curl and libcurl 8.17.0

 Public curl releases:         271
 Command line options:         273
 curl_easy_setopt() options:   308
 Public functions in libcurl:  100
 Contributors:                 3515

This release includes the following changes:

 o build: drop Heimdal support [267]
 o build: drop the winbuild build system [81]
 o krb5: drop support for Kerberos FTP [43]
 o libssh2: up the minimum requirement to 1.9.0 [85]
 o multi: add notifications API [250]
 o progress: expand to use 6 characters per size [234]
 o ssl: support Apple SecTrust configurations [240]
 o tool_getparam: add --knownhosts [204]
 o vssh: drop support for wolfSSH [58]
 o wcurl: import v2025.09.27 [182]
 o write-out: make %header{} able to output *all* occurrences of a header [25]

This release includes the following bugfixes:

 o ares: fix leak in tracing [91]
 o asyn-ares: use the duped hostname pointer for all calls [158]
 o asyn-thrdd resolver: clear timeout when done [97]
 o asyn-thrdd: drop pthread_cancel [30]
 o autotools: add support for libgsasl auto-detection via pkg-config [112]
 o autotools: capitalize 'Rustls' in the log output [106]
 o autotools: fix duplicate `UNIX` and `BSD` flags in `buildinfo.txt` [113]
 o autotools: fix silly mistake in clang detection for `buildinfo.txt` [114]
 o autotools: make `--enable-code-coverage` support llvm/clang [79]
 o aws-lc: re-enable large read-ahead with v1.61.0 again [16]
 o base64: accept zero length argument to base64_encode [82]
 o build: address some `-Weverything` warnings, update picky warnings [74]
 o build: avoid overriding system `open` and `stat` symbols [141]
 o build: avoid overriding system symbols for fopen functions [150]
 o build: avoid overriding system symbols for socket functions [68]
 o build: show llvm/clang in platform flags and `buildinfo.txt` [126]
 o c-ares: when resolving failed, persist error [270]
 o cf-h2-proxy: break loop on edge case [140]
 o cf-ip-happy: mention unix domain path, not port number [161]
 o cf-socket: always check Curl_cf_socket_peek() return code [198]
 o cf-socket: check params and remove accept procondition [197]
 o cf-socket: set FD_CLOEXEC on all sockets opened [273]
 o cf-socket: tweak a memcpy() to read better [177]
 o cf-socket: use the right byte order for ports in bindlocal [61]
 o cfilter: unlink and discard [46]
 o checksrc: catch banned functions when preceded by `(` [146]
 o checksrc: fix possible endless loop when detecting `BANNEDFUNC` [149]
 o checksrc: fix possible endless loops/errors in the banned function logic [220]
 o checksrc: fix to handle `)` predecing a banned function [229]
 o checksrc: reduce directory-specific exceptions [228]
 o CI.md: refresh [280]
 o cmake/FindGSS: dedupe pkg-config module strings [277]
 o cmake/FindGSS: drop wrong header check for GNU GSS [278]
 o cmake/FindGSS: fix `pkg-config` fallback logic for CMake <3.16 [189]
 o cmake/FindGSS: simplify/de-dupe lib setup [253]
 o cmake/FindGSS: whitespace/formatting [268]
 o cmake: add `CURL_CODE_COVERAGE` option [78]
 o cmake: build the "all" examples source list dynamically [245]
 o cmake: clang detection tidy-ups [116]
 o cmake: drop exclamation in comment looking like a name [160]
 o cmake: fix building docs when the base directory contains `.3` [18]
 o cmake: minor Heimdal flavour detection fix [269]
 o cmake: pre-fill three more type sizes on Windows [244]
 o cmake: support building some complicated examples, build them in CI [235]
 o cmake: use modern alternatives for `get_filename_component()` [102]
 o cmake: use more `COMPILER_OPTIONS`, `LINK_OPTIONS` / `LINK_FLAGS` [152]
 o cmdline-docs: extended, clarified, refreshed [28]
 o cmdline-opts/_PROGRESS.md: explain the suffixes [154]
 o configure: add "-mt" for pthread support on HP-UX [52]
 o conn: fix hostname move on connection reuse [272]
 o cookie: avoid saving a cookie file if no transfer was done [11]
 o cpool: make bundle->dest an array; fix UB [218]
 o curl_easy_getinfo: error code on NULL arg [2]
 o curl_mem_undef.h: limit to `CURLDEBUG` for non-memalloc overrides [19]
 o curl_osslq: error out properly if BIO_ADDR_rawmake() fails [184]
