--- /dev/null
+- All the quote options (CURLOPT_QUOTE, CURLOPT_POSTQUOTE and\r
+ CURLOPT_PREQUOTE) now accept a preceeding asterisk before the command to\r
+ send when using FTP, as a sign that libcurl shall simply ignore the response\r
+ from the server instead of treating it as an error. Not treating a 400+ FTP\r
+ response code as an error means that failed commands will not abort the\r
+ chain of commands, nor will they cause the connection to get disconnected.\r
+\r
+SOLO DOCS\r
+\r
+- Added CURLOPT_SSH_KNOWNHOSTS, CURLOPT_SSH_KEYFUNCTION, CURLOPT_SSH_KEYDATA.\r
+ They introduce known_host support for SSH keys to libcurl. See docs for\r
+ details. Note that this feature depends on a new enough libssh2 version, to\r
+ be supported in libssh2 1.2 and later (or current git repo at this time).\r
+\r
+HECHO\r
+\r
+- David Kierznowski notified us about a security flaw\r
+ (http://curl.haxx.se/docs/adv_20090303.html also known as CVE-2009-0037) in\r
+ which previous libcurl versions (by design) can be tricked to access an\r
+ arbitrary local/different file instead of a remote one when\r
+ CURLOPT_FOLLOWLOCATION is enabled. This flaw is now fixed in this release\r
+ together this the addition of two new setopt options for controlling this\r
+ new behavior:\r
+\r
+ o CURLOPT_REDIR_PROTOCOLS controls what protocols libcurl is allowed to\r
+ follow to when CURLOPT_FOLLOWLOCATION is enabled. By default, this option\r
+ excludes the FILE and SCP protocols and thus you nee to explicitly allow\r
+ them in your app if you really want that behavior.\r
+\r
+ o CURLOPT_PROTOCOLS controls what protocol(s) libcurl is allowed to fetch\r
+ using the primary URL option. This is useful if you want to allow a user or\r
+ other outsiders control what URL to pass to libcurl and yet not allow all\r
+ protocols libcurl may have been built to support.\r
+\r
+HECHO\r
+\r
+- After a bug reported by James Cheng I've made curl_easy_getinfo() for\r
+ CURLINFO_CONTENT_LENGTH_DOWNLOAD and CURLINFO_CONTENT_LENGTH_UPLOAD return\r
+ -1 if the sizes aren't know. Previously these returned 0, make it impossible\r
+ to detect the difference between actually zero and unknown.\r
+\r
+SOLO DOC\r
+\r
+- FTP downloads (i.e.: RETR) ending with code 550 now return error\r
+ CURLE_REMOTE_FILE_NOT_FOUND instead of CURLE_FTP_COULDNT_RETR_FILE.\r
+\r
+SOLO DOC\r
+\r
+- CURLOPT_FTP_CREATE_MISSING_DIRS can now be set to 2 in addition to 1 for\r
+ plain FTP connections, and it will then allow MKD to fail once and retry the\r
+ CWD afterwards. This is especially useful if you're doing many simultanoes\r
+ connections against the same server and they all have this option enabled,\r
+ as then CWD may first fail but then another connection does MKD before this\r
+ connection and thus MKD fails but trying CWD works! The numbers can\r
+ (should?) now be set with the convenience enums now called\r
+ CURLFTP_CREATE_DIR and CURLFTP_CREATE_DIR_RETRY.\r
+\r
+ Tests has proven that if you're making an application that uploads a set of\r
+ files to an ftp server, you will get a noticable gain in speed if you're\r
+ using multiple connections and this option will be then be very useful.\r
+\r
+SOLO DOC\r
+\r
+- CURLINFO_CONDITION_UNMET was added to allow an application to get to know if\r
+ the condition in the previous request was unmet. This is typically a time\r
+ condition set with CURLOPT_TIMECONDITION and was previously not possible to\r
+ reliably figure out. From bug report #2565128\r
