diff --git a/Makefile b/Makefile
index 8c58f221a7..7ce5346482 100644
--- a/Makefile
+++ b/Makefile
@@ -1,10 +1,10 @@
ROOT=.
# the latest stable version is:
-STABLE= 8.9.1
-RELDATE = "2024-07-31"
+STABLE= 8.10.0
+RELDATE = "2024-09-11"
# The planned *next* release is:
-NEXTDATE = "2024-09-11"
+NEXTDATE = "2024-11-05"
# generated file with binary package stats
STAT = packstat.t
diff --git a/_changes.html b/_changes.html
index 8f8401a7f9..3983ca7c66 100644
--- a/_changes.html
+++ b/_changes.html
@@ -47,6 +47,277 @@
TITLE(All changes ever made)
+
+SUBTITLE(Fixed in 8.10.0 - September 11 2024)
+VULNBOX(8.10.0)
+ Changes:
+
+ Bugfixes:
+
+ BGF asyn-thread: stop using GetAddrInfoExW on Windows
+ BGF autotools: fix MS-DOS builds
+ BGF autotools: fix typo in tests/data target
+ BGF aws_sigv4: fix canon order for headers with same prefix
+ BGF bearssl: fix setting tls version
+ BGF bearssl: improve shutdown handling
+ BGF BINDINGS: add zig binding
+ BGF build: add `iphlpapi` lib for libssh on Windows
+ BGF build: add `poll()` detection for cross-builds
+ BGF build: add options to disable SHA-512/256 hash algo
+ BGF build: check OS-native IDN first, then libidn2
+ BGF build: delete unused `REQUIRE_LIB_DEPS`
+ BGF build: drop unused `NROFF` reference
+ BGF build: drop unused feature-detection code for Apple `poll()`
+ BGF build: generate `buildinfo.txt` for test logs
+ BGF build: improve compiler version detection portability
+ BGF build: make `CURL_FORMAT_CURL_OFF_T[U]` work with mingw-w64 <=7.0.0
+ BGF build: silence C4232 MSVC warnings in vcpkg ngtcp2 builds
+ BGF build: use -Wno-format-overflow
+ BGF buildconf.bat: fix tool_hugehelp.c generation
+ BGF cf-socket: fix pollset for listening
+ BGF cf-socket: prevent KEEPALIVE_FACTOR being set to 1000 for Windows
+ BGF cfilters: send flush
+ BGF CHANGES: rename to CHANGES.md, no longer generated
+ BGF CI: enable parallel testing in CI builds
+ BGF ci: Update actions/upload-artifact digest to 89ef406
+ BGF cmake: `Libs.private` improvements
+ BGF cmake: add `CURL_USE_PKGCONFIG` option
+ BGF cmake: add Linux CI job, fix pytest with cmake
+ BGF cmake: add math library when using wolfssl and ngtcp2
+ BGF cmake: add missing `pkg-config` hints to Find modules
+ BGF cmake: add missing version detection to Find modules
+ BGF cmake: add rustls
+ BGF cmake: add support for versioned symbols option
+ BGF cmake: add wolfSSH support
+ BGF cmake: allow `pkg-config` in more envs
+ BGF cmake: cleanup header paths
+ BGF cmake: default `CURL_DISABLE_LDAPS` to the value of `CURL_DISABLE_LDAP`
+ BGF cmake: delete MSVC warning suppression for tests/server
+ BGF cmake: detect `nghttp2` via `pkg-config`, enable by default
+ BGF cmake: detect and show VCPKG in platform flags
+ BGF cmake: distcheck for files in CMake subdir
+ BGF cmake: drop custom `CMakeOutput.log`/`CMakeError.log` logs
+ BGF cmake: drop libssh CONFIG-style detection
+ BGF cmake: drop no-op `tests/data/CMakeLists.txt`
+ BGF cmake: drop reference to undefined variable
+ BGF cmake: drop unused `HAVE_IDNA_STRERROR`
+ BGF cmake: drop unused internal variable
+ BGF cmake: exclude tests/http/clients builds by default
+ BGF cmake: fix `GSS_VERSION` for Heimdal found via pkg-config
+ BGF cmake: fix `pkg-config`-based detection in `FindGSS.cmake`
+ BGF cmake: fix and tidy up c-ares builds, enable in more CI jobs
+ BGF cmake: fix find rustls
+ BGF cmake: fixup linking libgsasl when detected via CMake-native
+ BGF cmake: honor custom `CMAKE_UNITY_BUILD_BATCH_SIZE`
+ BGF cmake: limit `pkg-config` to UNIX and MSVC+vcpkg by default
