Terraform Enterprise v202304-1 (692)

Last required release: v202207-2 (642)


  1. Terraform Build Workers are deprecated and will be removed in Terraform Enterprise v202305-1. The base image responsible for executing Terraform runs is now hashicorp/tfc-agent. If you are using an alternative worker image you must migrate to a new image, using hashicorp/tfc-agent as the base image before Terraform Enterprise v202305-1. If you are not using an alternative worker image, then you will automatically migrate to the new base image and no futher action is required. For more information, refer to the Custom Agent Image migration guide.


  1. The Projects List API now allows filtering by project names. You can use a filter[names] query parameter with one or more comma-sepearated project names and the results will be limited to projects with those exact name(s). For example: /api/v2/organizations/my-organization/projects?filter[names]=my-project,my-other-project
  2. Application improvement now reduces network pressure during long apply operations, or until a job is marked as errored due to a killed agent process.
  3. Design improvements to the user, team, and organization token UI and generation flow.
  4. Highlight newly created team, user, and organization authentication tokens in the UI
  5. Upgrading Sentinel to 0.21, adding support for defined expressions and per-policy parameter values.
  6. Add ability to search an organization’s teams by name and varsets by name.
  7. The base font size across the application is increased to 16px in order to use the new Helios design system components at their intended size, increasing their adoption and accessibility.

Bug Fixes

  1. The tfe-task-worker container no longer fails with a permission denied error when SELinux is enforcing.
  2. Background migrations will no longer wait indefinitely on database locks, and will now timeout gracefully after 2 hours and retry.
  3. When a run is being cancelled, or undergoing actions that modify the state of a run, the Run Actions form will display a ‘waiting’ state until the run update occurs.
  4. The node-drain admin command now works properly when the run_pipeline_mode configuration setting is set to agent or legacy mode.
  5. Users had reported intermittently seeing duplicate rows in the Workspace Overview “Resources” section of a workspace. This bug has been resolved and that UI updated to more consistently show the correct amount of rows, matching the number of Terraform resources managed by the workspace.
  6. The application no longer needs to be refreshed after transitioning from the team settings page into user settings via the UI.
  7. Sentinel will no longer assume that unknown values are boolean, fixing an issue for some Terraform plan variations.
  8. Consuming private providers from other organizations no longer fails when trying to use them in a Terraform configuration.


  1. Container updates address reported vulnerabilities (CVEs) in underlying packages and dependencies.
  2. The version of Ruby used to run the app has been updated to v3.1.
  3. The Link SSO Identity to a different account page now has reCaptcha.