Curl project suspends vulnerability reports for July 2026
Original: Curl will not accept vulnerability reports during July 2026
Why This Matters
Shows open source maintainer burnout and need for sustainable practices in critical infrastructure projects
Open source project curl announced it will not accept vulnerability reports during July 2026, calling it 'curl summer of bliss.' HackerOne submission form paused July 1-August 3, 2026 as maintainers take vacation from security pressure.
The curl project, led by Daniel Stenberg, will suspend all vulnerability reporting during July 2026 in what they call the 'curl summer of bliss.' The HackerOne submission form will be paused from July 1, 2026 at 00:00 CEST until August 3, 2026 at 09:00 CEST. The security email address will also not process reports during this period. Stenberg cited the need for maintainers to take a break from 'huge pressure' experienced over the past four months. The project has pushed the release date of version 8.22.0 from mid-August to September 2, 2026 to accommodate the break. GitHub issue and pull-request trackers remain active, and paid support contract holders will continue receiving service. The project encourages other open source projects to participate in similar breaks.