+ BGF cmake: limit libidn2 `pkg-config` detection to `UNIX`
+ BGF cmake: migrate dependency detections to Find modules
+ BGF cmake: more small tidy-ups and fixes
+ BGF cmake: rename wolfSSL and zstd config variables to uppercase
+ BGF cmake: respect cflags/libdirs of native pkg-config detections
+ BGF cmake: show CMake platform/compiler flags
+ BGF cmake: show warning if libpsl is not found
+ BGF cmake: sync code between test/example targets
+ BGF cmake: sync up formatting in Find modules
+ BGF cmake: TLS 1.3 warning only for bearssl and sectranp
+ BGF cmake: update `curl-config.cmake.in` template var list
+ BGF cmake: update list of "advanced" variables
+ BGF cmake: use numeric comparison for `HAVE_WIN32_WINNT`
+ BGF cmdline-opts: language fix for expect100-timeout.md and max-time.md
+ BGF configure: delete unused `CURL_DEFINE_UNQUOTED` function
+ BGF configure: delete unused `HAVE_OPENSSL3` macro
+ BGF configure: delete unused `m4/xc-translit.m4`
+ BGF configure: detect AppleIDN
+ BGF configure: fail if PSL is not disabled but not found
+ BGF configure: fix WinIDN builds targeting old Windows
+ BGF configure: remove USE_EXPLICIT_LIB_DEPS
+ BGF configure: replace nonportable grep -o with awk
+ BGF connect: always prefer ipv6 in IP eyeballing
+ BGF connect: limit update IP info
+ BGF cookie.md: try to articulate the two different uses this option has
+ BGF curl: allow 500MB data URL encode strings
+ BGF curl: find curlrc in XDG_CONFIG_HOME without leading dot
+ BGF curl: fix --proxy-pinnedpubkey
+ BGF curl: fix the -w urle.* variables
+ BGF curl: make the progress bar detect terminal width changes
+ BGF curl: warn on unsupported SSL options
+ BGF Curl_rand_bytes to control env override
+ BGF curl_sha512_256: fix symbol collisions with nettle library
+ BGF CURLMOPT_SOCKETFUNCTION.md: expand on the easy argument
+ BGF CURLOPT_XFERINFOFUNCTION: clarify the callback return codes
+ BGF dist: add missing `docs/examples/CMakeLists.txt`
+ BGF dist: add missing `FindNettle.cmake`
+ BGF dist: add missing `lib/optiontable.pl`
+ BGF dist: add missing `test_*.py` scripts
+ BGF dist: drop buildconf
+ BGF dist: fix reproducible build from release tarball
+ BGF dmaketgz: only run 'make distclean' if Makefile exists
+ BGF docs/SSLCERTS: rewrite
+ BGF docs: add description of effect of --location-trusted on cookie
+ BGF docs: document the (weak) random value situation in rustls builds
+ BGF docs: fix some examples in man pages
+ BGF docs: improve cipher options documentation
+ BGF docs: mention "@-" in more places
+ BGF docs: remove ALTSVC.md, HSTS.md, HTTP2.md and PARALLEL-TRANSFERS.md
+ BGF docs: update CIPHERS.md
+ BGF doh-url.md: point out DOH server IP pinning
+ BGF doh: remove redundant checks
+ BGF easy: fix curl_easy_upkeep for shared connection caches
+ BGF escape: allow curl_easy_escape to generate 3*input length output
+ BGF FEATURES.md: fix typo
+ BGF ftp: always offer line end conversions
+ BGF ftp: flush pingpong before response
+ BGF getinfo: return zero for unsupported options (when disabled)
+ BGF GHA/windows: enable MulitSSL in an MSVC job
+ BGF GHA: scan git repository and detect unvetted binary files
+ BGF gnutls/wolfssl: improve error message when certificate fails
+ BGF gnutls: send all data
+ BGF gtls: fix OCSP stapling management
+ BGF haproxy: send though next filter
+ BGF hash: provide asserts to verify API use
+ BGF http/2: simplify eos/blocked handling
+ BGF http2+h3 filters: fix ctx init
+ BGF http2: fix GOAWAY message sent to server
