This release uses the latest version of Go (1.26.4) to build OPA, fixing stdlib vulnerabilities in code that OPA's HTTP handler and crypto builtins use:
It is otherwise the same code as v1.17.0.
Note that users building their own OPA binaries and images already control the Golang version, so this is not relevant for them.
Miscellaneous
- build: bump go 1.26.3 -> 1.26.4 (authored by @srenatus)