Skip to content

chore(deps): update dependency prometheus/prometheus to v3#672

Open
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/prometheus-prometheus-3.x
Open

chore(deps): update dependency prometheus/prometheus to v3#672
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/prometheus-prometheus-3.x

Conversation

@renovate

@renovate renovate Bot commented Nov 15, 2024

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Update Change
prometheus/prometheus major v2.49.1v3.13.0

Release Notes

prometheus/prometheus (prometheus/prometheus)

v3.13.0: 3.13.0 / 2026-07-01

Compare Source

This is a Long Term Support LTS release.

  • [SECURITY] UI: Bump sanitize-html to fix a cross-site scripting vulnerability (CVE-2026-44990). #​18697
  • [CHANGE] UI: Third-party npm dependency licenses are now embedded in the Prometheus binary and served at /assets/third-party-licenses.txt, replacing the npm_licenses.tar.bz2 archive previously shipped in release tarballs and container images. #​18997
  • [CHANGE] API: Use SHA-256 instead of SHA-1 to generate rule group pagination tokens. #​18927
  • [CHANGE] HTTP clients: Credentials (Authorization header, basic auth, bearer token, OAuth2, configured headers) are no longer forwarded when following a redirect to a different host; affects scraping, remote read/write, alerting, and service discovery. Via prometheus/common v0.69.0 (CVE-2025-4673 CVE-2023-45289). #​18949
  • [CHANGE] promtool: Relative file paths in the file passed to --http.config.file are now resolved relative to that config file's directory instead of its parent directory. Via prometheus/common v0.69.0. #​18949
  • [CHANGE] PromQL: Rename the min() and max() duration-expression functions (experimental feature flag experimental-duration-expr) to min_of() and max_of() to avoid confusion with the min and max aggregate operators. #​18687
  • [FEATURE] API: Add experimental search endpoints to search metric names, label names, and label values. #​18573
  • [FEATURE] Discovery/AWS: Add ability to filter RDS instances. #​18859
  • [FEATURE] PromQL: Add min_of(a, b) and max_of(a, b) scalar experimental functions, returning the smaller or larger of two scalar values. #​18687
  • [FEATURE] PromQL: Add support for smoothed/anchored rate with native histograms. #​18564
  • [FEATURE] PromQL: Expose per-query samplesRead (and samplesReadPerStep with stats=all and the promql-per-step-stats feature flag) in the query stats response, and add the prometheus_engine_query_samples_read_total engine counter. samplesRead reflects storage I/O distinct from totalQueryableSamples, which counts samples loaded into the evaluator (and so over-counts when a sample is reused across multiple range-vector windows). #​18081
  • [FEATURE] Scrape: Add __convert_classic_histograms_to_nhcb__ internal label to allow per-target override of convert_classic_histograms_to_nhcb scrape configuration via relabeling. #​18840
  • [FEATURE] TSDB: Add storage.tsdb.chunk_encoding.floats configuration field to select float chunk encoding (xor or xor2) at runtime, independently of the --enable-feature=xor2-encoding flag. #​18769
  • [FEATURE] remote_write: Add Certificate support for ingesting data into an Azure Monitor Workspace. #​18217
  • [FEATURE] Scrape: Add __always_scrape_classic_histograms__ and __scrape_native_histograms__ internal labels to allow per-target override of the always_scrape_classic_histograms and scrape_native_histograms scrape configuration via relabeling. #​18929
  • [ENHANCEMENT] Release: Container images are now also published to the GitHub Container Registry (ghcr.io). #​18791
  • [ENHANCEMENT] PromQL: Prettify fill_left(x) fill_right(x) as fill(x) when both fill values are equal. #​18851
  • [ENHANCEMENT] UI: Improve autocompletion after closing a function bracket. #​18894
  • [PERF] Labels: Add case-insensitive prefix matching to speed up evaluation of long case-insensitive regular expressions (up to ~2x faster). #​18540
  • [PERF] TSDB: Reduce per-sample overhead in chunk population, speeding up affected queries by ~12-15% in benchmarks. #​18699
  • [PERF] TSDB: Eliminate unnecessary heap allocations in the V2 histogram WAL decoder, reducing allocations by up to 50% and memory by up to 10% for deployments using native histograms with created-timestamp storage enabled (--enable-feature=created-timestamp-zero-ingestion). #​18813
  • [BUGFIX] Discovery/AWS: Fix failure when processing an AWS RDS cluster without instances. #​18845
  • [BUGFIX] Fix race condition in initTime that could cause ErrOutOfBounds. #​18629
  • [BUGFIX] PromQL: A range query whose end was not aligned to step caused subqueries inside it to evaluate past the parent's last actual step, inflating peakSamples in the query stats and against the query.max-samples limit, and wasting storage I/O reading samples that were never used in the result. #​18081
  • [BUGFIX] PromQL: A range query containing an at-modifier-unsafe function over a range-vector with an @ modifier (e.g. predict_linear(metric[60s] @​ T, X)) silently under-counted totalQueryableSamples for steps after step 0. #​18081
  • [BUGFIX] PromQL: Fix fill_left/fill_right producing missing samples in range queries when using group_left/group_right. #​18850
  • [BUGFIX] PromQL: Fix for resets() and changes() in anchored range extenders with histograms. #​18906
  • [BUGFIX] PromQL: Fix panic on 1[5m] smoothed and similar expressions when extended range selectors are enabled. #​18764
  • [BUGFIX] PromQL: Fix panic when a smoothed instant vector selector produces no samples for a series. #​18943
  • [BUGFIX] PromQL: Fix panic when using a parenthesised plain number as an offset (e.g. foo offset -(5)). #​18768
  • [BUGFIX] promtool: Fix panic when parsing exposition text containing empty braces {}. Via prometheus/common v0.69.0. #​18949
  • [BUGFIX] Promtool: Fix check healthy and check ready when --url ends with a trailing slash. #​18854
  • [BUGFIX] Rules: Close PromQL query after each rule evaluation to ensure resources are released. #​18733
  • [BUGFIX] Scaleway SD: Resolve VPC/IPAM-only instances that have no legacy private_ip or public_ip field, but do have private NICs attached. #​18772
  • [BUGFIX] TSDB: Do not leak head series when an integer histogram append is rejected (e.g. out-of-order). #​18838
  • [BUGFIX] UI: Escape label values offered by PromQL autocomplete. #​18658
  • [BUGFIX] TSDB: Fix chunk snapshot encoding for EncXOR2 chunks, preventing corruption on TSDB restart when EncXOR2-encoded series were present. #​18739
  • [BUGFIX] TSDB: Store a millisecond timestamp (not a WAL segment number) in walExpiries when a series is evicted via CompactStaleHead/CompactSelectedSeries, so the series's label record is correctly retained in the next WAL checkpoint and replays cleanly. #​18847
  • [BUGFIX] TSDB: Prevent loss of samples at the chunk-range boundary when CompactSelectedSeries (and CompactStaleHead) evict the series — the per-slice compaction loop now runs one more iteration so the boundary timestamp is captured in a block before the in-memory copy is removed. #​18849