+ BGF http2: improve rate limiting of downloads
+ BGF http2: improved upload eos handling
+ BGF http3.md: mention how the fallback can be h1 or h2
+ BGF hyper: call Curl_req_set_upload_done()
+ BGF idn: more strictly check AppleIDN errors
+ BGF idn: support non-UTF-8 input under AppleIDN
+ BGF INSTALL.md: MultiSSL and QUIC are mutually exclusive
+ BGF KNOWN_BUGS: "special characers" in URL works with aws-sigv4
+ BGF krb5: add Linux/macOS CI tests, fix cmake GSS detection
+ BGF krb5: fix `-Wcast-align`
+ BGF lib: add eos flag to send methods
+ BGF lib: avoid macro collisions between wolfSSL and GnuTLS headers
+ BGF lib: convert some debugf()s into traces
+ BGF lib: delete stray undefs for `vsnprintf`, `vsprintf`
+ BGF lib: fix AIX build issues
+ BGF lib: fix building with wolfSSL without DES support
+ BGF lib: make SSPI global symbols use Curl_ prefix
+ BGF lib: prefer `CURL_SHA256_DIGEST_LENGTH` over the unprefixed name
+ BGF lib: remove the final strncpy() calls
+ BGF lib: remove use of RANDOM_FILE
+ BGF libcurl.def: move from / into lib
+ BGF libcurl.pc: add `Cflags.private`
+ BGF libcurl.pc: add reference to `libgsasl`
+ BGF libcurl/docs: expand on redirect following and secrets to other hosts
+ BGF llist: remove direct struct accesses, use only functions
+ BGF Makefile.dist: fix `ca-firefox` target
+ BGF Makefile.mk: fixup enabling libidn2
+ BGF Makefile: remove 'scripts' duplicate from DIST_SUBDIRS
+ BGF maketgz: accept option to include latest commit hash
+ BGF maketgz: fix RELEASE-TOOLS.md for daily tarballs
+ BGF maketgz: move from / into scripts
+ BGF managen: fix superfluous leading blank line in quoted sections
+ BGF managen: in man output, remove the leading space from examples
+ BGF managen: wordwrap long example lines in ASCII output
+ BGF manpage: ensure a maximum width for the text version
+ BGF max-filesize.md: mention zero disables the limit
+ BGF mbedtls: add more informative logging
+ BGF mbedtls: fix setting tls version
+ BGF mbedtls: no longer use MBEDTLS_SSL_VERIFY_OPTIONAL
+ BGF mime: avoid inifite loop in client reader
+ BGF mk-ca-bundle.pl: include a link to the caextract webpage
+ BGF multi: make the "general" list of easy handles a Curl_llist
+ BGF multi: on socket callback error, remove socket hash entry nonetheless
+ BGF ngtcp2/osslq: remove NULL pointer dereferences
+ BGF ngtcp2: use NGHTTP3 prefix instead of NGTCP2 for errors in h3 callbacks
+ BGF openssl quic: fix memory leak
+ BGF openssl: certinfo errors now fail correctly
+ BGF openssl: fix the data race when sharing an SSL session between threads
+ BGF openssl: improve shutdown handling
+ BGF pingpong: drain the input buffer when reading responses
+ BGF POP3: fix multi-line responses
+ BGF pop3: use the protocol handler ->write_resp
+ BGF printf: fix mingw-w64 format checks
+ BGF progress: ratelimit/progress tweaks
+ BGF pytests: add tests for HEAD requests in all HTTP versions
+ BGF rand: only provide weak random when needed
+ BGF runtests: if DISABLED cannot be read, error out
+ BGF runtests: log ignored but passed tests
+ BGF runtests: remove "has_textaware"
+ BGF rustls: fix setting tls version
+ BGF rustls: make all tests pass
+ BGF schannel: avoid malloc for CAinfo_blob_digest
+ BGF scorecard: tweak request measurements
+ BGF sectransp: fix setting tls version
+ BGF SECURITY: mention OpenSSF best practices gold badge
+ BGF setopt: allow CURLOPT_INTERFACE to be set to NULL
+ BGF setopt: let CURLOPT_ECH set to NULL reset to default
+ BGF setopt: make CURLOPT_TFTP_BLKSIZE accept bad values
