTENTRY [51]
 o multi_ev: remove unnecessary data check that confuses analysers [167]
 o nghttp3: return NGHTTP3_ERR_CALLBACK_FAILURE from recv_header [227]
 o ngtcp2: check error code on connect failure [13]
 o ngtcp2: close just-opened QUIC stream when submit_request fails [222]
 o ngtcp2: compare idle timeout in ms to avoid overflow [248]
 o ngtcp2: fix early return [131]
 o ngtcp2: fix handling of blocked stream data [236]
 o ngtcp2: fix returns when TLS verify failed [251]
 o noproxy: fix the IPV6 network mask pattern match [166]
 o openldap: avoid indexing the result at -1 for blank responses [44]
 o openldap: check ber_sockbuf_add_io() return code [163]
 o openldap: check ldap_get_option() return codes [119]
 o openldap: fix memory-leak in error path [287]
 o openldap: fix memory-leak on oldap_do's exit path [286]
 o openssl-quic: check results better [132]
 o openssl-quic: handle error in SSL_get_stream_read_error_code [129]
 o openssl-quic: ignore unexpected streams opened by server [176]
 o openssl: call SSL_get_error() with proper error [207]
 o openssl: clear retry flag on x509 error [130]
 o openssl: fail the transfer if ossl_certchain() fails [23]
 o openssl: fix build for v1.0.2 [225]
 o openssl: fix peer certificate leak in channel binding [258]
 o openssl: make the asn1_object_dump name null terminated [56]
 o openssl: set io_need always [99]
 o openssl: skip session resumption when verifystatus is set [230]
 o os400: document threads handling in code. [254]
 o OS400: fix a use-after-free/double-free case [142]
 o osslq: set idle timeout to 0 [237]
 o pingpong: remove two old leftover debug infof() calls
 o pop3: function could get the ->transfer field wrong [292]
 o pytest: skip specific tests for no-verbose builds [171]
 o quic: fix min TLS version handling [14]
 o quic: ignore EMSGSIZE on receive [4]
 o quic: remove data_idle handling [311]
 o quiche: fix possible leaks on teardown [205]
 o quiche: fix verbose message when ip quadruple cannot be obtained. [128]
 o quiche: handle tls fail correctly [266]
 o quiche: when ingress processing fails, return that error code [103]
 o runtests: tag tests that require curl verbose strings [172]
 o rustls: fix clang-tidy warning [107]
 o rustls: fix comment describing cr_recv() [117]
 o rustls: pass the correct result to rustls_failf [242]
 o rustls: typecast variable for safer trace output [69]
 o rustls: use %zu for size_t in failf() format string [121]
 o sasl: clear canceled mechanism instead of toggling it [41]
 o schannel: assign result before using it [62]
 o schannel_verify: fix mem-leak in Curl_verify_host [208]
 o schannel_verify: use more human friendly error messages [96]
 o setopt: accept *_SSL_VERIFYHOST set to 2L [31]
 o setopt: allow CURLOPT_DNS_CACHE_TIMEOUT set to -1 [257]
 o setopt: make CURLOPT_MAXREDIRS accept -1 (again) [1]
 o smb: adjust buffer size checks [45]
 o smb: transfer debugassert to real check [303]
 o smtp: check EHLO responses case insensitively [50]
 o socks: advance iobuf instead of reset [276]
 o socks: deny server basic-auth if not configured [264]