v3.12.0: 3.12.0 / 2026-05-28

Compare Source

This release contains security fixes, new features (especially around PromQL and Service Discovery), performance improvements in TSDB, Start Timestamp improvements and numerous bug fixes.

Thanks to all contributors!

Key Highlights

  • Security: Two security vulnerabilities have been addressed: a denial of service in remote-write (snappy decompression limit) and a secret exposure leak in STACKIT service discovery.
  • PromQL & Metadata: Several features and bug fixes related to the experimental "start timestamps" support, including updates to rate(), irate(), increase(), and resets(). New experimental functions start(), end(), range(), and step() are introduced.
  • TSDB Performance: Optimizations in head chunk lookup (constant time) and mmap operations to reduce CPU usage.
  • Service Discovery: Added support for DigitalOcean Managed Databases and Outscale VM, along with improvements to AWS SD (IPv6 support for EC2, external ID support).
  • UI: Added a web interface for deleting time series and cleaning tombstones.

Changelog

  • [SECURITY] Remote: Reject snappy-compressed received requests via Remote Write whose declared decoded length exceeds the 32MB. Thanks to @​hibrian827 for reporting it. #​18642
  • [SECURITY] STACKIT SD: Fix secrets being exposed in plaintext via /-/config endpoint. Thanks to @​August829 and @​Phaxma for reporting. GHSA-39j6-789q-qxvh #​18649
  • [CHANGE] TSDB/Agent: Adds Start Timestamp field to all WAL Histogram samples in memory; used st-storage flag is enabled. #​18221
  • [FEATURE] API: Add /api/v1/status/self_metrics endpoint returning the current state of the Prometheus server's own metrics about itself as JSON. #​18411
  • [FEATURE] Discovery: Add DigitalOcean Managed Databases service discovery #​18287
  • [FEATURE] Prometheus: Add support for the aix/ppc64 compilation target #​18321
  • [FEATURE] Discovery: Add Outscale VM service discovery (outscale_sd_configs) for discovering scrape targets from the Outscale Cloud API. #​18139
  • [FEATURE] PromQL: Emit a warning when sort, sort_by_label or sort_by_label_desc is used within range (matrix) queries, as these functions do not have effect in that context. #​18498
  • [FEATURE] PromQL: Add start(), end(), range(), and step() experimental functions #​17877
  • [FEATURE] PromQL: Update resets() function to consider start timestamp resets. Hidden behind use-start-timestamps feature flag. #​18627
  • [FEATURE] Prometheus: Promote auto-reload-config as stable #​18620
  • [FEATURE] TSDB/Agent: Add CheckpointFromInMemorySeries option to agent.DB that enables checkpoint based on in-memory series. #​17948
  • [FEATURE] UI: Add a web interface for deleting time series and cleaning tombstones, accessible from the Status menu. #​18390
  • [FEATURE] PromQL: Use start timestamps for rate(), irate(), and increase() calculations, behind a feature flag use-start-timestamps. Doesn't work together with extended range selectors anchored and smoothed. #​18344
  • [FEATURE] Scrape: Added a feature flag st-synthesis which synthesizes unknown STs for scraped cumulative metrics. Useful when Remote Writing 2.0 with delta or Otel-based backends. #​18279
  • [FEATURE] promqltest: support @st annotation in load blocks to specify per-sample start timestamps. #​18360
  • [ENHANCEMENT] API: reject concurrent fgprof profiles. #​18651
  • [ENHANCEMENT] AWS SD: Add optional external_id field to ECS/MSK/RDS/Elasticache. #​18579
  • [ENHANCEMENT] AWS SD: Add optional external_id field. #​17171
  • [ENHANCEMENT] Discovery: Propagate SD target updates faster by introducing dynamic backoff interval instead of static 5s interval for throttling. #​18187
  • [ENHANCEMENT] Promtool: Add --header flag to query instant command, matching existing query range behaviour. #​18418
  • [ENHANCEMENT]: AWS SD: Allows EC2 service discovery to discover IPv6 addresses to communicate with target endpoints. The private IPv4 address remains the default when both IPv4 and IPv6 addresses are present. #​16088
