Prometheus | v3.13.0

Prometheus v3.13.0 released on 01-07-2026


Prometheus v3.13.0 is out now. As an LTS release it addresses a UI cross-site scripting vulnerability, consolidates third-party npm licenses into the binary, and adds publishing of container images to GitHub Container Registry — sensible maintenance for operators focused on security and stable packaging.

See the Prometheus GitHub releases page for full notes and download links, including container images and release tarballs.

What’s in this release

  • Security and packaging: bump of sanitize-html to fix CVE-2026-44990, and third-party npm licenses embedded in the binary and served at /assets/third-party-licenses.txt (replaces npm_licenses.tar.bz2).
  • PromQL, observability and UI: experimental search endpoints for metric/label name/value lookup, new scalar functions min_of()/max_of(), smoothed/anchored rate support for native histograms, and per-query samplesRead plus a prometheus_engine_query_samples_read_total counter for clearer query I/O metrics.
  • TSDB and performance: runtime option storage.tsdb.chunk_encoding.floats to choose xor or xor2, reduced per-sample chunk-population overhead (benchmarks show ~12–15% faster affected queries), fewer V2 histogram WAL decoder allocations (up to ~50% fewer allocations, ~10% less memory for some setups), and fixes preventing EncXOR2 chunk corruption on restart.

Upgrade notes

  • HTTP clients no longer forward credentials when following a redirect to a different host (affects scraping, remote_read/remote_write, alerting and service discovery). Review scrape and remote_write endpoints that rely on redirects and ensure authentication is presented to the final host or avoid cross-host redirects.
  • Rollback: if you must revert, deploy the last known-good Prometheus version from your registry or backups and restart your servers. The v3.13.0 images are published to ghcr.io for straightforward redeployment if you snapshot images before upgrading.

Tell the team and the community how the upgrade went — share any issues or surprises so others can learn from your experience.

Related posts

Weekly Tech Digest | 06 Jul 2026

Stay updated with the latest in tech! This digest covers AI ethics, auto industry shifts, and the impact of politics on technology, exploring today's pressing issues.

wolfCOSE zero-allocation parsing in embedded C

wolfCOSE looks sensible only if you care about what your firmware actually has to carry. I like that, because on small targets the wrong crypto feature can cost more than the message itself, and there...

restic | v0.19.1

restic v0 19 1: safer FUSE mounts and mountpoint checks, robust backup source and exclude handling, clearer CLI JSON output, Windows SFTP deletion fixes