Dear Prometheans, I have published a security bugfix release for the Pushgateway: v1.5.1 <https://github.com/prometheus/pushgateway/releases/tag/v1.5.1>
If you use HTTP basic auth, you should update ASAP. Thanks to Lei Wan for the responsible disclosure of this bug. Find more details about the bugfix in the announcement for the corresponding Prometheus server release <https://groups.google.com/g/prometheus-announce/c/qVv_BpMJdnM>. 1.5.1 / 2022-11-29 - [SECURITY] Fix basic authentication bypass vulnerability (CVE-2022-46146). #516 -- Björn Rabenstein [PGP-ID] 0x851C3DA17D748D03 [email] bjo...@rabenste.in -- You received this message because you are subscribed to the Google Groups "prometheus-announce" group. To unsubscribe from this group and stop receiving emails from it, send an email to prometheus-announce+unsubscr...@googlegroups.com. To view this discussion on the web, visit https://groups.google.com/d/msgid/prometheus-announce/CAMrVKsxLU-TXV0wcOw%3DjrABn0-gkO214UtdZ%3D%2BkDRcUsKp3pwg%40mail.gmail.com.