6c652d9a11
Changes: v0.62.1 ------- This is a security fix release for the fixes published in Go 1.22.1. OPA servers using `--authentication=tls` would be affected: crafted malicious client certificates could cause a panic in the server. Also, crafted server certificates could panic OPA's HTTP clients, in bundle plugin, status and decision logs; and `http.send` calls that verify TLS. This is CVE-2024-24783. Note that there are other security fixes in this Golang release, but whether or not OPA is affected is harder to assess. An update is advised. v0.62.0 ------- This release contains a mix of improvements and bugfixes. |
||
---|---|---|
.. | ||
DESCR | ||
Makefile | ||
PLIST | ||
distinfo | ||
go-modules.mk |