JMX Exporter 1.3.0

🏕 Features

• isolator-javaagent by @dhoard
• HTTP mutual TLS authentication by @gtully @dhoard

🧹 Chore

• Fixed broken documentation links by @orisano @dhoard
• Added Prometheus v3.3.0 test container by @dhoard
• Redesign cache for better performance by @RafalSumislawski
• Cache sanitized name and labels by @RafalSumislawski
• Updated Docker integration test images
• Added HTTPServer and OpenTelemetryExporter shutdown hooks by @dhoard
• Hardened AutoIncrementingMBeanTest test by @dhoard
• Cleaned up pom files by @dhoard
• Changed Spotless plugin to use Palantir format 2.66.0 by @dhoard
• Cleaned up PBKDF2Authenticator by @dhoard
• Added missing copyright by @dhoard
• Simplified Maven shading configuration by @dhoard
• Removed copyright year per CNCF recommendations by @dhoard
• Refactored configuration code by @dhoard

👒 Dependencies

What's Changed

• Bump io.prometheus:client_java from 1.3.6 to 1.3.7
• Bump org.junit.jupiter:junit-jupiter from 5.12.0 to 5.12.1
• Bump ch.qos.logback:logback-classic from 1.5.17 to 1.5.18
• Bump org.apache.maven.plugins:maven-failsafe-plugin from 3.5.2 to 3.5.3
• Bump com.diffplug.spotless:spotless-maven-plugin from 2.44.3 to 2.44.4
• Bump org.junit.jupiter:junit-jupiter from 5.12.1 to 5.12.2
• Bump verifyica from 0.10.1 to 0.11.0
• Bump org.testcontainers:testcontainers from 1.20.6 to 1.21.0

New Contributors

• @RafalSumislawski made their first contribution in #1163
• @orisano made their first contribution in #1171

Full Changelog: 1.2.0...1.3.0

JMX Exporter 1.2.0

New Features

• mutual TLS authentication
• metric customizer to use an MBean value as a label for another metric (BETA)

What's Changed

• General code cleanup by @dhoard
• Updated developer test scripts by @dhoard in #1085
• Fix integration test suite by @dhoard in #1087
• Refactored build to publish collector jar to Maven Central by @dhoard in #1088
• Changed test container cleanup to use stop method by @dhoard in #1090
• Updated copyright by @dhoard in #1091
• Add additional opentelemetry configuration values by @dhoard in #1093
• Updated dependencies by @dhoard in #1097
• Intern MBean names used in cache by @yana-ilieva in #1098
• Removed deprecated URL constructor usage by @dhoard in #1102
• Fixed a potential concurrency issue when reloading configuration by @dhoard in #1108
• Update Cassandra example config by @russss in #1120
• Removed trailing whitespace by @dhoard in #1122
• add trustStore and needClientAuth config to yaml (#834) by @gtully in #1118
• Fixed code to use the Java system properties for keystore and truststore by @dhoard in #1126
• Updated client_java dependency by @dhoard in #1130
• Added Prometheus v3.2.0 to integration tests by @dhoard in #1132
• Added Prometheus v3.2.1 to integration tests by @dhoard in #1143
• Support for exposing attributes as labels by @MaBiConti in #996
• Support for extra metrics by @karina-calma in #1124
• Changed build to shade Java agent dependencies by @dhoard in #1150

New Contributors

• @yana-ilieva made their first contribution in #1098
• @MaBiConti made their first contribution in #996
• @karina-calma made their first contribution in #1124

Full Changelog: 1.1.0...1.2.0

JMX Exporter 1.1.0

This release adds support to push metrics to an OpenTelemetry endpoint

[ENHANCEMENT] Added support for OpenTelemetry
[ENHANCEMENT] Added pluggable HTTP authenticator support. Thanks @gtully!
[ENHANCEMENT] Added support for configuring included ObjectName attributes. Thanks @jacksparrow414!
[ENHANCEMENT] Documentation is now published via GitHub Pages
[FIX] Updated documentation. Thanks @lfrancke!
[FIX] Fixed possible memory leak using ObjectName exclude filters. Thanks @kw4s!
[CHANGE] Changed release model to use GitHub Release page for jars. collector jar no longer published to Maven Central.
[CHANGE] Cassandra example YAML configuration to disable two particularly slow metrics. Thanks @russss!
[CHANGE] Refactored integration tests
[CHANGE] Cleaned up pom.xml files
[CHANGE] Cleaned up Javadoc warnings
[CHANGE] Cleaned up Maven Shade plugin warnings
[CHANGE] Updated dependencies
[CHANGE] Debian package has been removed

This release adds Prometheus Protobuf support.

As always, the jmx_exporter binaries are available on Maven Central:

• jmx_prometheus_javaagent-1.0.1.jar
• jmx_prometheus_httpserver-1.0.1.jar

NOTES

1. Metrics are no longer served on the root (/) path. You will be required to change the scrape URL to /metrics

2. Some JVM metric names have changed to conform with the OpenMetrics specification.

Dashboards will need to be changed if referencing the changed JVM metrics.

https://prometheus.github.io/client_java/migration/simpleclient/#jvm-metrics

3. MBean names that are normalized to the same metric name will now contain a label named _objectname that references the MBean that provided the metric.

