Release Notes for Self-Hosted Styra DAS
Self-Hosted Styra DAS 0.16.7 was released on March 31st, 2025.
Self-Hosted Environment Changes
Feature flags required by the new UI have been enabled
In preparation for the upcoming launch of the new UI, the Helm chart feature flag section includes the following changes:
LOG_REPLAY_V2_ENABLEDset totrue- enables the logreplay v2 API and instructs the UI to use the v2 APIDASHBOARD_ENHANCEMENTS_ENABLEDset totrue- enables the enhanced Workspace-level reporting dashboardLIMIT_DASHBOARD_ENHANCEMENTSset to["kubernetes:v2"]- enables the Kubernetes System-level enhanced reporting dashboardLIBRARY_EDITING_ENABLEDset totrue- enables editable Libraries with functionality matching Systems and Stacks, such as dependency analysis, unit tests, and impact analysisDATA_FILESset totrue- enables Git import ofdata.jsonfiles as well as the ability to managedata.jsonfiles in the new UI's policy editor, providing an additional option for including data for policy evaluation in policy bundles
The new UI may not function correctly if these feature flags are removed or disabled.
Added feature flags in disabled state for agentloader v2 and activity writer v2
In preparation of enabling the agentloader v2 and activity writer v2 features by default in a future release, the feature flags for these have been added to the Helm chart values in a disabled state:
AGENTLOADER_V2set tofalseACTIVITY_LOGS_USE_BUFFERED_OPTIONset tofalse
Set these to true in your Helm values to enable the new versions of these services.
New Features and Changes
New UI Additions
- Policy editor performance improvements.
- Show add file icon on package hover in policy editor.
- Added compliance violation charts to Systems and Stacks with compliance monitoring.
- Added Kubernetes system compliance dashboard.
- Added access to original decision during decision replay.
- Added option to download datasource contents.
- Added JSON parsing error indication to policy editor inputs and mocks.
- Modified behavior when switching between Systems, Stacks, and Libraries to navigate to the dashboard.
- Policy editor displays closest file or package that made a decision during decision replay.
- Persist decision log filters between sessions.
- System-level decision export option when Agentloader v2 is enabled.
- Policy builder includes a visual representation of policies.
- Hide non-relevant read-only and meta files from the policy builder view.
Upgraded to OPA v1.2.0
The internal version of OPA used by Styra DAS has been upgraded to OPA 1.2.0.
Beta release: Timeseries v2 writer
This DAS self-hosted release includes the option to use the new Timeseries v2 writer, which is responsible for tracking decision metrics and other metrics, including compliance violation and Kubernetes system node counts. The new architecture in the Timeseries v2 writer allows for better scaling, more efficient threading utilization, and fewer database interactions at high decision log volumes. It also adds additional error and service restart handling for more accurate decision counts. During the beta phase of the Timeseries v2 writer release, self-hosted customers can enable the Timeseries v2 writer by setting the TIMESERIES_V2 feature flag to true.
Policy editor auto-import specific keyword
To prevent accidental migration of a policy to Rego v1 syntax, the policy editor auto-import behavior has been changed to import the specific keyword added to the policy (e.g., in, every, etc.) rather than the rego.v1 import.
Agentloader v2 performance optimizations
Agentloader v2 has been updated with additional decision indexing performance optimizations, particularly with Elasticsearch bulk inserts and parallel operations. These values can be configured if the default values are not sufficient.
Fixed Issues
Systems API minimum_opa_version query parameter does not return expected results
On the Systems API, when the minimum_opa_version query parameter was set on the API call, the returned results did not reflect the set option.
WorkspaceViewer allowed to create user invitations
Changed the behavior to require a user to have the WorkspaceAdministrator role to invite a new user to a tenant.
Workspace monitoring tab errors
In the legacy UI, in some cases accessing the monitoring tab at the Workspace level could result in a UI error.
New UI policy editor input and mock cleared after switching to validation tab
In the New UI policy editor, switching from the Preview tab to the Validation tab cleared any user-defined input or mock in the Preview tab.
Missing input from replayed Workspace-level decision in New UI
In the New UI, replaying a decision from the Workspace level in some cases did not populate the input in the Preview tab of the policy editor.
New UI duplicate SSO claims with multiple providers
In the new UI, when multiple SSO providers were configured, SSO claims for all providers were shown for each provider.
Incorrect decisions returned in new UI decision log when using customer policy type filter
In the new UI, using the custom policy type filter in the decision log could return additional decisions beyond those which matched the filter.
Repetitive Git branch API calls in new UI policy editor when viewing a metadata policy
In the new UI policy editor, viewing a metadata policy for a System or Stack (e.g., Stack selectors) could result in repetitive Git branch fetch API calls.
New UI datasource configuration for refresh interval only allowed seconds
In the new UI, the refresh interval parameter in datasource configuration only allowed values in seconds. Additional interval units, such as hours (e.g., "3h"), are now valid values.
New UI showed deleted datasource
In some cases in the new UI datasource view, a deleted datasource would continue to be shown until refreshing the page.
Delete File dialog shown when quickly switching policies
In the new UI policy editor, in some cases when quickly switching to a different policy after deleting a policy the Delete File dialog could be shown again.