Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prepare Release v0.46.2 #5453

Merged
merged 5 commits into from Dec 7, 2022
Merged

Prepare Release v0.46.2 #5453

merged 5 commits into from Dec 7, 2022

Conversation

srenatus
Copy link
Contributor

@srenatus srenatus commented Dec 7, 2022
edited

This is a bug fix release addressing two issues: one security issue, and one bug
related to formatting backwards-compatibility.

Golang security fix CVE-2022-41717

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests.

Since we advise against running an OPA service exposed to the general public of the
internet, potential attackers would be limited to people that are already capable of
sending direct requests to the OPA service.

opa fmt and backwards compatibility (#5449)

In v0.46.1, it was possible that opa fmt would format a rule in such a way that:

  1. Before formatting, it was working fine with older OPA versions, and
  2. after formatting, it would only work with OPA version >= 0.46.1.

This backwards incompatibility wasn't intended, and has now been fixed.

@srenatus
build: bump golang 1.19.3 -> 1.19.4 (open-policy-agent#5448)
7b70aa9 
Fixes CVE-2022-41717:

> net/http: limit canonical header cache by bytes, not entries

https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU

Signed-off-by: Stephan Renatus <stephan.renatus@gmail.com>
@srenatus
format: only use ref heads for all rule heads if necessary (open-poli…
be621c1 
…cy-agent#5450)

Before, we'd end up formatting

    ps["foo"] = "bar" { true }

as

    ps.foo = "bar" { true }

and older OPA version know how to parse the former, but not
the latter.

Fixes open-policy-agent#5449.

Also includes:
* format: pass internal options via struct; because adding a third (in some cases
   fifth) boolean argument just didn't seem right.

Signed-off-by: Stephan Renatus <stephan.renatus@gmail.com>
@netlify
Copy link

netlify bot commented Dec 7, 2022
edited

Deploy Preview for openpolicyagent ready!

Name Link
🔨 Latest commit 040c8e5
🔍 Latest deploy log https://app.netlify.com/sites/openpolicyagent/deploys/63908c6f0783c3000857875f
😎 Deploy Preview https://deploy-preview-5453--openpolicyagent.netlify.app/docs/edge
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site settings.

anderseknert
anderseknert previously approved these changes Dec 7, 2022
View reviewed changes
@srenatus
Copy link
Contributor Author

srenatus commented Dec 7, 2022

Funky stuff going on in the PR checks here 😓

@srenatus
build/policy: fix formatting
28f1556 
Signed-off-by: Stephan Renatus <stephan.renatus@gmail.com>
@srenatus
ci/pull-request: change action used for wasm filter (open-policy-agen…
682ef80 
…t#5365)

Fixing recent failures we've had with the other action.

Signed-off-by: Stephan Renatus <stephan.renatus@gmail.com>
@srenatus
Prepare v0.46.2 release
040c8e5 
Signed-off-by: Stephan Renatus <stephan.renatus@gmail.com>
@srenatus srenatus merged commit 87485d5 into open-policy-agent:release-0.46 Dec 7, 2022
@srenatus srenatus deleted the sr/release-0.46.2 branch December 7, 2022 13:04
charlieegan3
charlieegan3 reviewed Dec 7, 2022
View reviewed changes
Copy link
Contributor

@charlieegan3 charlieegan3 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not very familiar with format (yet!) but I can see that the fmtOpts comment and tests make sense to me. ✅ to the go version change too.

Looks good to me!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@charlieegan3 charlieegan3 charlieegan3 left review comments

@anderseknert anderseknert anderseknert left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@srenatus @anderseknert @charlieegan3