Recently we released two new versions for Prometheus client_golang. Thanks 
for all your contributions!

   - Patch release v1.11.1 
   <https://github.com/prometheus/client_golang/releases/tag/v1.11.1> with 
   just security fix for just published CVE-2022-21698 
   - Minor + patch release v1.12.1 
   <https://github.com/prometheus/client_golang/releases/tag/v1.12.1> with 
   (in comparison to v1.11):
      - Improved efficiency of API client
      - Go collector now exposes much more rich Go process metrics, (plus 
      old ones). All from the new runtime/metrics 
      <https://pkg.go.dev/runtime/metrics> package). Thanks to the Go team 
      and particularly Michael <https://github.com/mknyszek> for this 
      contribution. NOTE: This might slightly increase the total series count 
      exposed about the Go process. See this discussion 
      for details.
      - Added client API support for TSDB Status and WAL Replay Platform API
      - Security fix for just published CVE-2022-21698 

*IMPORTANT:* We recommend upgrading client_golang to any of those versions, 
given the uncovered CVE. Please see details, if you are affected and 
workarounds here 
It is also recommended to check other, non client_golang metric server 
implementations if they are vulnerable to the similar "HTTP method" issue. 
Kudos to David <https://github.com/dgl> for reporting this to us so quickly.

Kind Regards,
Bartek Plotka @bwplotka

You received this message because you are subscribed to the Google Groups 
"prometheus-announce" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to prometheus-announce+unsubscr...@googlegroups.com.
To view this discussion on the web, visit 

Reply via email to