 o socks: handle error in verbose trace gracefully [94]
 o socks: handle premature close [246]
 o socks: make Curl_blockread_all return CURLcode [67]
 o socks: rewwork, cleaning up socks state handling [135]
 o socks_gssapi: make the gss_context a local variable [144]
 o socks_gssapi: reject too long tokens [90]
 o socks_gssapi: remove superfluous releases of the gss_recv_token [139]
 o socks_gssapi: remove the forced "no protection" [143]
 o socks_sspi: bail out on too long fields [137]
 o socks_sspi: fix memory cleanup calls [40]
 o socks_sspi: remove the enforced mode clearing [291]
 o socks_sspi: restore non-blocking socket on error paths [48]
 o socksd: remove --bindonly mention, there is no such option [305]
 o ssl-sessions.md: mark option experimental [12]
 o strerror: drop workaround for SalfordC win32 header bug [214]
 o sws: fix checking `sscanf()` return value [17]
 o sws: pass in socket reference to allow function to close it [298]
 o tcp-nodelay.md: expand the documentation [153]
 o telnet: ignore empty suboptions [86]
 o telnet: make bad_option() consider NULL a bad option too [192]
 o telnet: make printsub require another byte input [21]
 o telnet: print DISPlay LOCation in printsub without mutating buffer [216]
 o telnet: refuse IAC codes in content [111]
 o telnet: return error if WSAEventSelect fails [180]
 o telnet: return error on crazy TTYPE or XDISPLOC lengths [123]
 o telnet: send failure logged but not returned [175]
 o telnet: use pointer[0] for "unknown" option instead of pointer[i] [217]
 o tests/server: drop pointless memory allocation overrides [219]
 o tests/server: drop unsafe `open()` override in signal handler (Windows) [151]
 o tftp: check and act on tftp_set_timeouts() returning error [38]
 o tftp: check for trailing ";mode=" in URL without strstr [312]
 o tftp: default timeout per block is now 15 seconds [156]
 o tftp: error requests for blank filenames [296]
 o tftp: handle tftp_multi_statemach() return code [65]
 o tftp: pin the first used address [110]
 o tftp: propagate expired timer from tftp_state_timeout() [39]
 o tftp: return error if it hits an illegal state [138]
 o tftp: return error when sendto() fails [59]
 o thread: errno on thread creation [271]
 o tidy-up: `fcntl.h` includes [98]
 o tidy-up: assortment of small fixes [115]
 o tidy-up: avoid using the reserved macro namespace [76]
 o tidy-up: update MS links, allow long URLs via `checksrc` [73]
 o tidy-up: URLs [101]
 o time-cond.md: refer to the singular curl_getdate man page [148]
 o TODO: fix a typo [93]
 o TODO: remove already implemented or bad items [36]
 o tool: fix exponential retry delay [47]
 o tool_cb_hdr: fix fwrite check in header callback [49]
 o tool_cb_hdr: size is always 1 [70]
 o tool_doswin: fix to use curl socket functions [108]
 o tool_filetime: replace cast with the fitting printf mask (Windows) [212]
 o tool_getparam/set_rate: skip the multiplication on overflow [84]
 o tool_getparam: always disable "lib-ids" for tracing [169]
 o tool_getparam: make --fail and --fail-with-body override each other [293]
