[7.29.0-54.0.1] - Security Fixes [OraBug: 28939992] - CVE-2016-8615 cookie injection for other servers - CVE-2016-8616 case insensitive password comparison - CVE-2016-8617 OOB write via unchecked multiplication - CVE-2016-8618 double-free in curl_maprintf - CVE-2016-8619 double-free in krb5 code - CVE-2016-8621 curl_getdate read out of bounds - CVE-2016-8622 URL unescape heap overflow via integer truncation - CVE-2016-8623 Use-after-free via shared cookies - CVE-2016-8624 invalid URL parsing with # [7.29.0-54] - make "curl --tlsv1" backward compatible [7.29.0-53] - backport the --tls-max option of curl and TLS 1.3 ciphers [7.29.0-52] - prevent curl --rate-limit from hanging on file URLs - fix NTLM password overflow via integer overflow - fix bad arithmetic when outputting warnings to stderr - backport options to force TLS 1.3 in curl and libcurl - prevent curl --rate-limit from crashing on https URLs