»TFE Release v202204-2 (610 Required)

»Known Issues

1. [May 3, 2022] tfe-admin health-check fails with sh: /root/ptfe-health-check: not found after a change to the ptfe_health_check container Entrypoint to run the process as an unprivileged user under /run/ptfe-health-check but the alias was still referencing /root/ptfe-health-check. This issue will be fixed in v202205-1.
2. [May 10, 2022] This release includes an issue with Audit Log tagging, causing audit logs to no longer be tagged with the [Audit Log] prefix. This issue will be fixed in 'v202205-1'.

»CHANGES SINCE v202204-1

The tfe-bootstrap container now automatically negotiates the Docker API version before making requests to the Docker API to prevent Error response from daemon: client version 1.41 is too new. Maximum supported API version is 1.40 errors upon Terraform Enterprise installation or upgrade.

»UPCOMING APPLICATION LEVEL BREAKING CHANGE

The Terraform Enterprise May 2022 release will change the names of application containers from ptfe_* to tfe-* for product consistency. For example, ptfe_nginx will be changed to tfe-nginx. If you have downstream configuration (monitoring, log forwarding etc.) that references the older naming scheme, you will need to update container references to the new names.

»APPLICATION LEVEL BREAKING CHANGES

1. The demo operational mode has been removed. If you are currently running demo mode, we strongly suggest that you upgrade to Terraform Enterprise v202204-1. To do this, you must migrate your application data.

»APPLICATION LEVEL FEATURES

1. Added a log storage memory limit to log forwarding. When the 128MB limit is reached, logs will be stored in a buffer on the filesystem until they can be forwarded.

2. Changed cost estimation so that it uses the HTTP proxy settings configured within Terraform Enterprise.

3. Added the ability to specify an 'SSO team ID' for teams that Terraform Enterprise can use to map teams to non-human readable 'MemberOf' values in SAML assertions.

4. Updated display of download count metrics for modules in the private registry

5. Added an API endpoint to fetch a workspace's current state version outputs. Refer to https://www.terraform.io/cloud-docs/api-docs/state-version-outputs#show-current-state-version-outputs-for-a-workspace for details

6. Updated the default json-file log rotation settings for all containers in order to improve the performance of support bundle generation.

   Previous Settings	New Settings
   max-size: 10m and max-file: 3	max-size: 8m and max-file: 4
   max-size: 10m and max-file: 10	max-size: 32m and max-file: 4
   max-size: 100m and max-file: 10	max-size: 64m and max-file: 8
   max-size: 100m and max-file: 200	max-size: 50m and max-file: 20

»APPLICATION LEVEL BUG FIXES

1. The iact_subnet_list setting now allows you to use , to separate IPv4 addresses.
2. Fixed situation where occasionally you could not create a workspace after a workspace with the same name was deleted.
3. Fixed an issue causing configuration version tarballs downloaded through the API to have a non-human-readable filename and no file extension.
4. Fixed several issues with Terraform Cloud agent pools.

»APPLICATION LEVEL SECURITY FIXES

1. Added no-cache and no-store headers for some API responses that may contain sensitive data (2FA configuration, SSO configuration, and state versions).
2. Removed credentials from health-check endpoint for an internal service.
3. Adopted container updates to address reported vulnerabilities in underlying packages / dependencies.