romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-05-16 11:46:21 +03:00
Code Issues Projects Releases Packages Wiki Activity

VULN-DISCLOSURE-POLICY.md: remove mention of bug bounty reward

Browse source 
As a follow-up to commits ca7ef4b817 ("BUG-BOUNTY.md: we stop the
bug-bounty end of Jan 2026", 2026-01-22) and ed7bf43a08 ("BUG-BOUNTY.md:
minor rephrase to say there is no bug bounty", 2026-03-10), remove a
leftover mention of the reward for vulnerability reports, that no longer
exists, in file `VULN-DISCLOSURE-POLICY.md`.

Fixes #21571
Reported-by: Alan De Smet
Closes #21574
This commit is contained in:
Andrei Rybak 2026-05-12 18:02:21 +02:00 committed by Daniel Stenberg
parent 287b082c63
commit a3618d166d
No known key found for this signature in database
GPG key ID: 5CC908FDB71E12C2
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
docs/VULN-DISCLOSURE-POLICY.md
View file

@ -248,8 +248,8 @@ already do much worse harm and the problem is not really in curl.
## Debug & Experiments
Vulnerabilities in features which are off by default (in the build) and
documented as experimental, or exist only in debug mode, are not eligible for a
reward and we do not consider them security problems.
documented as experimental, or exist only in debug mode, are not considered
security problems.
The same applies to scripts and software which are not installed by default
through the make install rule.