Debian Package Tracker
Register | Log in
Subscribe

golang-github-prometheus-client-golang

Prometheus instrumentation library for Go applications

Choose email to subscribe with

general
  • source: golang-github-prometheus-client-golang (main)
  • version: 1.11.1-1
  • maintainer: Debian Go Packaging Team (DMD)
  • uploaders: Lucas Kanashiro [DMD] – Martina Ferrari [DMD] – Daniel Swarbrick [DMD]
  • arch: all
  • std-ver: 4.6.0
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 0.8.0-1
  • o-o-bpo: 0.9.0-1~bpo9+1
  • oldstable: 0.9.0-1
  • old-bpo: 1.9.0-2~bpo10+1
  • stable: 1.9.0-2
  • testing: 1.11.1-1
  • unstable: 1.11.1-1
versioned links
  • 0.8.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 0.9.0-1~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 0.9.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.9.0-2~bpo10+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.9.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.11.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • golang-github-prometheus-client-golang-dev
action needed
A new upstream version is available: 1.12.2 high
A new upstream version 1.12.2 is available, you should consider packaging it.
Created: 2022-01-19 Last update: 2022-05-23 21:02
1 security issue in stretch high

There is 1 open security issue in stretch.

1 important issue:
  • CVE-2022-21698: client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`; not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`. client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow a limited set of methods.
Created: 2022-02-16 Last update: 2022-03-23 07:00
1 security issue in buster high

There is 1 open security issue in buster.

1 important issue:
  • CVE-2022-21698: client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`; not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`. client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow a limited set of methods.
Created: 2022-02-16 Last update: 2022-03-23 07:00
1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:
  • CVE-2022-21698: client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`; not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`. client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow a limited set of methods.
Created: 2022-02-16 Last update: 2022-03-23 07:00
Multiarch hinter reports 1 issue(s) normal
There are issues with the multiarch metadata for this package.
  • golang-prometheus-client-dev could be marked Multi-Arch: foreign
Created: 2021-01-27 Last update: 2022-05-23 21:05
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.1 instead of 4.6.0).
Created: 2022-05-11 Last update: 2022-05-11 23:24
news
[rss feed]
  • [2022-03-23] golang-github-prometheus-client-golang 1.11.1-1 MIGRATED to testing (Debian testing watch)
  • [2022-03-23] golang-github-prometheus-client-golang 1.11.1-1 MIGRATED to testing (Debian testing watch)
  • [2022-03-21] Accepted golang-github-prometheus-client-golang 1.11.1-1 (source) into unstable (Guillem Jover)
  • [2021-12-24] golang-github-prometheus-client-golang 1.11.0-3 MIGRATED to testing (Debian testing watch)
  • [2021-12-22] Accepted golang-github-prometheus-client-golang 1.11.0-3 (source) into unstable (Benjamin Drung)
  • [2021-12-06] golang-github-prometheus-client-golang 1.11.0-2 MIGRATED to testing (Debian testing watch)
  • [2021-12-03] Accepted golang-github-prometheus-client-golang 1.11.0-2 (source) into unstable (Guillem Jover)
  • [2021-11-14] golang-github-prometheus-client-golang 1.11.0-1 MIGRATED to testing (Debian testing watch)
  • [2021-11-14] golang-github-prometheus-client-golang 1.11.0-1 MIGRATED to testing (Debian testing watch)
  • [2021-11-11] Accepted golang-github-prometheus-client-golang 1.11.0-1 (source) into unstable (Benjamin Drung)
  • [2021-03-16] Accepted golang-github-prometheus-client-golang 1.9.0-2~bpo10+1 (source all) into buster-backports->backports-policy, buster-backports (Debian FTP Masters) (signed by: Praveen Arimbrathodiyil)
  • [2021-01-29] golang-github-prometheus-client-golang 1.9.0-2 MIGRATED to testing (Debian testing watch)
  • [2021-01-26] Accepted golang-github-prometheus-client-golang 1.9.0-2 (source) into unstable (Guillem Jover)
  • [2021-01-25] golang-github-prometheus-client-golang 1.9.0-1 MIGRATED to testing (Debian testing watch)
  • [2021-01-23] Accepted golang-github-prometheus-client-golang 1.9.0-1 (source) into unstable (Guillem Jover)
  • [2020-08-01] golang-github-prometheus-client-golang 1.7.1-1 MIGRATED to testing (Debian testing watch)
  • [2020-07-23] Accepted golang-github-prometheus-client-golang 1.7.1-1 (source) into unstable (Lucas Kanashiro)
  • [2020-06-25] golang-github-prometheus-client-golang 1.6.0-1 MIGRATED to testing (Debian testing watch)
  • [2020-06-22] Accepted golang-github-prometheus-client-golang 1.6.0-1 (source) into unstable (Martina Ferrari)
  • [2019-11-07] golang-github-prometheus-client-golang 1.2.1-3 MIGRATED to testing (Debian testing watch)
  • [2019-11-03] Accepted golang-github-prometheus-client-golang 1.2.1-3 (source) into unstable (Martina Ferrari) (signed by: Martín Ferrari)
  • [2019-10-29] Accepted golang-github-prometheus-client-golang 1.2.1-2 (source) into unstable (Martina Ferrari) (signed by: Martín Ferrari)
  • [2019-10-29] Accepted golang-github-prometheus-client-golang 1.2.1-1 (source) into unstable (Martina Ferrari) (signed by: Martín Ferrari)
  • [2018-12-23] Accepted golang-github-prometheus-client-golang 0.9.0-1~bpo9+1 (source) into stretch-backports (Martín Ferrari)
  • [2018-10-23] golang-github-prometheus-client-golang 0.9.0-1 MIGRATED to testing (Debian testing watch)
  • [2018-10-19] Accepted golang-github-prometheus-client-golang 0.9.0-1 (source) into unstable (Martín Ferrari)
  • [2018-07-02] Accepted golang-github-prometheus-client-golang 0.9.0~pre1+git20180417.82f5ff1-2~bpo9+1 (source all) into stretch-backports, stretch-backports (Martín Ferrari)
  • [2018-06-12] golang-github-prometheus-client-golang 0.9.0~pre1+git20180417.82f5ff1-2 MIGRATED to testing (Debian testing watch)
  • [2018-05-23] Accepted golang-github-prometheus-client-golang 0.9.0~pre1+git20180417.82f5ff1-2 (source) into unstable (Martín Ferrari)
  • [2018-05-19] Accepted golang-github-prometheus-client-golang 0.9.0~pre1+git20180417.82f5ff1-1 (source) into experimental (Martín Ferrari)
  • 1
  • 2
bugs [bug history graph]
  • all: 0
links
  • homepage
  • lintian
  • buildd: logs, clang, reproducibility
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • debci
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 1.11.1-1

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing