Loki v3.7.2 released on 13-05-2026
Loki v3.7.2 is out now. It backports critical security and stability fixes to the 3.7.x line, addressing several CVEs and making S3 Object Lock behaviour more robust.
See the GitHub release notes for the full changelog and upgrade guidance.
What’s in this release
- Security fixes for CVEs affecting the 3.7.x line and a dependency update: AWS S3 SDK (github.com/aws/aws-sdk-go-v2/service/s3) updated to v1.97.3 to resolve vulnerabilities.
- Backported ruler stability fix that prevents a panic caused by an unset validation scheme, improving rule evaluation stability on the 3.7.x branch.
- Storage change: the S3 layer now attaches a SHA-256 checksum on PutObject requests for Object Lock buckets to ensure integrity checks and compatibility with Object Lock requirements.
Upgrade notes
- No breaking changes are documented in the release notes; review the AWS S3 SDK update (v1.97.3) before upgrading to confirm compatibility with your setup.
- No explicit rollback instructions in the release; if you need to revert, follow your normal rollback procedure and consult the GitHub release page for details.
Please share any comments or issues you encounter after upgrading on the project’s GitHub or community channels — feedback helps catch regressions early.
