Terraform Enterprise v202310-1 (741)

Last required release: v202207-2 (642)

Flexible Deployment Options terraform-enterprise container manifest: amd64/linux sha256:2befbce1c976a1809b27a496b9be88888570fb2378191cc09c6f798a424503d6

Known Issues

  1. Azure DevOps VCS-backed workspaces may be unable to connect to the VCS, execute plans or runs, or import modules. The error in the logs shows no matching host key type found. Their offer: ssh-rsa","component":"atlas". There are several workarounds available depending on the deployment option of TFE. Refer to this knowledge base article for more information.

Breaking Changes

  1. Consolidated services mode is enabled by default as of v202309-1, but you can disable it using the consolidated_services_enabled setting until v202401-1, when we permanently remove it. This setting only applies to Replicated deployments.


  1. You can now exclude specific workspaces from global or project-scoped policy sets. Terraform Enterprise will not enforce a policy set’s policies on any runs in an excluded workspace.
  2. Workspace admins can now schedule automatic destroy runs to trigger the deletion of all infrastructure managed by a workspace at some point in the future.


  1. Organizations now specify a default execution mode, which their workspaces may inherit. By default, new workspaces will inherit the organization default execution mode (and default agent pool, if applicable), but can override this default with a different execution mode.
  2. Terraform Enterprise now includes an upgrade startup check that ensures that upgrades occur in a sequential manner and do not forego required Terraform Enterprise releases.


  1. Terraform Enterprise can now connect to an external Vault server using TLS v1.3.
  2. Added fallback mechanism for persisting Terraform state when backend errors occur during runs.

Bug Fixes

  1. Terraform Enterprise can now connect to Redis servers using a password containing certain special characters (e.g., +, <, etc.).
  2. Terraform Enterprise can now connect to database servers using a password containing certain special characters (e.g., +, <, etc.).
  3. Terraform Enterprise now respects the redis_port configuration setting when consolidated services is enabled.
  4. A user without read access to a project can no longer assign it to a policy set or see if it’s already assigned.
  5. Fixed premature expiration of Terraform artifacts during runs.
  6. Fixed bug preventing repository publishing by ID when using ADO VCS provider.
  7. Fixed validation issue for creating GitLab.com providers in regards to new key format.
  8. Policy Checks will now error when attempting to queue if associated Policies or Policy Sets have been deleted, as the Policy Check is no longer valid.
  9. Instruct terraform CLI to save snapshot state versions on a 1 hour interval to compensate for a terraform CLI bug in 1.5.0 ~ 1.5.7 that is saving state versions every 20 seconds in the absence of the header.


  1. Container updates address reported vulnerabilities (CVEs) in underlying packages and dependencies.