RepoJournal
HashiCorp

@hashicorp

Terraform, Vault, Consul — infra-as-code for ops teams

Pick a date

  1. Sun 3 may
  2. Tue 5 may
  3. Wed 6 may
  4. Thu 7 may
  5. Fri 8 may
  6. Sat 9 may
  7. Sun 10 may
  8. Mon 11 may
  9. Tue 12 may
  10. Wed 13 may
  11. Thu 14 may
  12. Fri 15 may
  13. Sat 16 may
  14. Sun 17 may
  15. Tue 19 may
  16. Wed 20 may
  17. Thu 21 may
  18. Sat 23 may
  19. Sun 24 may
  20. Mon 25 may
  21. Tue 26 may
  22. Wed 27 may
  23. Thu 28 may
  24. Fri 29 may
  25. Sat 30 may
  26. Sun 31 may
  27. Mon 1 jun
  28. Mon 8 jun
  29. Tue 9 jun
  30. Today 10 jun

The Wire · Showcase

CONSUL PATCHES 8 CVE CHAINS, K8S FIXES FALSE FIPS WARNINGS

By RepoJournal · Filed · About HashiCorp

Consul upgraded Go 1.26.3 to close eight chained CVEs in the standard library overnight, while consul-k8s 1.8.x stops firing misleading FIPS compliance warnings on every pod startup.

Consul patched eight Go CVEs [1] by upgrading to toolchain 1.26.3 and golang.org/x/net 0.53.0, blocking chains in the standard library that could affect service mesh stability. Meanwhile, consul-k8s [2] fixed a three-bug cascade in the FIPS version check that was spamming logs with false warnings—the original code hit a non-existent API endpoint, passed nil context, and had a missing else guard that fired warnings unconditionally [3]. Both fixes ship quietly but matter: one secures the foundation, the other stops noise that masks real FIPS compliance issues. On the docs side, Nomad 2.0.1 release notes are live [4] with new scheduler parameters, and Vault's MSSQL EKM provider backfilled a missing v0.3.2 bug fix entry [5] documenting a version reporting issue that could confuse SQL Server integrations.

Action items

References

  1. [1] updating golang.org/x/net and toolchain version ↗ hashicorp/consul
  2. [2] fix: correct FIPS Consul version check in connect-init (CSL-13179) (#5252) hashicorp/consul-k8s
  3. [3] fix: correct FIPS Consul version check in connect-init (CSL-13179) ↗ hashicorp/consul-k8s
  4. [4] [PUBLISH] nomad/2.0.1 ↗ hashicorp/web-unified-docs
  5. [5] docs(mssql): add missing v0.3.2 release note for version reporting fix (#2411) hashicorp/web-unified-docs

FAQ

What changed in HashiCorp on May 13, 2026?
Consul upgraded Go 1.26.3 to close eight chained CVEs in the standard library overnight, while consul-k8s 1.8.x stops firing misleading FIPS compliance warnings on every pod startup.
What should HashiCorp teams do about it?
Pull Consul with Go 1.26.3 toolchain into your next deploy • Upgrade consul-k8s to 1.8.9+ if running FIPS builds to stop false warning spam • Review Nomad 2.0.1 release notes for scheduler parameter changes
Which HashiCorp repositories shipped on May 13, 2026?
hashicorp/consul, hashicorp/consul-k8s, hashicorp/web-unified-docs

Related across the cluster

For your repos

The showcase is a teaser.
Your wire is the product.

Same engine. Different stack. Below: what changes when the wire is yours.

Showcase wire

  • 14 famous open source orgs
  • One wire per day
  • Public, generic
  • Read on the web, when you remember

Your wire

  • Up to 1,500 of your repos - orgs, deps, vendors
  • Morning and evening briefs
  • Action items routed to your team
  • Slack delivery, email, breaking-news CVE alerts

Want a hands-on demo first? Ask a current user for an invite link.