{"id":29983,"date":"2026-06-15T07:56:00","date_gmt":"2026-06-15T05:56:00","guid":{"rendered":"https:\/\/daniel.haxx.se\/blog\/?p=29983"},"modified":"2026-06-15T09:28:29","modified_gmt":"2026-06-15T07:28:29","slug":"curl-summer-of-bliss","status":"publish","type":"post","link":"https:\/\/daniel.haxx.se\/blog\/2026\/06\/15\/curl-summer-of-bliss\/","title":{"rendered":"curl summer of bliss"},"content":{"rendered":"\n

The curl project will not accept or otherwise handle any vulnerability reports during the month of July 2026<\/strong>. We call it the curl summer of bliss<\/em>.<\/p>\n\n\n\n

curl’s submission form on Hackerone<\/a> will be paused starting July 1, 2026.<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

Summer of bliss starts: July 1, 2026<\/strong>. 00:00 CEST<\/p>\n\n\n\n

Submissions resume: August 3 2026<\/strong>. 09:00 CEST<\/p>\n\n\n\n

The security email address will also be a dead end, as we will not process or otherwise care about security or vulnerability reports sent to us that way either.<\/p>\n\n\n\n

Whatever issue you find that you feel a need to report to the curl project during this month has to wait. curl’s Hackerone form opens for submissions again on Monday August 3.<\/p>\n\n\n\n

We do not accept vulnerability reports over email in general, and this fact remains during and after our vacation.<\/p>\n\n\n\n

Vacation for real<\/h2>\n\n\n
\n
\"\"<\/figure>\n<\/div>\n\n\n

The curl maintainers will use this time of less pressure to take in some extra air and to enjoy the summer. Maybe stroll outside a bit more. Breath. Some of us may spend some of this time to see other places.<\/p>\n\n\n\n

We may get some extra time to spend on fixing bugs or working on new code. Fun stuff!<\/p>\n\n\n\n

Side-effects<\/h2>\n\n\n\n

As a direct side-effect of this summer of bliss, to allow us some more time to handle the issues that might have piled up for us in early August, we also push the release date<\/strong> of 8.22.0 two weeks into the future. Now scheduled to happen on September 2, 2026.<\/p>\n\n\n\n

Vulnerability rate<\/h2>\n\n\n\n

As previously mentioned, we have been under a huge pressure<\/a> for the last four months or so. Now we need some rest. We do not expect this deluge to be over.<\/p>\n\n\n\n

GitHub<\/h2>\n\n\n\n

curl’s issue<\/a> and pull-request<\/a> trackers on GitHub remain open and active like normal.<\/p>\n\n\n\n

You too?<\/h2>\n\n\n\n

If you and your Open Source projects also want to participate in the summer of bliss 2026: just do it and let us know! I would of course encourage you to do so. To take care of yourself as a top priority.<\/p>\n\n\n\n

The bad guys won’t rest<\/h2>\n\n\n\n

Probably not. But we will.<\/p>\n\n\n\n

But what if there is an emergency<\/h2>\n\n\n\n

Then we get to read about it in August. Or you get a support contract<\/a> and we get to read about it earlier.<\/p>\n\n\n\n

Contracts excluded<\/h2>\n\n\n\n

Everyone with a paid support contracts will of course still get full and appropriate service even during this period.<\/p>\n\n\n

\n
\"\"\n\t\t\t\n\t\t\t\t\n\t\t\t<\/svg>\n\t\t<\/button>
Daniel, in a relaxed state.<\/figcaption><\/figure>\n<\/div>\n\n\n

Credits<\/h2>\n\n\n\n

The ice cream image was made by fotografierende<\/a> from Pixabay<\/a><\/p>\n\n\n\n

Discussed<\/h2>\n\n\n\n

On hacker news<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

The curl project will not accept or otherwise handle any vulnerability reports during the month of July 2026. We call it the curl summer of bliss. curl’s submission form on Hackerone will be paused starting July 1, 2026. Summer of bliss starts: July 1, 2026. 00:00 CEST Submissions resume: August 3 2026. 09:00 CEST The … Continue reading curl summer of bliss<\/span> →<\/span><\/a><\/p>\n","protected":false},"author":5,"featured_media":30109,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7,133],"tags":[33,504,428],"class_list":["post-29983","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-curl","category-security","tag-curl-and-libcurl","tag-hackerone","tag-security"],"_links":{"self":[{"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/posts\/29983","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/comments?post=29983"}],"version-history":[{"count":49,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/posts\/29983\/revisions"}],"predecessor-version":[{"id":30183,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/posts\/29983\/revisions\/30183"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/media\/30109"}],"wp:attachment":[{"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/media?parent=29983"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/categories?post=29983"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/tags?post=29983"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}