Prometheus | v3.11.2

Prometheus v3.11.2 released on 13-04-2026


Prometheus v3.11.2 is out now. It fixes a stored cross-site scripting vulnerability in the web UI that could be triggered by crafted metric names and label values, and adds more precise Consul service-discovery filtering.

See the Prometheus GitHub release notes for full details and installation guidance.

What’s in this release

  • Security: UI stored XSS fix — user-provided metric and label text is now properly escaped to prevent script injection (CVE-2026-40179). Credit to Duc Anh Nguyen (TinyxLab) for reporting.
  • Enhancement: Consul SD gains a new health_filter field for declarative Health API filtering.
  • Bugfix: Corrected handling of the filter parameter for the Consul Health API so configured filters are honoured when discovering targets.

Upgrade notes

  • Install the update to address CVE-2026-40179; consult the project’s release notes on GitHub for any platform-specific instructions.
  • The release notes do not list breaking changes or deprecations; follow the usual rollback procedures if you encounter unexpected behaviour.

Comments and reports on upgrade experience are welcome — share any issues or observations so others can benefit.

Related posts

Weekly Tech Digest | 06 Jul 2026

Stay updated with the latest in tech! This digest covers AI ethics, auto industry shifts, and the impact of politics on technology, exploring today's pressing issues.

wolfCOSE zero-allocation parsing in embedded C

wolfCOSE looks sensible only if you care about what your firmware actually has to carry. I like that, because on small targets the wrong crypto feature can cost more than the message itself, and there...

restic | v0.19.1

restic v0 19 1: safer FUSE mounts and mountpoint checks, robust backup source and exclude handling, clearer CLI JSON output, Windows SFTP deletion fixes