Curl 将在 2026 年 7 月期间不接收漏洞报告。

Curl 将在 2026 年 7 月期间不接收漏洞报告。
Curl will not accept vulnerability reports during July 2026

原始链接: https://daniel.haxx.se/blog/2026/06/15/curl-summer-of-bliss/

curl 项目宣布了一个“幸福之夏”计划，期间团队将暂停处理安全漏洞报告。从 2026 年 7 月 1 日 00:00 CEST 起至 2026 年 8 月 3 日 09:00 CEST，所有通过 HackerOne 和项目安全邮箱提交的漏洞报告都将被暂停受理或忽略。此举旨在让维护者从近几个月的高强度压力中抽身，进行休息并专注于非紧急开发工作。因此，8.22.0 版本的发布已推迟至 2026 年 9 月 2 日。尽管安全报告渠道将关闭，但项目的 GitHub Issue 和 Pull Request 跟踪器仍将保持开放和活跃。请注意，上述限制不适用于拥有付费支持合同的用户，他们将继续获得全面服务。curl 团队鼓励其他开源项目考虑采取类似的休息方式，以优先保障维护者的身心健康。

``` Hacker News 最新 | 往期 | 评论 | 提问 | 展示 | 工作 | 提交登录 Curl 将在 2026 年 7 月期间不接受漏洞报告 (haxx.se) 63 分，由 secret-noun 发布于 26 分钟前 | 隐藏 | 往期 | 收藏 | 2 条评论帮助 zarzavat 2 分钟前 | 下一条 [–] > > 坏人不会休息 > 大概不会。但我们会。在这个极不人道的时代，一剂令人愉悦的人性。回复 a13n 4 分钟前 | 上一条 [–] 多么精彩的广告。回复指南 | 常见问题 | 列表 | API | 安全 | 法律 | 申请 YC | 联系搜索： ```

原文

The curl project will not accept or otherwise handle any vulnerability reports during the month of July 2026. We call it the curl summer of bliss.

curl’s submission form on Hackerone will be paused starting July 1, 2026.

Summer of bliss starts: July 1, 2026. 00:00 CEST

Submissions resume: August 3 2026. 09:00 CEST

The security email address will also be a dead end, as we will not process or otherwise care about security or vulnerability reports sent to us that way either.

Whatever issue you find that you feel a need to report to the curl project during this month has to wait. curl’s Hackerone form opens for submissions again on Monday August 3.

We do not accept vulnerability reports over email in general, and this fact remains during and after our vacation.

Vacation for real

The curl maintainers will use this time of less pressure to take in some extra air and to enjoy the summer. Maybe stroll outside a bit more. Breath. Some of us may spend some of this time to see other places.

We may get some extra time to spend on fixing bugs or working on new code. Fun stuff!

Side-effects

As a direct side-effect of this summer of bliss, to allow us some more time to handle the issues that might have piled up for us in early August, we also push the release date of 8.22.0 two weeks into the future. Now scheduled to happen on September 2, 2026.

Vulnerability rate

As previously mentioned, we have been under a huge pressure for the last four months or so. Now we need some rest. We do not expect this deluge to be over.

GitHub

curl’s issue and pull-request trackers on GitHub remain open and active like normal.

You too?

If you and your Open Source projects also want to participate in the summer of bliss 2026: just do it and let us know! I would of course encourage you to do so. To take care of yourself as a top priority.

The bad guys won’t rest

Probably not. But we will.

But what if there is an emergency

Then we get to read about it in August. Or you get a support contract and we get to read about it earlier.

Contracts excluded

Everyone with a paid support contracts will of course still get full and appropriate service even during this period.

Credits

The ice cream image was made by fotografierende from Pixabay