Security
curl vulnerability-report handling pause takes effect
- Category: Security
- Status: confirmed
- Sources: curl blog
- Summary: The curl vulnerability-report pause announced on 2026-06-15 takes effect on 2026-07-01. The HackerOne form is paused and the security email is not processed from 2026-07-01 00:00 CEST through 2026-08-02, resuming 2026-08-03 09:00 CEST. Paid support contracts keep full security access; GitHub issues and pull requests continue normally.
- Why it matters: For one month, no new curl vulnerability reports are triaged, which shifts disclosure timing for one of the most widely deployed pieces of software.
- Follow-up: Watch for any public vulnerability disclosure during the pause window and report handling resuming 2026-08-03.