From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 12 Oct 2018 07:11:54 +0000 (+0200)
Subject: docs/BUG-BOUNTY.md: for vulns published since Aug 1st 2018
X-Git-Tag: curl-7_62_0~59
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=aaab08311baf21b8e0f85a077d25b70d79103767;p=curl

docs/BUG-BOUNTY.md: for vulns published since Aug 1st 2018

[ci skip]
---

diff --git a/docs/BUG-BOUNTY.md b/docs/BUG-BOUNTY.md
index 896d82568..813cc5fc1 100644
--- a/docs/BUG-BOUNTY.md
+++ b/docs/BUG-BOUNTY.md
@@ -38,6 +38,10 @@
  Bounties need to be requested within twelve months from the publication of
  the vulnerability.
 
+ The vulnerabilities must not have been made public before August 1st, 2018.
+ We do not retroactively pay for old, already known and published security
+ problems.
+
 ## Product vulnerabilities only
 
  The bug bounty only concerns the curl and libcurl products and thus their