Added a new organization permission, "Manage Policy Overrides", to isolate the permission for allowing overrides of soft-mandatory policy checks. The existing "Manage Policies" permission will no longer allow for soft-mandatory overrides.
Increased minimim required Replicated version to 2.50.0.
Added policy check events to the audit log and audit trail APIs.
Added ability to define working directory while changing a workspace's VCS source
Changed the Sentinel runtime to version 0.18.0. For the latest changes, see the release notes.
Changed Modules page to be Registry and updated urls
Added Terraform CLI versions up through 0.15.0 to Terraform Enterprise.
Added the ability to restrict state access (usually performed via the terraform_remote_state data source) to specific workspaces within an organization, along with an admin setting to configure the default setting for new workspaces and a command line migration assistant.
Added UI for disabling automatic speculative plans in VCS-connected workspaces. (This already existed in the API, and is now also available in each workspace's VCS settings page.)
Added Firefox ESR and older Chrome/Firefox/Safari/Edge versions (latest 2) to browser support list
Added Replicated configuration to restrict Terraform run environments from being able to reach cloud provider metadata endpoints, e.g., http://169.254.169.254.
Active/Active configurations now require fewer tokens during install, only needing enc_password across all nodes (previously required tokens such as cookie_hash, install_id etc) See documentation for more details.
Removed the logic to upgrade the internally-managed PostgreSQL server from PostgreSQL 9.5 to PostgreSQL 12. Installations running a release of Terraform Enterprise prior to v202103-1 must upgrade to required release v202103-1 in order to upgrade the internally-managed PostgreSQL server. This change only affects mounted disk and proof of concept installations.
Rotated the secret used to generate password reset tokens and account unlock tokens. Existing password reset tokens and account unlock tokens generated before this change is deployed will be rendered invalid.
Removed the ability for run tokens used in build workers to list all workspaces in the organization, a permission that is not required for the run token's intended purpose of reading workspaces to share state across workspaces using the terraform_remote_state data source.
Removed the ability for Terraform code in a run environment to initiate network communication with internal TFE services.
Ongoing container updates to address reported vulnerabilities in underlying packages / dependencies.
Introduced additional security controls to prevent SSRF attacks in various TFE components.