Overview

File _patchinfo of Package patchinfo.41612

<patchinfo incident="41612">
  <issue tracker="ijsc" id="MSQA-1034"/>
  <issue tracker="jsc" id="PED-13285"/>
  <issue tracker="cve" id="2025-47908"/>
  <issue tracker="bnc" id="1247748">VUL-0: CVE-2025-47908: golang-github-prometheus-alertmanager: github.com/rs/cors: processing of preflight requests with maliciously long ACRH headers causes a prohibitive amount of heap allocations</issue>
  <packager>raulosuna</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for golang-github-prometheus-alertmanager</summary>
  <description>This update for golang-github-prometheus-alertmanager fixes the following issues:

- Update to version 0.28.1 (jsc#PED-13285):
  * Improved performance of inhibition rules when using Equal
    labels.
  * Improve the documentation on escaping in UTF-8 matchers.
  * Update alertmanager_config_hash metric help to document the
    hash is not cryptographically strong.
  * Fix panic in amtool when using --verbose.
  * Fix templating of channel field for Rocket.Chat.
  * Fix rocketchat_configs written as rocket_configs in docs.
  * Fix usage for --enable-feature flag.
  * Trim whitespace from OpsGenie API Key.
  * Fix Jira project template not rendered when searching for
    existing issues.
  * Fix subtle bug in JSON/YAML encoding of inhibition rules that
    would cause Equal labels to be omitted.
  * Fix header for slack_configs in docs.
  * Fix weight and wrap of Microsoft Teams notifications.
- Upgrade to version 0.28.0:
  * CVE-2025-47908: Bump github.com/rs/cors (bsc#1247748).
  * Templating errors in the SNS integration now return an error.
  * Adopt log/slog, drop go-kit/log.
  * Add a new Microsoft Teams integration based on Flows.
  * Add a new Rocket.Chat integration.
  * Add a new Jira integration.
  * Add support for GOMEMLIMIT, enable it via the feature flag
    --enable-feature=auto-gomemlimit.
  * Add support for GOMAXPROCS, enable it via the feature flag
    --enable-feature=auto-gomaxprocs.
  * Add support for limits of silences including the maximum number
    of active and pending silences, and the maximum size per
    silence (in bytes). You can use the flags
    --silences.max-silences and --silences.max-silence-size-bytes
    to set them accordingly.
  * Muted alerts now show whether they are suppressed or not in
    both the /api/v2/alerts endpoint and the Alertmanager UI.
- Upgrade to version 0.27.0:
  * API: Removal of all api/v1/ endpoints. These endpoints
    now log and return a deprecation message and respond with a
    status code of 410.
  * UTF-8 Support: Introduction of support for any UTF-8
    character as part of label names and matchers.
  * Discord Integration: Enforce max length in message.
  * Metrics: Introduced the experimental feature flag
    --enable-feature=receiver-name-in-metrics to include the
    receiver name.
  * Metrics: Introduced a new gauge named
    alertmanager_inhibition_rules that counts the number of
    configured inhibition rules.
  * Metrics: Introduced a new counter named
    alertmanager_alerts_supressed_total that tracks muted alerts,
    it contains a reason label to indicate the source of the mute.
  * Discord Integration: Introduced support for webhook_url_file.
  * Microsoft Teams Integration: Introduced support for
    webhook_url_file.
  * Microsoft Teams Integration: Add support for summary.
  * Metrics: Notification metrics now support two new values for
    the label reason, contextCanceled and contextDeadlineExceeded.
  * Email Integration: Contents of auth_password_file are now
    trimmed of prefixed and suffixed whitespace.
  * amtool: Fixes the error scheme required for webhook url when
    using amtool with --alertmanager.url.
  * Mixin: Fix AlertmanagerFailedToSendAlerts,
    AlertmanagerClusterFailedToSendAlerts, and
    AlertmanagerClusterFailedToSendAlerts to make sure they ignore
    the reason label.
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places