Skip to content

v0.44.1

Choose a tag to compare

View all tags
@github-actions github-actions released this 25 Jun 09:20
· 8 commits to main since this release
v0.44.1
f39ae3c
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Patch release of Terrapod — an open-source platform replacement for Terraform Enterprise. A new-contributor OIDC interop fix, a drift-detection fix, and security updates.

Bug Fixes

  • OIDC login against PKCE-enforcing IdPs — Terrapod now sends S256 PKCE (RFC 7636) on the upstream OIDC authorize request and token exchange, fixing login for identity providers that require PKCE on the authorization-code flow even when a client secret is configured (e.g. Pinniped Supervisor). Automatic and backward-compatible. Thanks to first-time contributor @Qubut! (#543)
  • Drift detection false positive — a drift check that found no changes could still flag a workspace as drifted if the runner's plan-result POST hit a transient read-timeout (leaving has_changes unknown). The authoritative result POSTs now retry with backoff, so a momentary blip no longer produces phantom drift. (#566)

Security

  • pydantic-settings → 2.14.2 — GHSA-4xgf-cpjx-pc3j (NestedSecretsSettingsSource followed symlinks outside secrets_dir). (#563)
  • @babel/core → 7.29.7 — GHSA-4x5r-pxfx-6jf8 (arbitrary file read via sourceMappingURL). (#563)
  • CodeQL cleanups (redundant import, unused global). (#563)

Status

Beta — production-capable; self-hosted, and API-compatible with the terraform/tofu cloud-block workflow.

Full Changelog: v0.44.0...v0.44.1

Assets 32
Loading