{"slug": "libexpat-will-not-accept-vulnerability-reports-before-2026-08-01", "title": "Libexpat will not accept vulnerability reports before 2026-08-01", "summary": "The libexpat project announced it will not accept or handle any new vulnerability reports until 2026-08-01, following a similar break by the cURL project. Maintainers urge security researchers and AI/fuzzing tools to pause reporting until that date to allow sustainable work on known issues and the upcoming release.", "body_md": "-\n[Notifications](/login?return_to=%2Flibexpat%2Flibexpat)You must be signed in to change notification settings -\n[Fork 516](/login?return_to=%2Flibexpat%2Flibexpat)\n\n# Will not accept vulnerability reports before 2026-08-01 #1277\n\n## Description\n\nHello! 👋\n\nFollowing a [recent announcement of the cURL project](https://daniel.haxx.se/blog/2026/06/15/curl-summer-of-bliss/), the libexpat project is joining in with a break and will **not accept or otherwise handle any new vulnerability reports until 2026-08-01 starting today**, take a deep breath, and continue working on\n\n[known unfixed vulnerabilities](https://github.com/libexpat/libexpat/issues/1160)and\n\n[the upcoming release](https://github.com/libexpat/libexpat/issues/1276)at a sustainable pace.\n\nThat means:\n\n-\nIf you run into vulnerabilities in libexpat and would like to disclose them responsibly, please hold your horses until 2026-08-01 and\n\n*then*reach out with a report. -\nIf you are throwing AI or fuzzing or security research at libexpat these days please hit the pause button and resume on/after 2026-08-01.\n\n-\nIf you would like to fund work on libexpat, please reach out via e-mail.\n\n-\nIf you would like to be notified of the break period ending early, please feel free to subscribe to this issue.\n\nThanks for your understanding! 🙏\n\nSebastian Pipping, Berlin, 2026-06-15\n\nPS: Comments are intentionally closed, please reach out via the e-mail in my profile, instead.\n\nCC [@Smattr](https://github.com/Smattr) [@berkayurun](https://github.com/berkayurun) [@hannob](https://github.com/hannob) [@StanFromIreland](https://github.com/StanFromIreland) [@netliomax25-code](https://github.com/netliomax25-code) [@alessandrogario](https://github.com/alessandrogario)\n\n## Metadata\n\n## Metadata\n\n### Assignees\n\n### Labels\n\n### Type\n\n### Fields\n\n[Give feedback](https://github.com/orgs/community/discussions/189141)", "url": "https://wpnews.pro/news/libexpat-will-not-accept-vulnerability-reports-before-2026-08-01", "canonical_source": "https://github.com/libexpat/libexpat/issues/1277", "published_at": "2026-06-15 14:49:28+00:00", "updated_at": "2026-06-15 15:09:24.616652+00:00", "lang": "en", "topics": ["ai-safety"], "entities": ["libexpat", "cURL", "Sebastian Pipping", "GitHub"], "alternates": {"html": "https://wpnews.pro/news/libexpat-will-not-accept-vulnerability-reports-before-2026-08-01", "markdown": "https://wpnews.pro/news/libexpat-will-not-accept-vulnerability-reports-before-2026-08-01.md", "text": "https://wpnews.pro/news/libexpat-will-not-accept-vulnerability-reports-before-2026-08-01.txt", "jsonld": "https://wpnews.pro/news/libexpat-will-not-accept-vulnerability-reports-before-2026-08-01.jsonld"}}