+ BGF sha256: fix symbol collision between nettle (GnuTLS) and OpenSSL
+ BGF share: don't reinitialize conncache
+ BGF sigpipe: init the struct so that first apply ignores
+ BGF smb: convert superflous assign into assert
+ BGF smtp: add tracing feature
+ BGF splay: use access functions, add asserts, use Curl_timediff
+ BGF spnego_gssapi: implement TLS channel bindings for openssl
+ BGF src: delete `curlx_m*printf()` aliases
+ BGF src: fix potential macro confusion in cmake unity builds
+ BGF src: namespace symbols clashing with lib
+ BGF src: replace copy of printf mappings with an include
+ BGF ssh: deduplicate SSH backend includes (and fix libssh cmake unity build)
+ BGF system_win32: fix typo
+ BGF test httpd: tweak cipher list
+ BGF test1521: verify setting options to NULL better
+ BGF test1707: output diff more for debugging differences in CI outputs
+ BGF test556: improve robustness
+ BGF test579: improve robustness
+ BGF test587: improve robustness
+ BGF test649: improve robustness
+ BGF test677: improve robustness
+ BGF tests/runner: only allow [!A-Za-z0-9_-] in %if feature names
+ BGF tests: constrain http pytest to tests/http directory
+ BGF tests: don't mangle output if hostname or type unknown
+ BGF tests: ignore QUIT from FTP protocol comparisons
+ BGF tests: provide docs as curldown, not nroff
+ BGF tidy-up: misc build, tests, `lib/macos.c`
+ BGF tidy-up: OS names
+ BGF tool_operhlp: fix "potentially uninitialized local variable 'pc' used"
+ BGF tool_paramhlp: bump maximum post data size in memory to 16GB
+ BGF transfer: Curl_sendrecv() and event related improvements
+ BGF transfer: remove comments, add asserts
+ BGF transfer: skip EOS read when download done
+ BGF url: dns_entry related improvements
+ BGF url: fix connection reuse for HTTP/2 upgrades
+ BGF urlapi: verify URL *decoded* hostname when set
+ BGF urldata: introduce `data->mid`, a unique identifier inside a multi
+ BGF urldata: remove 'scratch' from the UrlState struct
+ BGF urldata: remove crlf_conversions counter
+ BGF urldata: remove proxy_connect_closed bit
+ BGF verify-release: shell script that verifies a release tarball
+ BGF version: fix shadowing a `libssh.h` symbol
+ BGF vtls: add SSLSUPP_CIPHER_LIST
+ BGF vtls: fix MSVC 'cast truncates constant value' warning
+ BGF vtls: fix static function name collisions between TLS backends
+ BGF vtls: init ssl peer only once
+ BGF websocket: introduce blocking sends
+ BGF wolfssl: avoid taking cached x509 store ref if sslctx already using it
+ BGF wolfssl: fix CURLOPT_SSLVERSION
+ BGF wolfssl: fix setting tls version
+ BGF wolfssl: improve shutdown handling
+ BGF ws: flags to opcodes should ignore CURLWS_CONT flag
+ BGF x509asn1: raise size limit for x509 certification information
+
+
SUBTITLE(Fixed in 8.9.1 - July 31 2024)
RELEASEVIDEO(8.9.1, "https://youtu.be/Py9LtV6pzXw?si=WeJnv-KD1DrqTvz_")
diff --git a/_newslog.html b/_newslog.html
index 3b529ef39f..bc5beadd8b 100644
--- a/_newslog.html
+++ b/_newslog.html
@@ -34,6 +34,20 @@
NCOLE
#endif
+NSUBJ(curl and libcurl 8.10.0)
+NDATE(September 11 2024)
+NCOLS
+
+The curl team proudly presents curl and
+libcurl version 8.10.0. See the
+full changelog.
+
+
+Pay special attention to the security
+vulnerability fixed in this version.
+
+NCOLE
+
NSUBJ(curl and libcurl 8.9.1)
NDATE(July 31 2024)
NCOLS
diff --git a/changes.t b/changes.t
index 1815a586c7..c409c60604 100644
--- a/changes.t
+++ b/changes.t
@@ -4,16 +4,16 @@
#define RELEASEVIDEO(ver,vid) \
#define VULNBOX(ver) \
#define THISBOX(ver) \