Terraform Enterprise v202311-1 (742)

Release Notifications
1

Last required release: v202207-2 (642)

Flexible Deployment Options terraform-enterprise container manifest: amd64/linux sha256:1f47798d14e0e69012429384c3909bfb2188a58a851010811aec15c733c7d5ec

Highlights

The v202311-1 release contains two significant changes that improve storage utilization:

  1. You can now configure data retention policies that allow Terraform Enterprise to automatically delete old configuration versions and state versions. This prevents unbounded storage growth.
  2. The overall executable plan storage footprint has been dramatically reduced by removing the provider version cache from the executable plan storage for every plan.

Features

  1. You can now delete configuration versions and state versions to reclaim storage space.
  2. State versions may be created and uploaded separately, allowing large state transmissions in terraform v1.6+ to complete without exceeding the API timeout. Previously, create and upload was a single process that could lead to timeouts when dealing with large state files.
  3. Prior to Terraform v.1.6.x, the state version API returned archivist URLs. The API now returns TFE API URLs, which redirect to archivist URLs. To download state versions, you must follow redirects and include authentication as described in the API overview.

Improvements

  1. We have improved screen reader usability for the policy sets page.
  2. Users that do not have access to a project receive a warning when attempting to view the project’s policy set(s).
  3. When creating or modifying workspaces, the version control provider section now has seperate sections for public providers and private providers.
  4. We have adjusted the way we detect and report drift. These changes are targeted toward reducing noise within drift reports.

Bug Fixes

  1. Errors parsing state (HandleParseStateJob) were incorrectly marked as successful. This has been fixed and failures will now properly return Success == false.
  2. Workspace deletion will no longer be potentially blocked by an attached Run Task.
  3. OPA policies evaluations now have more robust handling for unexpected response formats.
  4. TFE FDO and Replicated installs with consolidated_services_enabled set to enabled now support using a service account when authenticating to GCP object storage. Previously an error would be reported on start - {"component":"terraform-enterprise","log":"2023-10-06T04:13:52.167Z [ERROR] terraform-enterprise: check failed: name=config duration=\"34.838µs\" err=\"google storage bucket, credentials, and project must be set\""}.

Security

  1. Addressed HTTP/2 “Rapid Reset” (CVE-2023-44487, CVE-2023-39325) with adoption of new Go releases and associated dependencies.
  2. Container and binary updates address reported vulnerabilities (CVEs) in underlying base images, packages, and dependencies.