HashiConf 2025 Don't miss the live stream of HashiConf Day 2 happening now View live stream
Terraform
Terraform Home

You are viewing documentation for version 1.0.x. View latest version.

Terraform Enterprise 1.0.x

The following table shows Terraform Enterprise releases, deployment methods, and prerequisites. Each version links to detailed release notes, which are also available in the right sidebar.

Below is a list of the most recent Terraform Enterprise Releases that can deploy Terraform Enterprise natively in a Kubernetes environment. Learn more about flexible deployment options.

VersionLinked
Terraform CLI**		SentinelTested Kubernetes Versions (EKS, AKS, GKE)Helm Chart Version
1.0.31.12.10.40.01.33, 1.33, 1.321.6.5
1.0.21.12.10.40.01.33, 1.33, 1.321.6.5
1.0.11.12.10.40.01.33, 1.33, 1.321.6.5
1.0.01.12.10.40.01.33, 1.33, 1.321.6.5

* Denotes a required release. All online upgrades will automatically install this version, but airgap customers must upgrade to this version before proceeding to later releases.

** The release package contains this version of the Terraform CLI, but you can install older and newer versions of the Terraform CLI as needed via the Admin UI or API.

1.0.3

2025-11-17

Last required release: v202406-1 (776)

Flexible Deployment Options terraform-enterprise container digest: amd64/linux sha256:852169f2c90c0266bdaf3cf588593c68b6e246b5fc38094da322ba94662985d4, arm64/linux sha256:431ebdf2f36b33427b991a2dfcf469cd10e1e7c43691c141964ee25952e2dacc

Improvements

  1. Terraform Enterprise returns the current version in the new X-TFE-Current-Version header. For backward compatibility, the X-TFE-Version header continues to return the monthly release version.
  2. The redis-server version has been upgraded to 7.4.6.

Bug Fixes

  1. Product usage reporting no longer generates heavy database load and memory usage. This issue was introduced in v202507-1.
  2. State versions could be created or removed with a combination of permissions that should not have allowed write access. This bug has been resolved, and only write permissions to the workspace or state versions should grant access to modify state versions.
  3. Terraform Enterprise now attempts to read and write from blob storage as a startup check before running database migrations.
  4. When TFE_REDIS_SIDEKIQ_PASSWORDLESS_AZURE_CLIENT_ID is unspecified, Terraform Enterprise now defaults to TFE_REDIS_PASSWORDLESS_AZURE_CLIENT_ID for Azure passwordless authentication in Redis.

Security

  1. Fixed an issue that let users without sufficient permissions create new state versions. To learn more about the previous issue, refer to CVE-2025-13432.
  2. Security vulnerabilities have been addressed and resolved in this update to enhance overall system protection.

1.0.2

2025-10-15

Last required release: v202406-1 (776)

Flexible Deployment Options terraform-enterprise container digest: amd64/linux sha256:45b38984be21aee297342c32a81df807aa667e53caf636c01a6a5af4ff3eeb51, arm64/linux sha256:21e0cb0962838565aae8f77c542ec413459bc3907dc97eade2a139771896477b

Known Issues

  1. (Updated 11/27/2025) Product usage may generate heavy database queries that can overload the database and impact production workloads. This issue is fixed in 1.0.3 and in 1.1.0

Bug Fixes

  1. Plan output will now be rendered when Structured Run Output (SRO) is enabled. Previously, the output from terraform plan and terraform apply was not displayed as expected when SRO was active.

Security

  1. Security vulnerabilities have been addressed and resolved in this update to enhance overall system protection.

1.0.1

2025-09-15

Last required release: v202406-1 (776)

Flexible Deployment Options terraform-enterprise container digest: amd64/linux sha256:edc06293b395e5beb3dfbbda4e89341334ab184c5895b81cf31c074dadc43ff7, arm64/linux sha256:7d7dfa2b283f252b8a65b1689a49db2b3a0b81fcaefd11a560a93baf8ad6041f

Known Issues

  1. (Updated 11/27/2025) Product usage may generate heavy database queries that can overload the database and impact production workloads. This issue is fixed in 1.0.3 and in 1.1.0
  2. (Updated 12/15/2025) You may experience failures when using some S3-compatible storage solutions. This release includes an AWS library upgrade that introduces authentication issues with some third-party storage providers. To prevent errors when running plans, applies, or accessing Terraform state files, upgrade your storage solution to a version compatible with AWS SDK for Go v2. For additional details, refer to issue 2960 on the AWS SDK GitHub issues page.
  3. (Updated 09/19/2025) The Terraform Enterprise API must include the value of the x-tfe-version header in its response. This header indicates the current version of Terraform Enterprise. Currently, the value of this header is absent.