 o tool_getparam: warn if provided header looks malformed [179]
 o tool_msgs: make errorf() show if --show-error [294]
 o tool_operate: improve wording in retry message [37]
 o tool_operate: keep failed partial download for retry auto-resume [210]
 o tool_operate: keep the progress meter for --out-null [33]
 o tool_operate: retry on HTTP response codes 522 and 524 [317]
 o tool_progress: handle possible integer overflows [164]
 o tool_progress: make max5data() use an algorithm [170]
 o transfer: avoid busy loop with tiny speed limit [100]
 o transfer: reset retry count on each request [310]
 o unit1323: sync time types and printf masks, drop casts [211]
 o unit1664: drop casts, expand masks to full values [221]
 o url: make Curl_init_userdefined return void [213]
 o urldata: FILE is not a list-only protocol [9]
 o urldata: make 'retrycount' a single byte [308]
 o urldata: make redirect counter 16 bit [295]
 o vauth/digest: improve the digest parser [203]
 o vquic: fix idle-timeout checks (ms<-->ns), 64-bit log & honor 0=no-timeout [249]
 o vquic: handling of io improvements [239]
 o vquic: sending non-gso packets fix for EAGAIN [265]
 o vtls: alpn setting, check proto parameter [134]
 o vtls_int.h: clarify data_pending [124]
 o vtls_scache: fix race condition [157]
 o windows: replace `_beginthreadex()` with `CreateThread()` [80]
 o windows: stop passing unused, optional argument for Win9x compatibility [75]
 o windows: use consistent format when showing error codes [199]
 o windows: use native error code types more [206]
 o wolfssl: check BIO read parameters [133]
 o wolfssl: fix error check in shutdown [105]
 o wolfssl: no double get_error() detail [188]
 o ws: clarify an error message [125]
 o ws: fix some edge cases [274]
 o ws: fix type conversion check [316]
 o ws: reject curl_ws_recv called with NULL buffer with a buflen [118]

This release includes the following known bugs:

 See https://curl.se/docs/knownbugs.html

For all changes ever done in curl:

 See https://curl.se/changes.html

Planned upcoming removals include:

 o Builds using VS2008
 o OpenSSL 1.x support
 o OpenSSL-QUIC
 o Support for c-ares versions before 1.16.0
 o Support for Windows XP/2003
 o Windows CE support

 See https://curl.se/dev/deprecate.html

This release would not have looked like this without help, code, reports and
advice from friends like these:

  Adam Light, Alice Lee Poetics, Andrei Kurushin, Andrew Kirillov,
  Andrew Olsen, BobodevMm on github, Christian Schmitz, Dan Fandrich,
  Daniel Stenberg, Daniel Terhorst-North, dependabot[bot],
  divinity76 on github, Emilio Pozuelo Monfort, Emre Çalışkan, Ethan Everett,
  Evgeny Grin (Karlson2k), fds242 on github, Harry Sintonen, Howard Chu,
  Ignat Loskutov, Javier Blazquez, Jicea, jmaggard10 on github,
  Johannes Schindelin, Joseph Birr-Pixton, Joshua Rogers, kapsiR on github,
  kuchara on github, Marcel Raad, Michael Osipov, Michał Petryka,
  Mitchell Blank Jr, Mohamed Daahir, Nir Azkiel, Patrick Monnerat,
  plv1313 on github, Pocs Norbert, Ray Satiro, renovate[bot],
