Re: [SECURITY ADVISORY] curl: CVE-2025-10148: predictable WebSocket mask

[Daniel Stenberg <daniel () haxx se>]

On Wed, 10 Sep 2025, Emilio Pozuelo Monfort wrote:

> From what I can see, websocket support was introduced in 7.86 in [1], and 
> later marked as supported/not-experimental in 8.11 [2]. If so, I think the 
> above note (also in [3]) should say that it was experimental before 8.11.

Thank you. I don't know how I could get that wrong (as the introduced-in 
commit is the right one), but you are entirely correct. Thank you.

I will update the CVE.

--

 / daniel.haxx.se || https://rock-solid.curl.dev