Release Notes for Self-Hosted Styra DAS

Self-Hosted Styra DAS 0.17.0 was released on June 11th, 2025.

Self-Hosted Environment Changes

Enable Authz v2 by default

The feature flag values set in the Helm values.yaml file in this version now disable Authz v1 and fully enable Authz v2, including by default enabling the expanded roles available with Authz v2. Customers who haven't already already transitioned to Authz v2 before this point are encouraged to make this transition with this self-hosted version.

Additional features enabled by default

To better align the self-hosted configuration with Styra DAS SaaS, the following feature flags were added to the values.yaml file in an enabled state:

BUNDLE_PROMOTION set to true - enables the ability to promote a policy bundle from one system to another
DELTA_BUNDLES_ALLOWED set to true - enables the option to turn on delta bundles for each individual system
DATASOURCE_OKTA set to true - enables the Okta datasource type when creating a new DAS datasource

Entitlements system type disabled by default

The LIMIT_SYSTEM_TYPES feature flag in the values.yaml file has been updated to exclude the Entitlements system type by default. With this configuration, the creation of new Entitlements system type systems and stacks will be disabled, however any existing Entitlements systems and stacks will continue to function. Customers can modify this feature flag to remove the Entitlements system type or add additional system types they may want to disable for their users.

New Features and Changes

Upgraded to OPA v1.4.2

The internal version of OPA used by Styra DAS has been upgraded to OPA 1.4.2. This version of OPA addresses the recent OPA vulnerability CVE-2025-46569, which is detailed in the Styra blog post CVE-2025-46569: OPA REST API Path Injection Vulnerability. While this vulnerability did not affect DAS itself, customers are recommended to upgrade their deployed OPAs to v1.4.2, particularly those customers who customize their OPA deployments and may not be following OPA Security best practices. Customers who cannot upgrade deployed OPAs to v1.4.2 are encouraged to review the OPA Hardened Configuration Example or review the workarounds detailed in the above Styra blog post.

New UI Additions

For systems using the Policy Builder, the Policy Builder's visual policy graph is shown with the relevant graph paths highlighted in the decision details view. Added separate decision metrics graphs for Kubernetes system Mutation and Validation decision metrics.

Support for Istio Ambient installations in Istio systems

The Istio system install instructions now include steps and install assets for Istio Ambient.

SLP v0.10.4 and Datasources Agent v1.6.3 released

These versions include dependency updates to resolve recently reported CVEs in underlying dependencies.

Datasources Agent v1.6.3

Datasources Agent v1.6.3 has been released and includes dependency updates to resolve recently reported CVEs in underlying dependencies.

Fixed Issues

Agentloader v2 export error for Kafka

In some cases during decision export to Kafka, the channel to Kafka closed and Agentloader v2 would try to send decisions to export to the closed channel.

Decision indexing error for decisions that could not be parsed

In cases where a decision could not be properly parsed during decision indexing, the decision indexing process would stop at that decision, causing the decision log shown in the DAS UI to fall behind.

New UI policy editor results did not scroll for long errors

In cases where policy evaluation resulted in a long error message, the Result pane in the new UI policy editor did not scroll to show the full error message.

New UI policy editor error when evaluating policy selection in a Stack

In the New UI policy editor, an error occurred when choosing to evaluated selected lines of a Stack policy rather than the whole policy.

New UI policy editor file highlights disappear after some time

After evaluating a policy in the new UI policy editor, the green highlight of the policy files involved in the decision would disappear after some time.

New UI Policy Builder fixes

Policy Builder view in decision details would flicker during loading.
Evaluate panel initially displayed incorrect type for array inputs.
Policy Builder allowed invalid input value types for arrays in rule conditions.
The New UI Policy Builder rendered condition input values inconsistently, such as rendering false as 0 in some circumstances.

Self-Hosted Environment Changes​

Enable Authz v2 by default​

Additional features enabled by default​

Entitlements system type disabled by default​

New Features and Changes​

Upgraded to OPA v1.4.2​

New UI Additions​

Support for Istio Ambient installations in Istio systems​

SLP v0.10.4 and Datasources Agent v1.6.3 released​

Datasources Agent v1.6.3​

Fixed Issues​

Agentloader v2 export error for Kafka​

Decision indexing error for decisions that could not be parsed​

New UI policy editor results did not scroll for long errors​

New UI policy editor error when evaluating policy selection in a Stack​

New UI policy editor file highlights disappear after some time​

New UI Policy Builder fixes​