From: JimFuller-RedHat <jfuller@redhat.com>
Date: Thu, 8 Jan 2026 08:55:42 +0000 (+0100)
Subject: docs: explicitly call out Slowloris as not a security flaw
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=af18d8ea1b3c84933aeb508f1c45780bd35437fe;p=thirdparty%2Fcurl.git

docs: explicitly call out Slowloris as not a security flaw

Closes #20219
---

diff --git a/.github/scripts/pyspelling.words b/.github/scripts/pyspelling.words
index 6b755d2043..d71c3c5d8c 100644
--- a/.github/scripts/pyspelling.words
+++ b/.github/scripts/pyspelling.words
@@ -778,6 +778,7 @@ singlecwd
 SINIX
 Sintonen
 sizeof
+Slowloris
 SLE
 slist
 sln
diff --git a/docs/VULN-DISCLOSURE-POLICY.md b/docs/VULN-DISCLOSURE-POLICY.md
index 4ffa1ecb2a..3e924d82b8 100644
--- a/docs/VULN-DISCLOSURE-POLICY.md
+++ b/docs/VULN-DISCLOSURE-POLICY.md
@@ -224,7 +224,8 @@ problem. There are already several benign and likely reasons for transfers to
 stall and never end, so applications that cannot deal with never-ending
 transfers already need to have counter-measures established.
 
-If the problem avoids the regular counter-measures when it causes a never-
+Well known attacks, like [Slowloris](https://en.wikipedia.org/wiki/Slowloris_(cyber_attack)), that send partial
+requests are usually not considered a flaw. If the problem avoids the regular counter-measures when it causes a never-
 ending transfer, it might be a security problem.
 
 ## Not practically possible