 o Curl_resolv: fix comment. 'entry' argument is not optional [187]
 o curl_slist_append.md: clarify that a NULL pointer is not acceptable [72]
 o curl_threads: delete WinCE fallback branch [233]
 o CURLINFO_FTP_ENTRY_PATH.md: this is for SFTP as well [8]
 o CURLOPT_COOKIEFILE.md: clarify when the cookies are loaded [159]
 o CURLOPT_HEADER/WRITEFUNCTION.md: drop '* size' since size is always 1 [63]
 o CURLOPT_MAXLIFETIME_CONN: make default 24 hours [10]
 o CURLOPT_SSL_VERIFYHOST.md: add see-also to two other VERIFYHOST options [32]
 o CURLOPT_TIMECONDITION.md: works for FILE and FTP as well [27]
 o digest_sspi: fix two memory leaks in error branches [77]
 o dist: do not distribute `CI.md` [29]
 o docs/cmdline-opts: drop double quotes from GLOBBING and URL examples [238]
 o docs/libcurl: clarify some timeout option behavior [15]
 o docs/libcurl: remove ancient version references [7]
 o docs/libcurl: use lowercase must [5]
 o docs: fix/tidy code fences [87]
 o easy_getinfo: check magic, Curl_close safety [3]
 o examples/sessioninfo: cast printf string mask length to int [232]
 o examples/sessioninfo: do not disable security [255]
 o examples/synctime: make the sscanf not overflow the local buffer [252]
 o examples/usercertinmem: avoid stripping const [247]
 o examples: drop unused `curl/mprintf.h` includes [224]
 o examples: fix build issues in 'complicated' examples [243]
 o examples: fix two build issues surfaced with WinCE [223]
 o examples: fix two issues found by CodeQL [35]
 o examples: fix two more cases of `stat()` TOCTOU [147]
 o form.md: drop reference to MANUAL [178]
 o ftp: add extra buffer length check [195]
 o ftp: fix ftp_do_more returning with *completep unset [122]
 o ftp: fix port number range loop for PORT commands [66]
 o ftp: fix the 213 scanner memchr buffer limit argument [196]
 o ftp: improve fragile check for first digit > 3 [194]
 o ftp: remove misleading comments [193]
 o ftp: simplify the 150/126 size scanner [288]
 o gnutls: check conversion of peer cert chain [275]
 o gtls: avoid potential use of uninitialized variable in trace output [83]
 o hostip: don't store negative resolves due unrelated errors [256]
 o hostip: remove leftover INT_MAX check in Curl_dnscache_prune [88]
 o http2: check push header names by length first [261]
 o http2: cleanup pushed newhandle on fail [260]
 o http2: ingress handling edge cases [259]
 o http: handle user-defined connection headers [165]
 o http: make Content-Length parser more WHATWG [183]
 o httpsrr: free old pointers when storing new [57]
 o INSTALL-CMAKE.md: document useful build targets [215]
 o INTERNALS: drop Winsock 2.2 from the dependency list [162]
 o ip-happy: do not set unnecessary timeout [95]
 o ip-happy: prevent event-based stall on retry [155]
 o kerberos: bump minimum to 1.3 (2003-07-08), drop legacy logic [279]
 o kerberos: drop logic for MIT Kerberos <1.2.3 (pre-2002) versions [285]
 o kerberos: stop including `gssapi/gssapi_generic.h` [282]
 o krb5: return appropriate error on send failures [22]
 o krb5_gssapi: fix memory leak on error path [190]
 o krb5_sspi: the chlg argument is NOT optional [200]
 o ldap: avoid null ptr deref on failure [284]
 o ldap: do not base64 encode zero length string [42]
 o ldap: tidy-up types, fix error code confusion [191]
 o lib: drop unused include and duplicate guards [226]
 o lib: fix build error and compiler warnings with verbose strings disabled [173]
 o lib: remove personal names from comments [168]
 o lib: upgrade/multiplex handling [136]
 o libcurl-multi.md: added curl_multi_get_offt mention [53]
 o libcurl-security.md: mention long-running connections [6]
 o libssh/sftp: fix resume corruption by avoiding O_APPEND with rresume [263]
 o libssh2/sftp: fix resume corruption by avoiding O_APPEND with rresume [262]
 o libssh2/sftp_realpath: change state consistently [185]
 o libssh2: bail out on chgrp and chown number parsing errors [202]
 o libssh2: clarify that sshp->path is always at least one byte [201]
 o libssh2: drop two redundant null-terminations [26]
 o libssh2: error check and null-terminate in ssh_state_sftp_readdir_link() [34]
