Curl will not accept vulnerability reports during July 2026

	Curl will not accept vulnerability reports during July 2026(daniel.haxx.se)
	500 points by secret-noun 6 hours ago \| 198 comments
	tl;dr: The curl project is pausing vulnerability report submissions during July 2026 (dubbed the "summer of bliss"), with Hackerone closed and security emails ignored from July 1 to August 3. Maintainers cite burnout from a heavy influx of reports over recent months and want a real break. The 8.22.0 release is pushed to September 2, 2026, though GitHub issues/PRs remain open and paid support contracts are unaffected.
	HN Discussion: ↑Praises the decision as a clever business model combining vacation and enterprise support incentives ↑Appreciates the human, refreshing stance maintainers are taking against burnout ~Highlights the unhealthy dependence on unpaid maintainers with no backup as a systemic problem ↑Argues the security risk is minimal since curl is mature and urgent issues can be handled out-of-band ↓Criticizes the paid-contract carve-out as ineffective since unreported vulnerabilities still affect everyone