From aaab08311baf21b8e0f85a077d25b70d79103767 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 12 Oct 2018 09:11:54 +0200
Subject: docs/BUG-BOUNTY.md: for vulns published since Aug 1st 2018

[ci skip]
---
 docs/BUG-BOUNTY.md | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'docs/BUG-BOUNTY.md')

diff --git a/docs/BUG-BOUNTY.md b/docs/BUG-BOUNTY.md
index 896d82568..813cc5fc1 100644
--- a/docs/BUG-BOUNTY.md
+++ b/docs/BUG-BOUNTY.md
@@ -38,6 +38,10 @@
  Bounties need to be requested within twelve months from the publication of
  the vulnerability.
 
+ The vulnerabilities must not have been made public before August 1st, 2018.
+ We do not retroactively pay for old, already known and published security
+ problems.
+
 ## Product vulnerabilities only
 
  The bug bounty only concerns the curl and libcurl products and thus their
-- 
cgit v1.2.3