OpenFGA
v1.12.1Securityv1.12.1 is a focused maintenance release fixing OTLP endpoint URI parsing and improving ListObjects pipeline internals with Go native channels.
breakingOTLP https:// scheme now forces TLS regardless of your config flag
If you set OTEL_EXPORTER_OTLP_ENDPOINT with an https:// scheme, TLS will be enabled even if trace.otlp.tls.enabled is false. Audit your observability configs before upgrading — any environment using https:// endpoints with TLS explicitly disabled will now have TLS enabled. This is almost certainly the correct behavior, but verify your collector setup accepts TLS connections.
enhancementOTLP endpoint URIs with schemes finally work — clean up your workarounds
Previously, passing a full URI like http://host:4317 to OTEL_EXPORTER_OTLP_ENDPOINT would break because the scheme wasn't stripped before reaching the gRPC exporter. If you've been working around this by omitting the scheme, you can now use standard URI formats. Update your deployment configs and remove any manual scheme-stripping logic.
enhancementListObjects performance improvement — no action needed, just upgrade
Replacing the custom Pipe implementation with Go native channels reduces internal complexity and can improve throughput for ListObjects calls under concurrent load. No API changes, no config changes needed. The tuple validation refactor compounds this. If you're running OpenFGA at scale with heavy ListObjects usage, this patch is worth taking.
主な変更 (4)
- ListObjects pipeline now uses Go native channels instead of a custom Pipe implementation — cleaner concurrency, better debuggability
- Tuple validation and manipulation functions refactored for better performance under load
- grpc-go bumped to v1.79.3 and grpc-health-probe to v0.4.47 — dependency hygiene
- OTEL_EXPORTER_OTLP_ENDPOINT now correctly handles URIs with schemes like http:// or https://, stripping the scheme before passing to gRPC exporter