jmx_exporter 0.18.0 is available

9 views

Skip to first unread message

Fabian Stäber

unread,

Mar 7, 2023, 4:50:25 PM3/7/23

to prometheus-announce

Hi all,

jmx_exporter 0.18.0 has been released https://github.com/prometheus/jmx_exporter/releases/tag/parent-0.18.0.

This release updates the snakeyaml dependency from 1.32 to 2.0, because version 1.32 is vulnerable to CVE-2022-1471.

Note that jmx_exporter uses snakeyaml only to parse its config file. That means unless you have untrusted 3rd parties write your jmx_exporter config the CVE does not apply. However, if you have automated security scanners complaining about the vulnerable snakeyaml version this update will help.

Fixes and enhancements included in this release:

[BUGFIX] Fix jmx_exporter_build_info metric #768. Thanks @dhoard.
[BUGFIX] Fix the Debian package build #752, #650. Thanks @ozon2 and @Skunnyk.
[ENHANCEMENT] Improve performance of duplicate sample lookup #719. Thanks @amuraru.
[BUGFIX] Bump Snakeyaml dependency version to 2.0 to fix CVE-2022-1471 #777, #767. Thanks @dhoard and @ppatierno.

Thanks a lot to all contributors.

Fabian

Reply all

Reply to author

Forward

0 new messages