← Back to all sparks
Prometheus logo

Prometheus

DEVOPS
Velocity5.0

Monitoring system

Prometheus ships steady LTS releases with security discipline and deepening PromQL

observabilitypromqlnative-histogramstsdb-performancesecurity-hardeningservice-discovery
Current state
Prometheus is in mature-maintenance mode, running parallel release trains: the 3.5 and 3.11 LTS lines get prompt security backports alongside the fast-moving 3.12/3.13 branch. The 3.13.0 LTS release bundles native-histogram advances, experimental PromQL duration functions, and TSDB performance work, while a steady drumbeat of CVE fixes shows an active security-response process.
Where it's heading
The center of gravity is PromQL expressiveness (duration expressions, start-timestamp-aware rate/increase, smoothed and anchored functions) and native histograms, both landing incrementally behind feature flags. Service-discovery breadth keeps widening (DigitalOcean, Outscale, AWS refinements). Security handling, from plaintext-secret leaks to XSS to credential forwarding on redirect, is treated as first-class and fanned out across every supported line.
Prediction
Expect the experimental PromQL and native-histogram features to graduate toward stable in an upcoming minor, and continued rapid security patching across the 3.5, 3.11, and 3.13 LTS lines.

Recent moves

  1. 11h ago

    3.5.5 / 2026-07-09

    View source ↗
  2. 11h ago

    3.13.0-rc.0 / 2026-06-18

    View source ↗
  3. 8d ago

    Prometheus 3.13.0 LTS: PromQL, TSDB perf, and security fixes

    The headline LTS release of the current train: it folds in the experimental PromQL duration functions (renamed to min_of/max_of), smoothed-rate support for native histograms, per-query samplesRead stats, runtime float chunk-encoding selection, and a batch of TSDB correctness and performance fixes, plus a sanitize-html XSS patch. A representative depth-over-direction Prometheus release.

    View source ↗
  4. 17d ago

    Prometheus 3.13.0-rc.1: mostly CI and build fixes

    A near-empty release candidate: the NPM-to-PNPM migration forced a re-cut, so it carries only CI/build changes and the embedded-license switch. Superseded by the 3.13.0 GA a week later.

    View source ↗
  5. 22d ago

    Prometheus 3.5.4 LTS: security patch release

    A security backport to the older 3.5 LTS line, covering the STACKIT plaintext-secret leak and dependency CVEs. Evidence that Prometheus actively maintains multiple LTS trains in parallel rather than forcing upgrades.

    View source ↗
  6. 1mo ago

    Prometheus 3.12.0: new SD sources, start-timestamp PromQL, TSDB perf

    The feature-heavy minor preceding 3.13: DigitalOcean and Outscale service discovery, experimental start-timestamp PromQL functions, a UI for deleting time series, and constant-time head-chunk lookup. It sets up much of what 3.13.0 later stabilizes.

    View source ↗