Codecov Security Event and HashiCorp GPG Key Exposure
70 views
Skip to first unread message
Jamie Finnigan
Apr 23, 2021, 3:03:50 PM4/23/21
to hashicorp...@googlegroups.com
Hi all -
HashiCorp was recently impacted by a security incident with a third party (Codecov) that led to potential disclosure of sensitive information. As a result, the GPG key used for release signing and verification has been rotated. Customers who verify HashiCorp release signatures may need to update their process to use the new key.
We have published a security bulletin with additional information at https://discuss.hashicorp.com/t/hcsec-2021-12-codecov-security-event-and-hashicorp-gpg-key-exposure/23512/2.
Thanks,
Jamie
HashiCorp was recently impacted by a security incident with a third party (Codecov) that led to potential disclosure of sensitive information. As a result, the GPG key used for release signing and verification has been rotated. Customers who verify HashiCorp release signatures may need to update their process to use the new key.
We have published a security bulletin with additional information at https://discuss.hashicorp.com/t/hcsec-2021-12-codecov-security-event-and-hashicorp-gpg-key-exposure/23512/2.
Thanks,
Jamie
--
Jamie Finnigan
Director, Product Security
HashiCorp
Reply all
Reply to author
Forward
0 new messages