Overview All releases

Version History

v0.64.1 v0.64.0 v0.63.0 v0.62.1 v0.62.0 v0.61.0 v0.60.0

v0.59.0

v0.58.0 v0.57.1 v0.57.0 v0.56.0 v0.55.0 v0.54.0 v0.53.1 v0.53.0 v0.52.0 v0.51.0 v0.50.2 v0.50.1 v0.50.0 v0.49.2 v0.49.1 v0.49.0 v0.48.0 v0.47.4 v0.47.3 v0.47.2 v0.47.1 v0.47.0 v0.46.3 v0.46.2 v0.46.1 v0.45.0 v0.44.0 v0.43.1 v0.43.0 v0.42.2 v0.42.1 v0.42.0 v0.41.0 v0.40.0 v0.39.0 v0.38.1 v0.38.0 v0.37.2 v0.37.1 v0.37.0 v0.36.1 v0.36.0

v0.35.0

v0.34.2

v0.34.1

v0.34.0

v0.33.1

v0.33.0

v0.32.1

v0.32.0

v0.31.0

v0.30.2

v0.30.1

v0.30.0

v0.29.4

v0.29.3

v0.29.2

v0.29.1

v0.28.0

v0.27.1

v0.27.0

v0.26.0

v0.25.2

v0.25.1

v0.25.0

v0.24.0

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.1

v0.21.0

v0.20.5

v0.20.4

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.2

v0.19.1

v0.19.0

v0.19.0-rc1

v0.18.0

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.2

v0.16.1

v0.16.0

v0.15.1

v0.15.0

v0.14.2

v0.14.1

v0.14.0

v0.13.5

v0.13.4

v0.13.3

v0.13.2

v0.13.0

v0.12.2

v0.12.1

v0.12.0

v0.11.0

v0.10.7

v0.10.6

v0.10.5

v0.10.4

v0.10.3

v0.10.2

v0.10.1

v0.10.0

v0.9.2

v0.9.1

v0.9.0

v0.8.2

v0.8.1

v0.8.0

v0.7.1

v0.7.0

v0.6.0

v0.5.13

v0.5.12

v0.5.11

v0.5.10

v0.5.9

v0.5.8

v0.5.7

v0.5.6

v0.5.5

v0.5.4

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.10

v0.4.9

v0.4.8

v0.4.7

v0.4.6

v0.4.5

v0.4.4

v0.4.3

v0.4.2

v0.4.1

v0.4.0

v0.3.1

v0.3.0

v0.2.2

v0.2.1

v0.2.0

v0.1.0

Open Policy Agent - v0.59.0

Security

v0.59.0

This release adds tooling to help prepare existing policies for the upcoming OPA 1.0 release.
It also contains a mix of improvements, bugfixes and security fixes for third-party libraries.

NOTES:

All published OPA images now run with a non-root uid/gid. The uid:gid is set to 1000:1000 for all images. As a result
there is no longer a need for the -rootless image variant and hence it will not be published as part of future releases.
This change is in line with container security best practices. OPA can still be run with root privileges by explicitly setting the user,
either with the --user argument for docker run, or by specifying the securityContext in the Kubernetes Pod specification.

Rego v1

The upcoming release of OPA 1.0, which will be released at a future date, will introduce breaking changes to the Rego language. Most notably:

the keywords that currently must be imported through import future.keywords into a module before use will be part of the Rego language by default, without the need to first import them.
the if keyword will be required before the body of a rule.
the contains keyword will be required when declaring a multi-value rule (partial set rule).
deprecated built-in functions will be removed.

This current release (0.59.0) introduces a new --rego-v1 flag to the opa fmt and opa check commands to facilitate the transition of existing policies to be compatible with the 1.0 syntax.

When used with opa fmt, the --rego-v1 flag will format the module(s) according to the new Rego syntax in OPA 1.0.
Formatted modules are compatible with both the current version of OPA and 1.0.
Modules using deprecated built-ins will terminate formatting with an error. Future versions of OPA will support rewriting applicable function calls with equivalent Rego compatible with 1.0.

When used with opa check, the --rego-v1 flag will check that the modules are compatible with both the current version of OPA and 1.0.

Relevant Changes

cmd: Adding --rego-v1 flag to check cmd (#6429) authored by @johanfylling
cmd & format: Adding rego-v1 mode to opa fmt (#6297) authored by @johanfylling
ast: Adding capability feature for the rego.v1 import (#6375) (authored by @johanfylling)
ast: Skip if keyword requirement for default rule (rego.v1) (#6356) authored by @ashutosh-narkar
rego.v1: Fixing erroneous missing value assignment error (#6364) authored by @johanfylling
rego.v1: Improving support for rules with chained bodies (#6370) authored by @johanfylling
ast: Add rego.v1 import (#6247) introduced in OPA 0.58.0, authored by @johanfylling

Runtime, Tooling, SDK

ast: Adding rule_head_refs capabilities feature flag (#6334) authored by @johanfylling
build: Remove rootless image variant (#4295) authored by @ashutosh-narkar
discovery: Make status updates non blocking (#6345) (#6343) authored by @charlieegan3
plugins/rest: Masks X-AMZ-SECURITY-TOKEN header in decision logs (#5848) authored by @colinjlacy reported by @jwineinger
wasm: Fix re2 bug (#6376) authored by @srenatus reported by @sandhose
ast: Add ExcludeLocationFile JSON marshalling option (#6398) (authored by @anderseknert)
cmd: Add options to the filter to only load rego files (#6317) authored by @tjons
ast: Add minimum compatible version computation to compiler (#6348) authored by @tsandall
internal/planner: Insert general ref head objects starting from the leaves, not root. (#6401) authored by @srenatus
internal/planner: Don't plan superfluous Equal/NotEqualStmts (#6386) authored by @srenatus

Topdown and Rego

ast: Allowing packages to be declared within the dynamic extent of a rule (#6387) authored by @johanfylling
ast: Disallow root document shadowing in leading term of rule refs (#6291) authored by @johanfylling
topdown: Add a new builtin function strings.render_template to render templated strings (#6371) authored by @RDVasavada
topdown/crypto: Add URIStrings field to JSON certs (#6416) authored by @charlieegan3 reported by @kenjenkins
ast: change ident token string (#6435) authored by @tsandall

Miscellaneous

chore: Fix IDE warnings and remove usage of several deprecated fields. (#6397) authored by @willbeason
chore: Disable verbose output in wasm-sdk-e2e-test (#6434) authored by @tsandall
deps: group otel deps (#6407) authored by @srenatus
test: add environment variable tests (#6420) authored by @robhafner
Docs & Website:
docs: Add dependency-management-data to the Ecosystem (#6436) authored by @jamietanna
docs: Add docs for dynamic_metadata feature in opa-envoy-plugin (#6389) authored by @tjons
docs: Fixed XACML Policy in documentation (Comparing to Other Systems) to be XACML 3.0 compliant (#6438) authored by @cdanger
docs: Update docs on rego.v1 / OPA 1.0 (#6365) authored by @anderseknert
docs: Update spinnaker integration (#6414) authored by @charlieegan3
docs: Add legitify to ecosystem (#6369) authored by @charlieegan3
docs: add cheat sheet link (#6362) authored by @charlieegan3
docs: add newstack blog to regal (#6372) authored by @charlieegan3
docs: Disk storage broken link (#6425) authored by @francoisauclair911
docs: Update istio envoy tutorial to use AuthorizationPolicy (#6426) authored by @tjons
Dependency updates; notably:
golang from 1.21.3 to 1.21.4
OpenTelemetry (contrib) 1.21.0/0.46.1

Security

Security wording was detected, but no CVEs were found.

Details

date

Nov. 30, 2023, 3:49 p.m.

name

v0.59.0

type

Minor

official page

https://github.com/open-policy-agent/opa/releases/tag/v0.59.0

👇

🔍View and search all Open Policy Agent releases.
🛠️Create and share lists to track your tools.
🚨Setup notifications for major, security, feature or patch updates.
🚀Much more coming soon!

Continue with GitHub

Continue with Google

Username

Password

Password (again)

leave this field blank to prove your humanity