Skip to content

loki

v3.7.2 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 21d Logging
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

cloudnative grafana logging prometheus

Affected surfaces

deps

ReleasePort's take

Moderate signal
editorial:auto 13d

Loki 3.7.2 fixes a ruler panic when validation scheme is unset and patches CVEs in the 3.7.x line. Security hardening for aws-sdk-go-v2/service/s3 is included.

Why it matters: Loki 3.7.2 addresses a ruler crash when validation scheme is unset and patches CVEs in the 3.7.x line, including aws-sdk-go-v2 security hardening. SREs running ruler components should test in dev before production rollout.

Summary

AI summary

Fixed ruler panic when validation scheme is unset.

Changes in this release

Security Medium

Update aws-sdk-go-v2/service/s3 to v1.97.3 for security hardening

Update aws-sdk-go-v2/service/s3 to v1.97.3 for security hardening

Source: llm_adapter@2026-05-21

Confidence: high
Security Medium

Fix CVEs in release 3.7.x

Fix CVEs in release 3.7.x

Source: llm_adapter@2026-05-21

Confidence: low
Feature Medium

Attach SHA-256 checksum on PutObject for Object Lock buckets

Attach SHA-256 checksum on PutObject for Object Lock buckets

Source: llm_adapter@2026-05-21

Confidence: low
Bugfix Medium

Fix ruler panic related to unset validation scheme

Fix ruler panic related to unset validation scheme

Source: llm_adapter@2026-05-21

Confidence: high
Full changelog

3.7.2 (2026-05-13)

Bug Fixes

  • CVEs in release 3.7.x (#21771) (bb4c5d8)
  • deps: update module github.com/aws/aws-sdk-go-v2/service/s3 to v1.97.3 [security] (release-3.7.x) (#21457) (7bc9450)
  • Fix ruler panic related to unset validation scheme (backport release-3.7.x) (#21401) (cf65729)
  • storage: attach SHA-256 checksum on PutObject for Object Lock buckets (#21849) (7df13d9)

Security Fixes

  • dep: Updated github.com/aws/aws-sdk-go-v2/service/s3 to v1.97.3 (addresses CVEs)
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track loki

Get notified when new releases ship.

Sign up free

About loki

Like Prometheus, but for logs.

All releases →

Related context

Beta — feedback welcome: [email protected]