| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: opa | Distribution: openSUSE Tumbleweed |
| Version: 1.6.0 | Vendor: openSUSE |
| Release: 1.1 | Build date: Mon Jun 30 18:15:08 2025 |
| Group: Unspecified | Build host: reproducible |
| Size: 33257755 | Source RPM: opa-1.6.0-1.1.src.rpm |
| Packager: http://bugs.opensuse.org | |
| Url: https://github.com/open-policy-agent/opa | |
| Summary: Open source, general-purpose policy engine | |
Open Policy Agent (OPA) is an open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack. OPA is proud to be a graduated project in the Cloud Native Computing Foundation (CNCF) landscape.
Apache-2.0
* Mon Jun 30 2025 Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 1.6.0:
* This release contains a mix of new features, performance
improvements, and bugfixes. Notably:
- Improvements to the OPA website and documentation
- Allowing keywords in Rego references
- Parallel test execution
- Faster built-in function execution
* Allowing keywords in Rego references (#7709)
Previously, Rego references could not contain terms that
conflict with Rego keywords such as package, if, else, not,
etc. in certain constructs:
package example
allow if {
input.package.source # not allowed (before v1.6.0)
input["package"].destination # allowed
}
The constraints for valid Rego references have been relaxed to
allow keywords.
The above example is now valid and will no longer cause a
compilation error.
* Parallel Test Execution (#7442)
By default, OPA will now run tests in parallel (defaulting to
one parallel execution thread per available CPU core),
significantly speeding up test execution time for large test
suites.
The performance boost is closely tied to the number of tests in
your project and your selected parallelism level. For larger
projects and default settings, 2-3x performance gains have been
measured on a MacBook Pro.
Parallelism can be disabled to run tests sequentially by
setting the --parallel flag to 1. E.g. opa test . --parallel=1.
* Faster Builtin Function Evaluation
The builtin context, an internal construct of OPA's evaluation
engine, was previously provided to every builtin function.
As it turns out, only very few of them actually need it, for
caching, cancellation, or lookups.
Those builtins are still provided with a builtin context, but
for calls to all other builtins, we save the memory required by
it.
The impact is tremendous: Even though the size of a single
builtin context is only about 270 bytes, in an example
application (Regal), this change brings about 360 MB of reduced
memory usage!
* Runtime, Tooling, SDK
- cmd/check: opa check --bundle report virtual/base doc
conflicts (#7701) authored by @anderseknert
- When opa check is used with the --bundle flag, an error will
be reported if the provided json/yaml data has a conflicting
overlap with the virtual documents generated by Rego rules.
Such conflicts are ambiguous and can lead to unexpected
evaluation results, and should be resolved.
- cmd/inspect: Fixing missing annotations location in opa
inspect with JSON format (#7459) authored by @johanfylling
reported by @mostealth
- cmd/parse: Expose --v0-compatible flag (#7668) authored by
@tsandall
- cmd/refactor: Fix src:dst parsing to deal with colons (#7648)
authored by @tsandall
- metrics: Fix restartable timer bug. (#7669) authored by
@philipaconrad
- metrics: Prealloc maps + add benchmark (#7664) authored by
@philipaconrad
- oracle: Add support for some and every (#7716) authored by
@charlieegan3
- oracle: Support object refs in FindDefinition (#7711)
authored by @charlieegan3
- plugin/decision: Check if event is too large after
compression (#7526) authored by @sspaink
- runtime,server: Replace gorilla/mux dependency with
http.ServeMux (#7676) authored by @anderseknert
- Note: This is a potentially breaking change for go API users
directly interfacing with the OPA server's routing.
- server: Fix deferred metrics timers. (#7671) authored by
@philipaconrad
- server: Fix query url when opa is served not from root path
(#7644) authored by @olegKoshmeliuk
- Note: This is only applicable for the web UI hosted by OPA on
its root path (/) and OPA is served at some other path than
root.
* Compiler, Topdown and Rego
- ast: Ensure surplus leading zeros always error (#7726)
authored by @charlieegan3
- Note: Primitive Rego number values with leading zeros (e.g.
0123) are now considered invalid at time of parsing and will
generate an error. If you're impacted by this change, please
update your policies to not have numbers with leading zeros.
E.g. 0123 should be changed to 123.
