1.1.0 / 2024-12-03

JMX Exporter 1.1.0

This release adds support to push metrics to an OpenTelemetry endpoint

[ENHANCEMENT] Added support for OpenTelemetry
[ENHANCEMENT] Added pluggable HTTP authenticator support. Thanks @gtully!
[ENHANCEMENT] Added support for configuring included ObjectName attributes. Thanks @jacksparrow414!
[ENHANCEMENT] Documentation is now published via GitHub Pages
[FIX] Updated documentation. Thanks @lfrancke!
[FIX] Fixed possible memory leak using ObjectName exclude filters. Thanks @kw4s!
[CHANGE] Changed release model to use GitHub Release page for jars. collector jar no longer published to Maven Central.
[CHANGE] Cassandra example YAML configuration to disable two particularly slow metrics. Thanks @russss!
[CHANGE] Refactored integration tests
[CHANGE] Cleaned up pom.xml files
[CHANGE] Cleaned up Javadoc warnings
[CHANGE] Cleaned up Maven Shade plugin warnings
[CHANGE] Updated dependencies
[CHANGE] Debian package has been removed

1.0.1 / 2024-05-31

This release adds Prometheus Protobuf support.

As always, the jmx_exporter binaries are available on Maven Central:

• jmx_prometheus_javaagent-1.0.1.jar
• jmx_prometheus_httpserver-1.0.1.jar

NOTES

1. Metrics are no longer served on the root (/) path. You will be required to change the scrape URL to /metrics

2. Some JVM metric names have changed to conform with the OpenMetrics specification.

Dashboards will need to be changed if referencing the changed JVM metrics.

https://prometheus.github.io/client_java/migration/simpleclient/#jvm-metrics

3. MBean names that are normalized to the same metric name will now contain a label named _objectname that references the MBean that provided the metric.

Example:

# HELP kafka_rest_jersey_metrics_v3_topics_partitions_reassignment_list_request The request count using a cumulative counter kafka.rest:name=null,type=jersey-metrics,attribute=v3.topics.partitions-reassignment.list.request-total
# TYPE kafka_rest_jersey_metrics_v3_topics_partitions_reassignment_list_request untyped
kafka_rest_jersey_metrics_v3_topics_partitions_reassignment_list_request{_objectname="kafka.rest<type=jersey-metrics><>v3.topics-partitions-reassignment.list.request-total"} 0.0
kafka_rest_jersey_metrics_v3_topics_partitions_reassignment_list_request{_objectname="kafka.rest<type=jersey-metrics><>v3.topics.partitions-reassignment.list.request-total"} 0.0

---

[BUGFIX] Collection fails for Kafka using release 1.0.0
[BUGFIX] Fixed NullPointerException during scrape. Thanks @simon-greatrix
[ENHANCEMENT] Improved JMX scraping performance. Thanks @nicktelford
[ENHANCEMENT] Added configuration example for Kafka KRaft metrics. Thanks @KumKeeHyun.
[ENHANCEMENT] Added configuration example for Presto/Trino metrics. Thanks @Akanksha-kedia
[ENHANCEMENT] Added configuration example for Hazelcast. Thanks @Nirzak
[ENHANCEMENT] Added better exception handling in Java agent premain. Thanks @guhanjie.
[CHANGE] Updated Tomcat example configuration. Thanks @lautarozerpa.
[CHANGE] Updated integration testing containers to include Java 21 and 22
[CHANGE] Added azul/prime:21 to integration test containers

1.0.0 / 2024-05-17

This release has functional issues and should not be used.

Use 1.0.1

0.20.0 / 2023-08-12

This release includes performance enhancements and new MBean attribute filtering.

As always, the jmx_exporter binaries are available on Maven Central:

• jmx_prometheus_javaagent-0.20.0.jar
• jmx_prometheus_httpserver-0.20.0.jar

[FEATURE] Added HTTPServer threads configuration (#837)
[FEATURE] Refactored outdated terms (#852)
[FEATURE] Added code to skip RuntimeMXBean attributes SystemProperties, ClassPath, BootClassPath, and LibraryPath (#859)
[FEATURE] Added MBean attribute exclusion filtering (#870)
[FEATURE] Enabled auto object name attribute filtering by default (#871)

0.19.0 / 2023-06-30

This release adds the long awaited support for HTTPS and Basic auth! See README.md for details.

BREAKING: We dropped Java 6 support. jmx_exporter now requires Java 8 or higher.

As always, the jmx_exporter binaries are available on Maven central:

• jmx_prometheus_javaagent-0.19.0.jar
• jmx_prometheus_httpserver-0.19.0.jar

[BREAKING] Removed support for Java 6. New baseline is Java 8
[ENHANCEMENT] HTTP Basic authentication (#801)
[ENHANCEMENT] HTTPS support (#812)
[ENHANCEMENT] Add support for JMX TabularData that uses a CompositeData key (#814) Thanks @adamretter!!!
[ENHANCEMENT] MetricsAssertion support for multiple labels (#815)

0.18.0 / 2023-03-07

This release updates the snakeyaml dependency from 1.32 to 2.0, because version 1.32 is vulnerable to CVE-2022-1471.

