Prometheus 3.5.4 LTS has been released
6 views
Skip to first unread message
roidelapluie
Jun 17, 2026, 11:16:07 AM (8 days ago) Jun 17
to prometheus-announce
Dear Prometheans,
Prometheus 3.5.4 is available. This release fixes multiple security issues.
- [SECURITY] STACKIT SD: Fix secrets being exposed in plaintext via /-/config endpoint. - Thanks to @August829 and @Phaxma for reporting. GHSA-39j6-789q-qxvh #18650
Prometheus 3.5.4 is available. This release fixes multiple security issues.
- [SECURITY] STACKIT SD: Fix secrets being exposed in plaintext via /-/config endpoint. - Thanks to @August829 and @Phaxma for reporting. GHSA-39j6-789q-qxvh #18650
- [SECURITY] Dependencies: Bump golang.org/x/net to v0.55.0 and OpenTelemetry to v1.43.0 to fix reported CVEs (GO-2026-5026, GO-2026-4918, GO-2026-4985). #18934
- [SECURITY] UI: Bump mantine-ui dependencies (react-router-dom, vitest, vite, postcss) to their patched versions to resolve security advisories. #18935
- [ENHANCEMENT] Release: Container images are now also published to the GitHub Container Registry (ghcr.io). #18792
See the full changelog and downloads: https://github.com/prometheus/prometheus/releases/tag/v3.5.4
Enjoy.
- [SECURITY] UI: Bump mantine-ui dependencies (react-router-dom, vitest, vite, postcss) to their patched versions to resolve security advisories. #18935
- [ENHANCEMENT] Release: Container images are now also published to the GitHub Container Registry (ghcr.io). #18792
See the full changelog and downloads: https://github.com/prometheus/prometheus/releases/tag/v3.5.4
Enjoy.
Julien @roidelapluie
Reply all
Reply to author
Forward
0 new messages