The curl project announced it will pause all vulnerability handling for the month of July 2026, dubbing the interval a “summer of bliss.” Starting 00:00 CEST on July 1, the HackerOne submission form closes, and the [email protected] mailbox will not be monitored. Any security issue discovered during this window must wait until the form reopens on August 3 at 09:00 CEST.

Maintainers will use the downtime to recharge and, if possible, address existing bugs or add new code. As a side‑effect, the planned 8.22.0 release shifts two weeks later, now slated for September 2, 2026, giving the team extra bandwidth to triage the backlog that will accumulate in early August.

GitHub issue and pull‑request trackers remain fully operational, so developers can still file non‑security bugs. Projects with paid support contracts retain normal response times, but all other reporters should expect a delay until August. The curl team’s brief hiatus underscores the strain of constant vulnerability disclosure and illustrates how open‑source maintainers balance security duties with personal well‑being.

Community members are encouraged to join the “summer of bliss” by taking similar breaks, reinforcing the message that developer health matters as much as code security.