This site uses cookies for analytics and to improve your experience. By clicking Accept, you consent to our use of cookies. Learn more in our privacy policy.

Home
About
System Admin
Security
Tech
Home Lab
Threats
Weekly Digest
Deals
Advisories
Phishing Updates
Threats
Image Scraper
Contact

Tempo | v2.10.3

Tempo v2.10.3 released on 17-03-2026


Tempo v2.10.3 is out now. It addresses an information exposure in S3 SSE‑C handling by treating the encryption_key as a secret so it is not exposed in plaintext.

Users running customer‑provided S3 server‑side encryption (SSE‑C) should review the release notes and PR #6711 on the Tempo GitHub for details and the related advisory (CVE-2026-28377).

What’s in this release

  • S3 SSE‑C encryption_key is now treated as a secret to prevent it appearing in logs, diagnostics or other outputs (security fix).
  • Fix resolves the information exposure tracked as CVE-2026-28377.
  • Change implemented in PR #6711 (author: @mattdurham).

Upgrade notes

  • Upgrade to v2.10.3 if you use S3 SSE‑C — this is a security‑critical fix that eliminates the plaintext exposure risk.
  • If you cannot upgrade immediately: rotate SSE‑C keys, remove keys from logs or configuration files accessible to non‑privileged users, and restrict access to systems that store or process those keys.

Share comments on your experience upgrading or any issues via the Tempo GitHub PR discussion or the repository issue tracker.

0
0
0
0
Total
0
Shares
Share 0
Tweet 0
Pin it 0
Share 0
Tags:
Releases

Related posts

Vector | vdev-v0.3.3

Vector vdev v0 3 3: patch release with crash, leak and parsing fixes, connector and tooling improvements, upgrade notes on prechecks, rolling updates, compat

Loki | v3.7.2

Loki v3 7 2: security and CVE fixes, updated S3 client to aws sdk v1 97 3, ruler panic fix for unset validation scheme, S3 Object Lock sends SHA256 checksum

Loki | v3.7.2

Loki v3 7 2: Patch release with CVE fixes, AWS S3 SDK update, ruler panic fix, S3 Object Lock SHA256 checksum support