romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-05-14 23:56:20 +03:00
Code Issues Projects Releases Packages Wiki Activity

VULN-DISCLOSURE-POLICY: exclude not installed software

Browse source 
Flaws in any script or compiled artifact which isn't installed by
default is not considered to be security vulnerabilities.

Closes #17761
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
This commit is contained in:
Daniel Gustafsson 2025-06-27 12:08:01 +02:00
parent cf8c0e9cbd
commit 86eb054286
1 changed files with 3 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
docs/VULN-DISCLOSURE-POLICY.md
View file

@ -253,6 +253,9 @@ Vulnerabilities in features which are off by default (in the build) and
documented as experimental, or exist only in debug mode, are not eligible for a
reward and we do not consider them security problems.
The same applies to scripts and software which are not installed by default by
the make install rule.
## URL inconsistencies
URL parser inconsistencies between browsers and curl are expected and are not