curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: Apology for Breaking CVE-2023-38545 Embargo

From: Ray Satiro via curl-library <>
Date: Thu, 12 Oct 2023 22:48:36 -0400

On 10/12/2023 9:17 AM, Jacek Migacz via curl-library wrote:
> I am writing to extend my sincerest apologies for a breach of
> CVE-2023-38545 embargo that occurred recently. I deeply regret my
> actions, and I understand the gravity of the situation and the trust
> that has been broken. First and foremost, I want to express my regret
> to the entire upstream community for my behavior. I violated the
> embargo agreement that was in place, and I understand that such
> agreements are essential for the security and stability of the
> community and the project as a whole. I am committed to learning from
> this experience and taking steps to ensure that it does not happen
> again in the future. I understand that trust takes time to rebuild,
> and I am fully committed to regaining your confidence. I will be more
> diligent in my commitment to upholding community guidelines and
> agreements and will work hard to regain your trust through my future
> actions.
> Thank you for your understanding.

Thanks for getting in touch. I am the author of that patch (made in my
nickname Jay) and I heard it was released early. These serious mistakes
should not happen but we know they do. We have all made our share.
Anything you can do to lessen the chance of it happening in the future
is very much appreciated. Cheers

Received on 2023-10-13