Skip to content

v0.62.1
Compare
Choose a tag to compare
@github-actions github-actions released this 06 Mar 10:37
· 82 commits to main since this release
v0.62.1
a4d77da
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

This is a security fix release for the fixes published in Go 1.22.1.

OPA servers using --authentication=tls would be affected: crafted malicious client certificates could cause a panic in the server.

Also, crafted server certificates could panic OPA's HTTP clients, in bundle plugin, status and decision logs; and http.send calls that verify TLS.

This is CVE-2024-24783 (https://pkg.go.dev/vuln/GO-2024-2598).

Note that there are other security fixes in this Golang release, but whether or not OPA is affected is harder to assess. An update is advised.

Miscellaneous

Contributors

mosabua and fredmaggiowski
Assets 14