From aaab08311baf21b8e0f85a077d25b70d79103767 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 12 Oct 2018 09:11:54 +0200 Subject: docs/BUG-BOUNTY.md: for vulns published since Aug 1st 2018 [ci skip] --- docs/BUG-BOUNTY.md | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'docs/BUG-BOUNTY.md') diff --git a/docs/BUG-BOUNTY.md b/docs/BUG-BOUNTY.md index 896d82568..813cc5fc1 100644 --- a/docs/BUG-BOUNTY.md +++ b/docs/BUG-BOUNTY.md @@ -38,6 +38,10 @@ Bounties need to be requested within twelve months from the publication of the vulnerability. + The vulnerabilities must not have been made public before August 1st, 2018. + We do not retroactively pay for old, already known and published security + problems. + ## Product vulnerabilities only The bug bounty only concerns the curl and libcurl products and thus their -- cgit v1.2.3