We've just released version 0.14.0 of the Java client: 

The release has yet another log4j version update in simpleclient_log4j2: 
This time to 2.16.0.

Apart from the log4j update we have a new feature:

[ENHANCEMENT] The HTTPServer can now be configured to use SSL (#695 
<https://github.com/prometheus/client_java/pull/695>). Thanks @dhoard 

A few words on the log4j update: The log4j dependency in simpleclient_log4j2 
has scope provided, i.e. simpleclient_log4j2 does not ship with log4j. 
simpleclient_log4j2 uses whatever log4j version the monitored application 
provides at runtime. Updating the log4j dependency in simpleclient_log4j2 
helps getting rid of security scanner warnings (see #733 
<https://github.com/prometheus/client_java/issues/733>), but in order to 
eliminate the log4j vulnerability you must make sure that the application 
you monitor ships with an up-to-date log4j version.


You received this message because you are subscribed to the Google Groups 
"prometheus-announce" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to prometheus-announce+unsubscr...@googlegroups.com.
To view this discussion on the web, visit 

Reply via email to