[prometheus-announce] Pushgateway v1.5.1

Dear Prometheans, I have published a security bugfix release for the Pushgateway: v1.5.1 If you use HTTP basic auth, you should update ASAP. Thanks to Lei Wan for the responsible disclosure of this bug. Find more details about the

[prometheus-announce] Consul exporter v0.9.0 is available

Hello everyone, A new release of the Consul Exporter, v0.9.0, is available. * [SECURITY] Update Exporter Toolkit (CVE-2022-46146) #250 * [FEATURE] Support multiple Listen Addresses and systemd socket activation #250 More info about the security bugfix:

[prometheus-announce] HAProxy Exporter v0.14.0 is available

Hello everyone, A new release of the HAProxy Exporter, v0.14.0, is available. * [SECURITY] Update Exporter Toolkit (CVE-2022-46146) #251 * [FEATURE] Support multiple Listen Addresses and systemd socket activation #251 More info about the security bugfix:

[prometheus-announce] Prometheus 2.37.4 LTS and Prometheus 2.40.4 are available (CVE-2022-46146)

Hello everyone, Prometheus 2.37.4 and 2.40.4 are out! Those releases fix a security issue that enabled an attacker that has access to the content of a web.yml configuration file (--web.config.file) to bypass basic authentication. This issue is about our built-in authentication mechanism.