Release history
opentofu releases
OpenTofu lets you declaratively manage your cloud infrastructure.
All releases
10 shown
v1.11.7
Bug fix
Installer returns an error when a cached provider package has a mismatched checksum instead of silently overwriting.
Full changelog
BUG FIXES:
- When installing provider packages into a local cache directory, the installer will now return an error if a conflicting entry is already present in the cache that doesn't match the expected checksum. Previously OpenTofu would just silently write over the existing entry in that case. (#4082)
Full Changelog: https://github.com/opentofu/opentofu/compare/v1.11.6...v1.11.7
v1.10.10
Bug fix
Fixed import‑block provider functions bug and made installer error on cache checksum mismatches.
Full changelog
BUG FIXES:
- When installing provider packages into a local cache directory, the installer will now return an error if a conflicting entry is already present in the cache that doesn't match the expected checksum. Previously OpenTofu would just silently write over the existing entry in that case. (#4082)
- Fixed provider-defined functions in
importblockidexpressions causing "BUG: Uninitialized function provider" error. (#3803)
Full Changelog: https://github.com/opentofu/opentofu/compare/v1.10.9...v1.10.10
v1.11.6
Security relevant
Security fixes
- TLS deadlock from multiple key update messages in single record
- Sparse file entry limit in tar archives to prevent malicious memory exhaustion
v1.10.9
Security relevant
Security fixes
- GO-2026-4341: net/url ParseQuery DoS with unlimited query arguments
- GO-2026-4340: crypto/tls deadlock with multiple encryption level messages
v1.11.4
Breaking risk
Breaking changes
- Modules with local provider configurations now reject enabled argument
Security fixes
- Fix for DoS vulnerability in .zip archive processing during init
v1.11.3
Bug fix
Fixed state lock not being released when tofu apply is interrupted with Ctrl+C.