docs/BUG-BOUNTY.md: for vulns published since Aug 1st 2018

[ci skip]
author: Daniel Stenberg <daniel@haxx.se> 2018-10-12 09:11:54 +0200
committer: Daniel Stenberg <daniel@haxx.se> 2018-10-12 09:12:44 +0200
commit: aaab08311baf21b8e0f85a077d25b70d79103767 (patch)
tree: 9c33c761beba88f1dbd292bb4f0a1858f3043240
parent: a47a264492a528a6e7bca8bf9bbf438a1b6ba780 (diff)
download: curl-aaab08311baf21b8e0f85a077d25b70d79103767.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/docs/BUG-BOUNTY.md b/docs/BUG-BOUNTY.md
index 896d82568..813cc5fc1 100644
--- a/docs/BUG-BOUNTY.md
+++ b/docs/BUG-BOUNTY.md
@@ -38,6 +38,10 @@
  Bounties need to be requested within twelve months from the publication of
  the vulnerability.
 
+ The vulnerabilities must not have been made public before August 1st, 2018.
+ We do not retroactively pay for old, already known and published security
+ problems.
+
 ## Product vulnerabilities only
 
  The bug bounty only concerns the curl and libcurl products and thus their
author	Daniel Stenberg <daniel@haxx.se>	2018-10-12 09:11:54 +0200
committer	Daniel Stenberg <daniel@haxx.se>	2018-10-12 09:12:44 +0200
commit	aaab08311baf21b8e0f85a077d25b70d79103767 (patch)
tree	9c33c761beba88f1dbd292bb4f0a1858f3043240
parent	a47a264492a528a6e7bca8bf9bbf438a1b6ba780 (diff)
download	curl-aaab08311baf21b8e0f85a077d25b70d79103767.tar.gz