We understand that many users place a high level of trust in HashiCorp and the tools we build. We apply best practices and focus on security to make sure we can maintain the trust of the community.
We deeply appreciate any effort to disclose vulnerabilities responsibly.
If you would like to report a vulnerability, please see the HashiCorp security page, which has the proper email to communicate with as well as our PGP key.
If you aren't reporting a security sensitive vulnerability, please open an issue on the standard GitHub repository.