RepoJournal
HashiCorp

@hashicorp

Terraform, Vault, Consul — infra-as-code for ops teams

Pick a date

  1. Sun 3 may
  2. Tue 5 may
  3. Wed 6 may
  4. Thu 7 may
  5. Fri 8 may
  6. Sat 9 may
  7. Sun 10 may
  8. Mon 11 may
  9. Tue 12 may
  10. Wed 13 may
  11. Thu 14 may
  12. Fri 15 may
  13. Sat 16 may
  14. Sun 17 may
  15. Tue 19 may
  16. Wed 20 may
  17. Thu 21 may
  18. Sat 23 may
  19. Sun 24 may
  20. Mon 25 may
  21. Tue 26 may
  22. Wed 27 may
  23. Thu 28 may
  24. Fri 29 may
  25. Sat 30 may
  26. Sun 31 may
  27. Mon 1 jun
  28. Mon 8 jun
  29. Tue 9 jun
  30. Today 10 jun

The Wire · Showcase

CONSUL STACK PATCHES CRITICAL CONTAINER VULNERABILITIES OVERNIGHT

By RepoJournal · Filed · About HashiCorp

Both consul-k8s and consul-dataplane shipped go-discover updates that fix two container CVEs, and you need them before your next production deploy.

HashiCorp's Consul ecosystem moved fast overnight to lock down container vulnerabilities GO-2026-4918 and GHSA-mh2q-q3fh-2475 across the stack [1] [2]. The consul-k8s Dockerfile updated its go-discover dependency [1], and consul-dataplane followed with the same patch [2], meaning your service mesh infrastructure needs both updates to close the gap. Beyond security, consul-k8s fixed a flaky ingress test that was causing false failures in CI [3], eliminating the kind of test brittleness that makes deploys painful. On the Terraform side, the TFE provider shipped support for SAML provider_type attributes [4], letting you specify IdP vendors like Okta or Entra directly in configuration instead of wrestling with generic SAML configs. These are solid, incremental wins across the board, but the container fixes are the ones that demand attention first.

Action items

References

  1. [1] Dockerfile:go-discover new sha added ↗ hashicorp/consul-k8s
  2. [2] Dockerfile: go-discover sha updated ↗ hashicorp/consul-dataplane
  3. [3] Fix TestServiceResource_addIngress test ↗ hashicorp/consul-k8s
  4. [4] Adds `provider_type` attribute to specify the saml idp provider type ↗ hashicorp/terraform-provider-tfe

FAQ

What changed in HashiCorp on May 15, 2026?
Both consul-k8s and consul-dataplane shipped go-discover updates that fix two container CVEs, and you need them before your next production deploy.
What should HashiCorp teams do about it?
Rebuild and redeploy consul-k8s and consul-dataplane with updated go-discover SHA before next production window • Review SAML provider_type attribute for TFE and test with your IdP configuration • Pull latest consul-k8s test fixes to stabilize your local CI runs
Which HashiCorp repositories shipped on May 15, 2026?
hashicorp/consul-k8s, hashicorp/consul-dataplane, hashicorp/terraform-provider-tfe

Related across the cluster

For your repos

The showcase is a teaser.
Your wire is the product.

Same engine. Different stack. Below: what changes when the wire is yours.

Showcase wire

  • 14 famous open source orgs
  • One wire per day
  • Public, generic
  • Read on the web, when you remember

Your wire

  • Up to 1,500 of your repos - orgs, deps, vendors
  • Morning and evening briefs
  • Action items routed to your team
  • Slack delivery, email, breaking-news CVE alerts

Want a hands-on demo first? Ask a current user for an invite link.