Update openpolicyagent/opa Docker tag to v0.62.1
This MR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
openpolicyagent/opa | minor |
0.61.0 -> 0.62.1
|
|
openpolicyagent/opa | ironbank-docker | minor |
0.61.0-static -> 0.62.1-static
|
openpolicyagent/opa | stage | minor |
0.61.0-static -> 0.62.1-static
|
Release Notes
open-policy-agent/opa (openpolicyagent/opa)
v0.62.1
This is a security fix release for the fixes published in Golang 1.22.1.
OPA servers using --authentication=tls
would be affected: crafted malicious client
certificates could cause a panic in the server.
Also, crafted server certificates could panic OPA's HTTP clients, in bundle plugin,
status and decision logs; and http.send
calls that verify TLS.
This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.
This is CVE-2024-24783 (https://pkg.go.dev/vuln/GO-2024-2598).
Note that there are other security fixes in this Golang release, but whether or not OPA is affected is harder to tell. An update is advised.
Miscellaneous
- Add Trino to OPA ecosystem (authored by @mosabua)
- update: ADOPTERS.md (#6608) (authored by @fredmaggiowski)
v0.62.0
NOTES:
- The minimum version of Go required to build the OPA module is 1.20
This release contains a mix of improvements and bugfixes.
Runtime, Tooling, SDK
- cmd: Add environment variable backups for command-line flags (#6508) authored by @colinjlacy
- download/oci: Add missing
WithBundleParserOpts
method to OCI downloader (#6571) authored by @slonka - logging: avoid
%!F(MISSING)
in logs by skipping calls to the{Debug,Info,Warn,Error}f
functions when there are no arguments (#6555) authored by @srenatus
Topdown and Rego
- ast+cmd: Allow bundle to contain calls to unknown Rego functions when inspected (#6591) authored by @johanfylling
- topdown/http: Respect
raise_error
flag during input validation (#6553) authored by @ashutosh-narkar
Docs + Website + Ecosystem
- Add OpaDotNet to ecosystem projects (#6554) authored by @me-viper
- Add updated logos for Permit.io and OPAL (#6562) authored by @danielbass37
- docs: Update description of the url path usage when accessing values inside object and array documents for v1/data GET and POST (#6567) authored by @ashutosh-narkar
- docs: Use
application/yaml
instead ofapplication/x-yaml
as the former is now a recognized content type (#6565) authored by @anderseknert
Miscellaneous
- Add Elastic to ADOPTERS.md (#6568) authored by @orouz
- Dependency updates; notably:
- bump golang 1.21.5 -> 1.22 (#6595) authored by @srenatus
- bump google.golang.org/grpc from 1.61.0 to 1.62.0
- bump golang.org/x/net from 0.19.0 to 0.21.0
- bump github.com/containerd/containerd from 1.7.12 to 1.7.13
- bump aquasecurity/trivy-action from 0.16.1 to 0.17.0
- bump github.com/prometheus/client_golang from 1.18.0 to 1.19.0
- bump github.com/opencontainers/image-spec from 1.1.0-rc5 to 1.1.0-rc6
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.