This update for alloy fixes the following issues:
Upgrade to version 1.12.1.
Security issues fixed:
- CVE-2025-47911: golang.org/x/net/html: quadratic complexity algorithms used when parsing untrusted HTML documents
(bsc#1251509).
- CVE-2025-47913: golang.org/x/crypto: early client process termination when receiving an unexpected message type in
response to a key listing or signing request (bsc#1253609).
- CVE-2025-58190: golang.org/x/net/html: excessive memory consumption by
html.ParseFragment when processing specially
crafted input (bsc#1251716).
Other updates and bugfixes:
-
Version 1.12.1:
-
Version 1.12.0:
- Breaking changes
prometheus.exporter.blackbox, prometheus.exporter.snmp and prometheus.exporter.statsd now use the component
ID instead of the hostname as their instance label in their exported metrics.
- Features
- (Experimental) Add an
otelcol.receiver.cloudflare component to receive logs pushed by Cloudflare's LogPush
jobs.
- (Experimental) Additions to experimental
database_observability.mysql component:
explain_plans
- collector now changes schema before returning the connection to the pool.
- collector now passes queries more permissively.
- enable
explain_plans collector by default
- (Experimental) Additions to experimental
database_observability.postgres component:
explain_plans
- added the explain plan collector.
- collector now passes queries more permissively.
query_samples
- add user field to wait events within
query_samples collector.
- rework the query samples collector to buffer per-query execution state across scrapes and emit finalized
entries.
- process turned idle rows to calculate finalization times precisely and emit first seen idle rows.
query_details
- escape queries coming from
pg_stat_statements...