+ (http://curl.haxx.se/bug/view.cgi?id=2565128) filed by Jocelyn Jaubert.\r
+\r
+HECHO\r
+\r
+- Markus Moeller introduced tw onew options to libcurl:\r
+ CURLOPT_SOCKS5_GSSAPI_SERVICE and CURLOPT_SOCKS5_GSSAPI_NEC to allow libcurl\r
+ to do GSS-style authentication with SOCKS5 proxies. The curl tool got the\r
+ options called --socks5-gssapi-service and --socks5-gssapi-nec to enable\r
+ these.\r
+\r
+HECHO\r
+\r
+- Chad Monroe provided the new CURLOPT_TFTP_BLKSIZE option that allows an app\r
+ to set desired block size to use for TFTP transfers instead of the default\r
+ 512 bytes.\r
+\r
+HECHO\r
+\r
+- Internet Explorer had a broken HTTP digest authentication before v7 and\r
+ there are servers "out there" that relies on the client doing this broken\r
+ Digest authentication. Apache even comes with an option to work with such\r
+ broken clients.\r
+\r
+ The difference is only for URLs that contain a query-part (a '?'-letter and\r
+ text to the right of it).\r
+\r
+ libcurl now supports this quirk, and you enable it by setting the\r
+ CURLAUTH_DIGEST_IE bit in the bitmask you pass to the CURLOPT_HTTPAUTH or\r
+ CURLOPT_PROXYAUTH options. They are thus individually controlled to server\r
+ and proxy.\r
+\r
+HECHO\r
+\r
+- Igor Novoseltsev added CURLOPT_PROXYUSER and CURLOPT_PROXYPASSWORD that then\r
+ make CURLOPT_PROXYUSERPWD sort of deprecated. The primary motive for adding\r
+ these new options is that they have no problems with the colon separator\r
+ that the CURLOPT_PROXYUSERPWD option does.\r
+\r
+HECHO\r
+\r
+- Igor Novoseltsev brought a patch that introduced two new options to\r
+ curl_easy_setopt: CURLOPT_USERNAME and CURLOPT_PASSWORD that sort of\r
+ deprecates the good old CURLOPT_USERPWD since they allow applications to set\r
+ the user name and password independently and perhaps more importantly allow\r
+ both to contain colon(s) which CURLOPT_USERPWD doesn't fully support.\r
+\r
+HECHO\r
+\r
+- The libcurl FTP code now returns CURLE_REMOTE_FILE_NOT_FOUND error when SIZE\r
+ gets a 550 response back for the cases where a download (or NOBODY) is\r
+ wanted. It still allows a 550 as response if the SIZE is used as part of an\r
+ upload process (like if resuming an upload is requested and the file isn't\r
+ there before the upload). I also modified the FTP test server and a few test\r
+ cases accordingly to match this modified behavior.\r
+\r
+NADA\r
+\r
+- Martin Drasar provided the CURLOPT_POSTREDIR patch. It renames\r
+ CURLOPT_POST301 (but adds a define for backwards compatibility for you who\r
+ don't define CURL_NO_OLDIES). This option allows you to now also change the\r
+ libcurl behavior for a HTTP response 302 after a POST to not use GET in the\r
+ subsequent request (when CURLOPT_FOLLOWLOCATION is enabled). I edited the\r
+ patch somewhat before commit. The curl tool got a matching --post302\r
+ option. Test case 1076 was added to verify this.\r
+\r
+HECHO\r
+\r
+- Introducing CURLOPT_CERTINFO and the corresponding CURLINFO_CERTINFO. By\r
+ enabling this feature with CURLOPT_CERTINFO for a request using SSL (HTTPS\r
+ or FTPS), libcurl will gather lots of server certificate info and that info\r
+ can then get extracted by a client after the request has completed with\r
+ curl_easy_getinfo()'s CURLINFO_CERTINFO option. Linus Nielsen Feltzing\r
+ helped me test and smoothen out this feature.\r
+\r
+ Unfortunately, this feature currently only works with libcurl built to use\r
+ OpenSSL.\r
+\r
+ This feature was sponsored by networking4all.com - thanks!\r
+\r
+HECHO\r
+\r