Will not accept vulnerability reports before 2026-08-01 路 Issue #1277 路 libexpat/libexpat 路 GitHub
//voltron/issues_fragments/issue_layout" data-turbo-transient="true" />
Skip to content
Search or jump to...
Search code, repositories, users, issues, pull requests...
-->
Search
Clear
Search syntax tips
Provide feedback
--><br>We read every piece of feedback, and take your input very seriously.
Include my email address so I can be contacted
Cancel
Submit feedback
Saved searches
Use saved searches to filter your results more quickly
-->
Name
Query
To see all available qualifiers, see our documentation.
Cancel
Create saved search
Sign in
//voltron/issues_fragments/issue_layout;ref_cta:Sign up;ref_loc:header logged out"}"<br>Sign up
Appearance settings
Resetting focus
You signed in with another tab or window. Reload to refresh your session.<br>You signed out in another tab or window. Reload to refresh your session.<br>You switched accounts on another tab or window. Reload to refresh your session.
Dismiss alert
{{ message }}
libexpat
libexpat
Public
Notifications<br>You must be signed in to change notification settings
Fork<br>516
Star<br>1.3k
Will not accept vulnerability reports before 2026-08-01聽#1277
New issue<br>Copy link
New issue<br>Copy link
Open
Open<br>Will not accept vulnerability reports before 2026-08-01#1277
Copy link
Labels<br>security
Description
hartwork<br>opened on Jun 15, 2026
Issue body actions
Hello! 馃憢
Following a recent announcement of the cURL project, the libexpat project is joining in with a break and will not accept or otherwise handle any new vulnerability reports until 2026-08-01 starting today , take a deep breath, and continue working on known unfixed vulnerabilities and the upcoming release at a sustainable pace.
That means:
If you run into vulnerabilities in libexpat and would like to disclose them responsibly, please hold your horses until 2026-08-01 and then reach out with a report.
If you are throwing AI or fuzzing or security research at libexpat these days please hit the pause button and resume on/after 2026-08-01.
If you would like to fund work on libexpat, please reach out via e-mail.
If you would like to be notified of the break period ending early, please feel free to subscribe to this issue.
Thanks for your understanding! 馃檹
Sebastian Pipping, Berlin, 2026-06-15
PS: Comments are intentionally closed, please reach out via the e-mail in my profile, instead.
CC @Smattr @berkayurun @hannob @StanFromIreland @netliomax25-code @alessandrogario
Reactions are currently unavailable
Metadata<br>Metadata<br>Assignees
No one assigned
Labels
security
Type
No type
Fields<br>Give feedback
No fields configured for issues without a type.
Projects
No projects
Milestone
No milestone
Relationships
None yet
Development
No branches or pull requests
Issue actions
You can鈥檛 perform that action at this time.