parent-0.17.2
版本发布时间: 2022-09-22 06:16:10
prometheus/jmx_exporter最新发布版本:1.0.1(2024-05-31 12:20:21)
Minor release updating the snakeyaml
dependency from 1.31 to 1.32, because version 1.31 is vulnerable to CVE-2022-38752.
Note that jmx_exporter
uses snakeyaml
only to parse its config file. That means unless you have untrusted 3rd parties write your jmx_exporter
config the CVE does not apply. However, if you have automated security scanners complaining about the vulnerable snakeyaml
version this update will help.
As always, the jmx_exporter
binaries are available on Maven central:
- jmx_prometheus_javaagent-0.17.2.jar requires Java >= 7.
- jmx_prometheus_javaagent-0.17.2_java6.jar is compatible with Java 6.
- jmx_prometheus_httpserver-0.17.2.jar requires Java >= 7.
- jmx_prometheus_httpserver-0.17.2_java6.jar is compatible with Java 6.
Sounds like a deja vu? Yes, we had the same on 10 September when we updated snakeyaml
from 1.30 to 1.31 because of CVE-2022-25857.