Overview All releases

Version History

v0.63.0 v0.62.1 v0.62.0 v0.61.0 v0.60.0 v0.59.0 v0.58.0 v0.57.1 v0.57.0 v0.56.0 v0.55.0 v0.54.0 v0.53.1 v0.53.0 v0.52.0 v0.51.0 v0.50.2 v0.50.1 v0.50.0 v0.49.2 v0.49.1 v0.49.0 v0.48.0 v0.47.4 v0.47.3 v0.47.2 v0.47.1 v0.47.0

v0.46.3

v0.46.2 v0.46.1 v0.45.0 v0.44.0 v0.43.1 v0.43.0 v0.42.2 v0.42.1 v0.42.0 v0.41.0 v0.40.0 v0.39.0 v0.38.1 v0.38.0 v0.37.2 v0.37.1 v0.37.0 v0.36.1 v0.36.0

v0.35.0

v0.34.2

v0.34.1

v0.34.0

v0.33.1

v0.33.0

v0.32.1

v0.32.0

v0.31.0

v0.30.2

v0.30.1

v0.30.0

v0.29.4

v0.29.3

v0.29.2

v0.29.1

v0.28.0

v0.27.1

v0.27.0

v0.26.0

v0.25.2

v0.25.1

v0.25.0

v0.24.0

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.1

v0.21.0

v0.20.5

v0.20.4

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.2

v0.19.1

v0.19.0

v0.19.0-rc1

v0.18.0

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.2

v0.16.1

v0.16.0

v0.15.1

v0.15.0

v0.14.2

v0.14.1

v0.14.0

v0.13.5

v0.13.4

v0.13.3

v0.13.2

v0.13.0

v0.12.2

v0.12.1

v0.12.0

v0.11.0

v0.10.7

v0.10.6

v0.10.5

v0.10.4

v0.10.3

v0.10.2

v0.10.1

v0.10.0

v0.9.2

v0.9.1

v0.9.0

v0.8.2

v0.8.1

v0.8.0

v0.7.1

v0.7.0

v0.6.0

v0.5.13

v0.5.12

v0.5.11

v0.5.10

v0.5.9

v0.5.8

v0.5.7

v0.5.6

v0.5.5

v0.5.4

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.10

v0.4.9

v0.4.8

v0.4.7

v0.4.6

v0.4.5

v0.4.4

v0.4.3

v0.4.2

v0.4.1

v0.4.0

v0.3.1

v0.3.0

v0.2.2

v0.2.1

v0.2.0

v0.1.0

Open Policy Agent - v0.46.3

Security

This is a second security fix to address CVE-2022-41717/GO-2022-1144.

We previously believed that upgrading the Golang version and its stdlib would be sufficient
to address the problem. It turns out we also need to bump the x/net dependency to v0.4.0.,
a version that hadn't existed when v0.46.2 was released.

This release bumps the golang.org/x/net dependency to v0.4.0, and contains no other
changes over v0.46.2.

Note that the affected code is OPA's HTTP server. So if you're using OPA as a Golang library,
or if your confident that your OPA's HTTP interface is protected by other means (as it should
be -- not exposed to the public internet), you're OK.

Security

CVE-2022-41717

Details

date

Dec. 9, 2022, 10 a.m.

name

v0.46.3

type

Patch

official page

https://github.com/open-policy-agent/opa/releases/tag/v0.46.3

👇

🔍View and search all Open Policy Agent releases.
🛠️Create and share lists to track your tools.
🚨Setup notifications for major, security, feature or patch updates.
🚀Much more coming soon!

Continue with GitHub

Continue with Google

Username

Password

Password (again)

leave this field blank to prove your humanity