← Back to all sparks
Prometheus logo

Prometheus

DEVOPS
Velocity5.0

Monitoring system

Prometheus ships steady LTS releases with security discipline and deepening PromQL

observabilitypromqlnative-histogramstsdb-performancesecurity-hardeningservice-discovery
Current state
Prometheus is in mature-maintenance mode, running parallel release trains: the 3.5 and 3.11 LTS lines get prompt security backports alongside the fast-moving 3.12/3.13 branch. The 3.13.0 LTS release bundles native-histogram advances, experimental PromQL duration functions, and TSDB performance work, while a steady drumbeat of CVE fixes shows an active security-response process.
Where it's heading
The center of gravity is PromQL expressiveness (duration expressions, start-timestamp-aware rate/increase, smoothed and anchored functions) and native histograms, both landing incrementally behind feature flags. Service-discovery breadth keeps widening (DigitalOcean, Outscale, AWS refinements). Security handling, from plaintext-secret leaks to XSS to credential forwarding on redirect, is treated as first-class and fanned out across every supported line.
Prediction
Expect the experimental PromQL and native-histogram features to graduate toward stable in an upcoming minor, and continued rapid security patching across the 3.5, 3.11, and 3.13 LTS lines.

Recent moves

  1. 2d ago

    Prometheus 3.13.0 LTS: PromQL, TSDB perf, and security fixes

    The headline LTS release of the current train: it folds in the experimental PromQL duration functions (renamed to min_of/max_of), smoothed-rate support for native histograms, per-query samplesRead stats, runtime float chunk-encoding selection, and a batch of TSDB correctness and performance fixes, plus a sanitize-html XSS patch. A representative depth-over-direction Prometheus release.

    View source ↗
  2. 11d ago

    Prometheus 3.13.0-rc.1: mostly CI and build fixes

    A near-empty release candidate: the NPM-to-PNPM migration forced a re-cut, so it carries only CI/build changes and the embedded-license switch. Superseded by the 3.13.0 GA a week later.

    View source ↗
  3. 16d ago

    Prometheus 3.5.4 LTS: security patch release

    A security backport to the older 3.5 LTS line, covering the STACKIT plaintext-secret leak and dependency CVEs. Evidence that Prometheus actively maintains multiple LTS trains in parallel rather than forcing upgrades.

    View source ↗
  4. 1mo ago

    Prometheus 3.12.0: new SD sources, start-timestamp PromQL, TSDB perf

    The feature-heavy minor preceding 3.13: DigitalOcean and Outscale service discovery, experimental start-timestamp PromQL functions, a UI for deleting time series, and constant-time head-chunk lookup. It sets up much of what 3.13.0 later stabilizes.

    View source ↗
  5. 1mo ago

    Prometheus 3.12.0-rc.0: preview of the 3.12 release

    Release candidate for 3.12.0; its content is subsumed by the GA that shipped nine days later. Included by the feed for completeness rather than as a distinct shipping event.

    View source ↗
  6. 2mo ago

    Prometheus 3.11.3: multiple security fixes

    A security-only patch on the 3.11 LTS line covering an AzureAD client_secret leak, a remote-read decompression DoS, and an old-UI XSS. Part of the coordinated multi-line CVE response that defines Prometheus's current cadence.

    View source ↗