docs: explicitly call out Slowloris as not a security flaw

author JimFuller-RedHat <jfuller@redhat.com>

Thu, 8 Jan 2026 08:55:42 +0000 (09:55 +0100)

committer Daniel Stenberg <daniel@haxx.se>

Thu, 8 Jan 2026 09:19:16 +0000 (10:19 +0100)
author JimFuller-RedHat <jfuller@redhat.com>
Thu, 8 Jan 2026 08:55:42 +0000 (09:55 +0100)
committer Daniel Stenberg <daniel@haxx.se>
Thu, 8 Jan 2026 09:19:16 +0000 (10:19 +0100)
diff --git a/.github/scripts/pyspelling.words b/.github/scripts/pyspelling.words

index 6b755d2043d707f34a074117a5e61a23f5b148c3..d71c3c5d8c9d05218ec9ca26c934e4450c4b4ac0 100644 (file)
--- a/.github/scripts/pyspelling.words
+++ b/.github/scripts/pyspelling.words
@@ -778,6 +778,7 @@ singlecwd
  SINIX
  Sintonen
  sizeof
+Slowloris
  SLE
  slist
  sln
diff --git a/docs/VULN-DISCLOSURE-POLICY.md b/docs/VULN-DISCLOSURE-POLICY.md

index 4ffa1ecb2adaa94b2ccb1d99570b4b7d8cfe8cb7..3e924d82b843f95b3de18368e57ec50757cc31b5 100644 (file)
--- a/docs/VULN-DISCLOSURE-POLICY.md
+++ b/docs/VULN-DISCLOSURE-POLICY.md
@@ -224,7 +224,8 @@ problem. There are already several benign and likely reasons for transfers to
  stall and never end, so applications that cannot deal with never-ending
  transfers already need to have counter-measures established.
  
-If the problem avoids the regular counter-measures when it causes a never-
+Well known attacks, like [Slowloris](https://en.wikipedia.org/wiki/Slowloris_(cyber_attack)), that send partial
+requests are usually not considered a flaw. If the problem avoids the regular counter-measures when it causes a never-
  ending transfer, it might be a security problem.
  
  ## Not practically possible
author	JimFuller-RedHat <jfuller@redhat.com>
	Thu, 8 Jan 2026 08:55:42 +0000 (09:55 +0100)
committer	Daniel Stenberg <daniel@haxx.se>
	Thu, 8 Jan 2026 09:19:16 +0000 (10:19 +0100)
.github/scripts/pyspelling.words		patch \| blob \| blame \| history
docs/VULN-DISCLOSURE-POLICY.md		patch \| blob \| blame \| history