SECURITY ADVISORIES:

• Previous releases in the v1.11 series could potentially take an excessive amount of time processing a maliciously-crafted .zip archive during either provider or module installation during tofu init. (#3689)

BREAKING CHANGES:

• Modules containing local provider configurations now also reject the enabled ar...

BUG FIXES:

• Fix crash when the executed configuration contains an import block that points to unexisting configuration block (#3616)
• Fixed tofu test with mock_provider failing during cleanup when lifecycle { ignore_changes } references a block. (#3644)
• Fixed state lock not being...

UPGRADE NOTES:

• The change from #2643, that was announced previously in v1.11.0, has been reverted in this release. OpenTofu will no longer directly recommend using the -exclude= option to work around problems caused by unknown values in provider configurations.

  Unfortunately there are existing providers that spuriously report that the...

BUG FIXES:

• Fixed regression where import validation would incorrectly flag variables used in for_each statements within import blocks (#3564)
• Fixed lifecycle enabled serialization in plan file (#3566)
• Fixed regression when validating import.id expressions ([#3567](https://github.com/opent...

OpenTofu 1.11.0

We're proud to announce that OpenTofu 1.11.0 is now officially available! 🎉

Highlights

This release cycle introduces major new capabilities and integrations:

Ephemeral Values and Write Only Attributes

Ephemeral resources allow you to work with confidential data, temporary credentials, and transient infrastructure without persisting them to your state.

``...