[7.61.1-22] - fix STARTTLS protocol injection via MITM - fix protocol downgrade required TLS bypass [7.61.1-21] - fix TELNET stack contents disclosure again - fix TELNET stack contents disclosure - fix bad connection reuse due to flawed path name checks - disable metalink support to fix the following vulnerabilities CVE-2021-22923 - metalink download sends credentials CVE-2021-22922 - wrong content via metalink not discarded [7.61.1-20] - fix a cppchecks false positive in 0029-curl-7.61.1-CVE-2021-22876.patch [7.61.1-19] - make curl --head file:// work as expected - prevent automatic referer from leaking credentials