Releases · opentofu/opentofu

@gmeligio

⚠️ Do not use this release for production workloads! ⚠️

We are happy to announce the second prerelease of 1.10.0! This includes a lot of major and minor new features, as well as a ton of community contributions!

OCI Module support
Native S3 locking
Initial OTel tracing
Variable and Output deprecation
Global provider plugin cache locking
More features in the PG Backend
A ton more!

https://opentofu.org/blog/help-us-test-opentofu-1-10-0-alpha2/

For all the features, see the detailed changelog.

New Contributors

@gmeligio made their first contribution in #2626
@taliesins made their first contribution in #2465
@xingjiu made their first contribution in #2675
@bittelc made their first contribution in #2620

Full Changelog: v1.10.0-alpha1...v1.10.0-alpha2

BUG FIXES:

Provider used in import is correctly identified. (#2336)
plantimestamp() now returns unknown value during validation (#2397)
Syntax error in the required_providers block does not panic anymore, but yields "syntax error" (2344)
Fix the error message when default value of a complex variable is containing a wrong type (2394)
Changing Go version to 1.22.11 in order to fix CVE-2024-45336 and CVE-2024-45341 (#2438)
Fix the way OpenTofu downloads a module that is sourced from a GitHub branch containing slashes in the name. (2396)
Changing Go version to 1.22.12 in order to fix CVE-2025-22866 and CVE-2024-45341 (#2438)

Full Changelog: v1.9.0...v1.9.1

BUG FIXES:

Provider used in import is correctly identified. (#2336)
plantimestamp() now returns unknown value during validation (#2397)
Syntax error in the required_providers block does not panic anymore, but yields "syntax error" (2344)
Fix the error message when default value of a complex variable is containing a wrong type (2394)
Fix the way OpenTofu downloads a module that is sourced from a GitHub branch containing slashes in the name. (2396)
Changing Go version to 1.22.11 in order to fix CVE-2024-45336 and CVE-2024-45341 (#2438)
Changing Go version to 1.22.12 in order to fix CVE-2025-22866 and CVE-2024-45341 (#2438)

Full Changelog: v1.8.8...v1.8.9

BUG FIXES:

Provider used in import is correctly identified. (#2336)
plantimestamp() now returns unknown value during validation (#2397)
Syntax error in the required_providers block does not panic anymore, but yields "syntax error" (2344)
Fix the error message when default value of a complex variable is containing a wrong type (2394)
Changing Go version to 1.22.11 in order to fix CVE-2024-45336 and CVE-2024-45341 (#2438)
Fix the way OpenTofu downloads a module that is sourced from a GitHub branch containing slashes in the name. (2396)
Fix vulnerability GO-2024-2947
Fix vulnerability GO-2024-2948

Full Changelog: v1.7.7...v1.7.8

⚠️ Do not use this release for production workloads! ⚠️

We are happy to announce the first prerelease of the 1.10.0 version! This includes a lot of major and minor new features, as well as a ton of community contributions!

The highlights are:

OCI registries as a new kind of provider mirror: This is an alternative provider installation method, which allows you to install any provider from a repository in an OCI registry:

provider_installation {
  oci_mirror {
    repository_template = "example.com/opentofu-providers/${namespace}/${type}"
    include             = ["registry.opentofu.org/*/*"]
  }
}

Native locking for S3 backend: Now it is possible to use conditional writes to properly handle locking for S3 backend without configuring a separate DynamoDB service:

terraform {
  backend "s3" {
    bucket = "tofu-state-backend"
    key = "statefile"
    region = "us-east-1"
    use_lockfile = true
  }
}

For all the features, see the detailed changelog.

You can find the full diff here.

We're proud to announce that OpenTofu 1.9.0 is now officially out! 🎉

This release includes a lot of major and minor new features, as well as a ton of community contributions!

The highlights are:

for_each in provider configuration blocks: An alternate (aka "aliased") provider configuration can now have multiple dynamically-chosen instances using the for_each argument:
```
provider "aws" {
  alias    = "by_region"
  for_each = var.aws_regions

  region = each.key
}
```
Each instance of a resource can also potentially select a different instance of the associated provider configuration, making it easier to declare infrastructure that ought to be duplicated for each region.
-exclude planning option: similar to -target, this allows operators to tell OpenTofu to work on only a subset of the objects declared in the configuration or tracked in the state.
```
tofu plan -exclude=kubernetes_manifest.crds
```
While -target specifies the objects to include and skips everything not needed for the selected objects, -exclude instead specifies objects to skip. OpenTofu will exclude the selected objects and everything that depends on them.

