Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-546


Security update golang-github-prometheus-prometheus


Type: security
Severity: moderate
Issued: 2025-02-14
Description:

golang-github-prometheus-prometheus was updated from version 2.45.6 to 2.53.3 (jsc#PED-11649):

- Security issues fixed:
  * CVE-2024-51744: Updated golang-jwt to version 5.0 to fix bad error
    handling (bsc#1232970)

- Highlights of other changes:
  * Performance: 
    + Significant enhancements to PromQL execution speed, TSDB operations (especially querying and compaction) and 
      remote write operations.
    + Default GOGC value lowered to 75 for better memory management. 
    + Option to limit memory usage from dropped targets added.
  * New Features:
    + Experimental OpenTelemetry ingestion.
    + Automatic memory limit handling.
    + Native histogram support, including new functions, UI enhancements, and improved scraping.
    + Improved alerting features, such as relabeling rules for AlertmanagerConfig and a new query_offset option.
    + Expanded service discovery options with added metadata and support for new services.
    + New promtool commands for PromQL formatting, label manipulation, metric pushing, and OpenMetrics dumping.
  * Bug Fixes: 
    + Numerous fixes across scraping, API, TSDB, PromQL, and service discovery.
  * For a detailed list of changes consult the package changelog or 
    https://github.com/prometheus/prometheus/compare/v2.45.6...v2.53.3


              

Packages


  • golang-github-prometheus-prometheus-2.53.3-150100.4.23.1