The Apple developer certificate referred to in our previous update was revoked as scheduled on April 24, 2023. The Linux packaging GPG key was also revoked as scheduled. For information about possible revocation-related customer impact and remediation guidance, please see https://support.hashicorp.com/hc/en-us/articles/13177506317203.
There remains no evidence of HashiCorp customer data disclosure and no evidence of malicious modification to HashiCorp source code or binaries as a result of this security alert.