Post Syndicated from corbet original https://lwn.net/Articles/947411/

Version
8.4.0 of the curl data-transfer tool has been released, mostly in
response to a relatively severe security vulnerability that can be
triggered when a SOCKS5 proxy server is in use. See this
blog post for details on what went wrong. “In hindsight, shipping a
heap overflow in code installed in over twenty billion instances is not an
experience I would recommend.”