Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integrate patch release v0.43.1 #5108

Merged
merged 1 commit into from Sep 7, 2022
Merged

Integrate patch release v0.43.1 #5108

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
16 changes: 16 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Expand Up @@ -5,6 +5,22 @@ project adheres to [Semantic Versioning](http://semver.org/).

## Unreleased

## 0.43.1

This is a security release fixing the following vulnerabilities:

- CVE-2022-36085: Respect unsafeBuiltinMap for 'with' replacements in the compiler

See https://github.com/open-policy-agent/opa/security/advisories/GHSA-f524-rf33-2jjr for all details.

- CVE-2022-27664 and CVE-2022-32190.

Fixed by updating the Go version used in our builds to 1.18.6,
see https://groups.google.com/g/golang-announce/c/x49AQzIVX-s.
Note that CVE-2022-32190 is most likely not relevant for OPA's usage of net/url.
But since these CVEs tend to come up in security assessment tooling regardless,
it's better to get it out of the way.

## 0.43.0

This release contains a number of fixes, enhancements, and performance improvements.
Expand Down