In order to get something out with the 1.10.1 security release, we pushed patch 4029 which mitigates this issue by limiting what protocols CURL will use.
In the longer run we need to switch to the SafeCurl library. So I've spun off a separate bug 1397736 to track that.
In order to get something out with the 1.10.1 security release, we pushed patch 4029 which mitigates this issue by limiting what protocols CURL will use.
In the longer run we need to switch to the SafeCurl library. So I've spun off a separate bug 1397736 to track that.