From: Andrei Rybak <rybak.a.v@gmail.com>
Date: Tue, 12 May 2026 16:02:21 +0000 (+0200)
Subject: VULN-DISCLOSURE-POLICY.md: remove mention of bug bounty reward
X-Git-Tag: rc-8_21_0-1~183
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a3618d166db0ec522c8ed0892177d8470dd4df46;p=thirdparty%2Fcurl.git

VULN-DISCLOSURE-POLICY.md: remove mention of bug bounty reward

As a follow-up to commits ca7ef4b817 ("BUG-BOUNTY.md: we stop the
bug-bounty end of Jan 2026", 2026-01-22) and ed7bf43a08 ("BUG-BOUNTY.md:
minor rephrase to say there is no bug bounty", 2026-03-10), remove a
leftover mention of the reward for vulnerability reports, that no longer
exists, in file `VULN-DISCLOSURE-POLICY.md`.

Fixes #21571
Reported-by: Alan De Smet
Closes #21574
---

diff --git a/docs/VULN-DISCLOSURE-POLICY.md b/docs/VULN-DISCLOSURE-POLICY.md
index abc7ef2c0a..1ce3f4e26d 100644
--- a/docs/VULN-DISCLOSURE-POLICY.md
+++ b/docs/VULN-DISCLOSURE-POLICY.md
@@ -248,8 +248,8 @@ already do much worse harm and the problem is not really in curl.
 ## Debug & Experiments
 
 Vulnerabilities in features which are off by default (in the build) and
-documented as experimental, or exist only in debug mode, are not eligible for a
-reward and we do not consider them security problems.
+documented as experimental, or exist only in debug mode, are not considered
+security problems.
 
 The same applies to scripts and software which are not installed by default
 through the make install rule.