jmx_exporter 0.17.1 is available
20 views
Skip to first unread message
Fabian Stäber
Sep 10, 2022, 5:13:32 PM9/10/22
to prometheus-announce
Hello everyone,
We just released jmx_exporter 0.17.1.
This is a minor release updating the snakeyaml dependency from 1.30 to 1.31, because version 1.30 is vulnerable to CVE-2022-25857.
Note that jmx_exporter uses snakeyaml only to parse its config file. That means unless you have untrusted 3rd parties write your jmx_exporter config the CVE does not apply. However, if you have automated security scanners complaining about the vulnerable snakeyaml version this update will help.
As always, the jmx_exporter binaries are available on Maven central:
- jmx_prometheus_javaagent-0.17.1.jar requires Java >= 7.
- jmx_prometheus_javaagent-0.17.1_java6.jar is compatible with Java 6.
- jmx_prometheus_httpserver-0.17.1.jar requires Java >= 7.
- jmx_prometheus_httpserver-0.17.1_java6.jar is compatible with Java 6.
Fabian
Reply all
Reply to author
Forward
0 new messages