Release Channel

# Prometheus

# 2.27.1 / 2021-05-18

18, May 2021 Source (opens new window)

This release contains a bug fix for a security issue in the API endpoint. An
attacker can craft a special URL that redirects a user to any endpoint via an
HTTP 302 response. See the security advisory for more details.

This vulnerability has been reported by Aaron Devaney from MDSec.

  • [BUGFIX] SECURITY: Fix arbitrary redirects under the /new endpoint (CVE-2021-29622)

# 2.26.1 / 2021-05-18

18, May 2021 Source (opens new window)

This release contains a bug fix for a security issue in the API endpoint. An
attacker can craft a special URL that redirects a user to any endpoint via an
HTTP 302 response. See the security advisory for more details.

This vulnerability has been reported by Aaron Devaney from MDSec.

  • [BUGFIX] SECURITY: Fix arbitrary redirects under the /new endpoint (CVE-2021-29622)

# 2.27.0 / 2021-05-12

12, May 2021 Source (opens new window)

  • [FEATURE] Promtool: Retroactive rule evaluation functionality. #7675
  • [FEATURE] Configuration: Environment variable expansion for external labels. Behind --enable-feature=expand-external-labels flag. #8649
  • [FEATURE] TSDB: Add a flag(--storage.tsdb.max-block-chunk-segment-size) to control the max chunks file size of the blocks for small Prometheus instances. #8478
  • [FEATURE] UI: Add a dark theme. #8604
  • [FEATURE] AWS Lightsail Discovery: Add AWS Lightsail Discovery. #8693
  • [FEATURE] Docker Discovery: Add Docker Service Discovery. #8629
  • [FEATURE] OAuth: Allow OAuth 2.0 to be used anywhere an HTTP client is used. #8761
  • [FEATURE] Remote Write: Send exemplars via remote write. Experimental and disabled by default. #8296
  • [ENHANCEMENT] Digital Ocean Discovery: Add __meta_digitalocean_vpc label. #8642
  • [ENHANCEMENT] Scaleway Discovery: Read Scaleway secret from a file. #8643
  • [ENHANCEMENT] Scrape: Add configurable limits for label size and count. #8777
  • [ENHANCEMENT] UI: Add 16w and 26w time range steps. #8656
  • [ENHANCEMENT] Templating: Enable parsing strings in humanize functions. #8682
  • [BUGFIX] UI: Provide errors instead of blank page on TSDB Status Page. #8654 #8659
  • [BUGFIX] TSDB: Do not panic when writing very large records to the WAL. #8790
  • [BUGFIX] TSDB: Avoid panic when mmaped memory is referenced after the file is closed. #8723
  • [BUGFIX] Scaleway Discovery: Fix nil pointer dereference. #8737
  • [BUGFIX] Consul Discovery: Restart no longer required after config update with no targets. #8766

# 2.27.0-rc.0 / 2021-05-09

09, May 2021 Source (opens new window)

  • [FEATURE] Promtool: Retroactive rule evaluation functionality. #7675
  • [FEATURE] Configuration: Environment variable expansion for external labels. Behind --enable-feature=expand-external-labels flag. #8649
  • [FEATURE] TSDB: Add a flag(-storage.tsdb.max-chunk-size) to control chunk allocation size for small Prometheus instances. #8478
  • [FEATURE] UI: Add a dark theme. #8604
  • [FEATURE] AWS Lightsail Discovery: Add AWS Lightsail Discovery. #8693
  • [FEATURE] Docker Discovery: Add Docker Service Discovery. #8629
  • [FEATURE] OAuth: Allow OAuth 2.0 to be used anywhere an HTTP client is used. #8761
  • [FEATURE] Remote Write: Send exemplars via remote write. Experimental and disabled by default. #8296
  • [ENHANCEMENT] Digital Ocean Discovery: Add __meta_digitalocean_vpc label. #8642
  • [ENHANCEMENT] Scaleway Discovery: Read Scaleway secret from a file. #8643
  • [ENHANCEMENT] Scrape: Add configurable limits for label size and count. #8777
  • [ENHANCEMENT] UI: Add 16w and 26w time range steps. #8656
  • [ENHANCEMENT] Templating: Enable parsing strings in humanize functions. #8682
  • [BUGFIX] UI: Provide errors instead of blank page on TSDB Status Page. #8654 #8659
  • [BUGFIX] TSDB: Do not panic when writing very large records to the WAL. #8790
  • [BUGFIX] TSDB: Avoid panic when mmaped memory is referenced after the file is closed. #8723
  • [BUGFIX] Scaleway Discovery: Fix nil pointer dereference. #8737
  • [BUGFIX] Consul Discovery: Restart no longer required after config update with no targets. #8766

# 2.26.0 / 2021-03-31

31, Mar 2021 Source (opens new window)

Prometheus is now built and supporting Go 1.16 (#8544). This reverts the memory release pattern added in Go 1.12. This makes common RSS usage metrics showing more accurate number for actual memory used by Prometheus. You can read more details here.

