mirror of https://github.com/opentffoundation/opentf.git synced 2025-12-19 17:59:05 -05:00

Go to file

Martin Atkins 4d1c6c151b go.mod: go get golang.org/x/crypto@v0.45.0

This is primarily to clear naive security scanner reports for GO-2025-4135,
which is a potential denial of service if attacker-controlled software can
send malformed packets back to OpenTofu through the SSH Agent proxy
channel.

We are not considering this a significant vulnerability for OpenTofu
because the SSH Agent forwarding pattern already assumes that software on
the remote system is trusted not to misuse the keys that are exposed though
the proxy channel.

Due to the Go team's policy of ratcheting upgrades between all of the
golang.org/x/* modules, this also requires upgrading three other modules.
I have reviewed the changes in those, and most appear to not affect
OpenTofu at all. There are some performance improvements to the HTTP2 and
QUIC implementations in x/net, but they don't seem to be a big concern for
us.

Signed-off-by: Martin Atkins <mart@degeneration.co.uk>

2025-11-24 11:37:32 -08:00

.github

[main] Fixes for GH workflows for older OpenTofu versions (#3485 )

2025-11-11 11:12:20 +02:00

cmd/tofu

backend/local: Opt-in to experimental plan/apply/refresh functions

2025-11-21 09:20:59 -08:00

contributing

fix: broken links on DEVELOPING.md (#3395 )

2025-10-21 05:43:34 -03:00

docs

tracing: Centralize our OpenTelemetry package imports

2025-10-30 13:27:10 -07:00

internal

chore(keyprovider/gcp_kms): add logs for encryption and decryption keys (#3518 )

2025-11-24 09:44:18 -03:00

rfc

rfc: A new approach to configuration evaluation, planning, and applying

2025-10-22 08:56:58 -07:00

scripts

go.mod: Use the new "tool" directive

2025-10-10 07:06:56 -03:00

testing

plan diff: summarize the current -> planned notation

2025-08-26 11:37:44 -07:00

tools

go.mod: Use the new "tool" directive

2025-10-10 07:06:56 -03:00

version

Begin the v1.12.x development period

2025-10-23 11:00:02 -07:00

website

website: "tofu providers schema" nested_type docs

2025-11-19 07:20:49 -08:00

.copywrite.hcl

ignore any lock file on license header check (#1776 )

2024-07-08 15:27:11 +03:00

.devcontainer.json

Update .devcontainer.json go's version to 1.22 (#2385 )

2025-01-17 15:45:56 +01:00

.gitattributes

fix: internal/getprovider tests on Windows (#3275 )

2025-09-16 15:29:31 -03:00

.gitignore

gitignore: add coverage.out and coverage.html (#2519 )

2025-02-13 19:59:28 -05:00

.go-version

go.mod: Use Go 1.25.3

2025-10-14 12:51:39 -07:00

.golangci.yml

Fix linting in internal/command (#2798 )

2025-05-15 07:39:11 -04:00

.goreleaser.yaml

More nightly build work, hardcode env vars and remove version (#3138 )

2025-08-13 14:33:52 +01:00

.licensei.toml

feat: add license checks on dependencies (#310 )

2023-09-13 19:10:41 +03:00

.tfdev

Rename github.com/placeholderplaceholderplaceholder/opentf to github.com/opentofu/opentofu (#461 )

2023-09-20 14:35:35 +03:00

CHANGELOG.md

CHANGELOG: entry for opentofu/opentofu#3507

2025-11-18 06:59:35 -08:00

CHARTER.md

Updated references and moved governance stuff to a new repo opentofu/org (#2953 )

2025-06-25 10:50:10 -07:00

CODE_OF_CONDUCT.md

Update core team email. (#752 )

2023-10-19 12:03:39 +02:00

codecov.yml

Update copyright notice (#1232 )

2024-02-08 09:48:59 +00:00

CODEOWNERS

update CODEOWNERS to match the new governance chart (#2959 )