  • [PERF] TSDB: Make head chunk lookup in range queries constant time instead of quadratic time #​18302
  • [PERF] TSDB: Skip entire stripes in mmapHeadChunks when no series need mmapping, reducing CPU utilization significantly at production-relevant scales. #​18541
  • [PERF] TSDB: Skip clean series during periodic head chunk mmap using cached head chunk count #​18272
  • [PERF] PromQL: Address FloatHistogram.KahanAdd performance regression on Go 1.26. #​18568
  • [BUGFIX] PromQL: Fix info() function incorrectly handling negated __name__ matchers #​17932
  • [BUGFIX] API: Return duration expressions in /parse_ast. #​18624
  • [BUGFIX] API: correctly document formats accepted for duration query request parameters (step, timeout and lookback delta) in OpenAPI spec #​18305
  • [BUGFIX] Scrape: AppenderV2 now tracks staleness even when OOO/duplicate series errors happen similar to AppenderV1 #​18567
  • [BUGFIX] Config: Validate remote_write queue_config fields at load time to prevent runtime panic and silent misconfiguration. #​18209
  • [BUGFIX] Discovery/Consul: Add health_filter for Health API filtering, fixing breakage when using Catalog-only fields like ServiceTags in filter. #​18479 #​18499
  • [BUGFIX] OTLP: limit decompressed body size for gzip-encoded OTLP write requests. #​18408
  • [BUGFIX] PromQL: Fix smoothed rate/increase returning zero instead of no result when all data falls strictly after the query range. #​18523
  • [BUGFIX] PromQL: Fix metric name not being dropped when last_over_time or first_over_time is applied to subqueries containing name-dropping functions like abs(). #​18409
  • [BUGFIX] PromQL: Fix missing warning when mixing exponential and custom-bucket histograms in stats queries. #​18660
  • [BUGFIX] PromQL: Fix parsing of range() keyword in duration expressions such as foo[5m+range()]. #​18623
  • [BUGFIX] PromQL: Fix smoothed vector selector returning no results in binary operations when the @ modifier is used. #​18531
  • [BUGFIX] PromQL: Reject NaN, infinite, and out-of-range duration expressions instead of silently producing an out-of-range time.Duration. #​18639
  • [BUGFIX] Scrape: Fix panic when scraping malformed native histograms. #​18414
  • [BUGFIX] Scrape: fix panic when scraping a target exposing a summary with no quantiles via the protobuf format. #​18382
  • [BUGFIX] Scrape: fix scrape failure log file occasionally not applied after a configuration reload. #​18421
  • [BUGFIX] TSDB: Allow retention percentage with new data path. #​18628
  • [BUGFIX] TSDB: Preserve decimal precision in percentage-based retention #​18374
  • [BUGFIX] TSDB: fix prometheus_tsdb_head_chunks going negative after WAL replay #​18401
  • [BUGFIX] TSDB: panic with native histograms during query of overlapping chunks. #​18692
  • [BUGFIX] Tracing: fix startup failure for insecure OTLP HTTP tracing #​18469
  • [BUGFIX] UI: Escape label values offered by PromQL autocomplete. #​18658
  • [BUGFIX] UI: Improve Y-axis tick label precision for graph values over small ranges. #​18682
  • [BUGFIX] prometheus_sd_refresh* and prometheus_sd_discovered_targets metrics for specific scrape jobs are deleted when the scrape job is removed. #​17614
  • [BUGFIX] Remote: fixed validation for received RW2 requests when parsing metadata unit symbols. This fixes a case when request would cause (recovered) handler panic. #​18641
  • [BUGFIX] TSDB/Agent: fix race in agent appender where concurrent appends for the same label set could produce duplicate in-memory series and duplicate WAL records. #​18292
  • [BUGFIX] Config: Update --enable-feature flag description and sort feature names. #​18487

v3.11.3: 3.11.3 / 2026-04-27

Compare Source

This release fixes mutiple security issues.

We would like to thank the following people for the responsible disclosures:

v3.11.2: 3.11.2 / 2026-04-13

Compare Source

This release has a fix for a Stored XSS vulnerability that can be triggered via crafted metric names and label values in Prometheus web UI tooltips and metrics explorer. Thanks to Duc Anh Nguyen from TinyxLab for reporting it.