 o libssh2: fix return code for EAGAIN [186]
 o libssh: acknowledge SSH_AGAIN in the SFTP state machine [89]
 o libssh: clarify myssh_block2waitfor [92]
 o libssh: drop two unused assignments [104]
 o libssh: error on bad chgrp number [71]
 o libssh: error on bad chown number and store the value [64]
 o libssh: fix range parsing error handling mistake [120]
 o libssh: make atime and mtime cap the timestamp instead of wrap [283]
 o libssh: react on errors from ssh_scp_read [24]
 o libssh: return out of memory correctly if aprintf fails [60]
 o Makefile.example: fix option order [231]
 o Makefile.example: simplify and make it configurable [20]
 o managen: ignore version mentions < 7.66.0 [55]
 o managen: render better manpage references/links [54]
 o managen: strict protocol check [109]
 o managen: verify the options used in example lines [181]
 o mbedtls: check result of setting ALPN [127]
 o mbedtls: handle WANT_WRITE from mbedtls_ssl_read() [145]
 o mdlinkcheck: reject URLs containing quotes [174]
 o memdup0: handle edge case [241]
 o multi.h: add CURLMINFO_LASTENTRY [51]
 o multi_ev: remove unnecessary data check that confuses analysers [167]
 o nghttp3: return NGHTTP3_ERR_CALLBACK_FAILURE from recv_header [227]
 o ngtcp2: check error code on connect failure [13]
 o ngtcp2: close just-opened QUIC stream when submit_request fails [222]
 o ngtcp2: compare idle timeout in ms to avoid overflow [248]
 o ngtcp2: fix early return [131]
 o ngtcp2: fix handling of blocked stream data [236]
 o ngtcp2: fix returns when TLS verify failed [251]
 o noproxy: fix the IPV6 network mask pattern match [166]
 o openldap: avoid indexing the result at -1 for blank responses [44]
 o openldap: check ber_sockbuf_add_io() return code [163]
 o openldap: check ldap_get_option() return codes [119]
 o openldap: fix memory-leak in error path [287]
 o openldap: fix memory-leak on oldap_do's exit path [286]
 o openssl-quic: check results better [132]
 o openssl-quic: handle error in SSL_get_stream_read_error_code [129]
 o openssl-quic: ignore unexpected streams opened by server [176]
 o openssl: call SSL_get_error() with proper error [207]
 o openssl: clear retry flag on x509 error [130]
 o openssl: fail the transfer if ossl_certchain() fails [23]
 o openssl: fix build for v1.0.2 [225]
 o openssl: fix peer certificate leak in channel binding [258]
 o openssl: make the asn1_object_dump name null terminated [56]
 o openssl: set io_need always [99]
 o openssl: skip session resumption when verifystatus is set [230]
 o os400: document threads handling in code. [254]
 o OS400: fix a use-after-free/double-free case [142]
 o osslq: set idle timeout to 0 [237]
 o pingpong: remove two old leftover debug infof() calls
 o pytest: skip specific tests for no-verbose builds [171]
 o quic: fix min TLS version handling [14]
 o quic: ignore EMSGSIZE on receive [4]
 o quiche: fix possible leaks on teardown [205]
 o quiche: fix verbose message when ip quadruple cannot be obtained. [128]
 o quiche: handle tls fail correctly [266]
 o quiche: when ingress processing fails, return that error code [103]
 o runtests: tag tests that require curl verbose strings [172]
 o rustls: fix clang-tidy warning [107]
 o rustls: fix comment describing cr_recv() [117]
 o rustls: pass the correct result to rustls_failf [242]
 o rustls: typecast variable for safer trace output [69]
 o rustls: use %zu for size_t in failf() format string [121]
 o sasl: clear canceled mechanism instead of toggling it [41]
 o schannel: assign result before using it [62]
 o schannel_verify: fix mem-leak in Curl_verify_host [208]
 o schannel_verify: use more human friendly error messages [96]
 o setopt: accept *_SSL_VERIFYHOST set to 2L [31]
 o setopt: allow CURLOPT_DNS_CACHE_TIMEOUT set to -1 [257]
 o setopt: make CURLOPT_MAXREDIRS accept -1 (again) [1]
 o smb: adjust buffer size checks [45]
 o smtp: check EHLO responses case insensitively [50]
 o socks: advance iobuf instead of reset [276]
 o socks: deny server basic-auth if not configured [264]
 o socks: handle error in verbose trace gracefully [94]
 o socks: handle premature close [246]