  rinsuki on github, Sakthi SK, Samuel Dionne-Riel, Samuel Henrique,
  Stanislav Fort, Stefan Eissing, tkzv on github, Viktor Szakats
  (47 contributors)

References to bug reports and discussions on issues:

 [1] = https://curl.se/bug/?i=18571
 [2] = https://curl.se/bug/?i=18512
 [3] = https://curl.se/bug/?i=18511
 [4] = https://curl.se/bug/?i=18505
 [5] = https://curl.se/bug/?i=18570
 [6] = https://curl.se/bug/?i=18533
 [7] = https://curl.se/bug/?i=18530
 [8] = https://curl.se/bug/?i=18531
 [9] = https://curl.se/bug/?i=18525
 [10] = https://curl.se/bug/?i=18527
 [11] = https://curl.se/bug/?i=18621
 [12] = https://curl.se/bug/?i=18523
 [13] = https://curl.se/bug/?i=18521
 [14] = https://curl.se/bug/?i=18518
 [15] = https://curl.se/bug/?i=18569
 [16] = https://curl.se/bug/?i=18568
 [17] = https://curl.se/bug/?i=18565
 [18] = https://curl.se/bug/?i=18560
 [19] = https://curl.se/bug/?i=18510
 [20] = https://curl.se/bug/?i=18554
 [21] = https://curl.se/bug/?i=18618
 [22] = https://curl.se/bug/?i=18561
 [23] = https://curl.se/bug/?i=18646
 [24] = https://curl.se/bug/?i=18616
 [25] = https://curl.se/bug/?i=18491
 [26] = https://curl.se/bug/?i=18606
 [27] = https://curl.se/bug/?i=18551
 [28] = https://curl.se/bug/?i=18550
 [29] = https://curl.se/bug/?i=18549
 [30] = https://curl.se/bug/?i=18532
 [31] = https://curl.se/mail/lib-2025-09/0031.html
 [32] = https://curl.se/bug/?i=18548
 [33] = https://curl.se/bug/?i=18607
 [34] = https://curl.se/bug/?i=18598
 [35] = https://curl.se/bug/?i=18605
 [36] = https://curl.se/bug/?i=18542
 [37] = https://curl.se/bug/?i=18604
 [38] = https://curl.se/bug/?i=18603
 [39] = https://curl.se/bug/?i=18574
 [40] = https://curl.se/bug/?i=18587
 [41] = https://curl.se/bug/?i=18573
 [42] = https://curl.se/bug/?i=18602
 [43] = https://curl.se/bug/?i=18577
 [44] = https://curl.se/bug/?i=18600
 [45] = https://curl.se/bug/?i=18599
 [46] = https://curl.se/bug/?i=18596
 [47] = https://curl.se/bug/?i=18591
 [48] = https://curl.se/bug/?i=18592
 [49] = https://curl.se/bug/?i=18593
 [50] = https://curl.se/bug/?i=18588
 [51] = https://curl.se/bug/?i=18578
 [52] = https://curl.se/bug/?i=18585
 [53] = https://curl.se/bug/?i=18579
 [54] = https://curl.se/bug/?i=18580
 [55] = https://curl.se/bug/?i=18583
 [56] = https://curl.se/bug/?i=18647
 [57] = https://curl.se/bug/?i=18631
 [58] = https://curl.se/bug/?i=18700
 [59] = https://curl.se/bug/?i=18643
 [60] = https://curl.se/bug/?i=18637
 [61] = https://curl.se/bug/?i=18641
 [62] = https://curl.se/bug/?i=18642
 [63] = https://curl.se/bug/?i=18640
 [64] = https://curl.se/bug/?i=18639
 [65] = https://curl.se/bug/?i=18638
 [66] = https://curl.se/bug/?i=18636
 [67] = https://curl.se/bug/?i=18635
 [68] = https://curl.se/bug/?i=18503
 [69] = https://curl.se/bug/?i=18628
 [70] = https://curl.se/bug/?i=18630
 [71] = https://curl.se/bug/?i=18629
 [72] = https://curl.se/bug/?i=18627
 [73] = https://curl.se/bug/?i=18626
 [74] = https://curl.se/bug/?i=18477
 [75] = https://curl.se/bug/?i=18490
 [76] = https://curl.se/bug/?i=18482
 [77] = https://curl.se/bug/?i=18488