Note that from this release Prometheus is using Alertmanager v2 by default.

  • [CHANGE] Alerting: Using Alertmanager v2 API by default. #8626
  • [CHANGE] Prometheus/Promtool: As agreed on dev summit, binaries are now printing help and usage to stdout instead of stderr. #8542
  • [FEATURE] Remote: Add support for AWS SigV4 auth method for remote_write. #8509
  • [FEATURE] Scaleway Discovery: Add Scaleway Service Discovery. #8555
  • [FEATURE] PromQL: Allow negative offsets. Behind --enable-feature=promql-negative-offset flag. #8487
  • [FEATURE] experimental Exemplars: Add in-memory storage for exemplars. Behind --enable-feature=exemplar-storage flag. #6635
  • [FEATURE] UI: Add advanced auto-completion, syntax highlighting and linting to graph page query input. #8634
  • [ENHANCEMENT] Digital Ocean Discovery: Add __meta_digitalocean_image label. #8497
  • [ENHANCEMENT] PromQL: Add last_over_time, sgn, clamp functions. #8457
  • [ENHANCEMENT] Scrape: Add support for specifying type of Authorization header credentials with Bearer by default. #8512
  • [ENHANCEMENT] Scrape: Add follow_redirects option to scrape configuration. #8546
  • [ENHANCEMENT] Remote: Allow retries on HTTP 429 response code for remote_write. Disabled by default. See configuration docs for details. #8237 #8477
  • [ENHANCEMENT] Remote: Allow configuring custom headers for remote_read. See configuration docs for details. #8516
  • [ENHANCEMENT] UI: Hitting Enter now triggers new query. #8581
  • [ENHANCEMENT] UI: Better handling of long rule and names on the /rules and /targets pages. #8608 #8609
  • [ENHANCEMENT] UI: Add collapse/expand all button on the /targets page. #8486
  • [BUGFIX] TSDB: Eager deletion of removable blocks on every compaction, saving disk peak space usage. #8007
  • [BUGFIX] PromQL: Fix parser support for special characters like. #8517
  • [BUGFIX] Rules: Update rule health for append/commit fails. #8619

# v2.26.0-rc.0

26, Mar 2021 Source (opens new window)

Prometheus is now built with and supporting Go 1.16 (#8544). This reverts the memory release pattern added in Go 1.12. This makes common RSS usage metrics showing more accurate number for actual memory used by Prometheus. You can read more details here.

Note that from this release Prometheus is using Alertmanager v2 by default.

  • [CHANGE] Alerting: Using Alertmanager v2 API by default. #8626
  • [CHANGE] Prometheus/Promtool: As agreed on dev summit, binaries are now printing help and usage to stdout instead of stderr. #8542
  • [FEATURE] Remote: Add support for AWS SigV4 auth method for remote_write. #8509
  • [FEATURE] Scaleway Discovery: Add Scaleway Service Discovery. #8555
  • [FEATURE] PromQL: Allow negative offsets. Behind --enable-feature=promql-negative-offset flag. #8487
  • [FEATURE] experimental Exemplars: Add in-memory storage for exemplars. Behind --enable-feature=exemplar-storage flag. #6635
  • [FEATURE] UI: Add advanced auto-completion, syntax highlighting and linting to graph page query input. #8634
  • [ENHANCEMENT] Digital Ocean Discovery: Add __meta_digitalocean_image label. #8497
  • [ENHANCEMENT] PromQL: Add last_over_time, sgn, clamp functions. #8457
  • [ENHANCEMENT] Scrape: Add support for specifying type of Authorization header credentials with Bearer by default. #8512
  • [ENHANCEMENT] Scrape: Add follow_redirects option to scrape configuration. #8546
  • [ENHANCEMENT] Remote: Allow retries on HTTP 429 response code for remote_write. Disabled by default. See configuration docs for details. #8237 #8477
  • [ENHANCEMENT] Remote: Allow configuring custom headers for remote_read. See configuration docs for details. #8516
  • [ENHANCEMENT] UI: Hitting Enter now triggers new query. #8581
  • [ENHANCEMENT] UI: Better handling of long rule and names on the /rules and /targets pages. #8608 #8609
  • [ENHANCEMENT] UI: Add collapse/expand all button on the /targets page. #8486
  • [BUGFIX] TSDB: Eager deletion of removable blocks on every compaction, saving disk peak space usage. #8007
  • [BUGFIX] PromQL: Fix parser support for special characters like. #8517
  • [BUGFIX] Rules: Update rule health for append/commit fails. #8619

# 2.25.2 / 2021-03-16

16, Mar 2021 Source (opens new window)

  • [BUGFIX] Fix the ingestion of scrapes when the wall clock changes, e.g. on suspend. #8601

# 2.25.1 / 2021-03-14

14, Mar 2021 Source (opens new window)

  • [BUGFIX] Fix a crash in promtool when a subquery with default resolution is used. #8569
  • [BUGFIX] Fix a bug that could return duplicate datapoints in queries. #8591
  • [BUGFIX] Fix crashes with arm64 when compiled with go1.16. #8593

# 2.25.0 / 2021-02-17

17, Feb 2021 Source (opens new window)

This release includes a new --enable-feature= flag that enables
experimental features. Such features might be changed or removed in the future.

