Security Bulletins and Announcements
- HCSEC-2023-27 - Terraform Allows Arbitrary File Write During Init Operation
- HCSEC-2023-19 - Terraform Enterprise, Docker Engine, and Go’s CVE-2023-24540
- Security Alert: HashiCorp Response to CircleCI
- Subscribing to HashiCorp security updates
- Security Alert: HashiCorp Response to Vault Vulnerability - Raft Cluster Join Requests
- HCSEC-2024-26 - Vault Vulnerable to Denial of Service Through Memory Exhaustion When Processing Raft Cluster Join Requests
- HCSEC-2024-21 - Vault Operators in Root Namespace May Elevate Their Privileges
- HCSEC-2024-20 - Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default
- Attention: Terraform Enterprise customers
- Help Center Updates - Submitting a Request
- HCSEC-2024-03 - Nomad Vulnerable to Arbitrary Write Through Symlink Attack
- HCSEC-2023-34 - Vault - Denial of Service Through Memory Exhaustion Handling Large HTTP Requests
- HTTP/2 “Rapid Reset” CVE-2023-44487 - TFE/Vault/Boundary/Consul
- End-of-Life Linux Package Archive Site FAQ
- How-to Delete Personal Data from HashiCorp Systems
- 0.12.X Support Period and End-of-Life (EOL)
- Partners: Submitting ticket on behalf of client
- Reporting HashiCorp security vulnerabilities
- Support Period and End-of-Life (EOL) Policy