The curl project is discontinuing its bug bounty program at the end of January 2026. A pull request removes references to the bounty and HackerOne from the project documentation, marking the end of monetary rewards for security vulnerability reports. The change affects how security researchers can report bugs, though Show more