GoKawiilThe curl project will not accept or otherwise handle any vulnerability reports during the month of July 2026. We call it the curl summer of bliss.
curl’s submission form on Hackerone will be paused starting July 1, 2026.
Summer of bliss starts: July 1, 2026. 00:00 CEST
Submissions resume: August 3 2026. 09:00 CEST
The security email address will also be a dead end, as we will not process or otherwise care about security or vulnerability reports sent to us that way either.
Whatever issue you find that you feel a need to report to the curl project during this month has to wait. curl’s Hackerone form opens for submissions again on Monday August 3.
We do not accept vulnerability reports over email in general, and this fact remains during and after our vacation.
Vacation for real
The curl maintainers will use this time of less pressure to take in some extra air and to enjoy the summer. Maybe stroll outside a bit more. Breath. Some of us may spend some of this time to see other places.
We may get some extra time to spend on fixing bugs or working on new code. Fun stuff!
... continue reading