 o socks: make Curl_blockread_all return CURLcode [67]
 o socks: rewwork, cleaning up socks state handling [135]
 o socks_gssapi: make the gss_context a local variable [144]
 o socks_gssapi: reject too long tokens [90]
 o socks_gssapi: remove superfluous releases of the gss_recv_token [139]
 o socks_gssapi: remove the forced "no protection" [143]
 o socks_sspi: bail out on too long fields [137]
 o socks_sspi: fix memory cleanup calls [40]
 o socks_sspi: restore non-blocking socket on error paths [48]
 o ssl-sessions.md: mark option experimental [12]
 o strerror: drop workaround for SalfordC win32 header bug [214]
 o sws: fix checking `sscanf()` return value [17]
 o tcp-nodelay.md: expand the documentation [153]
 o telnet: ignore empty suboptions [86]
 o telnet: make bad_option() consider NULL a bad option too [192]
 o telnet: make printsub require another byte input [21]
 o telnet: print DISPlay LOCation in printsub without mutating buffer [216]
 o telnet: refuse IAC codes in content [111]
 o telnet: return error if WSAEventSelect fails [180]
 o telnet: return error on crazy TTYPE or XDISPLOC lengths [123]
 o telnet: send failure logged but not returned [175]
 o telnet: use pointer[0] for "unknown" option instead of pointer[i] [217]
 o tests/server: drop pointless memory allocation overrides [219]
 o tests/server: drop unsafe `open()` override in signal handler (Windows) [151]
 o tftp: check and act on tftp_set_timeouts() returning error [38]
 o tftp: default timeout per block is now 15 seconds [156]
 o tftp: handle tftp_multi_statemach() return code [65]
 o tftp: pin the first used address [110]
 o tftp: propagate expired timer from tftp_state_timeout() [39]
 o tftp: return error if it hits an illegal state [138]
 o tftp: return error when sendto() fails [59]
 o thread: errno on thread creation [271]
 o tidy-up: `fcntl.h` includes [98]
 o tidy-up: assortment of small fixes [115]
 o tidy-up: avoid using the reserved macro namespace [76]
 o tidy-up: update MS links, allow long URLs via `checksrc` [73]
 o tidy-up: URLs [101]
 o time-cond.md: refer to the singular curl_getdate man page [148]
 o TODO: fix a typo [93]
 o TODO: remove already implemented or bad items [36]
 o tool: fix exponential retry delay [47]
 o tool_cb_hdr: fix fwrite check in header callback [49]
 o tool_cb_hdr: size is always 1 [70]
 o tool_doswin: fix to use curl socket functions [108]
 o tool_filetime: replace cast with the fitting printf mask (Windows) [212]
 o tool_getparam/set_rate: skip the multiplication on overflow [84]
 o tool_getparam: always disable "lib-ids" for tracing [169]
 o tool_getparam: warn if provided header looks malformed [179]
 o tool_operate: improve wording in retry message [37]
 o tool_operate: keep failed partial download for retry auto-resume [210]
 o tool_operate: keep the progress meter for --out-null [33]
 o tool_progress: handle possible integer overflows [164]
 o tool_progress: make max5data() use an algorithm [170]
 o transfer: avoid busy loop with tiny speed limit [100]
 o unit1323: sync time types and printf masks, drop casts [211]
 o unit1664: drop casts, expand masks to full values [221]
 o url: make Curl_init_userdefined return void [213]
 o urldata: FILE is not a list-only protocol [9]
 o vauth/digest: improve the digest parser [203]
 o vquic: fix idle-timeout checks (ms<-->ns), 64-bit log & honor 0=no-timeout [249]
 o vquic: handling of io improvements [239]
 o vquic: sending non-gso packets fix for EAGAIN [265]
 o vtls: alpn setting, check proto parameter [134]
 o vtls_int.h: clarify data_pending [124]
 o vtls_scache: fix race condition [157]
 o windows: replace `_beginthreadex()` with `CreateThread()` [80]
 o windows: stop passing unused, optional argument for Win9x compatibility [75]
 o windows: use consistent format when showing error codes [199]
 o windows: use native error code types more [206]
 o wolfssl: check BIO read parameters [133]
 o wolfssl: fix error check in shutdown [105]
 o wolfssl: no double get_error() detail [188]
 o ws: clarify an error message [125]
 o ws: fix some edge cases [274]
 o ws: reject curl_ws_recv called with NULL buffer with a buflen [118]

