luo980/curl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: vulnerabilities in debug code are not eligible for a bounty

Browse Source 
This is code that is off by default and is therefore treated as a
regular bug.

Ref: #16526
Closes #16527
This commit is contained in:
Dan Fandrich 2025-02-28 12:36:14 -08:00
parent e7751571eb
commit c693cc02b0
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/VULN-DISCLOSURE-POLICY.md
View File

@ -247,11 +247,11 @@ local system or network, the bar is raised. If a local user wrongfully has
elevated rights on your system enough to attack curl, they can probably elevated rights on your system enough to attack curl, they can probably
already do much worse harm and the problem is not really in curl. already do much worse harm and the problem is not really in curl.
## Experiments ## Debug & Experiments
Vulnerabilities in features which are off by default (in the build) and Vulnerabilities in features which are off by default (in the build) and
documented as experimental, are not eligible for a reward and we do not documented as experimental, or exist only in debug mode, are not eligible for a
consider them security problems. reward and we do not consider them security problems.
## URL inconsistencies ## URL inconsistencies