About HashiCorp security updates

Security updates for all HashiCorp products and services. Posting to this category is restricted to HashiCorp employees only.


Reporting Security Vulnerabilities
We deeply appreciate any effort to discover and disclose security vulnerabilities responsibly.

For information about security at HashiCorp and the reporting of security vulnerabilities, please see https://hashicorp.com/security.


Security Update Publication
Security updates regarding HashiCorp products and services will be published here, particularly where a vulnerability has been identified and addressed.

Vulnerabilities will also be assigned a CVE where applicable, and will be accessible via MITRE’s search interface and other CVE feeds/tools.

Subscribing to Security Updates
To receive email notifications for all HashiCorp security updates, please sign in to https://discuss.hashicorp.com and enable “watching” for this topic (https://discuss.hashicorp.com/c/security/52).

To subscribe to an RSS feed for all HashiCorp security updates, point your reader or integration of choice at the RSS URL for this topic (https://discuss.hashicorp.com/c/security/52.rss).

Subscribing for Specific Products
Tags are used to categorize security updates according to the related HashiCorp product/s.

For example, to receive email notifications regarding only Vault-related security updates, please sign in to https://discuss.hashicorp.com and enable “watching” for the security-vault tag (https://discuss.hashicorp.com/tag/security-vault).

To subscribe to an RSS feed regarding only Vault-related security updates, point your reader or integration of choice at the RSS URL for the security-vault tag (https://discuss.hashicorp.com/tag/security-vault.rss).

The same email/RSS capabilities can be use for other product-specific security- tags.