Dear Prometheans,

We have released Prometheus v2.26.1 and v2.27.1. These releases fix an
“Open Redirect” security issue (CWE-601) and have been assigned the CVE
number CVE-2021-29622

The security issue affects Prometheus v2.23.0 to v2.26.0, and v2.27.0.

Please find more information here:

The Prometheus team thanks Aaron Devaney from MDSec for reporting this



   May 12, 2021: Issue reported privately to Prometheus team

   May 12, 2021: A fix is proposed and reviewed

   May 13, 2021: CVE-2021-29622 issued by GitHub staff

   May 18, 2021: Bugfix released for the last two minor releases of

The releases can be found in the usual locations:




The Prometheus Team

You received this message because you are subscribed to the Google Groups 
"prometheus-announce" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
To view this discussion on the web, visit

Reply via email to