Prepare v0.46.2 release

Signed-off-by: Stephan Renatus <stephan.renatus@gmail.com>
open-policy-agent · Dec 7, 2022 · 87485d5 · 87485d5
1 parent a036511
commit 87485d5
Show file tree

Hide file tree

Showing 4 changed files with 4,566 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,6 +3,33 @@
 All notable changes to this project will be documented in this file. This
 project adheres to [Semantic Versioning](http://semver.org/).
 
+## 0.46.2
+
+This is a bug fix release addressing two issues: one security issue, and one bug
+related to formatting backwards-compatibility.
+
+### Golang security fix CVE-2022-41717
+
+> An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests.
+
+Since we advise against running an OPA service exposed to the general public of the
+internet, potential attackers would be limited to people that are already capable of
+sending direct requests to the OPA service.
+
+### `opa fmt` and backwards compatibility ([#5449](https://github.com/open-policy-agent/opa/issues/5449))
+
+In v0.46.1, it was possible that `opa fmt` would format a rule in such a way that:
+
+1. Before formatting, it was working fine with older OPA versions, and
+2. after formatting, it would only work with OPA version >= 0.46.1.
+
+This backwards incompatibility wasn't intended, and has now been fixed.
+
+### Misc
+
+Two other commits had to be pulled in to fix the build. They are CI-related and contain no code
+changes.
+
 ## 0.46.1
 
 This is  bugfix release to resolve an issue in the release pipeline. Everything else is