Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release v0.43.1 #5101

Merged
merged 3 commits into from
Sep 7, 2022
Merged

Release v0.43.1 #5101

merged 3 commits into from
Sep 7, 2022

Conversation

srenatus
Copy link
Contributor

@srenatus srenatus commented Sep 7, 2022

Adding the information and code fixes for our CVE later today, as planned and announced.

@srenatus
build: bump golang: 1.18 -> 1.18.6
80eacdf 
Golang Announcement: https://groups.google.com/g/golang-announce/c/x49AQzIVX-s

Notably:
* CVE-2022-27664 and Go issue https://go.dev/issue/54658

Also adding 'opa version' output to the binary smoke tests for easier
verification here.

NOTE That this is not the same commit we've done on main: there, we went from
1.19 to 1.19.1 But since the step from 1.18 to 1.19 is more involved than we'd
like for a patch release, we make an extra step here.

Signed-off-by: Stephan Renatus <stephan.renatus@gmail.com>
@srenatus srenatus force-pushed the sr/release/0.43.1 branch 2 times, most recently from 87c9e91 to 92271ed Compare September 7, 2022 10:11
@philipaconrad
Copy link
Contributor

I ran some local backtests against this PR branch; no panics. This branch should be good to ship. 👍

@srenatus
ast/compile: respect unsafeBuiltinMap for 'with' replacements
b1d0b8a 
The changes are necessary for both the Compiler and the QueryCompiler. Tests
have been added to ensure that the code path through the rego package has also
been fixed.

Fixes CVE-2022-36085.

Signed-off-by: Stephan Renatus <stephan.renatus@gmail.com>
@srenatus
Release v0.43.1
06530c9 
Signed-off-by: Stephan Renatus <stephan.renatus@gmail.com>
@srenatus srenatus marked this pull request as ready for review September 7, 2022 17:54
@srenatus srenatus merged commit 196c92d into open-policy-agent:release-0.43 Sep 7, 2022
@srenatus srenatus deleted the sr/release/0.43.1 branch September 7, 2022 17:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@srenatus @philipaconrad