Prometheus 2.26.1 and 2.27.1 released (security releases)


The Prometheus team has released bugfix releases about an Open Redirect
(CWE-601) security issue.
The issue has been assigned the CVE number CVE-2021-29622.

The security issue affects Prometheus v2.23.0 to v2.26.0, and v2.27.0.

Please find more information here:

The Prometheus team thanks Aaron Devaney from MDSec for reporting this

May 12, 2021: Issue reported privately to Prometheus team
May 12, 2021: A fix is proposed and reviewed
May 13, 2021: CVE-2021-29622 issued by GitHub staff
May 18, 2021: Bugfix released for the last two minor releases of

The releases can be found in the usual locations:

v2.26.1: Release 2.26.1 / 2021-05-18 · prometheus/prometheus · GitHub
v2.27.1: Release 2.27.1 / 2021-05-18 · prometheus/prometheus · GitHub


The Prometheus Team