  • [SECURITY] UI: Fix stored XSS via unescaped metric names and labels. CVE-2026-40179. #​18506
  • [ENHANCEMENT] Consul SD: Introduce health_filter field for Health API filtering. #​18499
  • [BUGFIX] Consul SD: Fix filter parameter being incorrectly applied to the Health API. #​18499

v3.11.1: 3.11.1 / 2026-04-07

Compare Source

  • [BUGFIX] Tracing: Fix startup failure for OTLP HTTP tracing with insecure: true. #​18469

v3.11.0: 3.11.0 / 2026-04-02

Compare Source

  • [CHANGE] Hetzner SD: The __meta_hetzner_datacenter label is deprecated for the role robot but kept for backward compatibility, use the __meta_hetzner_robot_datacenter label instead. For the role hcloud, the label is deprecated and will stop working after the 1 July 2026. #​17850
  • [CHANGE] Hetzner SD: The __meta_hetzner_hcloud_datacenter_location and __meta_hetzner_hcloud_datacenter_location_network_zone labels are deprecated, use the __meta_hetzner_hcloud_location and __meta_hetzner_hcloud_location_network_zone labels instead. #​17850
  • [CHANGE] Promtool: Redirect debug output to stderr to avoid interfering with stdout-based tool output. #​18346
  • [FEATURE] AWS SD: Add Elasticache Role. #​18099
  • [FEATURE] AWS SD: Add RDS Role. #​18206
  • [FEATURE] Azure SD: Add support for Azure Workload Identity authentication method. #​17207
  • [FEATURE] Discovery: Introduce prometheus_sd_last_update_timestamp_seconds metric to track the last time a service discovery update was sent to consumers. #​18194
  • [FEATURE] Kubernetes SD: Add support for node role selectors for pod roles. #​18006
  • [FEATURE] Kubernetes SD: Introduce pod-based labels for deployment, cronjob, and job controller names: __meta_kubernetes_pod_deployment_name, __meta_kubernetes_pod_cronjob_name and __meta_kubernetes_pod_job_name, respectively. #​17774
  • [FEATURE] PromQL: Add </ and >/ operators for trimming observations from native histograms. #​17904
  • [FEATURE] PromQL: Add experimental histogram_quantiles variadic function for computing multiple quantiles at once. #​17285
  • [FEATURE] TSDB: Add storage.tsdb.retention.percentage configuration to configure the maximum percent of disk usable for TSDB storage. #​18080
  • [FEATURE] TSDB: Add an experimental st-storage feature flag. When enabled, Prometheus stores ingested start timestamps (ST, previously called Created Timestamp) from scrape or OTLP in the TSDB and Agent WAL, and exposes them via Remote Write 2. #​18062
  • [FEATURE] TSDB: Add an experimental xor2-encoding feature flag for the new TSDB block float sample chunk encoding that is optimized for scraped data and allows encoding start timestamps. #​18062
  • [ENHANCEMENT] HTTP client: Add AWS external_id support for sigv4. #​17916
  • [ENHANCEMENT] Kubernetes SD: Deduplicate deprecation warning logs from the Kubernetes API to reduce noise. #​17829
  • [ENHANCEMENT] TSDB: Remove old temporary checkpoints when creating a Checkpoint. #​17598
  • [ENHANCEMENT] UI: Add autocomplete support for experimental first_over_time and ts_of_first_over_time PromQL functions. #​18318
  • [ENHANCEMENT] Vultr SD: Upgrade govultr library from v2 to v3 for continued security patches and maintenance. #​18347
  • [PERF] PromQL: Improve performance and reduce heap allocations in joins (VectorBinop)/And/Or/Unless. #​17159
  • [PERF] PromQL: Partially address performance regression in native histogram aggregations due to using KahanAdd. #​18252
  • [PERF] Remote write: Optimize WAL watching used for RW sending to reuse internal buffers. #​18250
  • [PERF] TSDB: Optimize LabelValues intersection performance for matchers. #​18069
  • [PERF] UI: Skip restacking on hover in stacked series charts. #​18230
  • [BUGFIX] AWS SD: Fix EC2 SD ignoring the configured endpoint option, a regression from the AWS SDK v2 migration. #​18133
  • [BUGFIX] AWS SD: Fix panic in EC2 SD when DescribeAvailabilityZones returns nil ZoneName or ZoneId. #​18133
  • [BUGFIX] Agent: Fix memory leak caused by duplicate SeriesRefs being loaded as active series. #​17538
  • [BUGFIX] Alerting: Fix alert state incorrectly resetting to pending when the FOR period is increased in the config file. #​18244
  • [BUGFIX] Azure SD: Fix system-assigned managed identity not working when client_id is empty. #​18323
  • [BUGFIX] Consul SD: Fix filter parameter not being applied to health service endpoint, causing Node and Node.Meta filters to be ignored. #​17349
  • [BUGFIX] Kubernetes SD: Fix duplicate targets generated by *DualStack EndpointSlices policies. #​18192
  • [BUGFIX] OTLP: Fix ErrTooOldSample being returned as HTTP 500 instead of 400 in PRW v2 histogram write paths, preventing infinite client retry loops. #​18084
  • [BUGFIX] OTLP: Fix exemplars getting mixed between incorrect parts of a histogram. #​18056
  • [BUGFIX] PromQL: Do not skip histogram buckets in queries where histogram trimming is used. #​18263
  • [BUGFIX] Remote write: Fix prometheus_remote_storage_sent_batch_duration_seconds measuring before the request was sent. #​18214
  • [BUGFIX] Rules: Fix alert state restoration when rule labels contain Go template expressions. #​18375
  • [BUGFIX] Scrape: Fix panic when parsing bare label names without an equal sign in brace-only metric notation. #​18229
  • [BUGFIX] TSDB: Fail early when use-uncached-io feature flag is set on unsupported environments. #​18219
  • [BUGFIX] TSDB: Fall back to CLI flag values when retention is removed from config file. #​18200
  • [BUGFIX] TSDB: Fix memory leaks in buffer pools by clearing reference fields before returning buffers to pools. #​17895
  • [BUGFIX] TSDB: Fix missing mmap of histogram chunks during WAL replay. #​18306
  • [BUGFIX] TSDB: Fix storage.tsdb.retention.time unit mismatch in file causing retention to be 1e6 times longer than configured. #​18200
  • [BUGFIX] Tracing: Fix missing traceID in query log when tracing is enabled, previously only spanID was emitted. #​18189
  • [BUGFIX] UI: Fix tooltip Y-offset drift when using multiple graph panels. #​18228
  • [BUGFIX] UI: Update retention display in runtime info when config is reloaded. #​18200

