Register | Log in

golang-github-prometheus-client-golang

Prometheus instrumentation library for Go applications

Choose email to subscribe with

general

source: golang-github-prometheus-client-golang (main)
version: 1.11.1-1
maintainer: Debian Go Packaging Team (DMD)
uploaders: Lucas Kanashiro [DMD] – Martina Ferrari [DMD] – Daniel Swarbrick [DMD]
arch: all
std-ver: 4.6.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.8.0-1
o-o-bpo: 0.9.0-1~bpo9+1
oldstable: 0.9.0-1
old-bpo: 1.9.0-2~bpo10+1
stable: 1.9.0-2
testing: 1.11.1-1
unstable: 1.11.1-1

versioned links

0.8.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.9.0-1~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.9.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.9.0-2~bpo10+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.9.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.11.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

golang-github-prometheus-client-golang-dev

action needed

A new upstream version is available: 1.12.2 high

A new upstream version 1.12.2 is available, you should consider packaging it.

Created: 2022-01-19 Last update: 2022-05-23 21:02

1 security issue in stretch high

There is 1 open security issue in stretch.

1 important issue:

CVE-2022-21698: client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`; not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`. client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow a limited set of methods.

Created: 2022-02-16 Last update: 2022-03-23 07:00

1 security issue in buster high

There is 1 open security issue in buster.

1 important issue:

CVE-2022-21698: client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`; not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`. client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow a limited set of methods.

Created: 2022-02-16 Last update: 2022-03-23 07:00

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2022-21698: client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`; not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`. client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow a limited set of methods.

Created: 2022-02-16 Last update: 2022-03-23 07:00

Multiarch hinter reports 1 issue(s) normal

There are issues with the multiarch metadata for this package.

golang-prometheus-client-dev could be marked Multi-Arch: foreign

Created: 2021-01-27 Last update: 2022-05-23 21:05

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.1 instead of 4.6.0).

Created: 2022-05-11 Last update: 2022-05-11 23:24

news

[2022-03-23] golang-github-prometheus-client-golang 1.11.1-1 MIGRATED to testing (Debian testing watch)
[2022-03-23] golang-github-prometheus-client-golang 1.11.1-1 MIGRATED to testing (Debian testing watch)
[2022-03-21] Accepted golang-github-prometheus-client-golang 1.11.1-1 (source) into unstable (Guillem Jover)
[2021-12-24] golang-github-prometheus-client-golang 1.11.0-3 MIGRATED to testing (Debian testing watch)
[2021-12-22] Accepted golang-github-prometheus-client-golang 1.11.0-3 (source) into unstable (Benjamin Drung)
[2021-12-06] golang-github-prometheus-client-golang 1.11.0-2 MIGRATED to testing (Debian testing watch)
[2021-12-03] Accepted golang-github-prometheus-client-golang 1.11.0-2 (source) into unstable (Guillem Jover)
[2021-11-14] golang-github-prometheus-client-golang 1.11.0-1 MIGRATED to testing (Debian testing watch)
[2021-11-14] golang-github-prometheus-client-golang 1.11.0-1 MIGRATED to testing (Debian testing watch)
[2021-11-11] Accepted golang-github-prometheus-client-golang 1.11.0-1 (source) into unstable (Benjamin Drung)
[2021-03-16] Accepted golang-github-prometheus-client-golang 1.9.0-2~bpo10+1 (source all) into buster-backports->backports-policy, buster-backports (Debian FTP Masters) (signed by: Praveen Arimbrathodiyil)
[2021-01-29] golang-github-prometheus-client-golang 1.9.0-2 MIGRATED to testing (Debian testing watch)
[2021-01-26] Accepted golang-github-prometheus-client-golang 1.9.0-2 (source) into unstable (Guillem Jover)
[2021-01-25] golang-github-prometheus-client-golang 1.9.0-1 MIGRATED to testing (Debian testing watch)
[2021-01-23] Accepted golang-github-prometheus-client-golang 1.9.0-1 (source) into unstable (Guillem Jover)
[2020-08-01] golang-github-prometheus-client-golang 1.7.1-1 MIGRATED to testing (Debian testing watch)
[2020-07-23] Accepted golang-github-prometheus-client-golang 1.7.1-1 (source) into unstable (Lucas Kanashiro)
[2020-06-25] golang-github-prometheus-client-golang 1.6.0-1 MIGRATED to testing (Debian testing watch)
[2020-06-22] Accepted golang-github-prometheus-client-golang 1.6.0-1 (source) into unstable (Martina Ferrari)
[2019-11-07] golang-github-prometheus-client-golang 1.2.1-3 MIGRATED to testing (Debian testing watch)
[2019-11-03] Accepted golang-github-prometheus-client-golang 1.2.1-3 (source) into unstable (Martina Ferrari) (signed by: Martín Ferrari)
[2019-10-29] Accepted golang-github-prometheus-client-golang 1.2.1-2 (source) into unstable (Martina Ferrari) (signed by: Martín Ferrari)
[2019-10-29] Accepted golang-github-prometheus-client-golang 1.2.1-1 (source) into unstable (Martina Ferrari) (signed by: Martín Ferrari)
[2018-12-23] Accepted golang-github-prometheus-client-golang 0.9.0-1~bpo9+1 (source) into stretch-backports (Martín Ferrari)
[2018-10-23] golang-github-prometheus-client-golang 0.9.0-1 MIGRATED to testing (Debian testing watch)
[2018-10-19] Accepted golang-github-prometheus-client-golang 0.9.0-1 (source) into unstable (Martín Ferrari)
[2018-07-02] Accepted golang-github-prometheus-client-golang 0.9.0~pre1+git20180417.82f5ff1-2~bpo9+1 (source all) into stretch-backports, stretch-backports (Martín Ferrari)
[2018-06-12] golang-github-prometheus-client-golang 0.9.0~pre1+git20180417.82f5ff1-2 MIGRATED to testing (Debian testing watch)
[2018-05-23] Accepted golang-github-prometheus-client-golang 0.9.0~pre1+git20180417.82f5ff1-2 (source) into unstable (Martín Ferrari)
[2018-05-19] Accepted golang-github-prometheus-client-golang 0.9.0~pre1+git20180417.82f5ff1-1 (source) into experimental (Martín Ferrari)

1
2

bugs [bug history graph]

all: 0

links

homepage
lintian
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.11.1-1

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing