Releases: open-policy-agent/opa-envoy-plugin
Releases · open-policy-agent/opa-envoy-plugin
v1.15.2-envoy
What's Changed
- build(deps): bump github.com/open-policy-agent/opa from 1.15.1 to 1.15.2 by @dependabot[bot] in #831
- build(deps): bump google.golang.org/grpc from 1.79.3 to 1.80.0 by @dependabot[bot] in #828
- build(deps): bump the go-opentelemetry-io group with 3 updates by @dependabot[bot] in #829
- build(deps): bump the go-opentelemetry-io group with 3 updates by @dependabot[bot] in #830
Full Changelog: v1.15.1-envoy...v1.15.2-envoy
Contributors
dependabot
Assets 8
v1.15.1-envoy
What's Changed
- build(deps): bump github.com/open-policy-agent/opa from 1.15.0 to 1.15.1 by @dependabot[bot] in #827
Full Changelog: v1.15.0-envoy...1.15.1-envoy
Contributors
dependabot
Assets 8
v1.15.0-envoy
What's Changed
- fix: use x-envoy-auth-partial-body header by @thevilledev in #809
- build(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.2 by @dependabot[bot] in #819
- build(deps): bump google.golang.org/grpc from 1.79.2 to 1.79.3 by @dependabot[bot] in #824
- build(deps): bump golang.org/x/tools from 0.42.0 to 0.43.0 by @dependabot[bot] in #823
- build(deps): bump the go-opentelemetry-io group with 6 updates by @dependabot[bot] in #820
- build(deps): bump docker/setup-buildx-action from 3 to 4 by @dependabot[bot] in #818
- build(deps): bump google.golang.org/grpc from 1.56.3 to 1.79.3 in /examples/grpc/testsrv by @dependabot[bot] in #825
- build(deps): bump github.com/open-policy-agent/opa from 1.14.1 to 1.15.0 by @dependabot[bot] in #826
Full Changelog: v1.14.1-envoy...v1.15.0-envoy
Contributors
thevilledev and dependabot
Assets 8
v1.14.1-envoy
See the OPA v1.14.1 release notes.
v1.14.0-envoy
What's Changed
- bump to golangci-lint v2.9 by @sspaink in #816
- build(deps): bump github.com/open-policy-agent/opa from 1.13.2 to 1.14.0 by @dependabot[bot] in #815
Full Changelog: v1.13.2-envoy-2...v1.14.0-envoy
Contributors
sspaink and dependabot
Assets 8
v1.13.2-envoy-2
input.parsed_field Security Vulnerability Fixed (GHSA-9f29-v6mm-pw6w)
This release contains a security fix for a security vulnerability in how the input.parsed_path field is constructed. HTTP request paths are treated as full URIs when parsed; interpreting leading path segments prefixed with double slashes (//) as authority components, and therefore dropping them from the parsed path. This creates a path interpretation mismatch between authorization policies and backend servers, enabling attackers to bypass access controls by crafting requests where the authorization filter evaluates a different path than the one ultimately served.
Please see the Security Advisory for more information.
Authored by @thevilledev
What's Changed
- fix:
input.parsed_fieldSecurity Vulnerability by @thevilledev in 58c44d4e - fix: update Envoy and Rego config in quickstart by @thevilledev in #807
- docs(readme): add note about repository size by @thevilledev in #808
- build: bump go 1.25.5 -> 1.25.7 by @johanfylling in #814
Resolving vulnerability: GO-2026-4337. - build(deps): bump the go-opentelemetry-io group with 6 updates by @dependabot[bot] in #805
- build(deps): bump golang.org/x/tools from 0.41.0 to 0.42.0 by @dependabot[bot] in #810
- build(deps): bump google.golang.org/grpc from 1.78.0 to 1.79.1 by @dependabot[bot] in #811
- build(deps): bump github.com/envoyproxy/go-control-plane/envoy from 1.36.0 to 1.37.0 by @dependabot[bot] in #812
- build(deps): bump github.com/open-policy-agent/opa from 1.13.1 to 1.13.2 by @dependabot[bot] in #813
New Contributors
- @thevilledev made their first contribution in #808
Full Changelog: v1.13.1-envoy...v1.13.2-envoy-2
Contributors
thevilledev, johanfylling, and dependabot
Assets 8
v1.13.1-envoy
What's Changed
- build(deps): bump github.com/open-policy-agent/opa from 1.13.0 to 1.13.1 by @dependabot[bot] in #804
Contributors
dependabot
Assets 8
v1.13.0-envoy
What's Changed
- build(deps): bump golang.org/x/tools from 0.40.0 to 0.41.0 by @dependabot[bot] in #801
- build(deps): bump github.com/open-policy-agent/opa from 1.12.2 to 1.12.3 by @dependabot[bot] in #802
- build(deps): bump github.com/open-policy-agent/opa from 1.12.3 to 1.13.0 by @dependabot[bot] in #803
Contributors
dependabot
Assets 8
v1.12.2-envoy
What's Changed
- build(deps): bump google.golang.org/grpc from 1.77.0 to 1.78.0 by @dependabot[bot] in #798
- build: bump golang 1.25.4 -> 1.25.5 by @srenatus in #799
- build(deps): bump github.com/open-policy-agent/opa from 1.12.1 to 1.12.2 by @dependabot[bot] in #800
Contributors
srenatus and dependabot
Assets 8
v1.12.1-envoy
What's Changed
- build(deps): bump github.com/open-policy-agent/opa from 1.12.0 to 1.12.1 by @dependabot[bot] in #796
Contributors
dependabot