Loki | v3.7.2

Loki v3.7.2 released on 13-05-2026


Loki v3.7.2 is out now. Operators and administrators should upgrade to mitigate known CVEs affecting the 3.7.x line.

See the full release notes and commits on GitHub: github.com/grafana/loki/compare/v3.7.1…v3.7.2

What’s in this release

  • Multiple security fixes addressing CVEs reported against the 3.7.x line.
  • S3 client dependency updated to github.com/aws/aws-sdk-go-v2/service/s3 v1.97.3 — a dependency-only change to resolve security issues.
  • Backported bugfix to prevent a panic in the ruler when the validation scheme is unset.
  • Storage change: attach a SHA-256 checksum on S3 PutObject calls for Object Lock–enabled buckets to satisfy integrity and Object Lock requirements.

Upgrade notes

  • No breaking changes are listed in the release. Upgrade is recommended to remediate the reported CVEs; consult the GitHub release for the exact commits and checks.
  • If you need to roll back, revert to v3.7.1 and validate rule evaluation and S3 Object Lock behaviour in a test environment before restoring production traffic.

If you try v3.7.2 or encounter issues, please open an issue on the project’s GitHub or comment on the release page to share your experience.

Related posts

Weekly Tech Digest | 06 Jul 2026

Stay updated with the latest in tech! This digest covers AI ethics, auto industry shifts, and the impact of politics on technology, exploring today's pressing issues.

wolfCOSE zero-allocation parsing in embedded C

wolfCOSE looks sensible only if you care about what your firmware actually has to carry. I like that, because on small targets the wrong crypto feature can cost more than the message itself, and there...

restic | v0.19.1

restic v0 19 1: safer FUSE mounts and mountpoint checks, robust backup source and exclude handling, clearer CLI JSON output, Windows SFTP deletion fixes