Here's a link to something other than twitter for those who don't have an account, don't want to login, or don't want to enable javascript

https://github.com/curl/curl/discussions/12026

The CVEs:

CVE-2023-38545: severity HIGH (affects both libcurl and the curl tool)

CVE-2023-38546: severity LOW (affects libcurl only, not the tool)

I really wish people would just stop posting submissions to twitter at this point.

> I really wish people would just stop posting submissions to twitter at this point.

I fully agree. You can also replace twitter.com with nitter.net

https://nitter.net/bagder/status/1709103920914526525?s=46

Daniel is also on Mastodon: https://mastodon.social/@bagder/111167662713737288

Mastodon may not require a login, but for some reason it does insist on javascript

Probably stupid question, but what versions of curl does this affect?

We will know Oct 11 :)

Oof, that's a daunting thought.

We just did a quick snapshot of a small chunk of a customer's environment and they're running 10 different versions of curl in like 15 different images :(