Skip to content

v1.5.8
Compare
Choose a tag to compare
@jpadilla jpadilla released this 08 Aug 11:42
· 316 commits to main since this release
v1.5.8
496c72d
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Advisory

⚠️ WARNING ⚠️: OpenFGA v1.5.7 and v1.5.8 have an open security advisory for the Check API, please consider staying with v1.5.6 until the next release which will patch this vulnerability

Added

  • Performance improvements for Check API:
    • introduce an optimization when the input request relation is pointing to a computed relation #1793
    • batch calls that compute membership checks and start processing them earlier #1804
  • Logging number of cache hits for each subproblem of each authorization model for Check API calls. Enabled with the OPENFGA_CHECK_TRACKER_ENABLED flag. #1785
  • Aliases for issuers and subject validation in OIDC AuthN mode using OPENFGA_AUTHN_OIDC_ISSUER_ALIASES and OPENFGA_AUTHN_OIDC_SUBJECTS respectively #1784 Thanks @Code2Life!
  • Dispatch Throttling for our ListUsers API. This can be enabled using OPENFGA_LIST_USERS_DISPATCH_THROTTLING_ENABLED and the env variables below. #1658
    • OPENFGA_LIST_USERS_DISPATCH_THROTTLING_THRESHOLD - The number of dispatches allowed before throttling is triggered
    • OPENFGA_LIST_USERS_DISPATCH_THROTTLING_MAX_THRESHOLD - The maximum number of dispatches allowed before the request is rejected
    • OPENFGA_LIST_USERS_DISPATCH_THROTTLING_FREQUENCY - The frequency at which the deprioritized throttling queue is processed
  • Support sending contextual tuples in the Write Assertions API. #1821

Fixed

  • address "expected exactly one terminal relation for fast path, received {num}" error during Check for models with type restrictions with and without a condition or with multiple conditions. #1814

Contributors

Code2Life
Assets 22
Loading