@prometheus-io/lezer-promql 0.311.1 → 0.311.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +8 -0
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,13 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 3.11.2 / 2026-04-13
|
|
4
|
+
|
|
5
|
+
This release has a fix for a Stored XSS vulnerability that can be triggered via crafted metric names and label values in Prometheus web UI tooltips and metrics explorer. Thanks to Duc Anh Nguyen from TinyxLab for reporting it.
|
|
6
|
+
|
|
7
|
+
- [SECURITY] UI: Fix stored XSS via unescaped metric names and labels. CVE-2026-40179. #18506
|
|
8
|
+
- [ENHANCEMENT] Consul SD: Introduce `health_filter` field for Health API filtering. #18499
|
|
9
|
+
- [BUGFIX] Consul SD: Fix filter parameter being incorrectly applied to the Health API. #18499
|
|
10
|
+
|
|
3
11
|
## 3.11.1 / 2026-04-07
|
|
4
12
|
|
|
5
13
|
- [BUGFIX] Tracing: Fix startup failure for OTLP HTTP tracing with `insecure: true`. #18469
|