From 95e39f1f85cbafefde21f631e7259aacc9fa81e6 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 7 Nov 2024 23:43:58 +0100 Subject: [PATCH] CVE-2024-9681.md: avoid the use of the word "will" --- docs/CVE-2024-9681.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/CVE-2024-9681.md b/docs/CVE-2024-9681.md index c47d71aecc..551646423a 100644 --- a/docs/CVE-2024-9681.md +++ b/docs/CVE-2024-9681.md @@ -42,7 +42,7 @@ was otherwise intended to *possibly* be protected. But: `example.com` as per above is deliberately setup for HSTS, and servers should -probably expect that clients will try upgrading to HTTPS for a while outside +probably expect that clients might try upgrading to HTTPS for a while outside of the time range set in its headers. The access that fails in this scenario tries to use plain HTTP to the domain. @@ -56,8 +56,8 @@ ends up in now and then completely without involving curl issues and therefore needs to have logic for. An application can for example work around the situation by simply toggling off HSTS. -This bug is **not** considered a *C mistake* (ie not likely to have been -avoided had we not been using C). +This bug is **not** considered a *C mistake* (not likely to have been avoided +had we not been using C). This flaw also affects the curl command line tool.