- ast: Fixing type-checker schema cache race condition for
inlined schemas (#7679, 7571) authored by @johanfylling
reported by @daniel-petrov-gig
- perf: Improve performance when referencing "global" in loop
(#7654) authored by @anderseknert
- topdown: Fix issue where path in walk would get mutated
(#7656) authored by @anderseknert reported by
@robmyersrobmyers
- topdown/http: Lenient application/json Content-Type header
(#6684) authored by @sspaink reported by @mrvanes
* Docs, Website, Ecosystem
- api: Expand docs for RegisterBuiltin — no thread-safety
(#7667) authored by @anderseknert reported by
@parth-mehta-989
- docs: Added a search function for the builtins section of
policy-reference (#7704) authored by @sky3n3t
- docs: Add another OR note in AND section (#7706) authored by
@charlieegan3
- docs: Add basic docs covering CI/CD use case (#7703) authored
by @charlieegan3
- docs: Add current ecosystem contribution docs (#7678)
authored by @charlieegan3
- docs: Add EvergreenCodeBlock for code with version (#7706)
authored by @charlieegan3
- docs: Add feedback form for user reported issues (#7662)
authored by @charlieegan3
- docs: Address broken links (#7661) authored by @charlieegan3
- docs: Archive explain that only latest patch is shown (#7682)
authored by @charlieegan3
- docs: Fix bug where the search match respects case (#7713)
authored by @sky3n3t
- docs: Hide feedback pop-up forever if dismissed (#7674)
authored by @charlieegan3
- docs: Improve bundle structure documentation (#7683) authored
by @charlieegan3
- docs: Improve explanations for initial examples (#7677)
authored by @charlieegan3
- docs: Install/Download Instruction Update (#7687) authored by
@charlieegan3
- docs: Move code example data inside the PlaygroundComponent
(#7724) authored by @sky3n3t
- docs: policy-reference, update sig algs formatting (#7685)
authored by @charlieegan3
- docs: Redirect old admission control link (#7730) authored by
@charlieegan3
- docs: Refactored Networking Reference docs (#7686) authored
by @sky3n3t
- docs: Revise sidebar order and layout (#7731) authored by
@charlieegan3
- docs: Reworked existing policy examples to use
PlaygroundExample (#7690) authored by @sky3n3t
- docs: Show a feedback popup on the docs site (#7663) authored
by @charlieegan3
- docs: Show edge rather than latest release (#7717) authored
by @charlieegan3
- docs: Show TOC on CLI page (#7712) authored by @charlieegan3
- docs: Update colors for feedback form in dark mode (#7691)
authored by @charlieegan3
- docs: Update policy-ref allowing anchor linking (#7675)
authored by @charlieegan3
- docs: Update rego in deployment examples (#7707) authored by
@charlieegan3
- docs: Update sidebar (#7723) authored by @charlieegan3
* Miscellaneous
- build: Better detection of go changes (#7696) authored by
@charlieegan3
- build: Bump golang 1.24.3 -> 1.24.4 (#7672) authored by
@srenatus
- Adding Clarification to merge instructions when cutting a
patch release (#7660) authored by @johanfylling
- build: Make summary failure source clearer (#7697) authored
by @charlieegan3
- build: Skip jobs for non docs changes (#7688) authored by
@charlieegan3
- deps: Use google.golang.org/protobuf (#7655) authored by
@sspaink
- perf: Simplify interning (#7714) authored by @anderseknert
- perf: Only pass built-in context to calls depending on it
(#7728) authored by @anderseknert
- perf: Improve built-in concat performance (#7702) authored by
@anderseknert
- perf: More efficient data/v1 POST handler (#7673) authored by
@anderseknert
- test: Fix flaky TestRaisingHTTPClientQueryError (#7698)
authored by @sspaink
- test: Fix flaky topdown query cache tests (#7590) authored by
@sspaink
- Dependency updates; notably:
- build(deps): Bump gqlparser from v2.5.27 to v2.5.28 (#7699)
authored by @robmyersrobmyers
- build(deps): bump github.com/go-logr/logr from 1.4.2 to
1.4.3
- build(deps): bump github.com/vektah/gqlparser/v2 from
2.5.26 to 2.5.27
- build(deps): bump golang.org/x/net from 0.39.0 to 0.40.0
- build(deps): bump google.golang.org/grpc from 1.72.0 to
1.72.2
- build(deps): bump oras.land/oras-go/v2 from 2.5.0 to 2.6.0
- build(deps): bump go.opentelemetry.io deps to 1.36.0/0.61.0
* Mon Jun 30 2025 Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 1.5.1:
* Fix issue where path in `walk` would get mutated (#7657)
* Mon Jun 30 2025 Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 1.5.0:
* This release contains a mix of new features, performance
improvements, and bugfixes. Among others:
- Support for AWS SSO credentials provider
- Support for signing client assertions with Azure Keyvault
- Faster object.get, walk and builtin-function evaluation
- Improved guardrails in the parser
- Improvements to decision logging
* Runtime, Tooling, SDK
- ast: Only use JSON-escaped literal when needed in ref to
string convertion (#7550) reported and authored by
@xubinzheng
- ast: Parser recursion depth guard (#7568) authored by
@thevilledev
- ast: Retaining SomeDecl Location field when compiler resolves
refs (#7543) authored by @johanfylling
- bundle: Setting default rego-version in bundle API (#7588)
authored by @johanfylling reported by @xubinzheng
- perf: Improved "baseline" metrics of opa bench for trivial
queries (#7580) authored by @anderseknert
- plugins/decision: Don't drop adaptive uncompressed size limit
on upload (#7562) authored by @sspaink
- plugins/decision: Set config boundaries to
upload_size_limit_bytes (#7563) (authored by @sspaink)
- plugins/rest: Add support for AWS SSO credentials provider
(#7527) authored by @efiShtain
- plugins/rest: Support signing of client assertions with Azure
Keyvault (#7462) reported and authored by @Od1nB
- plugins/status: Support graceful shutdown timeout (#7576)
authored by @sspaink
- rego: Don't generate JSON values for wildcard/generated keys
in result set (#7567) authored by @anderseknert
- runtime: Don't override user set version commit and timestamp
(#7471) reported by @kastl-ars authored by @sspaink
* Planner, Topdown and Rego
- planner: Deal with var-for-function replacement in indirect
calls (#5311) authored by @srenatus
- topdown: Faster object.get built-in function (#7593) authored
by @anderseknert
- topdown: Faster walk built-in function (#7612) authored by
@anderseknert
- topdown: Improved default rule value inlining ( (#1418)
authored by @johanfylling
- topdown: Improved GraphQL error handling (#7622) reported and
authored by @robmyersrobmyers
* Docs, Website, Ecosystem
- docs: Fix helm-kubernetes-quickstart bundle (#7606) reported
and authored by @nejec
- docs: Add Swift-OPA to the Ecosystem Page (#7610) authored by
@charlieegan3
- docs: Add Tutorial Redirects ([#7603]#7603) reported by
@nataraj24 authored by @charlieegan3
- Fix links in README (#7633) authored by @ffjlabo
* Miscellaneous
- github_actions: Adding monthly check for broken hyperlinks
(#7537) authored by @sspaink
- perf: Extended interning (#7636) authored by @anderseknert
- perf: Ref.String() shortcut on single var term ref (#7595)
authored by @anderseknert
- refactor: Don't return error from opaTest (#7560) authored by
@sspaink
- refactor: Remove internal/gqlparser and use upstream
dependency instead. (#7520) authored by @robmyersrobmyers
- test: Fix flaky TestContextErrorHandling (#7587) authored by
@sspaink
- Apply modernize linter fixes (#7599) authored by
@anderseknert
- Use any in place of interface{} (#7566) authored by
@anderseknert
- Dependency updates; notably:
- build: bump go from 1.24.0 to 1.24.3
- build(deps): bump containerd to v2.1.1 (#7627) authored by
@johanfylling reported by @robmyersrobmyers
- build(deps): bump github.com/fsnotify/fsnotify from 1.8.0
to 1.9.0
- build(deps): bump github.com/prometheus/client_golang from
1.21.1 to 1.22.0
- build(deps): bump github.com/prometheus/client_model from
0.6.1 to 0.6.2
- build(deps): bump golang.org/x/net from 0.38.0 to 0.39.0
- build(deps): bump google.golang.org/grpc from 1.71.1 to
1.72.0
* Mon Jun 30 2025 Johannes Kastl <opensuse_buildservice@ojkastl.de>
- update to 1.4.2 (1.4.1 was yanked):
This is a security fix release for the fixes published in Go
1.24.1 and 1.24.2
* build: bump go to 1.24.2 (#7544) (authored by @sspaink)
Addressing CVE-2025-22870 and CVE-2025-22871 vulnerabilities in
the Go runtime.
* Mon Jun 30 2025 Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 1.4.0:
This release contains a security fix addressing CVE-2025-46569.
It also includes a mix of new features, bugfixes, and dependency
updates.
* Security Fix: CVE-2025-46569 - OPA server Data API HTTP path
injection of Rego (GHSA-6m8w-jc87-6cr7)
A vulnerability in the OPA server's Data API allows an attacker
to craft the HTTP path in a way that injects Rego code into the
query that is evaluated.
The evaluation result cannot be made to return any other data
than what is generated by the requested path, but this path can
be misdirected, and the injected Rego code can be crafted to
make the query succeed or fail; opening up for oracle attacks
or, given the right circumstances, erroneous policy decision
results.
Furthermore, the injected code can be crafted to be
computationally expensive, resulting in a Denial Of Service
(DoS) attack.
Users are only impacted if all of the following apply:
- OPA is deployed as a standalone server (rather than being
used as a Go library)
- The OPA server is exposed outside of the local host in an
untrusted environment.
- The configured authorization policy does not do exact
matching of the input.path attribute when deciding if the
request should be allowed.
or, if all of the following apply:
- OPA is deployed as a standalone server.
- The service connecting to OPA allows 3rd parties to insert
unsanitised text into the path of the HTTP request to OPA’s
Data API.
Note: With no Authorization Policy configured for restricting API
access (the default configuration), the RESTful Data API provides
access for managing Rego policies; and the RESTful Query API
facilitates advanced queries.
Full access to these APIs provides both simpler, and broader
access than what the security issue describes here can
facilitate.
As such, OPA servers exposed to a network are not considered
affected by the attack described here if they are knowingly not
restricting access through an Authorization Policy.
This issue affects all versions of OPA prior to 1.4.0.
See the Security Advisory for more details.
https://github.com/open-policy-agent/opa/security/advisories/GHSA-6m8w-jc87-6cr7
* Runtime, Tooling, SDK
- ast: Adding rego_v1 feature to --v0-compatible capabilities
(#7474) authored by @johanfylling
- executable: Add version and icon to OPA windows executable
(#3171) authored by @sspaink reported by @christophwille
- format: Don't panic on format due to unexpected comments
(#6330) authored by @sspaink reported by @sirpi
- format: Avoid modifying strings when formatting (#6220)
authored by @sspaink reported by @zregvart
- plugins/status: FIFO buffer channel for status events to
prevent slow status API blocking (#7522) authored by @sspaink
* Topdown and Rego
- gqlparser: Add JSON annotation in internal/gqlparser/ast to
Position fields (#7509) authored by @robmyersrobmyers
- graphql: Cache GraphQL schema parse results (#7457) authored
by @robmyersrobmyers
- topdown: Handling default functions in Partial Eval (#7220)
authored by @johanfylling
- topdown: Fix wall clock time init for PartialRun() (#7490)
authored by @srenatus
- topdown: Zero alloc lower/upper unless changed (#7472)
authored by @anderseknert
* Docs, Website, Ecosystem
- adopters: Cloudsmith adds support for OPA (#7498) authored by
@ndouglas-cloudsmith
- docs: Fixed broken docs link (#7452) reported and authored by
@fvarg00
- docs: Update built-in function examples for OPA v1 (#7514)
reported and authored by @robmyersrobmyers
- docs: Add link to inline schema annotations (#7496) authored
by @kmadan
- docs: Add manual trigger to integration docs (#7473) authored
by @charlieegan3
- docs: Point path versioned requests to new sites (#7531)
authored by @charlieegan3
- docs: Update community slack inviter link (#7488, #7493)
authored by @charlieegan3
- docs: Set versioned docs links to point to archive (#7528)
authored by @charlieegan3
- docs: Update helm-kubernetes-quickstart bundle (#7469)
authored by @johanfylling
- docs: Update opa-docker-authz example to use ghcr and v0.10
release tag (#7513) authored by @larhauga
- docs: Fix post merge badge (#7532) authored by @sspaink
- docs: Improve request headers documentation in REST APIs
(#7524) authored by @ali-jalaal
- docs: Update edge links to use /docs/edge/ path (#7529)
authored by @charlieegan3
- ecosystem: Add NACP integration (#7503) authored by
@charlieegan3
- ecosystem: Update traefik integration docs (#7506) authored
by @charlieegan3
- ecosystem: Add Principled Evolution integration (#7495)
authored by @kmadan
- ecosystem: Add tavo to ecosystem integration (#7511) authored
by @percyding-tavo
* Miscellaneous
- Dependency updates; notably:
- build(deps): bump github.com/hypermodeinc/badger from
v4.6.0 to v4.7.0
- build(deps): bump github.com/spf13/viper from 1.18.2 to
1.20.1
- build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0
- build(deps): bump google.golang.org/grpc from 1.71.0 to
1.71.1
- build(deps): bump oras.land/oras-go/v2 from 2.3.1 to 2.5.0
* Fri Mar 28 2025 Johannes Kastl <opensuse_buildservice@ojkastl.de>
- new package opa: Open Policy Agent (OPA) is an open source,
general-purpose policy engine
/usr/bin/opa /usr/share/doc/packages/opa /usr/share/doc/packages/opa/README.md /usr/share/licenses/opa /usr/share/licenses/opa/LICENSE
Generated by rpm2html 1.8.1
Fabrice Bellet, Mon Jul 7 00:53:04 2025