Tempo | v2.10.3

Tempo v2.10.3 released on 17-03-2026


Tempo v2.10.3 is out now. It addresses an information exposure in S3 SSE‑C handling by treating the encryption_key as a secret so it is not exposed in plaintext.

Users running customer‑provided S3 server‑side encryption (SSE‑C) should review the release notes and PR #6711 on the Tempo GitHub for details and the related advisory (CVE-2026-28377).

What’s in this release

  • S3 SSE‑C encryption_key is now treated as a secret to prevent it appearing in logs, diagnostics or other outputs (security fix).
  • Fix resolves the information exposure tracked as CVE-2026-28377.
  • Change implemented in PR #6711 (author: @mattdurham).

Upgrade notes

  • Upgrade to v2.10.3 if you use S3 SSE‑C — this is a security‑critical fix that eliminates the plaintext exposure risk.
  • If you cannot upgrade immediately: rotate SSE‑C keys, remove keys from logs or configuration files accessible to non‑privileged users, and restrict access to systems that store or process those keys.

Share comments on your experience upgrading or any issues via the Tempo GitHub PR discussion or the repository issue tracker.

Related posts

Agentic AI still needs domain judgement

Agentic AI can write the thing, but it still cannot tell you whether the thing is right. That is where domain expertise matters, because a clean config or neat bit of glue logic can still be wrong in...

Weekly Tech Digest | 06 Jul 2026

Stay updated with the latest in tech! This digest covers AI ethics, auto industry shifts, and the impact of politics on technology, exploring today's pressing issues.

wolfCOSE zero-allocation parsing in embedded C

wolfCOSE looks sensible only if you care about what your firmware actually has to carry. I like that, because on small targets the wrong crypto feature can cost more than the message itself, and there...