summaryrefslogtreecommitdiff
path: root/docs/BUG-BOUNTY.md
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2018-10-12 09:11:54 +0200
committerDaniel Stenberg <daniel@haxx.se>2018-10-12 09:12:44 +0200
commitaaab08311baf21b8e0f85a077d25b70d79103767 (patch)
tree9c33c761beba88f1dbd292bb4f0a1858f3043240 /docs/BUG-BOUNTY.md
parenta47a264492a528a6e7bca8bf9bbf438a1b6ba780 (diff)
downloadcurl-aaab08311baf21b8e0f85a077d25b70d79103767.tar.gz
docs/BUG-BOUNTY.md: for vulns published since Aug 1st 2018
[ci skip]
Diffstat (limited to 'docs/BUG-BOUNTY.md')
-rw-r--r--docs/BUG-BOUNTY.md4
1 files changed, 4 insertions, 0 deletions
diff --git a/docs/BUG-BOUNTY.md b/docs/BUG-BOUNTY.md
index 896d82568..813cc5fc1 100644
--- a/docs/BUG-BOUNTY.md
+++ b/docs/BUG-BOUNTY.md
@@ -38,6 +38,10 @@
Bounties need to be requested within twelve months from the publication of
the vulnerability.
+ The vulnerabilities must not have been made public before August 1st, 2018.
+ We do not retroactively pay for old, already known and published security
+ problems.
+
## Product vulnerabilities only
The bug bounty only concerns the curl and libcurl products and thus their