This release includes the following known bugs:

 See https://curl.se/docs/knownbugs.html

For all changes ever done in curl:

 See https://curl.se/changes.html

Planned upcoming removals include:

 o Builds using VS2008
 o OpenSSL 1.x support
 o OpenSSL-QUIC
 o Support for c-ares versions before 1.16.0
 o Support for Windows XP/2003
 o Windows CE support

 See https://curl.se/dev/deprecate.html

This release would not have looked like this without help, code, reports and
advice from friends like these:

  Adam Light, Alice Lee Poetics, Andrei Kurushin, Andrew Kirillov,
  Andrew Olsen, BobodevMm on github, Christian Schmitz, Dan Fandrich,
  Daniel Stenberg, Daniel Terhorst-North, dependabot[bot],
  divinity76 on github, Emilio Pozuelo Monfort, Ethan Everett,
  Evgeny Grin (Karlson2k), fds242 on github, Howard Chu, Ignat Loskutov,
  Javier Blazquez, Jicea, jmaggard10 on github, Johannes Schindelin,
  Joseph Birr-Pixton, Joshua Rogers, kapsiR on github, kuchara on github,
  Marcel Raad, Michael Osipov, Michał Petryka, Mohamed Daahir, Nir Azkiel,
  Patrick Monnerat, Pocs Norbert, Ray Satiro, renovate[bot], rinsuki on github,
  Samuel Dionne-Riel, Samuel Henrique, Stanislav Fort, Stefan Eissing,
  tkzv on github, Viktor Szakats
  (42 contributors)

References to bug reports and discussions on issues:

