RepoJournal
HashiCorp

@hashicorp

Terraform, Vault, Consul — infra-as-code for ops teams

Pick a date

  1. Sun 3 may
  2. Tue 5 may
  3. Wed 6 may
  4. Thu 7 may
  5. Fri 8 may
  6. Sat 9 may
  7. Sun 10 may
  8. Mon 11 may
  9. Tue 12 may
  10. Wed 13 may
  11. Thu 14 may
  12. Fri 15 may
  13. Sat 16 may
  14. Sun 17 may
  15. Tue 19 may
  16. Wed 20 may
  17. Thu 21 may
  18. Sat 23 may
  19. Sun 24 may
  20. Mon 25 may
  21. Tue 26 may
  22. Wed 27 may
  23. Thu 28 may
  24. Fri 29 may
  25. Sat 30 may
  26. Sun 31 may
  27. Mon 1 jun
  28. Mon 8 jun
  29. Tue 9 jun
  30. Today 10 jun

The Wire · Showcase

BOUNDARY PATCHES CRITICAL DATABASE DEPENDENCY ACROSS ALL VERSIONS

By RepoJournal · Filed · About HashiCorp

Boundary shipped emergency security updates across v0.19, v0.20, and v0.21 to address four critical PostgreSQL driver vulnerabilities that could affect every deployment.

All three active Boundary versions [1][2][3] patched the same set of jackc/pgx vulnerabilities (GHSA-j88v-2chj-qfwx, GO-2026-4771, GO-2026-4772, GHSA-9jj7-4m8r-rfcm) plus NTLMSSP authentication flaws that expose connections to manipulation. The v0.21.3 release [1] also introduced support for IBM Passport Advantage Online licensing to expand Boundary Enterprise eligibility, alongside a new debug flag for pprof endpoints. Terraform providers across AWS are undergoing systematic hardening: five services (Kendra, IVS Chat, IoT, FIS, Firehose) [4][5][6][7][8] replaced deprecated Node.js Lambda runtimes to satisfy lint checks and prepare for runtime EOL. The Azure provider shipped v4.71.0 [9] with new CDN Frontdoor security policy data source and updated storage API to 2025-08-01, while the team continues building list resource support for subnet operations. Nomad's scheduler got a critical fix [10] for a NUMA-aware device allocation bug that caused false node exhaustion during task preemption—stale allocator state was persisting across eviction, triggering phantom resource limits that blocked valid workload placement.

Action items

References

  1. [1] Boundary v0.21.3 — PostgreSQL driver security patches
  2. [2] Boundary v0.19.5 — PostgreSQL driver security patches
  3. [3] Boundary v0.20.3 — PostgreSQL driver security patches
  4. [4] Terraform AWS Kendra — deprecated Node.js runtime replacement
  5. [5] Terraform AWS IVS Chat — deprecated Node.js runtime replacement
  6. [6] Terraform AWS IoT — deprecated Node.js runtime replacement
  7. [7] Terraform AWS FIS — deprecated Node.js runtime replacement
  8. [8] Terraform AWS Firehose — deprecated Node.js runtime replacement
  9. [9] Terraform Azure v4.71.0 — CDN Frontdoor and storage API updates
  10. [10] Nomad scheduler — stale device allocator bug fix

FAQ

What changed in HashiCorp on May 1, 2026?
Boundary shipped emergency security updates across v0.19, v0.20, and v0.21 to address four critical PostgreSQL driver vulnerabilities that could affect every deployment.
What should HashiCorp teams do about it?
Upgrade Boundary to v0.21.3, v0.20.3, or v0.19.5 immediately—all versions received the same PostgreSQL driver patch • Verify your Nomad clusters aren't affected by the device scheduler bug if you use NUMA-aware scheduling with multi-device tasks • Plan Azure provider upgrade to v4.71.0 for new CDN security policies and storage API alignment

Related across the cluster

For your repos

The showcase is a teaser.
Your wire is the product.

Same engine. Different stack. Below: what changes when the wire is yours.

Showcase wire

  • 14 famous open source orgs
  • One wire per day
  • Public, generic
  • Read on the web, when you remember

Your wire

  • Up to 1,500 of your repos - orgs, deps, vendors
  • Morning and evening briefs
  • Action items routed to your team
  • Slack delivery, email, breaking-news CVE alerts

Want a hands-on demo first? Ask a current user for an invite link.