v3.10.0: 3.10.0 / 2026-02-24

Compare Source

Prometheus now offers a distroless Docker image variant alongside the default
busybox image. The distroless variant provides enhanced security with a minimal
base image, uses UID/GID 65532 (nonroot) instead of nobody, and removes the
VOLUME declaration. Both variants are available with -busybox and -distroless
tag suffixes (e.g., prom/prometheus:latest-busybox, prom/prometheus:latest-distroless).
The busybox image remains the default with no suffix for backwards compatibility
(e.g., prom/prometheus:latest points to the busybox variant).

For users migrating existing named volumes from the busybox image to the distroless variant, the ownership can be adjusted with:

docker run --rm -v prometheus-data:/prometheus alpine chown -R 65532:65532 /prometheus

Then, the container can be started with the old volume with:

docker run -v prometheus-data:/prometheus prom/prometheus:latest-distroless

User migrating from bind mounts might need to ajust permissions too, depending on their setup.

  • [CHANGE] Alerting: Add alertmanager dimension to following metrics: prometheus_notifications_dropped_total, prometheus_notifications_queue_capacity, prometheus_notifications_queue_length. #​16355
  • [CHANGE] UI: Hide expanded alert annotations by default, enabling more information density on the /alerts page. #​17611
  • [FEATURE] AWS SD: Add MSK Role. #​17600
  • [FEATURE] PromQL: Add fill() / fill_left() / fill_right() binop modifiers for specifying default values for missing series. #​17644
  • [FEATURE] Web: Add OpenAPI 3.2 specification for the HTTP API at /api/v1/openapi.yaml. #​17825
  • [FEATURE] Dockerfile: Add distroless image variant using UID/GID 65532 and no VOLUME declaration. Busybox image remains default. #​17876
  • [FEATURE] Web: Add on-demand wall time profiling under <URL>/debug/pprof/fgprof. #​18027
  • [ENHANCEMENT] PromQL: Add more detail to histogram quantile monotonicity info annotations. #​15578
  • [ENHANCEMENT] Alerting: Independent alertmanager sendloops. #​16355
  • [ENHANCEMENT] TSDB: Experimental support for early compaction of stale series in the memory with configurable threshold stale_series_compaction_threshold in the config file. #​16929
  • [ENHANCEMENT] Service Discovery: Service discoveries are now removable from the Prometheus binary through the Go build tag remove_all_sd and individual service discoveries can be re-added with the build tags enable_<sd name>_sd. Users can build a custom Prometheus with only the necessary SDs for a smaller binary size. #​17736
  • [ENHANCEMENT] Promtool: Support promql syntax features promql-duration-expr and promql-extended-range-selectors. #​17926
  • [PERF] PromQL: Avoid unnecessary label extraction in PromQL functions. #​17676
  • [PERF] PromQL: Improve performance of regex matchers like .*-.*-.*. #​17707
  • [PERF] OTLP: Add label caching for OTLP-to-Prometheus conversion to reduce allocations and improve latency. #​17860
  • [PERF] API: Compute /api/v1/targets/relabel_steps in a single pass instead of re-running relabeling for each prefix. #​17969
  • [PERF] tsdb: Optimize LabelValues intersection performance for matchers. #​18069
  • [BUGFIX] PromQL: Prevent query strings containing only UTF-8 continuation bytes from crashing Prometheus. #​17735
  • [BUGFIX] Web: Fix missing X-Prometheus-Stopping header for /-/ready endpoint in NotReady state. #​17795
  • [BUGFIX] PromQL: Fix PromQL info() function returning empty results when filtering by a label that exists on both the input metric and target_info. #​17817
  • [BUGFIX] TSDB: Fix a bug during exemplar buffer grow/shrink that could cause exemplars to be incorrectly discarded. #​17863
  • [BUGFIX] UI: Fix broken graph display after page reload, due to broken Y axis min encoding/decoding. #​17869
  • [BUGFIX] TSDB: Fix memory leaks in buffer pools by clearing reference fields (Labels, Histogram pointers, metadata strings) before returning buffers to pools. #​17879
  • [BUGFIX] PromQL: info function: fix series without identifying labels not being returned. #​17898
  • [BUGFIX] OTLP: Filter __name__ from OTLP attributes to prevent duplicate labels. #​17917
  • [BUGFIX] TSDB: Fix division by zero when computing stale series ratio with empty head. #​17952
  • [BUGFIX] OTLP: Fix potential silent data loss for sum metrics. #​17954
  • [BUGFIX] PromQL: Fix smoothed interpolation across counter resets. #​17988
  • [BUGFIX] PromQL: Fix panic with @ modifier on empty ranges. #​18020
  • [BUGFIX] PromQL: Fix avg_over_time for a single native histogram. #​18058