 [1] = https://curl.se/bug/?i=18571
 [2] = https://curl.se/bug/?i=18512
 [3] = https://curl.se/bug/?i=18511
 [4] = https://curl.se/bug/?i=18505
 [5] = https://curl.se/bug/?i=18570
 [6] = https://curl.se/bug/?i=18533
 [7] = https://curl.se/bug/?i=18530
 [8] = https://curl.se/bug/?i=18531
 [9] = https://curl.se/bug/?i=18525
 [10] = https://curl.se/bug/?i=18527
 [11] = https://curl.se/bug/?i=18621
 [12] = https://curl.se/bug/?i=18523
 [13] = https://curl.se/bug/?i=18521
 [14] = https://curl.se/bug/?i=18518
 [15] = https://curl.se/bug/?i=18569
 [16] = https://curl.se/bug/?i=18568
 [17] = https://curl.se/bug/?i=18565
 [18] = https://curl.se/bug/?i=18560
 [19] = https://curl.se/bug/?i=18510
 [20] = https://curl.se/bug/?i=18554
 [21] = https://curl.se/bug/?i=18618
 [22] = https://curl.se/bug/?i=18561
 [23] = https://curl.se/bug/?i=18646
 [24] = https://curl.se/bug/?i=18616
 [25] = https://curl.se/bug/?i=18491
 [26] = https://curl.se/bug/?i=18606
 [27] = https://curl.se/bug/?i=18551
 [28] = https://curl.se/bug/?i=18550
 [29] = https://curl.se/bug/?i=18549
 [30] = https://curl.se/bug/?i=18532
 [31] = https://curl.se/mail/lib-2025-09/0031.html
 [32] = https://curl.se/bug/?i=18548
 [33] = https://curl.se/bug/?i=18607
 [34] = https://curl.se/bug/?i=18598
 [35] = https://curl.se/bug/?i=18605
 [36] = https://curl.se/bug/?i=18542
 [37] = https://curl.se/bug/?i=18604
 [38] = https://curl.se/bug/?i=18603
 [39] = https://curl.se/bug/?i=18574
 [40] = https://curl.se/bug/?i=18587
 [41] = https://curl.se/bug/?i=18573
 [42] = https://curl.se/bug/?i=18602
 [43] = https://curl.se/bug/?i=18577
 [44] = https://curl.se/bug/?i=18600
 [45] = https://curl.se/bug/?i=18599
 [46] = https://curl.se/bug/?i=18596
 [47] = https://curl.se/bug/?i=18591
 [48] = https://curl.se/bug/?i=18592
 [49] = https://curl.se/bug/?i=18593
 [50] = https://curl.se/bug/?i=18588
 [51] = https://curl.se/bug/?i=18578
 [52] = https://curl.se/bug/?i=18585
 [53] = https://curl.se/bug/?i=18579
 [54] = https://curl.se/bug/?i=18580
 [55] = https://curl.se/bug/?i=18583
 [56] = https://curl.se/bug/?i=18647
 [57] = https://curl.se/bug/?i=18631
 [58] = https://curl.se/bug/?i=18700
 [59] = https://curl.se/bug/?i=18643
 [60] = https://curl.se/bug/?i=18637
 [61] = https://curl.se/bug/?i=18641
 [62] = https://curl.se/bug/?i=18642
 [63] = https://curl.se/bug/?i=18640
 [64] = https://curl.se/bug/?i=18639
 [65] = https://curl.se/bug/?i=18638
 [66] = https://curl.se/bug/?i=18636
 [67] = https://curl.se/bug/?i=18635
 [68] = https://curl.se/bug/?i=18503
 [69] = https://curl.se/bug/?i=18628
 [70] = https://curl.se/bug/?i=18630
 [71] = https://curl.se/bug/?i=18629
 [72] = https://curl.se/bug/?i=18627
 [73] = https://curl.se/bug/?i=18626
 [74] = https://curl.se/bug/?i=18477
 [75] = https://curl.se/bug/?i=18490
 [76] = https://curl.se/bug/?i=18482
 [77] = https://curl.se/bug/?i=18488
 [78] = https://curl.se/bug/?i=18468
 [79] = https://curl.se/bug/?i=18473
 [80] = https://curl.se/bug/?i=18451
 [81] = https://curl.se/bug/?i=18040
 [82] = https://curl.se/bug/?i=18617
 [83] = https://curl.se/bug/?i=18620
 [84] = https://curl.se/bug/?i=18624
 [85] = https://curl.se/bug/?i=18612
 [86] = https://curl.se/bug/?i=18899
 [87] = https://curl.se/bug/?i=18707
 [88] = https://curl.se/bug/?i=18680
 [89] = https://curl.se/bug/?i=18740
 [90] = https://curl.se/bug/?i=18681
 [91] = https://curl.se/bug/?i=18251
 [92] = https://curl.se/bug/?i=18739
 [93] = https://curl.se/bug/?i=18788
 [94] = https://curl.se/bug/?i=18722
 [95] = https://curl.se/bug/?i=18767
 [96] = https://curl.se/bug/?i=18737
 [97] = https://curl.se/bug/?i=18769