 [78] = https://curl.se/bug/?i=18468
 [79] = https://curl.se/bug/?i=18473
 [80] = https://curl.se/bug/?i=18451
 [81] = https://curl.se/bug/?i=18040
 [82] = https://curl.se/bug/?i=18617
 [83] = https://curl.se/bug/?i=18620
 [84] = https://curl.se/bug/?i=18624
 [85] = https://curl.se/bug/?i=18612
 [86] = https://curl.se/bug/?i=18899
 [87] = https://curl.se/bug/?i=18707
 [88] = https://curl.se/bug/?i=18680
 [89] = https://curl.se/bug/?i=18740
 [90] = https://curl.se/bug/?i=18681
 [91] = https://curl.se/bug/?i=18251
 [92] = https://curl.se/bug/?i=18739
 [93] = https://curl.se/bug/?i=18788
 [94] = https://curl.se/bug/?i=18722
 [95] = https://curl.se/bug/?i=18767
 [96] = https://curl.se/bug/?i=18737
 [97] = https://curl.se/bug/?i=18769
 [98] = https://curl.se/bug/?i=18782
 [99] = https://curl.se/bug/?i=18733
 [100] = https://curl.se/bug/?i=18732
 [101] = https://curl.se/bug/?i=18689
 [102] = https://curl.se/bug/?i=18688
 [103] = https://curl.se/bug/?i=18730
 [104] = https://curl.se/bug/?i=18684
 [105] = https://curl.se/bug/?i=18729
 [106] = https://curl.se/bug/?i=18671
 [107] = https://curl.se/bug/?i=18670
 [108] = https://curl.se/bug/?i=18633
 [109] = https://curl.se/bug/?i=18675
 [110] = https://curl.se/bug/?i=18658
 [111] = https://curl.se/bug/?i=18657
 [112] = https://curl.se/bug/?i=18669
 [113] = https://curl.se/bug/?i=18667
 [114] = https://curl.se/bug/?i=18666
 [115] = https://curl.se/bug/?i=18664
 [116] = https://curl.se/bug/?i=18659
 [117] = https://curl.se/bug/?i=18728
 [118] = https://curl.se/bug/?i=18656
 [119] = https://curl.se/bug/?i=18653
 [120] = https://curl.se/bug/?i=18652
 [121] = https://curl.se/bug/?i=18651
 [122] = https://curl.se/bug/?i=18650
 [123] = https://curl.se/bug/?i=18648
 [124] = https://curl.se/bug/?i=18644
 [125] = https://curl.se/bug/?i=18654
 [126] = https://curl.se/bug/?i=18645
 [127] = https://curl.se/bug/?i=18727
 [128] = https://curl.se/bug/?i=18726
 [129] = https://curl.se/bug/?i=18725
 [130] = https://curl.se/bug/?i=18724
 [131] = https://curl.se/bug/?i=18723
 [132] = https://curl.se/bug/?i=18720
 [133] = https://curl.se/bug/?i=18718
 [134] = https://curl.se/bug/?i=18717
 [135] = https://curl.se/bug/?i=18401
 [136] = https://curl.se/bug/?i=18227
 [137] = https://curl.se/bug/?i=18719
 [138] = https://curl.se/bug/?i=18894
 [139] = https://curl.se/bug/?i=18714
 [140] = https://curl.se/bug/?i=18715
 [141] = https://curl.se/bug/?i=18776
 [142] = https://curl.se/bug/?i=18713
 [143] = https://curl.se/bug/?i=18712
 [144] = https://curl.se/bug/?i=18711
 [145] = https://curl.se/bug/?i=18682
 [146] = https://curl.se/bug/?i=18779
 [147] = https://curl.se/bug/?i=18778
 [148] = https://curl.se/bug/?i=18816
 [149] = https://curl.se/bug/?i=18775
 [150] = https://curl.se/bug/?i=18510
 [151] = https://curl.se/bug/?i=18774
 [152] = https://curl.se/bug/?i=18762
 [153] = https://curl.se/bug/?i=18811
 [154] = https://curl.se/bug/?i=18817
 [155] = https://curl.se/bug/?i=18815
 [156] = https://curl.se/bug/?i=18893
 [157] = https://curl.se/bug/?i=18806
 [158] = https://curl.se/bug/?i=18980
 [159] = https://curl.se/bug/?i=18924