Example:

# HELP kafka_rest_jersey_metrics_v3_topics_partitions_reassignment_list_request The request count using a cumulative counter kafka.rest:name=null,type=jersey-metrics,attribute=v3.topics.partitions-reassignment.list.request-total
# TYPE kafka_rest_jersey_metrics_v3_topics_partitions_reassignment_list_request untyped
kafka_rest_jersey_metrics_v3_topics_partitions_reassignment_list_request{_objectname="kafka.rest<type=jersey-metrics><>v3.topics-partitions-reassignment.list.request-total"} 0.0
kafka_rest_jersey_metrics_v3_topics_partitions_reassignment_list_request{_objectname="kafka.rest<type=jersey-metrics><>v3.topics.partitions-reassignment.list.request-total"} 0.0

[BUGFIX] Collection fails for Kafka using release 1.0.0
[BUGFIX] Fixed NullPointerException during scrape. Thanks @simon-greatrix
[ENHANCEMENT] Improved JMX scraping performance. Thanks @nicktelford
[ENHANCEMENT] Added configuration example for Kafka KRaft metrics. Thanks @KumKeeHyun.
[ENHANCEMENT] Added configuration example for Presto/Trino metrics. Thanks @Akanksha-kedia
[ENHANCEMENT] Added configuration example for Hazelcast. Thanks @Nirzak
[ENHANCEMENT] Added better exception handling in Java agent premain. Thanks @guhanjie.
[CHANGE] Updated Tomcat example configuration. Thanks @lautarozerpa.
[CHANGE] Updated integration testing containers to include Java 21 and 22
[CHANGE] Added azul/prime:21 to integration test containers

This release has functional issues and should not be used.

Use 1.0.1

This release includes performance enhancements and new MBean attribute filtering.

As always, the jmx_exporter binaries are available on Maven Central:

• jmx_prometheus_javaagent-0.20.0.jar
• jmx_prometheus_httpserver-0.20.0.jar

[FEATURE] Added HTTPServer threads configuration (#837)
[FEATURE] Refactored outdated terms (#852)
[FEATURE] Added code to skip RuntimeMXBean attributes SystemProperties, ClassPath, BootClassPath, and LibraryPath (#859)
[FEATURE] Added MBean attribute exclusion filtering (#870)
[FEATURE] Enabled auto object name attribute filtering by default (#871)

This release adds the long awaited support for HTTPS and Basic auth! See README.md for details.

BREAKING: We dropped Java 6 support. jmx_exporter now requires Java 8 or higher.

As always, the jmx_exporter binaries are available on Maven central:

• jmx_prometheus_javaagent-0.19.0.jar
• jmx_prometheus_httpserver-0.19.0.jar

[BREAKING] Removed support for Java 6. New baseline is Java 8
[ENHANCEMENT] HTTP Basic authentication (#801)
[ENHANCEMENT] HTTPS support (#812)
[ENHANCEMENT] Add support for JMX TabularData that uses a CompositeData key (#814) Thanks @adamretter!!!
[ENHANCEMENT] MetricsAssertion support for multiple labels (#815)

This release updates the snakeyaml dependency from 1.32 to 2.0, because version 1.32 is vulnerable to CVE-2022-1471.

Note that jmx_exporter uses snakeyaml only to parse its config file. That means unless you have untrusted 3rd parties write your jmx_exporter config the CVE does not apply. However, if you have automated security scanners complaining about the vulnerable snakeyaml version this update will help.

As always, the jmx_exporter binaries are available on Maven central:

• jmx_prometheus_javaagent-0.18.0.jar requires Java >= 7.
• jmx_prometheus_javaagent-0.18.0_java6.jar is compatible with Java 6.
• jmx_prometheus_httpserver-0.18.0.jar requires Java >= 7.
• jmx_prometheus_httpserver-0.18.0_java6.jar is compatible with Java 6.

Fixes and enhancements included in this release:

[BUGFIX] Fix jmx_exporter_build_info metric #768. Thanks @dhoard.
[BUGFIX] Fix the Debian package build #752, #650. Thanks @ozon2 and @Skunnyk.
[ENHANCEMENT] Improve performance of duplicate sample lookup #719. Thanks @amuraru.
[BUGFIX] Bump Snakeyaml dependency version to 2.0 to fix CVE-2022-1471 #777, #767. Thanks @dhoard and @ppatierno.

Minor release updating the snakeyaml dependency from 1.31 to 1.32, because version 1.31 is vulnerable to CVE-2022-38752.

Note that jmx_exporter uses snakeyaml only to parse its config file. That means unless you have untrusted 3rd parties write your jmx_exporter config the CVE does not apply. However, if you have automated security scanners complaining about the vulnerable snakeyaml version this update will help.

As always, the jmx_exporter binaries are available on Maven central:

• jmx_prometheus_javaagent-0.17.2.jar requires Java >= 7.
• jmx_prometheus_javaagent-0.17.2_java6.jar is compatible with Java 6.
• jmx_prometheus_httpserver-0.17.2.jar requires Java >= 7.
• jmx_prometheus_httpserver-0.17.2_java6.jar is compatible with Java 6.

Sounds like a deja vu? Yes, we had the same on 10 September when we updated snakeyaml from 1.30 to 1.31 because of CVE-2022-25857.

Minor release updating the snakeyaml dependency from 1.30 to 1.31, because version 1.30 is vulnerable to CVE-2022-25857.

Note that jmx_exporter uses snakeyaml only to parse its config file. That means unless you have untrusted 3rd parties write your jmx_exporter config the CVE does not apply. However, if you have automated security scanners complaining about the vulnerable snakeyaml version this update will help.

As always, the jmx_exporter binaries are available on Maven central:

• jmx_prometheus_javaagent-0.17.1.jar requires Java >= 7.
• jmx_prometheus_javaagent-0.17.1_java6.jar is compatible with Java 6.
• jmx_prometheus_httpserver-0.17.1.jar requires Java >= 7.
• jmx_prometheus_httpserver-0.17.1_java6.jar is compatible with Java 6.