Deprecations

  1. Redis 6.0 will be officially deprecated as of the November release.
  2. As part of the upcoming release, the tfectl db * commands will be marked for deprecation.

Bug Fixes

  1. This release fixes a bug for Terraform Enterprise installs that make use of Redis with mTLS where the archivist service exited early.

Security

  1. Security vulnerabilities have been addressed and resolved in this update to enhance overall system protection.

1.0.0

2025-08-11

Last required release: v202406-1 (776)

Flexible Deployment Options terraform-enterprise container digest: amd64/linux sha256:f6d5ac9e14ec22b715e2fbbf39a22898b6e88ac41528f85b969a0cac8a003d84, arm64/linux sha256:28b70e648b22148b32d684db7ecd2f4de109e9e091e4cb7fd430559929847b6b

Known Issues

  1. (Updated 11/27/2025) Product usage may generate heavy database queries that can overload the database and impact production workloads. This issue is fixed in 1.0.3 and in 1.1.0
  2. (Updated 12/15/2025) You may experience failures when using some S3-compatible storage solutions. This release includes an AWS library upgrade that introduces authentication issues with some third-party storage providers. To prevent errors when running plans, applies, or accessing Terraform state files, upgrade your storage solution to a version compatible with AWS SDK for Go v2. For additional details, refer to issue 2960 on the AWS SDK GitHub issues page.
  3. (Updated 8/27/2025) For Terraform Enterprise installs that make use of Redis with mTLS, you may experience a failure where the archivist service exits early. A fix for this bug will be shipped in the 1.0.1 release.

Deprecations

  1. PostgreSQL v13 will reach end of life on November 13 2025 and will no longer be supported in Terraform Enterprise after that date. Refer to the requirements for connecting to an external PostgreSQL database for a complete list of supported versions.
  2. We will stop supporting token generation during impersonation sessions in the next release.

Highlights

  1. Terraform Enterprise now supports ARM architecture deployments. No additional configuration is necessary. Customers wanting to use remote agents on ARM can now do so with agent version 1.22.4 or later. If you have existing agent pools you want to move to ARM, instructions are on Manage agent pools.
  2. Explorer is now available for beta testing on Terraform Enterprise. Explorer helps surface a wide range of valuable information from across your organizations. More information along with instructions about beta testing Explorer can be found on Explorer on Terraform Enterprise. Additional information about Explorer can be found in the API documentation, and workspaces documentation. Beta features should not be tested on production deployments. Feedback and support requests related to the Explorer beta should be directed to your account team.
  3. Private Registy Monorepo support is now available for beta testing on Terraform Enterprise. Users can now publish and manage multiple modules from a single repository in the private registry by enabling a new organization-level setting. To make this setting visible, a Terraform Enterprise admin must first set the environment variable TFE_ATLAS_REGISTRY_MONOREPO_TOGGLE_ENABLED to 1.

Features

  1. Terraform Enterprise and Sidekiq can use Azure MSI to connect with their respective Redis instances. Password is no longer required and tokens rotation will be handled internally.
  2. When used within Terraform Enterprise instances, Redis Sentinel data stores now support mTLS. This ensures that only clients with valid certificates can connect. Passwords are no longer required.

Improvements

  1. Users reported that the variable set page in the UI was slow to load for variable sets that were applied to a large amount of workspaces. The performance of this page has been improved.
  2. Loading registry modules in the private library is now more performant.
  3. This release reduces memory usage and pressure on the database when deleting workspaces. Workspace deletion is now handled by a batched async workflow that deletes workspace-related data in stages, and limits the number of fields loaded where possible.

Bug Fixes

  1. Parameter configuration has incorrectly been available for Managed Policy Sets under the legacy workflow. This has been rectified and will no longer be displayed.
  2. Users reported that the Create a team token button in the Teams Tokens page was not always visible. This bug has been resolved, and the create button should be rendered for users that have permission to create a team token.
  3. Users reported that searching for a team when creating a team token did not always return the expected queried teams. This bug has been resolved, and the team search should always return the expected results.
  4. Fixed an issue that caused cost estimation to fail for some Azure SQL BC SKUs

Security

  1. InResponseTo validation is now enabled for Service Provider (SP) initiated SAML requests, and the requests are consumed after use to prevent replay attacks. IdP initiated SAML requests will not have this feature enabled as it is not supported. If you need to disable this feature for SP initiated requests, you can set the TFE_SSO_VALIDATE_REQUEST_ID environment variable to false in your startup script.
Edit this page on GitHub