Skip to content

v1.18.1
Compare
Choose a tag to compare
@styra-bot styra-bot released this 06 Mar 11:37
· 37 commits to main since this release
v1.18.1
bdbb6e9
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

OPA v0.62.1
Regal v0.17.0

This is a security fix release for the fixes published in Go 1.22.1.

Enterprise OPA servers using --authentication=tls would be affected: crafted malicious client
certificates could cause a panic in the server.

Also, crafted server certificates could panic EOPA's HTTP clients, in bundle plugin,
status and decision logs; and http.send calls that verify TLS.

This is CVE-2024-24783 (https://pkg.go.dev/vuln/GO-2024-2598).

Note that there are other security fixes in this Golang release, but whether or not
EOPA is affected is not as obvious. An update is advised.

As far as features go, v1.18.1 is the same code as v1.18.0.

Assets 8
Loading