openSUSE-SU-2026:20177-1

Описание

This update for golang-github-prometheus-prometheus fixes the following issues:

Update to version 3.5.0:

Security issues fixed:

• CVE-2025-13465: prototype pollution in the _.unset and _.omit functions can lead to deletion of methods from global (bsc#1257329).
• CVE-2025-12816: interpretation conflict vulnerability allowing bypassing cryptographic verifications (bsc#1255588).

Other updates and bugfixes:

• Update to 3.5.0 (jsc#PED-13824):

  • [FEATURE] Remote-write: Add support for Azure Workload Identity as an authentication method for the receiver.
  • [FEATURE] PromQL: Add first_over_time(...) and ts_of_first_over_time(...) behind feature flag.
  • [FEATURE] Federation: Add support for native histograms with custom buckets (NHCB).
  • [ENHANCEMENT] PromQL: Add warn-level annotations for counter reset conflicts in certain histogram operations.
  • [ENHANCEMENT] UI: Add scrape interval and scrape timeout to targets page.

• Update to 3.4.0:

  • Add unified AWS service discovery for ec2, lightsail and ecs services.
  • [FEATURE] Native histograms are now a stable, but optional feature.
  • [FEATURE] UI: Show detailed relabeling steps for each discovered target.
  • [ENHANCEMENT] Alerting: Add "unknown" state for alerting rules that haven't been evaluated yet.
  • [BUGFIX] Scrape: Fix a bug where scrape cache would not be cleared on startup.

• Update to 3.3.0:

  • [FEATURE] Spring Boot 3.3 includes support for the Prometheus Client 1.x.
  • [ENHANCEMENT] Dependency management for Dropwizard Metrics has been removed.

• Update to 3.2.0:

  • [FEATURE] OAuth2: support jwt-bearer grant-type (RFC7523 3.1).
  • [ENHANCEMENT] PromQL: Reconcile mismatched NHCB bounds in Add and Sub.
  • [BUGFIX] TSDB: Native Histogram Custom Bounds with a NaN threshold are now rejected.

• Update to 3.1.0:

  • [FEATURE] Remote-write 2 (receiving): Update to 2.0-rc.4 spec. "created timestamp" (CT) is now called "start timestamp" (ST).
  • [BUGFIX] Mixin: Add static UID to the remote-write dashboard.

• Update to 3.0.1:

  • [BUGFIX] Promql: Make subqueries left open.
  • [BUGFIX] Fix memory leak when query log is enabled.
  • [BUGFIX] Support utf8 names on /v1/label/:name/values endpoint.

• Update to 3.0.0:

  • [CHANGE] Deprecated feature flags removed.
  • [FEATURE] New UI.
  • [FEATURE] Remote Write 2.0.
  • [FEATURE] OpenTelemetry Support.
  • [FEATURE] UTF-8 support is now stable and enabled by default.
  • [FEATURE] OTLP Ingestion.
  • [FEATURE] Native Histograms.
  • [BUGFIX] PromQL: Fix count_values for histograms.
  • [BUGFIX] TSDB: Fix race on stale values in headAppender.
  • [BUGFIX] UI: Fix selector / series formatting for empty metric names.

• Update to 2.55.0:

  • [FEATURE] PromQL: Add last_over_time function.
  • [FEATURE] Agent: Add prometheus_agent_build_info metric.
  • [ENHANCEMENT] PromQL: Optimise group() and group by().
  • [ENHANCEMENT] TSDB: Reduce memory usage when loading blocks.
  • [BUGFIX] Scrape: Fix a bug where a target could be scraped multiple times.

• Update to 2.54.0:

  • [CHANGE] Remote-Write: highest_timestamp_in_seconds and queue_highest_sent_timestamp_seconds metrics now initialized to 0.
  • [CHANGE] API: Split warnings from info annotations in API response.
  • [FEATURE] Remote-Write: Version 2.0 experimental, plus metadata in WAL via feature flag.
  • [FEATURE] PromQL: add limitk() and limit_ratio() aggregation operators.
  • [ENHANCEMENT] PromQL: Accept underscores in literal numbers.
  • [ENHANCEMENT] PromQL: float literal numbers and durations are now interchangeable (experimental).
  • [ENHANCEMENT] PromQL (experimental native histograms): Optimize histogram_count and histogram_sum functions.
  • [BUGFIX] PromQL: Fix various issues with native histograms.
  • [BUGFIX] TSDB: Fix race on stale values in headAppender.
  • [BUGFIX] OTLP receiver: Allow colons in non-standard units.