Hello, We've just released version 0.14.0 of the Java client: https://github.com/prometheus/client_java/releases/tag/parent-0.14.0
The release has yet another log4j version update in simpleclient_log4j2: This time to 2.16.0. Apart from the log4j update we have a new feature: [ENHANCEMENT] The HTTPServer can now be configured to use SSL (#695 <https://github.com/prometheus/client_java/pull/695>). Thanks @dhoard <https://github.com/dhoard>. A few words on the log4j update: The log4j dependency in simpleclient_log4j2 has scope provided, i.e. simpleclient_log4j2 does not ship with log4j. simpleclient_log4j2 uses whatever log4j version the monitored application provides at runtime. Updating the log4j dependency in simpleclient_log4j2 helps getting rid of security scanner warnings (see #733 <https://github.com/prometheus/client_java/issues/733>), but in order to eliminate the log4j vulnerability you must make sure that the application you monitor ships with an up-to-date log4j version. Fabian -- You received this message because you are subscribed to the Google Groups "prometheus-announce" group. To unsubscribe from this group and stop receiving emails from it, send an email to prometheus-announce+unsubscr...@googlegroups.com. To view this discussion on the web, visit https://groups.google.com/d/msgid/prometheus-announce/4e1cadb7-6b67-4289-8a9d-e90efd7e49ffn%40googlegroups.com.