In the next minor release (2.26), Prometheus will use the Alertmanager API v2.
It will be done by defaulting alertmanager_config.api_version to v2.
Alertmanager API v2 was released in Alertmanager v0.16.0 (released in January
2019).

  • [FEATURE] experimental API: Accept remote_write requests. Behind the --enable-feature=remote-write-receiver flag. #8424
  • [FEATURE] experimental PromQL: Add '@ ' modifier. Behind the --enable-feature=promql-at-modifier flag. #8121 #8436 #8425
  • [ENHANCEMENT] Add optional name property to testgroup for better test failure output. #8440
  • [ENHANCEMENT] Add warnings into React Panel on the Graph page. #8427
  • [ENHANCEMENT] TSDB: Increase the number of buckets for the compaction duration metric. #8342
  • [ENHANCEMENT] Remote: Allow passing along custom remote_write HTTP headers. #8416
  • [ENHANCEMENT] Mixins: Scope grafana configuration. #8332
  • [ENHANCEMENT] Kubernetes SD: Add endpoint labels metadata. #8273
  • [ENHANCEMENT] UI: Expose total number of label pairs in head in TSDB stats page. #8343
  • [ENHANCEMENT] TSDB: Reload blocks every minute, to detect new blocks and enforce retention more often. #8343
  • [BUGFIX] API: Fix global URL when external address has no port. #8359
  • [BUGFIX] Backfill: Fix error message handling. #8432
  • [BUGFIX] Backfill: Fix "add sample: out of bounds" error when series span an entire block. #8476
  • [BUGFIX] Deprecate unused flag --alertmanager.timeout. #8407
  • [BUGFIX] Mixins: Support remote-write metrics renamed in v2.23 in alerts. #8423
  • [BUGFIX] Remote: Fix garbage collection of dropped series in remote write. #8387
  • [BUGFIX] Remote: Log recoverable remote write errors as warnings. #8412
  • [BUGFIX] TSDB: Remove pre-2.21 temporary blocks on start. #8353.
  • [BUGFIX] UI: Fix duplicated keys on /targets page. #8456
  • [BUGFIX] UI: Fix label name leak into class name. #8459

# 2.25.0-rc.0 / 2021-02-12

12, Feb 2021 Source (opens new window)

This release includes a new --enable-feature= flag that enables
experimental features. Such features might be changed or removed in the future.

  • [FEATURE] experimental API: Accept remote_write requests. Behind the --enable-feature=remote-write-receiver flag. #8424
  • [FEATURE] experimental PromQL: Add '@ ' modifier. Behind the --enable-feature=promql-at-modifier flag. #8121 #8436 #8425
  • [ENHANCEMENT] Add optional name property to testgroup for better test failure output. #8440
  • [ENHANCEMENT] Add warnings into React Panel on the Graph page. #8427
  • [ENHANCEMENT] TSDB: Increase the number of buckets for the compaction duration metric. #8342
  • [ENHANCEMENT] Remote: Allow passing along custom remote_write HTTP headers. #8416
  • [ENHANCEMENT] Mixins: Scope grafana configuration. #8332
  • [ENHANCEMENT] Kubernetes SD: Add endpoint labels metadata. #8273
  • [ENHANCEMENT] UI: Expose total number of label pairs in head in TSDB stats page. #8343
  • [ENHANCEMENT] TSDB: Reload blocks every minute, to detect new blocks and enforce retention more often. #8343
  • [BUGFIX] API: Fix global URL when external address has no port. #8359
  • [BUGFIX] Backfill: Fix error message handling. #8432
  • [BUGFIX] Deprecate unused flag --alertmanager.timeout. #8407
  • [BUGFIX] Mixins: Support remote-write metrics renamed in v2.23 in alerts. #8423
  • [BUGFIX] Remote: Fix garbage collection of dropped series in remote write. #8387
  • [BUGFIX] Remote: Log recoverable remote write errors as warnings. #8412
  • [BUGFIX] TSDB: Remove pre-2.21 temporary blocks on start. #8353.
  • [BUGFIX] UI: Fix duplicated keys on /targets page. #8456
  • [BUGFIX] UI: Fix label name leak into class name. #8459