Daniel Stenberg says the curl project will pause HackerOne and security-email vulnerability intake for July 2026 so maintainers can recover from months of unusually heavy report pressure, while paid support customers will still receive service and the next curl release is pushed back two weeks.
Curl will not accept vulnerability reports during July 2026
Daniel Stenberg says the curl project will pause HackerOne and security-email vulnerability intake for July 2026 so maintainers can recover from months of unusually heavy report pressure, while paid support customers will still receive service and the next curl release is pushed back two weeks.
Source: Haxx