Tempo | v2.10.3

Tempo v2.10.3 released on 17-03-2026


Tempo v2.10.3 is out now. The release marks the S3 SSE‑C configuration field encryption_key as a secret so it will no longer be exposed in plaintext, resolving CVE‑2026‑28377 and reducing the risk of accidental disclosure of customer‑supplied SSE‑C keys.

Operators should consult the Tempo GitHub release and PR #6711 for the full technical details and follow the provided mitigation and upgrade guidance.

What’s in this release

  • S3 SSE‑C configuration field encryption_key is now treated as a secret to prevent plaintext exposure.
  • Fix resolves CVE‑2026‑28377; implemented in PR #6711 by @mattdurham.
  • Prevents prior leakage paths where keys could appear in configs, logs or API outputs.

Upgrade notes

  • Systems not using SSE‑C are not affected; SSE‑C users should prioritise upgrading to v2.10.3 and rotate any SSE‑C keys that may have been exposed before the upgrade.
  • For rolling clusters, upgrade agents and servers consistently to avoid mixed behaviour; test key handling in a staging environment and verify logs and debug outputs do not contain the encryption_key after upgrade.

Share comments on your experience with the upgrade or key rotation, especially if you manage SSE‑C keys or need to audit prior exposures.

Related posts

Weekly Tech Digest | 06 Jul 2026

Stay updated with the latest in tech! This digest covers AI ethics, auto industry shifts, and the impact of politics on technology, exploring today's pressing issues.

wolfCOSE zero-allocation parsing in embedded C

wolfCOSE looks sensible only if you care about what your firmware actually has to carry. I like that, because on small targets the wrong crypto feature can cost more than the message itself, and there...

restic | v0.19.1

restic v0 19 1: safer FUSE mounts and mountpoint checks, robust backup source and exclude handling, clearer CLI JSON output, Windows SFTP deletion fixes