2025-06-25 12:47:24 -03:00

CONTRIBUTING.md

Update CONTRIBUTING.md - Changing TSC membership (#3053 )

2025-07-22 09:25:26 -07:00

CONTRIBUTING.RELEASE.md

Add github workflow to run govoulncheck on all branches with supported OpenTofu versions (#2636 )

2025-05-14 18:26:22 +03:00

Dockerfile

OpenTofu 1.10: Disable usage of ghcr.io image as a base image (#1994 )

2025-01-07 10:08:23 -05:00

Dockerfile.minimal

Fixes #2356 : Minimal base image (#2375 )

2025-01-15 13:46:34 +01:00

go.mod

go.mod: go get golang.org/x/crypto@v0.45.0

2025-11-24 11:37:32 -08:00

go.sum

go.mod: go get golang.org/x/crypto@v0.45.0

2025-11-24 11:37:32 -08:00

GOVERNANCE.md

Updated references and moved governance stuff to a new repo opentofu/org (#2953 )

2025-06-25 10:50:10 -07:00

LICENSE

Update copyright notice (#1232 )

2024-02-08 09:48:59 +00:00

MAINTAINERS.md

OpenTofu Charter and Governance (#2830 )

2025-05-23 08:18:56 -04:00

Makefile

makefile: add .exe when building for Windows (#3452 )

2025-11-05 12:36:22 -06:00

README.md

Add TSC Meeting link / info (#2847 )

2025-05-23 10:00:27 -04:00

RELEASE.md

Added nightly build process - Experimental (#3111 )

2025-08-12 14:25:34 +01:00

SECURITY.md

Added Security disclousure policy (#749 )

2023-10-19 15:27:59 -07:00

WEEKLY_UPDATES.md

Weekly update 2024-10-11 (#2068 )

2024-10-11 15:20:00 +02:00

README.md

OpenTofu

OpenTofu is an OSS tool for building, changing, and versioning infrastructure safely and efficiently. OpenTofu can manage existing and popular service providers as well as custom in-house solutions.

The key features of OpenTofu are:

Infrastructure as Code: Infrastructure is described using a high-level configuration syntax. This allows a blueprint of your datacenter to be versioned and treated as you would any other code. Additionally, infrastructure can be shared and re-used.
Execution Plans: OpenTofu has a "planning" step where it generates an execution plan. The execution plan shows what OpenTofu will do when you call apply. This lets you avoid any surprises when OpenTofu manipulates infrastructure.
Resource Graph: OpenTofu builds a graph of all your resources, and parallelizes the creation and modification of any non-dependent resources. Because of this, OpenTofu builds infrastructure as efficiently as possible, and operators get insight into dependencies in their infrastructure.
Change Automation: Complex changesets can be applied to your infrastructure with minimal human interaction. With the previously mentioned execution plan and resource graph, you know exactly what OpenTofu will change and in what order, avoiding many possible human errors.

Getting help and contributing

Have a question?
- Post it in GitHub Discussions
- Open a GitHub issue
- Join the OpenTofu Slack!
Want to contribute?
- Please read the Contribution Guide.
Recurring Events
- Community Meetings on Wednesdays at 12:30 UTC at this link: https://meet.google.com/xfm-cgms-has (📅 calendar link)
- Technical Steering Committee Meetings every other Tuesday at 4pm UTC at this link: https://meet.google.com/cry-houa-qbk (📅 calendar link)

Tip

For more OpenTofu events, subscribe to the OpenTofu Events Calendar!

Reporting security vulnerabilities

If you've found a vulnerability or a potential vulnerability in OpenTofu please follow Security Policy. We'll send a confirmation email to acknowledge your report, and we'll send an additional email when we've identified the issue positively or negatively.

Reporting possible copyright issues

If you believe you have found any possible copyright or intellectual property issues, please contact liaison@opentofu.org. We'll send a confirmation email to acknowledge your report.

Registry Access

In an effort to comply with applicable sanctions, we block access from specific countries of origin.

License

Mozilla Public License v2.0