We provide security updates for the following versions of Terraform Infrastructure Framework:
- The latest stable release
- Up to two previous minor versions, provided as backports when feasible
If you are using an unsupported version, we strongly recommend upgrading to the latest release to receive security fixes and improvements.
If you discover a security vulnerability in Terraform Infrastructure Framework, please report it privately to ensure a responsible disclosure process.
Contact:
[theoperation.official@gmail.com]
When reporting a vulnerability, please include:
- A clear and detailed description of the issue
- Steps to reproduce the vulnerability (if possible)
- Affected components, modules, or configurations
- Potential impact and severity (critical, high, medium, low)
- Suggested mitigation or fix (if available)
Please do not disclose the vulnerability publicly until we have confirmed and resolved the issue.
If you believe the issue is critical, clearly indicate this in your report so we can prioritize it appropriately.
We are committed to maintaining the security of this project and will:
- Acknowledge receipt of your report within 48 hours
- Investigate and verify the reported issue as quickly as possible
- Provide updates during the remediation process when appropriate
- Notify you once the vulnerability has been fixed and released
We appreciate responsible disclosure and are happy to credit individuals who report security issues responsibly in:
- Release notes
- Project documentation (for significant findings)
If you prefer to remain anonymous, please let us know in your report.
Thank you for helping keep Terraform Infrastructure Framework secure! 🔐