luo980/curl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: vulnerabilities in debug code are not eligible for a bounty

Browse Source 
This is code that is off by default and is therefore treated as a
regular bug.

Ref: #16526
Closes #16527
This commit is contained in:
Dan Fandrich 2025-02-28 12:36:14 -08:00
parent e7751571eb
commit c693cc02b0
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/VULN-DISCLOSURE-POLICY.md
View File

@ -247,11 +247,11 @@ local system or network, the bar is raised. If a local user wrongfully has
elevated rights on your system enough to attack curl, they can probably
already do much worse harm and the problem is not really in curl.
## Experiments
## Debug & Experiments
Vulnerabilities in features which are off by default (in the build) and
documented as experimental, are not eligible for a reward and we do not
consider them security problems.
documented as experimental, or exist only in debug mode, are not eligible for a
reward and we do not consider them security problems.
## URL inconsistencies