[prometheus-announce] jmx_exporter 0.17.1 is available

['Fabian Stäber' via prometheus-announce]

Hello everyone,

We just released jmx_exporter 0.17.1 
<https://github.com/prometheus/jmx_exporter/releases/tag/parent-0.17.1>.

This is a minor release updating the snakeyaml dependency from 1.30 to 
1.31, because version 1.30 is vulnerable to CVE-2022-25857 
<https://nvd.nist.gov/vuln/detail/CVE-2022-25857>.

Note that jmx_exporter uses snakeyaml only to parse its config file. That 
means unless you have untrusted 3rd parties write your jmx_exporter config 
the CVE does not apply. However, if you have automated security scanners 
complaining about the vulnerable snakeyaml version this update will help.

As always, the jmx_exporter binaries are available on Maven central:

   - jmx_prometheus_javaagent-0.17.1.jar 
   
<https://repo1.maven.org/maven2/io/prometheus/jmx/jmx_prometheus_javaagent/0.17.1/jmx_prometheus_javaagent-0.17.1.jar>
 
   requires Java >= 7.
   - jmx_prometheus_javaagent-0.17.1_java6.jar 
   
<https://repo1.maven.org/maven2/io/prometheus/jmx/jmx_prometheus_javaagent_java6/0.17.1/jmx_prometheus_javaagent_java6-0.17.1.jar>
 
   is compatible with Java 6.
   - jmx_prometheus_httpserver-0.17.1.jar 
   
<https://repo1.maven.org/maven2/io/prometheus/jmx/jmx_prometheus_httpserver/0.17.1/jmx_prometheus_httpserver-0.17.1.jar>
 
   requires Java >= 7.
   - jmx_prometheus_httpserver-0.17.1_java6.jar 
   
<https://repo1.maven.org/maven2/io/prometheus/jmx/jmx_prometheus_httpserver_java6/0.17.1/jmx_prometheus_httpserver_java6-0.17.1.jar>
 
   is compatible with Java 6.

Fabian

-- 
You received this message because you are subscribed to the Google Groups 
"prometheus-announce" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to prometheus-announce+unsubscr...@googlegroups.com.
To view this discussion on the web, visit 
https://groups.google.com/d/msgid/prometheus-announce/e3f80a21-b8cf-4d10-b6f1-8c68029c2560n%40googlegroups.com.