docs/BUG-BOUNTY.md: for vulns published since Aug 1st 2018

author Daniel Stenberg <daniel@haxx.se>

Fri, 12 Oct 2018 07:11:54 +0000 (09:11 +0200)

committer Daniel Stenberg <daniel@haxx.se>

Fri, 12 Oct 2018 07:12:44 +0000 (09:12 +0200)
author Daniel Stenberg <daniel@haxx.se>
Fri, 12 Oct 2018 07:11:54 +0000 (09:11 +0200)
committer Daniel Stenberg <daniel@haxx.se>
Fri, 12 Oct 2018 07:12:44 +0000 (09:12 +0200)
diff --git a/docs/BUG-BOUNTY.md b/docs/BUG-BOUNTY.md

index 896d825684f3932ff041164b0a4e43034a2d4d57..813cc5fc16dd957084832cc0433f3c934dc5d423 100644 (file)
--- a/docs/BUG-BOUNTY.md
+++ b/docs/BUG-BOUNTY.md
@@ -38,6 +38,10 @@
   Bounties need to be requested within twelve months from the publication of
   the vulnerability.
  
+ The vulnerabilities must not have been made public before August 1st, 2018.
+ We do not retroactively pay for old, already known and published security
+ problems.
+
  ## Product vulnerabilities only
  
   The bug bounty only concerns the curl and libcurl products and thus their
author	Daniel Stenberg <daniel@haxx.se>
	Fri, 12 Oct 2018 07:11:54 +0000 (09:11 +0200)
committer	Daniel Stenberg <daniel@haxx.se>
	Fri, 12 Oct 2018 07:12:44 +0000 (09:12 +0200)