We understand that many users place a high level of trust in HashiCorp and the tools we build. We apply best practices and focus on security to make sure we can maintain the trust of the community.
We deeply appreciate any effort to disclose vulnerabilities responsibly.
If you would like to report a vulnerability, please see the HashiCorp security page, which has the proper email to communicate with as well as our PGP key. Please do not create an GitHub issue for security concerns.
If you are not reporting a security sensitive vulnerability, please open an issue on the Packer GitHub repository.