Note that jmx_exporter uses snakeyaml only to parse its config file. That means unless you have untrusted 3rd parties write your jmx_exporter config the CVE does not apply. However, if you have automated security scanners complaining about the vulnerable snakeyaml version this update will help.

As always, the jmx_exporter binaries are available on Maven central:

• jmx_prometheus_javaagent-0.18.0.jar requires Java >= 7.
• jmx_prometheus_javaagent-0.18.0_java6.jar is compatible with Java 6.
• jmx_prometheus_httpserver-0.18.0.jar requires Java >= 7.
• jmx_prometheus_httpserver-0.18.0_java6.jar is compatible with Java 6.

Fixes and enhancements included in this release:

[BUGFIX] Fix jmx_exporter_build_info metric #768. Thanks @dhoard.
[BUGFIX] Fix the Debian package build #752, #650. Thanks @ozon2 and @Skunnyk.
[ENHANCEMENT] Improve performance of duplicate sample lookup #719. Thanks @amuraru.
[BUGFIX] Bump Snakeyaml dependency version to 2.0 to fix CVE-2022-1471 #777, #767. Thanks @dhoard and @ppatierno.

0.17.2 / 2022-09-22

Minor release updating the snakeyaml dependency from 1.31 to 1.32, because version 1.31 is vulnerable to CVE-2022-38752.

Note that jmx_exporter uses snakeyaml only to parse its config file. That means unless you have untrusted 3rd parties write your jmx_exporter config the CVE does not apply. However, if you have automated security scanners complaining about the vulnerable snakeyaml version this update will help.

As always, the jmx_exporter binaries are available on Maven central:

• jmx_prometheus_javaagent-0.17.2.jar requires Java >= 7.
• jmx_prometheus_javaagent-0.17.2_java6.jar is compatible with Java 6.
• jmx_prometheus_httpserver-0.17.2.jar requires Java >= 7.
• jmx_prometheus_httpserver-0.17.2_java6.jar is compatible with Java 6.

Sounds like a deja vu? Yes, we had the same on 10 September when we updated snakeyaml from 1.30 to 1.31 because of CVE-2022-25857.

0.17.1 / 2022-09-10

Minor release updating the snakeyaml dependency from 1.30 to 1.31, because version 1.30 is vulnerable to CVE-2022-25857.

Note that jmx_exporter uses snakeyaml only to parse its config file. That means unless you have untrusted 3rd parties write your jmx_exporter config the CVE does not apply. However, if you have automated security scanners complaining about the vulnerable snakeyaml version this update will help.

As always, the jmx_exporter binaries are available on Maven central:

• jmx_prometheus_javaagent-0.17.1.jar requires Java >= 7.
• jmx_prometheus_javaagent-0.17.1_java6.jar is compatible with Java 6.
• jmx_prometheus_httpserver-0.17.1.jar requires Java >= 7.
• jmx_prometheus_httpserver-0.17.1_java6.jar is compatible with Java 6.

0.17.0 / 2022-05-23

With the last release we started releasing two versions of the Java agent:

• jmx_prometheus_javaagent-0.17.0.jar requires Java >= 7.
• jmx_prometheus_javaagent-0.17.0_java6.jar is compatible with Java 6.

Both versions are built from the same code and differ only in the versions of the bundled dependencies.

With this release, we take a similar approach for the standalone HTTP server:

• jmx_prometheus_httpserver-0.17.0.jar requires Java >= 7.
• jmx_prometheus_httpserver-0.17.0_java6.jar is compatible with Java 6.

Again, both versions are built from the same code and differ only in the versions of the bundled dependencies.

Note that the standalone HTTP server release was previously named jmx_prometheus_httpserver-<version>-jar-with-dependencies.jar. With this release, we renamed it to jmx_prometheus_httpserver-<version>.jar.

Other changes:

• [BUGFIX] change the command line argument parser to allow - characters in the hostname (#643, thanks @guignome for reporting).
• [BUGFIX] Reduce cardinality of default help strings (#704, thanks @SuperQ).
• [ENHANCEMENT] Prevent remote JMX monitoring when started as a Java agent #675.
• [ENHANCEMENT] Add SSL support for the debugging SslScraper (#699, thanks @michaelsembwever)
• [ENHANCEMENT] Fall back to loading attributes 1-by-1 if bulk loading fails (#695, thanks @faenschi).
• [ENHANCEMENT] update dependency versions.

0.16.1 / 2021-07-14

Release 0.16.1 ships in two versions:

• jmx_prometheus_javaagent-0.16.1.jar requires Java >= 7.
• jmx_prometheus_javaagent-0.16.1_java6.jar is compatible with Java 6.

Both versions are built from the same source files and have identical functionality. The only difference is the version of the included snakeyaml dependency. See the 0.16.0 release notes for more details.

Change:

[BUGFIX] Remove misleading meta data from the Java 7+ binary that makes the Trivy security scanner wrongly report CVE-2017-18640 (the metadata references snakeyaml 1.23 even though that version is not included in the binary). See #618.