 [98] = https://curl.se/bug/?i=18782
 [99] = https://curl.se/bug/?i=18733
 [100] = https://curl.se/bug/?i=18732
 [101] = https://curl.se/bug/?i=18689
 [102] = https://curl.se/bug/?i=18688
 [103] = https://curl.se/bug/?i=18730
 [104] = https://curl.se/bug/?i=18684
 [105] = https://curl.se/bug/?i=18729
 [106] = https://curl.se/bug/?i=18671
 [107] = https://curl.se/bug/?i=18670
 [108] = https://curl.se/bug/?i=18633
 [109] = https://curl.se/bug/?i=18675
 [110] = https://curl.se/bug/?i=18658
 [111] = https://curl.se/bug/?i=18657
 [112] = https://curl.se/bug/?i=18669
 [113] = https://curl.se/bug/?i=18667
 [114] = https://curl.se/bug/?i=18666
 [115] = https://curl.se/bug/?i=18664
 [116] = https://curl.se/bug/?i=18659
 [117] = https://curl.se/bug/?i=18728
 [118] = https://curl.se/bug/?i=18656
 [119] = https://curl.se/bug/?i=18653
 [120] = https://curl.se/bug/?i=18652
 [121] = https://curl.se/bug/?i=18651
 [122] = https://curl.se/bug/?i=18650
 [123] = https://curl.se/bug/?i=18648
 [124] = https://curl.se/bug/?i=18644
 [125] = https://curl.se/bug/?i=18654
 [126] = https://curl.se/bug/?i=18645
 [127] = https://curl.se/bug/?i=18727
 [128] = https://curl.se/bug/?i=18726
 [129] = https://curl.se/bug/?i=18725
 [130] = https://curl.se/bug/?i=18724
 [131] = https://curl.se/bug/?i=18723
 [132] = https://curl.se/bug/?i=18720
 [133] = https://curl.se/bug/?i=18718
 [134] = https://curl.se/bug/?i=18717
 [135] = https://curl.se/bug/?i=18401
 [136] = https://curl.se/bug/?i=18227
 [137] = https://curl.se/bug/?i=18719
 [138] = https://curl.se/bug/?i=18894
 [139] = https://curl.se/bug/?i=18714
 [140] = https://curl.se/bug/?i=18715
 [141] = https://curl.se/bug/?i=18776
 [142] = https://curl.se/bug/?i=18713
 [143] = https://curl.se/bug/?i=18712
 [144] = https://curl.se/bug/?i=18711
 [145] = https://curl.se/bug/?i=18682
 [146] = https://curl.se/bug/?i=18779
 [147] = https://curl.se/bug/?i=18778
 [148] = https://curl.se/bug/?i=18816
 [149] = https://curl.se/bug/?i=18775
 [150] = https://curl.se/bug/?i=18510
 [151] = https://curl.se/bug/?i=18774
 [152] = https://curl.se/bug/?i=18762
 [153] = https://curl.se/bug/?i=18811
 [154] = https://curl.se/bug/?i=18817
 [155] = https://curl.se/bug/?i=18815
 [156] = https://curl.se/bug/?i=18893
 [157] = https://curl.se/bug/?i=18806
 [158] = https://curl.se/bug/?i=18980
 [159] = https://curl.se/bug/?i=18924
 [160] = https://curl.se/bug/?i=18810
 [161] = https://curl.se/bug/?i=18749
 [162] = https://curl.se/bug/?i=18808
 [163] = https://curl.se/bug/?i=18747
 [164] = https://curl.se/bug/?i=18744
 [165] = https://curl.se/bug/?i=18662
 [166] = https://curl.se/bug/?i=18891
 [167] = https://curl.se/bug/?i=18804
 [168] = https://curl.se/bug/?i=18803
 [169] = https://curl.se/bug/?i=18805
 [170] = https://curl.se/bug/?i=18807
 [171] = https://curl.se/bug/?i=18801
 [172] = https://curl.se/bug/?i=18800
 [173] = https://curl.se/bug/?i=18799
 [174] = https://curl.se/bug/?i=18889
 [175] = https://curl.se/bug/?i=18887
 [176] = https://curl.se/bug/?i=18780
 [177] = https://curl.se/bug/?i=18787
 [178] = https://curl.se/bug/?i=18790
 [179] = https://curl.se/bug/?i=18793
 [180] = https://curl.se/bug/?i=18886
 [181] = https://curl.se/bug/?i=18884
 [182] = https://curl.se/bug/?i=18754
 [183] = https://curl.se/bug/?i=18921
 [184] = https://curl.se/bug/?i=18878
 [185] = https://curl.se/bug/?i=18875
 [186] = https://curl.se/bug/?i=18874
 [187] = https://curl.se/bug/?i=18979
 [188] = https://curl.se/bug/?i=18940
 [189] = https://curl.se/bug/?i=18932
 [190] = https://curl.se/bug/?i=18976
 [191] = https://curl.se/bug/?i=18888
 [192] = https://curl.se/bug/?i=18873