 [160] = https://curl.se/bug/?i=18810
 [161] = https://curl.se/bug/?i=18749
 [162] = https://curl.se/bug/?i=18808
 [163] = https://curl.se/bug/?i=18747
 [164] = https://curl.se/bug/?i=18744
 [165] = https://curl.se/bug/?i=18662
 [166] = https://curl.se/bug/?i=18891
 [167] = https://curl.se/bug/?i=18804
 [168] = https://curl.se/bug/?i=18803
 [169] = https://curl.se/bug/?i=18805
 [170] = https://curl.se/bug/?i=18807
 [171] = https://curl.se/bug/?i=18801
 [172] = https://curl.se/bug/?i=18800
 [173] = https://curl.se/bug/?i=18799
 [174] = https://curl.se/bug/?i=18889
 [175] = https://curl.se/bug/?i=18887
 [176] = https://curl.se/bug/?i=18780
 [177] = https://curl.se/bug/?i=18787
 [178] = https://curl.se/bug/?i=18790
 [179] = https://curl.se/bug/?i=18793
 [180] = https://curl.se/bug/?i=18886
 [181] = https://curl.se/bug/?i=18884
 [182] = https://curl.se/bug/?i=18754
 [183] = https://curl.se/bug/?i=18921
 [184] = https://curl.se/bug/?i=18878
 [185] = https://curl.se/bug/?i=18875
 [186] = https://curl.se/bug/?i=18874
 [187] = https://curl.se/bug/?i=18979
 [188] = https://curl.se/bug/?i=18940
 [189] = https://curl.se/bug/?i=18932
 [190] = https://curl.se/bug/?i=18976
 [191] = https://curl.se/bug/?i=18888
 [192] = https://curl.se/bug/?i=18873
 [193] = https://curl.se/bug/?i=18871
 [194] = https://curl.se/bug/?i=18870
 [195] = https://curl.se/bug/?i=18869
 [196] = https://curl.se/bug/?i=18867
 [197] = https://curl.se/bug/?i=18882
 [198] = https://curl.se/bug/?i=18862
 [199] = https://curl.se/bug/?i=18877
 [200] = https://curl.se/bug/?i=18865
 [201] = https://curl.se/bug/?i=18864
 [202] = https://curl.se/bug/?i=18863
 [203] = https://curl.se/bug/?i=18975
 [204] = https://curl.se/bug/?i=18859
 [205] = https://curl.se/bug/?i=18880
 [206] = https://curl.se/bug/?i=18868
 [207] = https://curl.se/bug/?i=18872
 [208] = https://curl.se/bug/?i=18972
 [209] = https://curl.se/bug/?i=19043
 [210] = https://curl.se/bug/?i=18035
 [211] = https://curl.se/bug/?i=18860
 [212] = https://curl.se/bug/?i=18858
 [213] = https://curl.se/bug/?i=18855
 [214] = https://curl.se/bug/?i=18857
 [215] = https://curl.se/bug/?i=18927
 [216] = https://curl.se/bug/?i=18852
 [217] = https://curl.se/bug/?i=18851
 [218] = https://curl.se/bug/?i=18850
 [219] = https://curl.se/bug/?i=18922
 [220] = https://curl.se/bug/?i=18845
 [221] = https://curl.se/bug/?i=18838
 [222] = https://curl.se/bug/?i=18904
 [223] = https://curl.se/bug/?i=18843
 [224] = https://curl.se/bug/?i=18842
 [225] = https://curl.se/bug/?i=18841
 [226] = https://curl.se/bug/?i=18839
 [227] = https://curl.se/bug/?i=18904
 [228] = https://curl.se/bug/?i=18823
 [229] = https://curl.se/bug/?i=18836
 [230] = https://curl.se/bug/?i=18902
 [231] = https://curl.se/bug/?i=18835
 [232] = https://curl.se/bug/?i=18918
 [233] = https://curl.se/bug/?i=19015
 [234] = https://curl.se/bug/?i=18828
 [235] = https://curl.se/bug/?i=18909
 [236] = https://curl.se/bug/?i=18905
 [237] = https://curl.se/bug/?i=18907
 [238] = https://curl.se/bug/?i=18829
 [239] = https://curl.se/bug/?i=18812
 [240] = https://curl.se/bug/?i=18703
