Prometheus | v3.12.0

Prometheus v3.12.0 released on 28-05-2026


Prometheus v3.12.0 is out now. Operators and users gain multiple security hardenings (remote-write and OTLP limits), PromQL additions and a range of TSDB/agent robustness and performance fixes.

See the project’s GitHub release notes and the official Prometheus release page for full details and download instructions.

What’s in this release

  • Security fixes: remote-write now rejects snappy-compressed requests whose declared decoded length exceeds 32MB; OTLP gzip-encoded write requests are limited in decompressed body size; STACKIT SD no longer exposes secrets in plaintext via /-/config (GHSA-39j6-789q-qxvh).
  • PromQL enhancements: experimental functions start(), end(), range(), and step(); warnings when sort/sort_by_label are used inside range (matrix) queries; a use-start-timestamps feature flag affecting rate/irate/increase and resets().
  • TSDB/Agent and performance: start timestamp fields for in-memory WAL histogram samples when st-storage is enabled; CheckpointFromInMemorySeries option for agent.DB; multiple TSDB performance optimisations and bug fixes preventing negative prometheus_tsdb_head_chunks and panics in overlapping-chunk queries.

Upgrade notes

  • remote_write queue_config fields are now validated at load time. Validate and correct any queue_config entries before upgrading to avoid load-time validation failures.
  • Be aware that oversized compressed writes may be rejected (snappy decoded length >32MB and OTLP gzip decompressed limits). If these checks block your rollout, revert to the previous release while you adjust exporters or client behaviour.

Share deployment notes or any issues you see with v3.12.0 so other operators can benefit from your experience.

Related posts

Weekly Tech Digest | 06 Jul 2026

Stay updated with the latest in tech! This digest covers AI ethics, auto industry shifts, and the impact of politics on technology, exploring today's pressing issues.

wolfCOSE zero-allocation parsing in embedded C

wolfCOSE looks sensible only if you care about what your firmware actually has to carry. I like that, because on small targets the wrong crypto feature can cost more than the message itself, and there...

restic | v0.19.1

restic v0 19 1: safer FUSE mounts and mountpoint checks, robust backup source and exclude handling, clearer CLI JSON output, Windows SFTP deletion fixes