Terraform Enterprise v202402-2 (760)
Last required release: v202304-1 (692)
Flexible Deployment Options terraform-enterprise
container digest: amd64/linux sha256:295dbf7b87e6fefde292ba752df1d3b4870eeca17f38d149277d1676a2d2d9ab
Changes Since v202402-1
- Databases passwords now support non-alphanumeric characters.
- During a postgres failover, Terraform Enterprise now successfully connects to the new primary server. This fixes an issue where DNS caching was preventing the database from completely disconnecting from the old primary during a failover.
Known Issue
- [Updated April 16, 2024] If you set the maximum run time on the site admin page to be longer than 24 hours, Terraform Enterprise will not trigger runs on this release version. Configure your maximum run time to 24 hours or less.
- [Updated April 15, 2024] The backup and restore API may create incomplete backups for Terraform Enterprise installations using the mounted disk operational mode. We recommend backing up your data directories using alternative means until we fix this issue. We have planned a resolution for the v202404-1 release.
- [Updated August 14, 2024] Runs that rely on dynamic provider credentials and workload identity will fail after a certain number of signing key rotations. This problem is fixed in v202407-1, and you can avoid it by upgrading v202407-1 or above. For details on additional workarounds, including manually trimming keys, refer to our support article.
- [Updated September 30, 2024] Some deployments are experiencing memory growth issues on v202401-1 or higher, sometimes resulting in out of memory errors that require a restart to resolve. This issue is currently being investigated. It is strongly recommended that you test in a non-production environment before deploying v202401-1 or higher in production, and monitor memory for unexpected growth. This message will be updated when a fix is available in a published release.
- [Updated November 25, 2024] Terraform Enterprise does not currently support using a username provided via
REDIS_USER
for authenticating with an external Redis instance. To use authentication with Redis, configure Redis to require only a password for the default user by updating your Redis configuration file (redis.conf
) as follows, replacing<your password>
accordingly:
requirepass <your password>
In the Terraform Enterprise environment, set only the REDIS_PASSWORD
variable with the corresponding value.
Deprecations
[Updated January 21, 2025] Terraform Enterprise now supports new deployment options and will end support for the Replicated Native Scheduler option. The final Replicated release of Terraform Enterprise will be in March 2025 (extended from November 2024). Effective December 2024, only pre-existing workflows and capabilities will be tested for continued quality on Replicated releases. New features and product improvements will not be validated on Replicated releases. HashiCorp Support will support this release until April 1, 2026, but bug and security fixes backports will not be available after March.
Terraform Enterprise now supports new deployment options and will end support for the Replicated Native Scheduler option. The final Replicated release of Terraform Enterprise will be in November 2024. HashiCorp will support this release until April 1, 2026.
To ensure you continue to receive the latest features and fixes, including security updates, please plan to migrate to a new deployment option by November 2024. For more information, check out Flexible Deployment Options or contact your HashiCorp account representative.
Features
- Added a new post-apply stage to the run task workflow. This stage lets you seamlessly incorporate post-provisioning tasks, which automates configuration management, compliance checks, and other post-deployment activities.
- Terraform Enterprise now reports product usage data insights to HashiCorp (resources under management). For more information, including how to opt out, see [product usage data reporting[(/terraform/enterprise/v202402-1/flexible-deployments/admin/license#enable-product-usage-reporting.
Improvements
- Added a timeout to an internal job, preventing a situation where a job could get stuck and have to be force canceled. If this time out is reached, an
ActiveRecord::QueryCanceled
exception will be raised causing the job to fail and be subject to the job's retry policy (if any). - Update Sentinel to 0.24.1, bringing some lower level runtime improvements.
- The
tfrun
import will now correctly decodenull
values from the provided configuration asnull
values within policy code. - Improved performance of the admin users list UI.
- Improved performance of the list workspace variables API endpoint.
- Updated and improved the agent pool settings page UI.
- Warnings starting with the line "Initialization autoloaded the constants" have been addressed and will no longer appear in log output
- Flexible patch versions of Terraform can now be selected in the workspace settings, allowing you to easily select the latest patch version of a terraform minor release.
Bug Fixes
- We fixed a bug where Terraform attempted to render soft-deleted state versions in the state version viewer, resulting in false errors. The state version viewer now renders an informative error message instead of attempting to render the diff for a soft-deleted state version.
- We fixed an issue in the web app where the footer was consistently overflowing the page content.
- We fixed an issue where Terraform was unable to list commits for branch-based registry modules from Azure DevOps.
- Fixes a bug where changing steps in the Reauthorization of an OAuth Client flow results in the deletion of the connection.
- Warnings starting with the line "Initialization autoloaded the constants" have been addressed and will no longer appear in log output
- Module filters will now remain selected and results will show based on an
OR
filter.
Security
- Container and binary updates address reported vulnerabilities (CVEs) in underlying base images, packages, and dependencies.