Prometheus 2.37.5 LTS and Prometheus 2.40.6 are available (CVE-2022-46146)

12 views
Skip to first unread message

Julien Pivotto

unread,
Dec 9, 2022, 9:59:33 AM12/9/22
to prometheus-announce
Hello everyone,

Prometheus 2.37.5 and 2.40.6 are out!


Those releases are built with go1.18.9 and 1.19.4 respectively, which
include security fixes to the net/http and os packages.

Prometheus 2.37.5 is part of the 2.37 Long-Term Supported release of
Prometheus, supported for _at least_ until January 2023. See the
approximative schedule and explanations here:
https://prometheus.io/docs/introduction/release-cycle/

The v2.37.5 and v2.40.6 can be found in the usual locations:

- See the full changelog & grab the binaries:
https://github.com/prometheus/prometheus/releases/tag/v2.37.5
https://github.com/prometheus/prometheus/releases/tag/v2.40.6
- See https://quay.io/repository/prometheus/prometheus?tab=tags and
https://hub.docker.com/r/prom/prometheus/tags for container images.

Best regards,

--
Julien Pivotto
@roidelapluie

Julien Pivotto

unread,
Dec 9, 2022, 10:01:29 AM12/9/22
to prometheus-announce
Note: The CVE in the email title is incorrect, there is no CVE from
the Prometheus project itself fixed with those releases.
--
Julien Pivotto
@roidelapluie
Reply all
Reply to author
Forward
0 new messages