[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[gnurl] 393/411: SECURITY-PROCESS: disclose on hackerone

From: gnunet
Subject: [gnurl] 393/411: SECURITY-PROCESS: disclose on hackerone
Date: Wed, 13 Jan 2021 01:23:28 +0100

This is an automated email from the git hooks/post-receive script.

nikita pushed a commit to branch master
in repository gnurl.

commit 6703eb2f4cd3cd0cf008e5103e2ec7aa85eabedc
Author: Daniel Stenberg <>
AuthorDate: Thu Dec 3 14:18:51 2020 +0100

    SECURITY-PROCESS: disclose on hackerone
    Once a vulnerability has been published, the hackerone issue should be
    disclosed. For tranparency.
    Closes #6275
 docs/ | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/docs/ b/docs/
index c77ff1778..a5d487adf 100644
--- a/docs/
+++ b/docs/
@@ -125,6 +125,14 @@ Publishing Security Advisories
 6. On security advisory release day, push the changes on the curl-www
    repository's remote master branch.
+Request the issue to be disclosed. If there are sensitive details present in
+the report and discussion, those should be redacted from the disclosure. The
+default policy is to disclose as much as possible as soon as the vulnerability
+has been published.
 Bug Bounty

To stop receiving notification emails like this one, please contact

reply via email to

[Prev in Thread] Current Thread [Next in Thread]