 [193] = https://curl.se/bug/?i=18871
 [194] = https://curl.se/bug/?i=18870
 [195] = https://curl.se/bug/?i=18869
 [196] = https://curl.se/bug/?i=18867
 [197] = https://curl.se/bug/?i=18882
 [198] = https://curl.se/bug/?i=18862
 [199] = https://curl.se/bug/?i=18877
 [200] = https://curl.se/bug/?i=18865
 [201] = https://curl.se/bug/?i=18864
 [202] = https://curl.se/bug/?i=18863
 [203] = https://curl.se/bug/?i=18975
 [204] = https://curl.se/bug/?i=18859
 [205] = https://curl.se/bug/?i=18880
 [206] = https://curl.se/bug/?i=18868
 [207] = https://curl.se/bug/?i=18872
 [208] = https://curl.se/bug/?i=18972
 [210] = https://curl.se/bug/?i=18035
 [211] = https://curl.se/bug/?i=18860
 [212] = https://curl.se/bug/?i=18858
 [213] = https://curl.se/bug/?i=18855
 [214] = https://curl.se/bug/?i=18857
 [215] = https://curl.se/bug/?i=18927
 [216] = https://curl.se/bug/?i=18852
 [217] = https://curl.se/bug/?i=18851
 [218] = https://curl.se/bug/?i=18850
 [219] = https://curl.se/bug/?i=18922
 [220] = https://curl.se/bug/?i=18845
 [221] = https://curl.se/bug/?i=18838
 [222] = https://curl.se/bug/?i=18904
 [223] = https://curl.se/bug/?i=18843
 [224] = https://curl.se/bug/?i=18842
 [225] = https://curl.se/bug/?i=18841
 [226] = https://curl.se/bug/?i=18839
 [227] = https://curl.se/bug/?i=18904
 [228] = https://curl.se/bug/?i=18823
 [229] = https://curl.se/bug/?i=18836
 [230] = https://curl.se/bug/?i=18902
 [231] = https://curl.se/bug/?i=18835
 [232] = https://curl.se/bug/?i=18918
 [233] = https://curl.se/bug/?i=19015
 [234] = https://curl.se/bug/?i=18828
 [235] = https://curl.se/bug/?i=18909
 [236] = https://curl.se/bug/?i=18905
 [237] = https://curl.se/bug/?i=18907
 [238] = https://curl.se/bug/?i=18829
 [239] = https://curl.se/bug/?i=18812
 [240] = https://curl.se/bug/?i=18703
 [241] = https://curl.se/bug/?i=18966
 [242] = https://curl.se/bug/?i=18961
 [243] = https://curl.se/bug/?i=18914
 [244] = https://curl.se/bug/?i=19013
 [245] = https://curl.se/bug/?i=18911
 [246] = https://curl.se/bug/?i=18883
 [247] = https://curl.se/bug/?i=18908
 [248] = https://curl.se/bug/?i=18903
 [249] = https://curl.se/bug/?i=18903
 [250] = https://curl.se/bug/?i=18432
 [251] = https://curl.se/bug/?i=18881
 [252] = https://curl.se/bug/?i=18890
 [253] = https://curl.se/bug/?i=19012
 [254] = https://curl.se/bug/?i=18967
 [255] = https://curl.se/bug/?i=18969
 [256] = https://curl.se/bug/?i=18953
 [257] = https://curl.se/bug/?i=18959
 [258] = https://hackerone.com/reports/3373640
 [259] = https://curl.se/bug/?i=18933
 [260] = https://curl.se/bug/?i=18931
 [261] = https://curl.se/bug/?i=18930
 [262] = https://curl.se/bug/?i=18952
 [263] = https://curl.se/bug/?i=18952
 [264] = https://curl.se/bug/?i=18937
 [265] = https://curl.se/bug/?i=18936
 [266] = https://curl.se/bug/?i=18934
 [267] = https://curl.se/bug/?i=18928
 [268] = https://curl.se/bug/?i=18957
 [269] = https://curl.se/bug/?i=18951
 [270] = https://curl.se/bug/?i=18999
 [271] = https://curl.se/bug/?i=18998
 [272] = https://curl.se/bug/?i=18995
 [273] = https://curl.se/bug/?i=18968
 [274] = https://curl.se/bug/?i=18965
 [275] = https://curl.se/bug/?i=18964
 [276] = https://curl.se/bug/?i=18938
 [277] = https://curl.se/bug/?i=18994
 [278] = https://curl.se/bug/?i=18993
 [279] = https://curl.se/bug/?i=18992
 [280] = https://curl.se/bug/?i=18973
 [282] = https://curl.se/bug/?i=18990
 [283] = https://curl.se/bug/?i=18989
 [284] = https://curl.se/bug/?i=18988
 [285] = https://curl.se/bug/?i=18978
 [286] = https://curl.se/bug/?i=18986
 [287] = https://curl.se/bug/?i=18985
 [288] = https://curl.se/bug/?i=18984
