On Tue, Nov 29, 2022 at 02:24:30PM +0000, Stuart Henderson wrote: > On 2022/11/29 14:59, Claudio Jeker wrote: > > This brings prometheus up to the latest LTS release. > > > > Changes since then: > > 2.37.2: > > [BUGFIX] TSDB: Fix 'invalid magic number 0' error on Prometheus startup. > > [BUGFIX] Agent: Fix validation of flag options and prevent WAL from > > growing more than desired. > > > > 2.37.3: > > [BUGFIX] Update our regexp library to fix upstream CVE-2022-41715. > > [BUGFIX] TSDB: Turn off isolation for Head compaction to fix a memory > > leak. > > > > 2.37.4: > > [SECURITY] Fix basic authentication bypass vulnerability > > (CVE-2022-46146). > > > > Seems to work so far for my test setup. What is not working is the > > version / build info. My assumption is that the -X ldflags do not work > > with vendored builds. Maybe some golang expert has an idea. > > Not sure what's up there, it is setting the correct command line flags > (that's handled by promu): > > go build -o prometheus -ldflags -X > github.com/prometheus/common/version.Version=2.37.4 -X > github.com/prometheus/common/version.Revision=non-git -X > github.com/prometheus/common/version.Branch=non-git -X > github.com/prometheus/common/version.BuildUser=OpenBSD -X > github.com/prometheus/common/version.BuildDate=20221129-14:09:55 -extldflags > '-static' -v -a -tags netgo,builtinassets > github.com/prometheus/prometheus/cmd/prometheus > > Still, that is not new, so no need to let it hold up the update - OK.
Agreed. This is why it may have to do with vendored build and the fact that the -X path is to a vendored module. > I suppose they will need to release new versions of snmp_exporter, > node_exporter, blackbox_exporter etc because of the pinning in go.mod > and go.sum. Did not see any updates there yet. Let's see :) -- :wq Claudio
