Daniel Stenberg, author of the curl utility for sending and receiving network data, announced a suspension of accepting and processing vulnerability reports from July 1 to August 3. An exception will be made only for those who subscribe to paid support. The reason cited is the need for a break and rest after a significant increase in vulnerability report processing over the past four months.
Reports submitted via the Hackerone form and emailed to security@curl.se during the specified time will not be reviewed by maintainers. Pull requests and issue reports via GitHub will remain available, but the backlog of vulnerability reports will only be reviewed after August 3.
Source: opennet.ru
