Stenberg: The pressure

Curl maintainer Daniel Stenberg writes aboutthe stress of keeping up with the current flood of security reports.

This is a never-before seen or experienced pressure on the curlproject and its security team members. An avalanche of highpriority work that trumps all other things in the project that isprimarily mental because we certainly could ignore them all if wewanted, but we feel a responsibility, we have a conscience and weare proud about our work. We feel obliged to fix security problemsin the software we have helped shipped to every device on theglobe. This is personal to us.

With about half the release cycle left until the pending releaseships, we already have twelve confirmed vulnerabilitiesmeaning twelve pending CVE announcements. That's a new projectrecord and it also means we will reach thirty published CVEsin 2026 even before half the calendar year has passed. Theprojected total amount of curl CVEs published through the wholeyear is therefore at least double this number!