Release 0.18.0 / 2023-03-07 · prometheus/jmx_exporter

This release updates the snakeyaml dependency from 1.32 to 2.0, because version 1.32 is vulnerable to CVE-2022-1471.

Note that jmx_exporter uses snakeyaml only to parse its config file. That means unless you have untrusted 3rd parties write your jmx_exporter config the CVE does not apply. However, if you have automated security scanners complaining about the vulnerable snakeyaml version this update will help.

As always, the jmx_exporter binaries are available on Maven central:

jmx_prometheus_javaagent-0.18.0.jar requires Java >= 7.
jmx_prometheus_javaagent-0.18.0_java6.jar is compatible with Java 6.
jmx_prometheus_httpserver-0.18.0.jar requires Java >= 7.
jmx_prometheus_httpserver-0.18.0_java6.jar is compatible with Java 6.

Fixes and enhancements included in this release:

[BUGFIX] Fix jmx_exporter_build_info metric #768. Thanks @dhoard.
[BUGFIX] Fix the Debian package build #752, #650. Thanks @ozon2 and @Skunnyk.
[ENHANCEMENT] Improve performance of duplicate sample lookup #719. Thanks @amuraru.
[BUGFIX] Bump Snakeyaml dependency version to 2.0 to fix CVE-2022-1471 #777, #767. Thanks @dhoard and @ppatierno.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

0.18.0 / 2023-03-07

Contributors