build: update openpolicyagent/opa docker tag to v0.62.1 (!533) · Merge requests · Common Ground / NLX / FSC NLX

Common Ground Bot requested to merge renovate/openpolicyagent-opa-0.x into main Mar 07, 2024

This MR contains the following updates:

Package	Type	Update	Change
openpolicyagent/opa	final	patch	`0.62.0-static` -> `0.62.1-static`

Release Notes

open-policy-agent/opa (openpolicyagent/opa)

`v0.62.1`

Compare Source

This is a security fix release for the fixes published in Golang 1.22.1.

OPA servers using --authentication=tls would be affected: crafted malicious client certificates could cause a panic in the server.

Also, crafted server certificates could panic OPA's HTTP clients, in bundle plugin, status and decision logs; and http.send calls that verify TLS.

This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.

This is CVE-2024-24783 (https://pkg.go.dev/vuln/GO-2024-2598).

Note that there are other security fixes in this Golang release, but whether or not OPA is affected is harder to tell. An update is advised.

Miscellaneous

Add Trino to OPA ecosystem (authored by @mosabua)
update: ADOPTERS.md (#6608) (authored by @fredmaggiowski)

Configuration

📅 Schedule: Branch creation - "after 10pm every weekday,before 5am every weekday,every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

build: update openpolicyagent/opa docker tag to v0.62.1

Release Notes

v0.62.1

Miscellaneous

Configuration

Merge request reports

`v0.62.1`