Skip to content

Releases: prometheus/jmx_exporter

1.0.1 / 2024-05-31

31 May 04:20
Compare
Choose a tag to compare

This release adds Prometheus Protobuf support.

As always, the jmx_exporter binaries are available on Maven Central:

NOTES

1. Metrics are no longer served on the root (/) path. You will be required to change the scrape URL to /metrics

2. Some JVM metric names have changed to conform with the OpenMetrics specification.

Dashboards will need to be changed if referencing the changed JVM metrics.

https://prometheus.github.io/client_java/migration/simpleclient/#jvm-metrics

3. MBean names that are normalized to the same metric name will now contain a label named _objectname that references the MBean that provided the metric.

Example:

# HELP kafka_rest_jersey_metrics_v3_topics_partitions_reassignment_list_request The request count using a cumulative counter kafka.rest:name=null,type=jersey-metrics,attribute=v3.topics.partitions-reassignment.list.request-total
# TYPE kafka_rest_jersey_metrics_v3_topics_partitions_reassignment_list_request untyped
kafka_rest_jersey_metrics_v3_topics_partitions_reassignment_list_request{_objectname="kafka.rest<type=jersey-metrics><>v3.topics-partitions-reassignment.list.request-total"} 0.0
kafka_rest_jersey_metrics_v3_topics_partitions_reassignment_list_request{_objectname="kafka.rest<type=jersey-metrics><>v3.topics.partitions-reassignment.list.request-total"} 0.0

[BUGFIX] Collection fails for Kafka using release 1.0.0
[BUGFIX] Fixed NullPointerException during scrape. Thanks @simon-greatrix
[ENHANCEMENT] Improved JMX scraping performance. Thanks @nicktelford
[ENHANCEMENT] Added configuration example for Kafka KRaft metrics. Thanks @KumKeeHyun.
[ENHANCEMENT] Added configuration example for Presto/Trino metrics. Thanks @Akanksha-kedia
[ENHANCEMENT] Added configuration example for Hazelcast. Thanks @Nirzak
[ENHANCEMENT] Added better exception handling in Java agent premain. Thanks @guhanjie.
[CHANGE] Updated Tomcat example configuration. Thanks @lautarozerpa.
[CHANGE] Updated integration testing containers to include Java 21 and 22
[CHANGE] Added azul/prime:21 to integration test containers

1.0.0 / 2024-05-17

17 May 12:25
a9d9be2
Compare
Choose a tag to compare

This release has functional issues and should not be used.

Use 1.0.1

0.20.0 / 2023-08-12

13 Aug 02:36
Compare
Choose a tag to compare

This release includes performance enhancements and new MBean attribute filtering.

As always, the jmx_exporter binaries are available on Maven Central:

[FEATURE] Added HTTPServer threads configuration (#837)
[FEATURE] Refactored outdated terms (#852)
[FEATURE] Added code to skip RuntimeMXBean attributes SystemProperties, ClassPath, BootClassPath, and LibraryPath (#859)
[FEATURE] Added MBean attribute exclusion filtering (#870)
[FEATURE] Enabled auto object name attribute filtering by default (#871)

0.19.0 / 2023-06-30

30 Jun 20:05
Compare
Choose a tag to compare

This release adds the long awaited support for HTTPS and Basic auth! See README.md for details.

BREAKING: We dropped Java 6 support. jmx_exporter now requires Java 8 or higher.

As always, the jmx_exporter binaries are available on Maven central:

[BREAKING] Removed support for Java 6. New baseline is Java 8
[ENHANCEMENT] HTTP Basic authentication (#801)
[ENHANCEMENT] HTTPS support (#812)
[ENHANCEMENT] Add support for JMX TabularData that uses a CompositeData key (#814) Thanks @adamretter!!!
[ENHANCEMENT] MetricsAssertion support for multiple labels (#815)

0.18.0 / 2023-03-07

07 Mar 21:42
Compare
Choose a tag to compare

This release updates the snakeyaml dependency from 1.32 to 2.0, because version 1.32 is vulnerable to CVE-2022-1471.

Note that jmx_exporter uses snakeyaml only to parse its config file. That means unless you have untrusted 3rd parties write your jmx_exporter config the CVE does not apply. However, if you have automated security scanners complaining about the vulnerable snakeyaml version this update will help.

