# Libexpat will not accept vulnerability reports before 2026-08-01 > Source: > Published: 2026-06-15 14:49:28+00:00 - [Notifications](/login?return_to=%2Flibexpat%2Flibexpat)You must be signed in to change notification settings - [Fork 516](/login?return_to=%2Flibexpat%2Flibexpat) # Will not accept vulnerability reports before 2026-08-01 #1277 ## Description Hello! 👋 Following a [recent announcement of the cURL project](https://daniel.haxx.se/blog/2026/06/15/curl-summer-of-bliss/), the libexpat project is joining in with a break and will **not accept or otherwise handle any new vulnerability reports until 2026-08-01 starting today**, take a deep breath, and continue working on [known unfixed vulnerabilities](https://github.com/libexpat/libexpat/issues/1160)and [the upcoming release](https://github.com/libexpat/libexpat/issues/1276)at a sustainable pace. That means: - If you run into vulnerabilities in libexpat and would like to disclose them responsibly, please hold your horses until 2026-08-01 and *then*reach out with a report. - If you are throwing AI or fuzzing or security research at libexpat these days please hit the pause button and resume on/after 2026-08-01. - If you would like to fund work on libexpat, please reach out via e-mail. - If you would like to be notified of the break period ending early, please feel free to subscribe to this issue. Thanks for your understanding! 🙏 Sebastian Pipping, Berlin, 2026-06-15 PS: Comments are intentionally closed, please reach out via the e-mail in my profile, instead. CC [@Smattr](https://github.com/Smattr) [@berkayurun](https://github.com/berkayurun) [@hannob](https://github.com/hannob) [@StanFromIreland](https://github.com/StanFromIreland) [@netliomax25-code](https://github.com/netliomax25-code) [@alessandrogario](https://github.com/alessandrogario) ## Metadata ## Metadata ### Assignees ### Labels ### Type ### Fields [Give feedback](https://github.com/orgs/community/discussions/189141)