Open Policy Agent (OPA)
v1.18.0Security2026年6月26日
v1.18.0 is a bugfix rollup with one operator-facing behavior change: the outbound User-Agent header is now hyphenated to conform to RFC 9110. The remaining changes are runtime improvements, formatter and coverage tool fixes, and a Go toolchain bump.
breakingUser-Agent header format changed (RFC 9110 conformance)
The outbound User-Agent header OPA sends on HTTP requests changed from 'Open Policy Agent/<version> (<os>, <arch>)' to 'Open-Policy-Agent/<version> (<os>, <arch>)' (hyphen added between 'Open' and 'Policy'). Any server-side log filters, WAF rules, or access policies that exact-match the old string must be updated after upgrading to v1.18.0.
主な変更 (7)
- User-Agent header now uses 'Open-Policy-Agent' (hyphenated) instead of 'Open Policy Agent'; exact-match log filters or WAF rules targeting the old string will break
- Container-aware resource limits restored and extended: automatic GOMAXPROCS support is back, and automatic GOMEMLIMIT is newly supported
- Multiple opa fmt correctness fixes: multiline single-entry iterables are preserved, and with-clauses dropped after comments are restored
- opa test --coverage improvements: ranges now included in the report, inline rule head tracking, and conjunction expression coverage added
- Fixed partial evaluation regression for future.keywords.not negation inside every blocks, and fixed variable namespacing in comprehensions nested inside every
- Performance: reduced allocations in object.get, removed a shortcut in topdown dst.Compare(src), and skipped strconv.ParseInt in the format_int base-10 fast path
- Go bumped from 1.26.3 to 1.26.4; various website and node dependencies also updated