[Vuln for dependency] Please release new .whl files by using newest curl

[F0otman]

Checklist

• [X] I have searched for similar issues.
• [X] For Python issues, I have tested with the latest development wheel.
• [X] I have checked the release documentation and the latest documentation (for main branch).

My Question

The release files are using curl 7.X, but these softwares have many vulnerabilities (See https://curl.se/docs/vulnerabilities.html)

Could u release new .whl files for cp11 & cp10 by using curl 8.9.0 ( it's also kind to update a new tag)? Our customers claimed me the Open3D contains the vluns by dependenying old version of curl

[timohl]

Here are the spots that have to change if anybody wants to upgrade:

This is for building from source: https://github.com/isl-org/Open3D/blob/f02e7d24ea115e716445a7fae5093bce60a37d20/3rdparty/curl/curl.cmake#L28-L33

This also requires prebuilt curl to be uploaded in https://github.com/isl-org/open3d_downloads: https://github.com/isl-org/Open3D/blob/f02e7d24ea115e716445a7fae5093bce60a37d20/3rdparty/curl/curl.cmake#L64-L76

Also the readme gotta change (which already seems out of date): https://github.com/isl-org/Open3D/blob/f02e7d24ea115e716445a7fae5093bce60a37d20/3rdparty/README.md?plain=1#L119-L123

Sorry, I currently have no time to test building with latest curl and I am not sure how to upload anython to https://github.com/isl-org/open3d_download, but I hope that helps if you would like to create a pull request yourself.

[ssheorey]

Thanks @timohl for looking into this. I think this should be a quick / short PR. To upload to open3d_download, just upload the binary somewhere and make sure to add its SHA256 sum to the Open3D PR. Small files can be pllaced directly in the PR with a note and I'll move it to open3d_download, as long as the sha256sum matches.

Labelling as "good first issue" for someone to pick this up.