On 2022/11/29 14:59, Claudio Jeker wrote: > This brings prometheus up to the latest LTS release. > > Changes since then: > 2.37.2: > [BUGFIX] TSDB: Fix 'invalid magic number 0' error on Prometheus startup. > [BUGFIX] Agent: Fix validation of flag options and prevent WAL from > growing more than desired. > > 2.37.3: > [BUGFIX] Update our regexp library to fix upstream CVE-2022-41715. > [BUGFIX] TSDB: Turn off isolation for Head compaction to fix a memory > leak. > > 2.37.4: > [SECURITY] Fix basic authentication bypass vulnerability (CVE-2022-46146). > > Seems to work so far for my test setup. What is not working is the > version / build info. My assumption is that the -X ldflags do not work > with vendored builds. Maybe some golang expert has an idea.
Not sure what's up there, it is setting the correct command line flags (that's handled by promu): go build -o prometheus -ldflags -X github.com/prometheus/common/version.Version=2.37.4 -X github.com/prometheus/common/version.Revision=non-git -X github.com/prometheus/common/version.Branch=non-git -X github.com/prometheus/common/version.BuildUser=OpenBSD -X github.com/prometheus/common/version.BuildDate=20221129-14:09:55 -extldflags '-static' -v -a -tags netgo,builtinassets github.com/prometheus/prometheus/cmd/prometheus Still, that is not new, so no need to let it hold up the update - OK. I suppose they will need to release new versions of snmp_exporter, node_exporter, blackbox_exporter etc because of the pinning in go.mod and go.sum.
