Skip to content

Commit

Permalink
opa: Update to 0.44.0
Browse files Browse the repository at this point in the history 
Changes:
## 0.44.0

This release contains a number of fixes, two new builtins, a few new features,
and several performance improvements.

### Security Fixes

This release includes the security fixes present in the recent v0.43.1 release,
which mitigate CVE-2022-36085.

See the Release Notes for v0.43.1 for more details.

### Set Element Addition Optimization

Rego Set element addition operations did not scale linearly in the
past, and like the Object type before v0.43.0, experienced noticeable
reallocation/memory movement overheads once the Set grew past 120k-150k
elements in size.

This release introduces different handling of Set internals during element
addition operations to avoid pathological reallocation behavior, and allows
linear performance scaling up into the 500k key range and beyond.

### Set `union` Built-in Optimization

The Set `union` builtin allows applying the union operation to a set of sets.

However, as discovered in
<open-policy-agent/opa#4979>, its
implementation generated unnecessary intermediate copies, which
resulted in poor performance; in many cases, worse than writing the
equivalent operation in pure Rego.

This release improves the `union` builtin's implementation, such that
only the final result set is ever modified, reducing memory allocations
and GC pressure.  The `union` builtin is now about 15-30% faster than
the equivalent operation in pure Rego.

### New Built-in Functions: `strings.any_prefix_match` and `strings.any_suffix_match`

This release introduces two new builtins, optimized for bulk matching of string
prefixes and suffixes: `strings.any_prefix_match`, and
`strings.any_suffix_match`.
It works with sets and arrays of strings, allowing efficient matching of
collections of prefixes or suffixes against a target string.

See the built-in functions docs for all the details:

 <https://www.openpolicyagent.org/docs/v0.42.0/policy-reference/#builtin-strings-stringsany_prefix_match>


## 0.43.1

This is a security release fixing the following vulnerabilities:

- CVE-2022-36085: Respect unsafeBuiltinMap for 'with' replacements in the compiler

  See <GHSA-f524-rf33-2jjr>
  for all details.
  • Loading branch information
@iamleot
iamleot committed Sep 11, 2022
1 parent c4c9dd1 commit 9ff4505
Show file tree
Hide file tree
Showing 3 changed files with 107 additions and 4,892 deletions.
5 changes: 2 additions & 3 deletions devel/opa/Makefile
View file
@@ -1,7 +1,6 @@
# $NetBSD: Makefile,v 1.9 2022/09/07 09:32:28 bsiegert Exp $
# $NetBSD: Makefile,v 1.10 2022/09/11 20:48:12 leot Exp $

DISTNAME= opa-0.43.0
PKGREVISION= 2
DISTNAME= opa-0.44.0
CATEGORIES= devel
MASTER_SITES= ${MASTER_SITE_GITHUB:=open-policy-agent/}
GITHUB_TAG= v${PKGVERSION_NOREV}
Expand Down

0 comments on commit 9ff4505

Please sign in to comment.