We understand that many users place a high level of trust in HashiCorp and the tools we build. We apply best practices and focus on security to make sure we can maintain the trust of the community.
We deeply appreciate any effort to disclose vulnerabilities responsibly.
If you would like to report a vulnerability, please see the HashiCorp security page, which has the proper email to communicate with as well as our PGP key. Please do not create a GitHub issue for security concerns.
If you need to report a non-security related bug, please open and issue on the Vagrant GitHub repository.