As always, the jmx_exporter binaries are available on Maven central:

Fixes and enhancements included in this release:

[BUGFIX] Fix jmx_exporter_build_info metric #768. Thanks @dhoard.
[BUGFIX] Fix the Debian package build #752, #650. Thanks @ozon2 and @Skunnyk.
[ENHANCEMENT] Improve performance of duplicate sample lookup #719. Thanks @amuraru.
[BUGFIX] Bump Snakeyaml dependency version to 2.0 to fix CVE-2022-1471 #777, #767. Thanks @dhoard and @ppatierno.

0.17.2 / 2022-09-22

21 Sep 22:16
Compare
Choose a tag to compare

Minor release updating the snakeyaml dependency from 1.31 to 1.32, because version 1.31 is vulnerable to CVE-2022-38752.

Note that jmx_exporter uses snakeyaml only to parse its config file. That means unless you have untrusted 3rd parties write your jmx_exporter config the CVE does not apply. However, if you have automated security scanners complaining about the vulnerable snakeyaml version this update will help.

As always, the jmx_exporter binaries are available on Maven central:

Sounds like a deja vu? Yes, we had the same on 10 September when we updated snakeyaml from 1.30 to 1.31 because of CVE-2022-25857.

0.17.1 / 2022-09-10

10 Sep 21:05
Compare
Choose a tag to compare

Minor release updating the snakeyaml dependency from 1.30 to 1.31, because version 1.30 is vulnerable to CVE-2022-25857.

Note that jmx_exporter uses snakeyaml only to parse its config file. That means unless you have untrusted 3rd parties write your jmx_exporter config the CVE does not apply. However, if you have automated security scanners complaining about the vulnerable snakeyaml version this update will help.

As always, the jmx_exporter binaries are available on Maven central:

0.17.0 / 2022-05-23

23 May 13:23
Compare
Choose a tag to compare

With the last release we started releasing two versions of the Java agent:

Both versions are built from the same code and differ only in the versions of the bundled dependencies.

With this release, we take a similar approach for the standalone HTTP server:

Again, both versions are built from the same code and differ only in the versions of the bundled dependencies.

Note that the standalone HTTP server release was previously named jmx_prometheus_httpserver-<version>-jar-with-dependencies.jar. With this release, we renamed it to jmx_prometheus_httpserver-<version>.jar.

Other changes:

  • [BUGFIX] change the command line argument parser to allow - characters in the hostname (#643, thanks @guignome for reporting).
  • [BUGFIX] Reduce cardinality of default help strings (#704, thanks @SuperQ).
  • [ENHANCEMENT] Prevent remote JMX monitoring when started as a Java agent #675.
  • [ENHANCEMENT] Add SSL support for the debugging SslScraper (#699, thanks @michaelsembwever)
  • [ENHANCEMENT] Fall back to loading attributes 1-by-1 if bulk loading fails (#695, thanks @faenschi).
  • [ENHANCEMENT] update dependency versions.

0.16.1 / 2021-07-14

13 Jul 22:42
Compare
Choose a tag to compare

Release 0.16.1 ships in two versions:

Both versions are built from the same source files and have identical functionality. The only difference is the version of the included snakeyaml dependency. See the 0.16.0 release notes for more details.

Change:

[BUGFIX] Remove misleading meta data from the Java 7+ binary that makes the Trivy security scanner wrongly report CVE-2017-18640 (the metadata references snakeyaml 1.23 even though that version is not included in the binary). See #618.

0.16.0 / 2021-07-04

04 Jul 20:57
Compare
Choose a tag to compare

Update SnakeYAML Dependency Version (#592)

Starting with version 0.16.0, the Java agent is released in two versions:

Both versions are built from the same source files and have identical functionality. The only difference is the version of the included snakeyaml dependency.

jmx_exporter uses the snakeyaml library to read the YAML configuration file. Snakeyaml 1.23 is the last release to support Java 6. This version is affected by CVE-2017-18640, which can cause snakeyaml to execute arbitrary code if the YAML file comes from an untrusted source.

This vulnerability does not apply in the context of jmx_exporter, because the agent configuration will not come from an untrusted source. However, even if there is no actual security risk, users find it annoying that their automated security scans report a CVE. In order to prevent this we published a version with an updated snakeyaml dependency that requires Java >= 7.

Other Changes

  • [BUGFIX] Leverages the interpolated help when the matching rule is cached (fixes #612) (#613)
  • [ENHANCEMENT] Automated integration tests of different Java versions using Testcontainers. Docker needs to be installed on a system in order to run ./mvnw verify.
  • [ENHANCEMENT] Bump logback-classic version (#617)
  • [ENHANCEMENT] Update to client_java 0.11.0
  • [ENHANCEMENT] added support for java.util.Optional (the SonarQube maintainers had this weird idea of an Optional<Long> property in an MBean)