@jpdefillippo @bstephenmitchell @woodyhorse :

We got reply from Little Snitch support:

"Rules in Little Snitch by default store an application’s code signature’s identifier and team identifier. After an update of the app, these two properties must still be the same for Little Snitch to recognize the app as coming from the same developer. When an update changes the code signing team identifier (as Opera did), Little Snitch will warn to the user that the app is by a different developer (because technically and practically, it is). At this point, Little Snitch cannot know if the app is a legitimate update or if it was replaced by something else, possibly with malicious intent.
Users are then asked if they trust the running app and if they want to accept the new code signature. When they do, all existing rules will continue to work and everything is fine. This is what users should do after the update in the case of Opera 53.

If they refuse to accept the running app’s code signature, Little Snitch prevents any network connections and expects the user to deal with the situation (replace the app with a legitimate version, remove the override rule that prevents connections, try again)."