That CLA grants HashiCorp full license over your Copyright, and explicitly allows them to sublicense your contributions[1]. Drew Devault's blog posts[2][3] on this topic are extremely relevant.
[1] > Grant of Copyright License. Subject to the terms and conditions of this Agreement, You hereby grant to HashiCorp and to recipients of software distributed by HashiCorp a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Your Contributions and such derivative works.
The CLA is a relatively recent thing. They certainly do not have my sign-off, though I haven't checked whether all code contributed after February of 2017 has been replaced (yet).
I don't know if they have required old commiters to sign it. I commited to one library that is now under Hashicorp back in 2015 and did not need to sign anything but it was MIT licensed back then. They have also rewritten affected lines as part of larger rewrite.
That CLA grants HashiCorp full license over your Copyright, and explicitly allows them to sublicense your contributions[1]. Drew Devault's blog posts[2][3] on this topic are extremely relevant.
[1] > Grant of Copyright License. Subject to the terms and conditions of this Agreement, You hereby grant to HashiCorp and to recipients of software distributed by HashiCorp a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Your Contributions and such derivative works.
[2] https://drewdevault.com/2018/10/05/Dont-sign-a-CLA.html
[3] https://drewdevault.com/2023/07/04/Dont-sign-a-CLA-2.html