HashiConf 2025 Don't miss the live stream of HashiConf Day 2 happening now View live stream
Terraform
Terraform Home

Terraform Enterprise 1.1.x

The following table shows Terraform Enterprise releases, deployment methods, and prerequisites. Each version links to detailed release notes, which are also available in the right sidebar.

Below is a list of the most recent Terraform Enterprise Releases that can deploy Terraform Enterprise natively in a Kubernetes environment. Learn more about flexible deployment options.

VersionLinked
Terraform CLI**		SentinelTested Kubernetes Versions (EKS, AKS, GKE)Helm Chart Version
1.1.01.13.40.40.01.34, 1.34, 1.331.6.5

* Denotes a required release. All online upgrades will automatically install this version, but airgap customers must upgrade to this version before proceeding to later releases.

** The release package contains this version of the Terraform CLI, but you can install older and newer versions of the Terraform CLI as needed via the Admin UI or API.

1.1.0

2025-11-12

Last required release: v202406-1 (776)

Flexible Deployment Options terraform-enterprise container digest: amd64/linux sha256:aaa386b1054f370642341140da6ac633e7f3011ead7fdd3b2c30b5a0c7ea6ac3, arm64/linux sha256:fc77887cd73119a16c17f87a6f31ecc45a02df460f309cb808212eafad990fcb

Known Issues

Breaking Changes

Deprecations

  1. PostgreSQL 13 is reaching end-of-life in November. We are deprecating support for PostgreSQL 13 in this release, and we will remove support in the 1.2.0 release.
  2. Admins can no longer generate tokens while impersonating a user.
  3. The deprecation period for Redis 6.0 has ended and it will no longer be supported with Terraform Enterprise. Customers running Redis on Azure will need to update their configuration to use a second Redis database due to changes to the Azure Redis offering.

Highlights

  1. PostgreSQL 17, Google Cloud AlloyDB 16, and EnterpriseDB Postgres Advanced Server 16 and 17 databases are now officially supported.
  2. You can now use the Terraform Enterprise admin console and API to manage support bundles, product usage bundles, and retrieve node information.

Features

  1. You can now create multiple authentication tokens for a single team.
  2. Organization owners can now disable the use of user API tokens for an organization.
  3. Customers using the Docker driver can retrieve run pipeline agent images stored in a private registry using basic authentication.
  4. Generating an API token for the system API now also generates a link to the admin console if enabled.
  5. The admin API now retrieves audit logs. You can now call the API to review login and logout events.
  6. The system API now determine rate limits according to the token bucket algorithm. As a result, the API can now handle traffic bursts.

Improvements

  1. Terraform Enterprise now attempts to read and write from blob storage as a startup check prior to running database migrations.
  2. Terraform Enterprise's database access in automated product usage reporting has been optimized.
  3. The list SSH keys API now returns a Not Found response instead of an empty response when accessed using an organization token.
  4. The Project name link in the Workspace Explorer now directs you to the Project overview page. Previously, it would bring you to a list of workspaces within the project.
  5. Checking for and updating the state of Terraform agents that have not reported their status now happens as a background job, improving performance of these updates.
  6. Terraform Enterprise now limits how many resources are deleted concurrently when their parent resource is deleted, which reduces the impact on the database. For example, when you delete an organization instructs Terraform Enterprise to delete all projects it contains, as well as all jobs within those projects. Previously, Terraform Enterprise deleted all artifacts as quickly as possible, resulting in potentially large amounts of write activity on the database. These deletions are now rate-limited, reducing the impact.
  7. Improved performance of API queries that lookup workspaces by their name.
  8. Improved performance of the FailedJobWorker process when finding and reaping failed PolicyCheck jobs.
  9. The redis-server version has been upgraded to 7.4.2.
  10. You can now update an OAuth client's PAT directly through the API.
  11. Improved performance of user management in the organization settings page. This page renders faster on initial page load, especially for an organization with many teams. Searching for an organization user and switching between pages requires less network activity .
  12. You can now enable an option in the UI that lets a workspace share its state with all other workspaces in the same project.
  13. The operation runs filter label has been renamed to type. This change includes the labels for the toggle and the Filter by drop-down menu.
  14. The Filter by action label has been renamed to Filter by operation on the Runs page
  15. Terraform Enterprise will return current version via new X-TFE-Current-Version header, additionally X-TFE-Version will continue to return monthly release version for backward compatibility.

Bug Fixes

  1. Fixed SSO user creation collision issue where users with the same email local part, such as first.name@example.com and first.name@admin.example.com, couldn't both exist due to duplicate username generation. To prevent this, Terraform Enterprise now appends a random 4-byte hex suffix to usernames with conflicts. For example, first.name3b9da8c7.
  2. Users reported that deleting an organization that has an authentication token returned an error, even though the organization was deleted successfully. This bug has been resolved and deleting an organization with an authentication token should return a successful response.
  3. You can no longer disable auto-destroy plans by disabling the Allow destroy plan option in the workspace settings. The previous behavior where the workspace setting blocked auto-destroy plans from running was unintended. This fix includes a validation that requires the Allow destroy plan to be enabled when a project or workspace auto-destroy plan exists. It also validates that migrations to fix any invalid workspace settings. When Allow destroy plan is disabled for a workspace that is in a project with an auto-destroy plan, the auto-destroy now runs against the workspace. To preserve such workspaces, move them to a project without an auto-destroy plan.
  4. You can no longer change the Allow destroy plan setting for a workspace in a project that contains an auto-destroy plan. Instead, the UI shows an alert message stating that the project plan prevents access to the setting.
  5. Session timeout now has a minimum limit of 5 minutes to prevent premature logouts during active sessions.
  6. Due to an issue where paginating by last-seen-at results in inconsistent pagination we are giving users an option to sort agents by created-at.

Security

  1. New users are now required to have more secure passwords. New users must have a password that is at least 8 characters long and contain at least three of the following features: lowercase letters (a-z), uppercase letters (A-Z), numbers (0-9), and special characters (!@#$%^&*).
  2. To improve security and prevent possible attacks, a bug that allowed some external redirects to be specified post-login through the URL has been fixed.
Edit this page on GitHub