We call it Rock-solid curl instead of LTS or Long-Term Support because we think it sounds cooler. But in reality that's what this is.

We create a new Rock-solid curl release branch off from upstream curl roughly every 18 months.

We only merge security fixes and backport important bugfixes into all still living Rock-solid curl branches and guarantee each a five year life-time (from the day of the first release of said Rock-solid curl branch).

• Using Rock-solid curl reduces the risk for regressions dramatically
• Rock-solid curl downloads are only provided to current customers with existing support contracts
• Rock-solid curl releases are the same style source code tarballs using the same layout as normal releases. Using the same license.
• Rock-solid curl support and issues are managed separately from open source curl if the problems are unique to Rock-solid curl
• Rock-solid curl support is private and confidential. Your secrets are safe.
• Rock-solid curl versions are easily and quickly identifiable as Rock-solid curl releases compared to “normal” curl releases
• Rock-solid curl customers can nominate bugfixes to backport from upstream curl
• We offer extended Rock-solid curl support beyond the initial five years on a case by case basis
• Access to the Rock-solid curl git repository is not provided unless specially requested
• Rock-solid curl has its own version numbers, which may coincide with the real curl versions but we should try not to - to reduce confusion and mixups
• Rock-solid curl versions are guaranteed to be security-patched and have updated releases available for download on the same day future curl security vulnerabilities are publicly announced. (This goes for all CVEs published and acknowledged by the curl CNA.)
• Rock-solid curl customers get notified about such security updates of Rock-solid curl versions
• Rock-Solid curl maintains branches separated from the upstream curl project and as such it does not taint nor directly affect the original curl offer

When 17-19 months have passed since the previous Rock-solid curl branch started, we pick the second or third to last, or so, upstream curl release to become the new Rock-solid curl release branch. To allow it to have matured a somewhat.

We then backport security patches and the important stability fixes done since that release.

This makes us able to offer about three living Rock-solid curl branches at any given time. Each with its own end-of-support date.

Ideally, when we create a Rock-solid curl based on curl version 8.X.1, we make 8.X.2 the first Rock-solid curl version in that branch.

Existing customers may nominate new version candidates for the next Rock-solid curl branch.

See the support page.