Update submodules from pool/golang-github-prometheus-alertmanager#1 and create patchinfo.20260304200600967711.93181000773252/_patchinfo

2026-03-04 21:07:14 +01:00
2 changed files with 91 additions and 1 deletions
--- a/2
+++ b/2
--- a/patchinfo.20260304200600967711.93181000773252/_patchinfo
+++ b/patchinfo.20260304200600967711.93181000773252/_patchinfo
@@ -0,0 +1,90 @@
+<patchinfo>
+  <issue tracker="jsc" id="PED-13285">ECO: Package version bump of Alertmanager to 0.28.0 </issue>
+  <issue tracker="cve" id="2025-22870"/>
+  <issue tracker="bnc" id="1247748">VUL-0: CVE-2025-47908: golang-github-prometheus-alertmanager: github.com/rs/cors: processing of preflight requests with maliciously long ACRH headers causes a prohibitive amount of heap allocations</issue>
+  <issue tracker="bnc" id="1236516">VUL-0: CVE-2023-45288: golang-github-prometheus-alertmanager,golang-github-prometheus-node_exporter,golang-github-prometheus-prometheus: golang.org/x/net/http2: close connections when receiving too many headers</issue>
+  <issue tracker="cve" id="2023-45288"/>
+  <issue tracker="cve" id="2025-47908"/>
+  <issue tracker="bnc" id="1238686">VUL-0: CVE-2025-22870: golang-github-prometheus-node_exporter,golang-github-prometheus-prometheus,golang-github-prometheus-alertmanager: golang.org/x/net/proxy,golang.org/x/net/http/httpproxy: proxy bypass using IPv6 zone IDs</issue>
+  <packager>witekbedyk</packager>
+  <rating>moderate</rating>
+  <category>security</category>
+  <summary>Security update for golang-github-prometheus-alertmanager</summary>
+  <description>This update for golang-github-prometheus-alertmanager fixes the following issues:
+
+Changes in golang-github-prometheus-alertmanager:
+
+- Update to version 0.28.1 (jsc#PED-13285):
+  * Improved performance of inhibition rules when using Equal
+    labels.
+  * Improve the documentation on escaping in UTF-8 matchers.
+  * Update alertmanager_config_hash metric help to document the
+    hash is not cryptographically strong.
+  * Fix panic in amtool when using --verbose.
+  * Fix templating of channel field for Rocket.Chat.
+  * Fix rocketchat_configs written as rocket_configs in docs.
+  * Fix usage for --enable-feature flag.
+  * Trim whitespace from OpsGenie API Key.
+  * Fix Jira project template not rendered when searching for
+    existing issues.
+  * Fix subtle bug in JSON/YAML encoding of inhibition rules that
+    would cause Equal labels to be omitted.
+  * Fix header for slack_configs in docs.
+  * Fix weight and wrap of Microsoft Teams notifications.
+
+- Upgrade to version 0.28.0:
+  * CVE-2025-47908: Bump github.com/rs/cors (bsc#1247748).
+  * Templating errors in the SNS integration now return an error.
+  * Adopt log/slog, drop go-kit/log.
+  * Add a new Microsoft Teams integration based on Flows.
+  * Add a new Rocket.Chat integration.
+  * Add a new Jira integration.
+  * Add support for GOMEMLIMIT, enable it via the feature flag
+    --enable-feature=auto-gomemlimit.
+  * Add support for GOMAXPROCS, enable it via the feature flag
+    --enable-feature=auto-gomaxprocs.
+  * Add support for limits of silences including the maximum number
+    of active and pending silences, and the maximum size per
+    silence (in bytes). You can use the flags
+    --silences.max-silences and --silences.max-silence-size-bytes
+    to set them accordingly.
+  * Muted alerts now show whether they are suppressed or not in
+    both the /api/v2/alerts endpoint and the Alertmanager UI.
+
+- Upgrade to version 0.27.0:
+  * API: Removal of all api/v1/ endpoints. These endpoints
+    now log and return a deprecation message and respond with a
+    status code of 410.
+  * UTF-8 Support: Introduction of support for any UTF-8
+    character as part of label names and matchers.
+  * Discord Integration: Enforce max length in message.
+  * Metrics: Introduced the experimental feature flag
+    --enable-feature=receiver-name-in-metrics to include the
+    receiver name.
+  * Metrics: Introduced a new gauge named
+    alertmanager_inhibition_rules that counts the number of
+    configured inhibition rules.
+  * Metrics: Introduced a new counter named
+    alertmanager_alerts_supressed_total that tracks muted alerts,
+    it contains a reason label to indicate the source of the mute.
+  * Discord Integration: Introduced support for webhook_url_file.
+  * Microsoft Teams Integration: Introduced support for
+    webhook_url_file.
+  * Microsoft Teams Integration: Add support for summary.
+  * Metrics: Notification metrics now support two new values for
+    the label reason, contextCanceled and contextDeadlineExceeded.
+  * Email Integration: Contents of auth_password_file are now
+    trimmed of prefixed and suffixed whitespace.
+  * amtool: Fixes the error scheme required for webhook url when
+    using amtool with --alertmanager.url.
+  * Mixin: Fix AlertmanagerFailedToSendAlerts,
+    AlertmanagerClusterFailedToSendAlerts, and
+    AlertmanagerClusterFailedToSendAlerts to make sure they ignore
+    the reason label.
+
+- Security:
+  * Fix proxy bypassing using IPv6 zone IDs (CVE-2025-22870, bsc#1238686)
+  * Fix HTTP/2 CONTINUATION flood in net/http (CVE-2023-45288, bsc#1236516)
+</description>
+  <package>golang-github-prometheus-alertmanager</package>
+</patchinfo>