Impact of Cloudbleed at HashiCorp
Following the public response by Cloudflare to the “Cloudbleed” incident, HashiCorp audited our use of the service to determine possible impact to our customers. HashiCorp does make use of various functionality provided by CloudFlare, including DNS resolution, but our use of the CloudFlare HTTP proxy feature is limited only to a small number of non-critical web properties. We’ve analyzed the use of those services and the data rendered during HTTP communication and are confident that they introduced minimal risk with no disclosure of personal information.
Importantly, the service atlas.hashicorp.com (aka “Terraform Enterprise”) was specifically not using the HTTP proxy feature so it remains unaffected.
We believe responsible analysis and disclosure is important to maintain trust in Internet-wide incidents like these, particularly given our DNS is resolved via the affected service provider.
Please direct any questions or concerns on this topic to support@hashicorp.com. As always, if you believe you have found a security issue in a HashiCorp web property or tool, please responsibly disclose by emailing security@hashicorp.com. Our security policy and our PGP key can be found at https://www.hashicorp.com/security
Sign up for the latest HashiCorp news
More blog posts like this one
HashiConf 2024 scholarship program now open for applications
Here is your chance to apply for a scholarship to attend HashiConf in Boston, October 14-16.
HashiCorp 2023 year in review: Community
This year saw tens of thousands of people engage with HashiCorp to achieve HashiCorp certifications, while hundreds of millions downloaded HashiCorp community software.
HashiCorp 2023 year in review: Customers and partners
Take a look back at HashiCorp’s new customers, new customer stories, and partner ecosystem milestones from the past year.