 [241] = https://curl.se/bug/?i=18966
 [242] = https://curl.se/bug/?i=18961
 [243] = https://curl.se/bug/?i=18914
 [244] = https://curl.se/bug/?i=19013
 [245] = https://curl.se/bug/?i=18911
 [246] = https://curl.se/bug/?i=18883
 [247] = https://curl.se/bug/?i=18908
 [248] = https://curl.se/bug/?i=18903
 [249] = https://curl.se/bug/?i=18903
 [250] = https://curl.se/bug/?i=18432
 [251] = https://curl.se/bug/?i=18881
 [252] = https://curl.se/bug/?i=18890
 [253] = https://curl.se/bug/?i=19012
 [254] = https://curl.se/bug/?i=18967
 [255] = https://curl.se/bug/?i=18969
 [256] = https://curl.se/bug/?i=18953
 [257] = https://curl.se/bug/?i=18959
 [258] = https://hackerone.com/reports/3373640
 [259] = https://curl.se/bug/?i=18933
 [260] = https://curl.se/bug/?i=18931
 [261] = https://curl.se/bug/?i=18930
 [262] = https://curl.se/bug/?i=18952
 [263] = https://curl.se/bug/?i=18952
 [264] = https://curl.se/bug/?i=18937
 [265] = https://curl.se/bug/?i=18936
 [266] = https://curl.se/bug/?i=18934
 [267] = https://curl.se/bug/?i=18928
 [268] = https://curl.se/bug/?i=18957
 [269] = https://curl.se/bug/?i=18951
 [270] = https://curl.se/bug/?i=18999
 [271] = https://curl.se/bug/?i=18998
 [272] = https://curl.se/bug/?i=18995
 [273] = https://curl.se/bug/?i=18968
 [274] = https://curl.se/bug/?i=18965
 [275] = https://curl.se/bug/?i=18964
 [276] = https://curl.se/bug/?i=18938
 [277] = https://curl.se/bug/?i=18994
 [278] = https://curl.se/bug/?i=18993
 [279] = https://curl.se/bug/?i=18992
 [280] = https://curl.se/bug/?i=18973
 [281] = https://curl.se/bug/?i=19044
 [282] = https://curl.se/bug/?i=18990
 [283] = https://curl.se/bug/?i=18989
 [284] = https://curl.se/bug/?i=18988
 [285] = https://curl.se/bug/?i=18978
 [286] = https://curl.se/bug/?i=18986
 [287] = https://curl.se/bug/?i=18985
 [288] = https://curl.se/bug/?i=18984
 [289] = https://curl.se/bug/?i=19079
 [290] = https://curl.se/bug/?i=19042
 [291] = https://curl.se/bug/?i=19040
 [292] = https://curl.se/bug/?i=19039
 [293] = https://curl.se/bug/?i=19029
 [294] = https://curl.se/bug/?i=19035
 [295] = https://curl.se/bug/?i=19072
 [296] = https://curl.se/bug/?i=19033
 [297] = https://curl.se/bug/?i=19032
 [298] = https://curl.se/bug/?i=19031
 [299] = https://curl.se/bug/?i=19030
 [300] = https://curl.se/bug/?i=19025
 [301] = https://curl.se/bug/?i=19006
 [302] = https://curl.se/bug/?i=19004
 [303] = https://curl.se/bug/?i=19003
 [304] = https://curl.se/bug/?i=19027
 [305] = https://curl.se/bug/?i=19026
 [306] = https://curl.se/bug/?i=19014
 [307] = https://curl.se/bug/?i=18996
 [308] = https://curl.se/bug/?i=19071
 [309] = https://curl.se/bug/?i=19059
 [310] = https://curl.se/bug/?i=18926
 [311] = https://curl.se/bug/?i=19060
 [312] = https://curl.se/bug/?i=19070
 [313] = https://curl.se/bug/?i=19069
 [315] = https://curl.se/bug/?i=19065
 [316] = https://curl.se/bug/?i=19017
 [317] = https://curl.se/bug/?i=16143
 [318] = https://curl.se/bug/?i=19055
 [321] = https://curl.se/bug/?i=19053
 [322] = https://curl.se/bug/?i=19052
 [323] = https://curl.se/bug/?i=19051
 [324] = https://curl.se/bug/?i=19048