OpenFGA
v1.15.0Securityv1.15.0 brings latency improvements for complex authorization models via edge pruning, fixes a cache bug in the experimental weighted graph checker, and patches Go stdlib CVEs by upgrading to Go 1.26.2.
securityUpdate immediately to patch Go stdlib vulnerabilities
This release ships Go 1.26.2, which addresses vulnerabilities in the Go standard library. If you run OpenFGA as a managed binary or container, pull the new image now. If you build from source, ensure your toolchain matches. Don't wait on this — stdlib vulns can affect TLS, HTTP parsing, and crypto paths that OpenFGA relies on.
enhancementRe-benchmark list objects performance on complex models
Edge pruning in the list objects pipeline cuts unnecessary graph traversal. If your authorization model has deep or wide relationship graphs, you should see reduced p99 latency on ListObjects calls. Run your existing load tests against v1.15.0 and compare — this is a free win that requires no config changes.
enhancementRe-evaluate weighted_graph_check cache behavior if you hit cold-start issues
The experimental weighted_graph_check feature was silently skipping its cache on cold start or when the cache controller was disabled, which could explain unexpected latency spikes early in pod lifecycle. The fix aligns behavior with the documented contract: zero invalidation time means use the cache. If you're using this experimental feature, test it again — behavior will differ from what you may have measured before.
Key changes (3)
- Edge pruning added to list objects pipeline — measurable latency reduction for large, complex authorization models
- Fixed weighted_graph_check cache being incorrectly bypassed when cache controller returns zero invalidation time (cold start or disabled state)
- Go toolchain bumped to 1.26.2 to address Go standard library security vulnerabilities