OpenTofu

SECURITY ADVISORIES:

• Previous releases in the v1.11 series could potentially take an excessive amount of time and send extraneous data to an HTTP2 server that specifies a maximum frame size of zero. This is now fixed. (#4094)

  An attacker that can coerce an operator to install a dependency from an attacker-controlled server could use this to cause unexpected resource consumption during tofu init.

Full Changelog: https://github.com/opentofu/opentofu/compare/v1.11.7...v1.11.8