v3.9.1: 3.9.1 / 2026-01-07

Compare Source

  • [BUGFIX] Agent: fix crash shortly after startup from invalid type of object. #​17802
  • [BUGFIX] Scraping: fix relabel keep/drop not working. #​17807

v3.9.0: 3.9.0 / 2026-01-06

Compare Source

Note for users of Native Histograms

In version 3.9, Native Histograms is no longer experimental, and the feature flag native-histogram has no effect. You must now turn on
the config setting scrape_native_histograms to collect Native Histogram samples from exporters.

Changelog

  • [CHANGE] Native Histograms are no longer experimental! Make the native-histogram feature flag a no-op. Use scrape_native_histograms config option instead. #​17528
  • [CHANGE] API: Add maximum limit of 10,000 sets of statistics to TSDB status endpoint. #​17647
  • [FEATURE] API: Add /api/v1/features for clients to understand which features are supported. #​17427
  • [FEATURE] Promtool: Add start_timestamp field for unit tests. #​17636
  • [FEATURE] Promtool: Add --format seriesjson option to tsdb dump to output just series labels in JSON format. #​13409
  • [FEATURE] Add --storage.tsdb.delay-compact-file.path flag for better interoperability with Thanos. #​17435
  • [FEATURE] UI: Add an option on the query drop-down menu to duplicate that query panel. #​17714
  • [ENHANCEMENT]: TSDB: add flag --storage.tsdb.block-reload-interval to configure TSDB Block Reload Interval. #​16728
  • [ENHANCEMENT] UI: Add graph option to start the chart's Y axis at zero. #​17565
  • [ENHANCEMENT] Scraping: Classic protobuf format no longer requires the unit in the metric name. #​16834
  • [ENHANCEMENT] PromQL, Rules, SD, Scraping: Add native histograms to complement existing summaries. #​17374
  • [ENHANCEMENT] Notifications: Add a histogram prometheus_notifications_latency_histogram_seconds to complement the existing summary. #​16637
  • [ENHANCEMENT] Remote-write: Add custom scope support for AzureAD authentication. #​17483
  • [ENHANCEMENT] SD: add a config label with job name for most prometheus_sd_refresh metrics. #​17138
  • [ENHANCEMENT] TSDB: New histogram prometheus_tsdb_sample_ooo_delta, the distribution of out-of-order samples in seconds. Collected for all samples, accepted or not. #​17477
  • [ENHANCEMENT] Remote-read: Validate histograms received via remote-read. #​17561
  • [PERF] TSDB: Small optimizations to postings index. #​17439
  • [PERF] Scraping: Speed up relabelling of series. #​17530
  • [PERF] PromQL: Small optimisations in binary operators. #​17524, #​17519.
  • [BUGFIX] UI: PromQL autocomplete now shows the correct type and HELP text for OpenMetrics counters whose samples end in _total. #​17682
  • [BUGFIX] UI: Fixed codemirror-promql incorrectly showing label completion suggestions after the closing curly brace of a vector selector. #​17602
  • [BUGFIX] UI: Query editor no longer suggests a duration unit if one is already present after a number. #​17605
  • [BUGFIX] PromQL: Fix some "vector cannot contain metrics with the same labelset" errors when experimental delayed name removal is enabled. #​17678
  • [BUGFIX] PromQL: Fix possible corruption of PromQL text if the query had an empty ignoring() and non-empty grouping. #​17643
  • [BUGFIX] PromQL: Fix resets/changes to return empty results for anchored selectors when all samples are outside the range. #​17479
  • [BUGFIX] PromQL: Check more consistently for many-to-one matching in filter binary operators. #​17668
  • [BUGFIX] PromQL: Fix collision in unary negation with non-overlapping series. #​17708
  • [BUGFIX] PromQL: Fix collision in label_join and label_replace with non-overlapping series. #​17703
  • [BUGFIX] PromQL: Fix bug with inconsistent results for queries with OR expression when experimental delayed name removal is enabled. #​17161
  • [BUGFIX] PromQL: Ensure that rate/increase/delta of histograms results in a gauge histogram. #​17608
  • [BUGFIX] PromQL: Do not panic while iterating over invalid histograms. #​17559
  • [BUGFIX] TSDB: Reject chunk files whose encoded chunk length overflows int. #​17533
  • [BUGFIX] TSDB: Do not panic during resolution reduction of invalid histograms. #​17561
  • [BUGFIX] Remote-write Receive: Avoid duplicate labels when experimental type-and-unit-label feature is enabled. #​17546
  • [BUGFIX] OTLP Receiver: Only write metadata to disk when experimental metadata-wal-records feature is enabled. #​17472

v3.8.1: 3.8.1 / 2025-12-16

Compare Source

  • [BUGFIX] remote: Fix Remote Write receiver, so it does not send wrong response headers for v1 flow and cause Prometheus senders to emit false partial error log and metrics. #​17683

v3.8.0: 3.8.0 / 2025-11-28

Compare Source

Note for users of Native Histograms

This is the first release with Native Histograms as a stable feature. However, scraping Native Histograms has to be activated explicitly via the scrape_native_histograms config setting (newly introduced in this release). To ease the transition, the --enable-feature=native-histograms flag is not a complete no-op in this release, but changes the default value of scrape_native_histograms to true. In the next release (v3.9), the feature flag will be a complete no-op, and the default value of scrape_native_histograms will always be false. If you have been using the feature flag so far, the recommended course of action is the following:

  1. Upgrade to v3.8 and keep the feature flag. Everything should work as before.
  2. At your own pace, set scrape_native_histograms to true in all relevant scrape configs. (There is a global and a per-scrape-config version of scrape_native_histograms, allowing granular control if needed. It is a good idea to also set scrape_native_histograms explicitly to false where you do not want to scrape Native Histograms. In this way, you do not depend on the default value of the setting anymore.)
  3. Remove the feature flag and make sure that everything still works as intended.
  4. Now you are ready for an upgrade to the next release (v3.9).

Changelog

  • [CHANGE] Remote-write 2 (receiving): Update to 2.0-rc.4 spec. "created timestamp" (CT) is now called "start timestamp" (ST). #​17411
  • [CHANGE] TSDB: Native Histogram Custom Bounds with a NaN threshold are now rejected. #​17287
  • [FEATURE] OAuth2: support jwt-bearer grant-type (RFC7523 3.1). #​17592
  • [FEATURE] Dockerfile: Add OpenContainers spec labels to Dockerfile. #​16483
  • [FEATURE] SD: Add unified AWS service discovery for ec2, lightsail and ecs services. #​17046
  • [FEATURE] Native histograms are now a stable, but optional feature, use the scrape_native_histograms config setting. #​17232 #​17315
  • [FEATURE] UI: Support anchored and smoothed keyword in promql editor. #​17239
  • [FEATURE] UI: Show detailed relabeling steps for each discovered target. #​17337
  • [FEATURE] Alerting: Add urlQueryEscape to template functions. #​17403
  • [FEATURE] Promtool: Add Remote-Write 2.0 support to promtool push metrics via the --protobuf_message flag. #​17417
  • [ENHANCEMENT] Clarify the docs about handling negative native histograms. #​17249
  • [ENHANCEMENT] Mixin: Add static UID to the remote-write dashboard. #​17256
  • [ENHANCEMENT] PromQL: Reconcile mismatched NHCB bounds in Add and Sub. #​17278
  • [ENHANCEMENT] Alerting: Add "unknown" state for alerting rules that haven't been evaluated yet. #​17282
  • [ENHANCEMENT] Scrape: Allow simultaneous use of classic histogram → NHCB conversion and zero-timestamp ingestion. #​17305
  • [ENHANCEMENT] UI: Add smoothed/anchored in explain. #​17334
  • [ENHANCEMENT] OTLP: De-duplicate any target_info samples with the same timestamp for the same series. #​17400
  • [ENHANCEMENT] Document use_fips_sts_endpoint in sigv4 config sections. #​17304
  • [ENHANCEMENT] Document Prometheus Agent. #​14519
  • [PERF] PromQL: Speed up parsing of variadic functions. #​17316
  • [PERF] UI: Speed up alerts/rules/... pages by not rendering collapsed content. #​17485
  • [PERF] UI: Performance improvement when getting label name and values in promql editor. #​17194
  • [PERF] UI: Speed up /alerts for many firing alerts via virtual scrolling. #​17254
  • [BUGFIX] PromQL: Fix slice indexing bug in info function on churning series. #​17199
  • [BUGFIX] API: Reduce lock contention on /api/v1/targets. #​17306
  • [BUGFIX] PromQL: Consistent handling of gauge vs. counter histograms in aggregations. #​17312
  • [BUGFIX] TSDB: Allow NHCB with -Inf as the first custom value. #​17320
  • [BUGFIX] UI: Fix duplicate loading of data from the API speed up rendering of some pages. #​17357
  • [BUGFIX] Old UI: Fix createExpressionLink to correctly build /graph URLs so links from Alerts/Rules work again. #​17365
  • [BUGFIX] PromQL: Avoid panic when parsing malformed info call. #​17379
  • [BUGFIX] PromQL: Include histograms when enforcing sample_limit. #​17390
  • [BUGFIX] Config: Fix panic if TLS CA file is absent. #​17418
  • [BUGFIX] PromQL: Fix histogram_fraction for classic histograms and NHCB if lower bound is in the first bucket. #​17424

v3.7.3: 3.7.3 / 2025-10-29

Compare Source

  • [BUGFIX] UI: Revert changed (and breaking) redirect behavior for -web.external-url if -web.route-prefix is configured, which was introduced in #​17240. #​17389
  • [BUGFIX] Fix federation of some native histograms. #​17299 #​17409
  • [BUGFIX] promtool: check config would fail when --lint=none flag was set. #​17399 #​17414
  • [BUGFIX] Remote-write: fix a deadlock in the queue resharding logic that can lead to suboptimal queue behavior. #​17412

v3.7.2: 3.7.2 / 2025-10-22

Compare Source

  • [

Note

PR body was truncated to here.


