prometheus Prometheus Releases · · 3.5.5

Prometheus v3.5.5 Security Patch Addresses UI Vulnerability

securityinfrasecurity-advisoryengineer
patch security

Prometheus v3.5.5 includes a security fix for a UI dependency, upgrading `sanitize-html` to v2.17.5 to resolve CVE-2026-53606. This patch is crucial for maintaining the security posture of Prometheus deployments. The update is available as a patch release and requires no specific prerequisites beyond applying the new version.

  • UI Dependency Vulnerability Patched
  • Built with Go 1.25.12
Security (1)
  • UI Dependency Vulnerability Patched

    The Prometheus UI dependency `sanitize-html` has been updated to v2.17.5, addressing CVE-2026-53606. This is a security-focused patch to protect against potential UI-related exploits.

Notes (1)
  • Built with Go 1.25.12

    This release incorporates the latest Go toolchain, version 1.25.12.

Read the original announcement →

https://github.com/prometheus/prometheus/releases/tag/v3.5.5

Related releases