What are the main security fixes in v3.12.0?

The release addresses a remote-write request size vulnerability and prevents STACKIT SD secrets from being exposed.

How does the new UI feature help QA?

It simplifies deleting time series and cleaning tombstones, which is useful for managing test data and ensuring clean test environments.

What new PromQL features are relevant for monitoring?

Experimental `start()`, `end()`, `range()`, `step()` functions, and the `use-start-timestamps` flag for `rate()`, `irate()`, `increase()` calculations.

Prometheus v3.12.0: Security, UI, and PromQL Updates for QA

Prometheus v3.12.0 brings critical security fixes, a new UI for time series management, and experimental PromQL functions. Essential for QA.

Prometheus v3.12.0, a minor update released on 2026-05-28, focuses on security, usability, and advanced query capabilities. This release is crucial for DevOps and QA teams tracking monitoring tool advancements.

Key Changes:

Security Enhancements: Two significant security vulnerabilities have been addressed. Prometheus now rejects snappy-compressed remote-write requests exceeding 32MB to prevent potential resource exhaustion. Additionally, a fix prevents STACKIT Service Discovery secrets from being exposed in plaintext via the /-/config endpoint.
New Features:
- UI for Data Management: A new web interface is available from the Status menu, allowing users to delete time series and clean tombstones directly. This simplifies database maintenance and test environment resets.
- PromQL Updates: Several experimental functions (start(), end(), range(), step()) have been added, offering more granular control over query ranges. The rate(), irate(), and increase() functions now support start timestamps via a feature flag, improving accuracy for cumulative metrics. PromQL also now warns when sort functions are used in range queries where they have no effect.
- API & Discovery: A new /api/v1/status/self_metrics endpoint provides JSON output of Prometheus’s internal metrics. Service discovery has been extended to include DigitalOcean Managed Databases and Outscale VMs.
Performance & Stability: This release includes performance optimizations for TSDB head chunk lookups and mmapping, reducing CPU utilization. Numerous bug fixes enhance overall stability, addressing issues in PromQL, API responses, and scrape appender behavior.

Impact for QA Teams:

For QA engineers, Prometheus v3.12.0 offers direct benefits. The security fixes reduce risks in testing environments, while the new UI for time series deletion simplifies test data management and setup for reproducible tests. Enhanced PromQL functions provide more precise monitoring and alert testing capabilities, complementing existing strategies like those discussed in our article on Grafana Prometheus monitoring. The /api/v1/status/self_metrics endpoint is valuable for monitoring Prometheus’s own health during load or performance testing.

Prometheus v3.12.0: Security, UI, and PromQL Updates for QA

Key Changes: #

Impact for QA Teams: #

Frequently Asked Questions

Key Changes:

Impact for QA Teams: