Loki v3.7.2 released on 13-05-2026
Loki v3.7.2 is out now. Operators and administrators should upgrade to mitigate known CVEs affecting the 3.7.x line.
See the full release notes and commits on GitHub: github.com/grafana/loki/compare/v3.7.1…v3.7.2
What’s in this release
- Multiple security fixes addressing CVEs reported against the 3.7.x line.
- S3 client dependency updated to github.com/aws/aws-sdk-go-v2/service/s3 v1.97.3 — a dependency-only change to resolve security issues.
- Backported bugfix to prevent a panic in the ruler when the validation scheme is unset.
- Storage change: attach a SHA-256 checksum on S3 PutObject calls for Object Lock–enabled buckets to satisfy integrity and Object Lock requirements.
Upgrade notes
- No breaking changes are listed in the release. Upgrade is recommended to remediate the reported CVEs; consult the GitHub release for the exact commits and checks.
- If you need to roll back, revert to v3.7.1 and validate rule evaluation and S3 Object Lock behaviour in a test environment before restoring production traffic.
If you try v3.7.2 or encounter issues, please open an issue on the project’s GitHub or comment on the release page to share your experience.
