Terraform Enterprise v202408-1 (781)
Last required release: v202406-1 (776)
Flexible Deployment Options terraform-enterprise
container digest: amd64/linux sha256:c8421018a1f5cdb42fd14c9716e440ed9a1148c5f3216fc1285451eb55f3ac26
Known Issues
- [Updated September 30, 2024] Some deployments are experiencing memory growth issues on v202401-1 or higher, sometimes resulting in out of memory errors that require a restart to resolve. This issue is currently being investigated. It is strongly recommended that you test in a non-production environment before deploying v202401-1 or higher in production, and monitor memory for unexpected growth. This message will be updated when a fix is available in a published release.
- [Updated November 25, 2024] Terraform Enterprise does not currently support using a username provided via
REDIS_USER
for authenticating with an external Redis instance. To use authentication with Redis, configure Redis to require only a password for the default user by updating your Redis configuration file (redis.conf
) as follows, replacing<your password>
accordingly:
In the Terraform Enterprise environment, set only the REDIS_PASSWORD
variable with the corresponding value.
Deprecations
The
terraform-build-worker-plan-timeout
andterraform-build-worker-apply-timeout
attributes in the admin organization and general settings API have been deprecated and will be removed in a future release of Terraform Enterprise. Use the newplan-timeout
andapply-timeout
attributes instead.Terraform Enterprise now supports new deployment options and will end support for the Replicated Native Scheduler option. The final Replicated release of Terraform Enterprise will be in November 2024. HashiCorp will support this release until April 1, 2026.
To ensure you continue to receive the latest features and fixes, including security updates, please plan to migrate to a new deployment option by November 2024. For more information, check out Flexible Deployment Options or contact your HashiCorp account representative.
The variables API endpoint,
/vars
, is deprecated and will be removed in a future release. All existing integrations with this API should transition to the workspace variables API/workspaces/:workspace_id/vars
.PostgreSQL v12 will reach end of life on November 12 2024 and will no longer be supported in Terraform Enterprise after that date. Please refer to PostgreSQL Requirements for Terraform Enterprise for a complete list of supported versions.
Features
- You can now specify a human-readable name and a URL for workspaces created using the no-code workspace API.
- You can now specify an execution mode when creating no-code workspaces using the API. The API supports
agent
andremote
execution modes. - Owners and users with the ability to "Manage Teams" are now able to enable and disable management of team tokens for members of that team.
- You can now deploy Terraform Enterprise to Nomad. For more information, refer to the requirements documentation along with the installation instructions.
Improvements
- The
locked-reason
attribute for workspaces now appears in API response bodies and in the UI. - You can now set the agent job ID for Nomad-based deployments.
- You can now specify default values for dynamic provider credentials configuration variables. This allows you to reduce duplication and define fewer variables when specifying multiple dynamic credentials configurations of the same provider type.
- We have improved the performance of the UI for applying a variable set to a workspace. As a result, the drop-down loads faster when an organization contains a large number of variable sets.
- Fluentbit buffer chunk size and buffer max size are now configurable through environment variables (
TFE_FLUENTBIT_BUFFERCHUNKSIZE
,TFE_FLUENTBIT_BUFFERMAXSIZE
respectively).
Bug Fixes
- The Run tasks
Last updated
timestamp now shows the correct value. - Terraform Enterprise runs in a Kubernetes runtime using the default tfc-agent image will now properly inherit the CA certificate bundle content from the Terraform Enterprise Flexible Deployment Options image.
- The
tfe-admin node-drain
andtfectl node drain
commands now block until the node is fully drained. - Archivist log levels are now changed back to debug from info.
- Resolved a bug where Nginx access logs would not be captured in support bundles or forwarded by fluentbit.
Security
- Update
rexml
to address CVE and handle parse exceptions in SAML XML configurations. - [All blob uploads, including configuration versions, states, and other objects, are now encrypted using AES-GCM.
- Container and binary updates address reported vulnerabilities (CVEs) in underlying base images, packages, and dependencies.