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@ti-chi-bot ti-chi-bot Bot requested a review from asddongmen November 15, 2024 00:06
@ti-chi-bot ti-chi-bot Bot added the size/XS label Nov 15, 2024
@renovate renovate Bot force-pushed the renovate/prometheus-prometheus-3.x branch from 5de0d0f to d20c060 Compare November 28, 2024 19:48
@renovate renovate Bot force-pushed the renovate/prometheus-prometheus-3.x branch from d20c060 to 95fa5f1 Compare January 2, 2025 16:26
@renovate renovate Bot force-pushed the renovate/prometheus-prometheus-3.x branch from 95fa5f1 to 44197a4 Compare February 17, 2025 23:14
@renovate renovate Bot force-pushed the renovate/prometheus-prometheus-3.x branch from 44197a4 to 57f11ec Compare February 26, 2025 11:36
@renovate renovate Bot force-pushed the renovate/prometheus-prometheus-3.x branch from 57f11ec to c5ab24a Compare April 18, 2025 14:40
@renovate renovate Bot force-pushed the renovate/prometheus-prometheus-3.x branch from c5ab24a to 691f066 Compare May 2, 2025 17:53
@renovate renovate Bot force-pushed the renovate/prometheus-prometheus-3.x branch from 691f066 to abe4707 Compare May 17, 2025 10:37
@renovate renovate Bot force-pushed the renovate/prometheus-prometheus-3.x branch from abe4707 to f11cb2f Compare May 31, 2025 16:25
@renovate renovate Bot force-pushed the renovate/prometheus-prometheus-3.x branch from f11cb2f to 184901c Compare June 26, 2025 23:05
@renovate renovate Bot force-pushed the renovate/prometheus-prometheus-3.x branch from 184901c to 84a4c13 Compare July 14, 2025 17:04
@wuhuizuo wuhuizuo added the help wanted Extra attention is needed label Aug 28, 2025
@renovate renovate Bot force-pushed the renovate/prometheus-prometheus-3.x branch from 84a4c13 to d8d7958 Compare September 22, 2025 08:53
@ti-chi-bot

ti-chi-bot Bot commented Sep 22, 2025

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign kanshiori for approval. For more information see the Code Review Process.
Please ensure that each of them provides their approval before proceeding.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@renovate renovate Bot force-pushed the renovate/prometheus-prometheus-3.x branch 3 times, most recently from d1a4f01 to c031116 Compare October 21, 2025 09:09
@renovate renovate Bot force-pushed the renovate/prometheus-prometheus-3.x branch from c031116 to 97bc2cb Compare October 22, 2025 19:35
@renovate renovate Bot force-pushed the renovate/prometheus-prometheus-3.x branch from 97bc2cb to bba2ea0 Compare October 30, 2025 11:03
@renovate renovate Bot force-pushed the renovate/prometheus-prometheus-3.x branch from bba2ea0 to e78ac48 Compare November 10, 2025 20:45
@renovate renovate Bot force-pushed the renovate/prometheus-prometheus-3.x branch from e78ac48 to a02450c Compare December 2, 2025 14:36
@renovate renovate Bot force-pushed the renovate/prometheus-prometheus-3.x branch 2 times, most recently from 62fc392 to 7514f19 Compare December 16, 2025 15:06
@renovate renovate Bot force-pushed the renovate/prometheus-prometheus-3.x branch 2 times, most recently from 2b939f4 to 6062762 Compare January 7, 2026 17:59
@renovate renovate Bot force-pushed the renovate/prometheus-prometheus-3.x branch from 6062762 to fd82558 Compare February 2, 2026 17:56
@renovate renovate Bot force-pushed the renovate/prometheus-prometheus-3.x branch from fd82558 to 6826ca1 Compare February 12, 2026 13:11
@renovate renovate Bot force-pushed the renovate/prometheus-prometheus-3.x branch from 6826ca1 to a6cd708 Compare February 26, 2026 02:14
@renovate renovate Bot force-pushed the renovate/prometheus-prometheus-3.x branch from a6cd708 to 6fae0db Compare April 2, 2026 13:56
@renovate renovate Bot force-pushed the renovate/prometheus-prometheus-3.x branch 2 times, most recently from 9ae4a49 to d5dd4be Compare April 13, 2026 17:26
@renovate renovate Bot force-pushed the renovate/prometheus-prometheus-3.x branch from d5dd4be to 32d2244 Compare April 27, 2026 19:08
@renovate renovate Bot force-pushed the renovate/prometheus-prometheus-3.x branch from 32d2244 to ef5b7f6 Compare May 14, 2026 17:59
@renovate renovate Bot force-pushed the renovate/prometheus-prometheus-3.x branch from ef5b7f6 to 0bb0d64 Compare May 28, 2026 20:54
@renovate renovate Bot force-pushed the renovate/prometheus-prometheus-3.x branch from 0bb0d64 to 9f15fb9 Compare July 1, 2026 22:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

help wanted Extra attention is needed size/XS

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant