Open Policy Agent - v0.62.1
Security
This is a security fix release for the fixes published in Go 1.22.1.
OPA servers using --authentication=tls
would be affected: crafted malicious client certificates could cause a panic in the server.
Also, crafted server certificates could panic OPA's HTTP clients, in bundle plugin, status and decision logs; and http.send
calls that verify TLS.
This is CVE-2024-24783 (https://pkg.go.dev/vuln/GO-2024-2598).
Note that there are other security fixes in this Golang release, but whether or not OPA is affected is harder to assess. An update is advised.
Miscellaneous
- Add Trino to OPA ecosystem (authored by @mosabua)
- update: ADOPTERS.md (#6608) (authored by @fredmaggiowski)
Security
Details
date
March 6, 2024, 10:37 a.m.
name
v0.62.1
type
Patch
👇
Register or login to:
- 🔍View and search all Open Policy Agent releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!