VULN-DISCLOSURE-POLICY.md: emphasize the no email thank you part

author Daniel Stenberg <daniel@haxx.se>

Tue, 26 May 2026 07:09:24 +0000 (09:09 +0200)

committer Daniel Stenberg <daniel@haxx.se>

Tue, 26 May 2026 08:00:22 +0000 (10:00 +0200)
author Daniel Stenberg <daniel@haxx.se>
Tue, 26 May 2026 07:09:24 +0000 (09:09 +0200)
committer Daniel Stenberg <daniel@haxx.se>
Tue, 26 May 2026 08:00:22 +0000 (10:00 +0200)
diff --git a/docs/VULN-DISCLOSURE-POLICY.md b/docs/VULN-DISCLOSURE-POLICY.md

index 4ff284e43f2c22eca949628592e551b27ee2f517..379a6d0da56bdf0b21583f6bac28b7ce30c446e3 100644 (file)
--- a/docs/VULN-DISCLOSURE-POLICY.md
+++ b/docs/VULN-DISCLOSURE-POLICY.md
@@ -36,6 +36,10 @@ announcement.
    [HackerOne](https://hackerone.com/curl). Issues filed there reach a handful
    of selected and trusted people.
  
+- The curl project cannot handle vulnerability reports sent to us over email.
+  We lose track of the reports. We cannot easily disclose them. Please do not
+  send us reports over email.
+
  - Messages that do not relate to the reporting or managing of an undisclosed
    security vulnerability in curl or libcurl are ignored and no further action
    is required.
author	Daniel Stenberg <daniel@haxx.se>
	Tue, 26 May 2026 07:09:24 +0000 (09:09 +0200)
committer	Daniel Stenberg <daniel@haxx.se>
	Tue, 26 May 2026 08:00:22 +0000 (10:00 +0200)