Please take the above for a spin and let us know your feedback!

For all the features, see the related blog post or the detailed changelog.

You can find the full diff here.

⚠️ Do not use this release for production workloads! ⚠️

This build includes a few more bug fixes and dependency upgrades. Namely, it fixes create_before_destroy updates with no refresh (#1806) and tofu init with encryption when backend is disabled (#2217).

It's time for the release candidate of the 1.9.0 version! This includes a lot of major and minor new features, as well as a ton of community contributions!

The highlights are:

for_each in provider configuration blocks: An alternate (aka "aliased") provider configuration can now have multiple dynamically-chosen instances using the for_each argument:
```
provider "aws" {
  alias    = "by_region"
  for_each = var.aws_regions

  region = each.key
}
```
Each instance of a resource can also potentially select a different instance of the associated provider configuration, making it easier to declare infrastructure that ought to be duplicated for each region.
-exclude planning option: similar to -target, this allows operators to tell OpenTofu to work on only a subset of the objects declared in the configuration or tracked in the state.
```
tofu plan -exclude=kubernetes_manifest.crds
```
While -target specifies the objects to include and skips everything not needed for the selected objects, -exclude instead specifies objects to skip. OpenTofu will exclude the selected objects and everything that depends on them.

Please take the above for a spin and let us know your feedback!

For all the features, see the detailed changelog.

You can find the full diff here.

SECURITY:

Upgraded golang.org/x/crypto to resolve CVE-2024-45337. (#2287)
Upgraded golang.org/x/net to resolve CVE-2024-45338. (#2311)

BUG FIXES:

tofu test now removes outputs of destroyed modules between different test runs. (#2274)

⚠️ Do not use this release for production workloads! ⚠️

It's time for the release candidate of the 1.9.0 version! This includes a lot of major and minor new features, as well as a ton of community contributions!

The highlights are:

for_each in provider configuration blocks: An alternate (aka "aliased") provider configuration can now have multiple dynamically-chosen instances using the for_each argument:
```
provider "aws" {
  alias    = "by_region"
  for_each = var.aws_regions

  region = each.key
}
```
Each instance of a resource can also potentially select a different instance of the associated provider configuration, making it easier to declare infrastructure that ought to be duplicated for each region.
-exclude planning option: similar to -target, this allows operators to tell OpenTofu to work on only a subset of the objects declared in the configuration or tracked in the state.
```
tofu plan -exclude=kubernetes_manifest.crds
```
While -target specifies the objects to include and skips everything not needed for the selected objects, -exclude instead specifies objects to skip. OpenTofu will exclude the selected objects and everything that depends on them.

Please take the above for a spin and let us know your feedback!

For all the features, see the detailed changelog.

You can find the full diff here.

⚠️ Do not use this release for production workloads! ⚠️

This build fixes a bug where destroy would not always function correctly with provider for_each.

It's time for the beta release of the 1.9.0 version! This includes a lot of major and minor new features, as well as a ton of community contributions!

The highlights are:

for_each in provider configuration blocks: An alternate (aka "aliased") provider configuration can now have multiple dynamically-chosen instances using the for_each argument:
```
provider "aws" {
  alias    = "by_region"
  for_each = var.aws_regions

  region = each.key
}
```
Each instance of a resource can also potentially select a different instance of the associated provider configuration, making it easier to declare infrastructure that ought to be duplicated for each region.
-exclude planning option: similar to -target, this allows operators to tell OpenTofu to work on only a subset of the objects declared in the configuration or tracked in the state.
```
tofu plan -exclude=kubernetes_manifest.crds
```
While -target specifies the objects to include and skips everything not needed for the selected objects, -exclude instead specifies objects to skip. OpenTofu will exclude the selected objects and everything that depends on them.

Please take the above for a spin and let us know your feedback!

For all the features, see the detailed changelog.

You can find the full diff here.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

New Contributors

Contributors

Releases: opentofu/opentofu

v1.10.0-alpha2

New Contributors

Contributors

v1.9.1

v1.8.9

v1.7.8

v1.10.0-alpha1

v1.9.0

v1.9.0-rc2

v1.8.8

v1.9.0-rc1

v1.9.0-beta2