SUSE-SU-2025:4457-1

This update fixes the following issues:

golang-github-prometheus-alertmanager:

• Update to version 0.28.1 (jsc#PED-13285):
  • Improved performance of inhibition rules when using Equal labels.
  • Improve the documentation on escaping in UTF-8 matchers.
  • Update alertmanagerconfighash metric help to document the hash is not cryptographically strong.
  • Fix panic in amtool when using --verbose.
  • Fix templating of channel field for Rocket.Chat.
  • Fix rocketchatconfigs written as rocketconfigs in docs.
  • Fix usage for --enable-feature flag.
  • Trim whitespace from OpsGenie API Key.
  • Fix Jira project template not rendered when searching for existing issues.
  • Fix subtle bug in JSON/YAML encoding of inhibition rules that would cause Equal labels to be omitted.
  • Fix header for slack_configs in docs.
  • Fix weight and wrap of Microsoft Teams notifications.
• Upgrade to version 0.28.0:
  • CVE-2025-47908: Bump github.com/rs/cors (bsc#1247748).
  • Templating errors in the SNS integration now return an error.
  • Adopt log/slog, drop go-kit/log.
  • Add a new Microsoft Teams integration based on Flows.
  • Add a new Rocket.Chat integration.
  • Add a new Jira integration.
  • Add support for GOMEMLIMIT, enable it via the feature flag --enable-feature=auto-gomemlimit.
  • Add support for GOMAXPROCS, enable it via the feature flag --enable-feature=auto-gomaxprocs.
  • Add support for limits of silences including the maximum number of active and pending silences, and the maximum size per silence (in bytes). You can use the flags --silences.max-silences and --silences.max-silence-size-bytes to set them accordingly.
  • Muted alerts now show whether they are suppressed or not in both the /api/v2/alerts endpoint and the Alertmanager UI.
• Upgrade to version 0.27.0:
  • API: Removal of all api/v1/ endpoints. These endpoints now log and return a deprecation message and respond with a status code of 410.
  • UTF-8 Support: Introduction of support for any UTF-8 character as part of label names and matchers.
  • Discord Integration: Enforce max length in message.
  • Metrics: Introduced the experimental feature flag --enable-feature=receiver-name-in-metrics to include the receiver name.
  • Metrics: Introduced a new gauge named alertmanagerinhibitionrules that counts the number of configured inhibition rules.
  • Metrics: Introduced a new counter named alertmanageralertssupressed_total that tracks muted alerts, it contains a reason label to indicate the source of the mute.
  • Discord Integration: Introduced support for webhookurlfile.
  • Microsoft Teams Integration: Introduced support for webhookurlfile.
  • Microsoft Teams Integration: Add support for summary.
  • Metrics: Notification metrics now support two new values for the label reason, contextCanceled and contextDeadlineExceeded.
  • Email Integration: Contents of authpasswordfile are now trimmed of prefixed and suffixed whitespace.
  • amtool: Fixes the error scheme required for webhook url when using amtool with --alertmanager.url.
  • Mixin: Fix AlertmanagerFailedToSendAlerts, AlertmanagerClusterFailedToSendAlerts, and AlertmanagerClusterFailedToSendAlerts to make sure they ignore the reason label.

grafana was updated from version 11.5.5 to 11.5.10:

• Security issues fixed:

  • CVE-2025-47911: Fix parsing HTML documents (bsc#1251454)
  • CVE-2025-58190: Fix excessive memory consumption (bsc#1251657)
  • CVE-2025-64751: Drop experimental implementation of authorization Zanzana server/client (bsc#1254113)
  • CVE-2025-11065: Fixed sensitive information leak in logs (version 11.5.9) (bsc#1250616)
  • CVE-2025-6023: Fixed cross-site-scripting via scripted dashboards (version 11.5.7) (bsc#1246735)
  • CVE-2025-6197: Fixed open redirect in organization switching (version 11.5.7) (bsc#1246736)
  • CVE-2025-3415: Fixed exposure of DingDing alerting integration URL to Viewer level users (version 11.5.6) (bsc#1245302)

• Other changes, new features and bugs fixed:

  • Version 11.5.10:

    • Update to Go 1.25
    • Update to golang.org/x/net v0.45.0
    • Auth: Fix render user OAuth passthrough
    • LDAP Authentication: Fix URL to propagate username context as parameter

  • Version 11.5.9:

    • Auditing: Document new options for recording datasource query request/response body.
    • Login: Fixed redirection after login when Grafana is served from subpath.

  • Version 11.5.7:

    • Azure: Fixed legend formatting and resource name determination in template variable queries.

mgr-push:

• Version 5.0.3-0
  • Fixed syntax error in changelog

rhnlib:

• Version 5.0.6-0
  • Use more secure defusedxml parser (bsc#1227577)

spacecmd:

• Version 5.0.14-0:

  • Fixed installation of python lib files on Ubuntu 24.04 (bsc#1246586)
  • Use JSON instead of pickle for spacecmd cache (bsc#1227579)
  • Make spacecmd to work with Python 3.12 and higher
  • Call print statements properly in Python 3

supportutils-plugin-susemanager-client:

• Version 5.0.5-0
  • Fix syntax error in changelog

uyuni-tools:

• Version 0.1.37-0
  • Handle CA files with symlinks during migration (bsc#1251044)
  • Add a lowercase version of --logLevel (bsc#1243611)
  • Adjust traefik exposed configuration for chart v27+ (bsc#1247721)
  • Stop executing scripts in temporary folder (bsc#1243704)
  • Convert the traefik install time to local time (bsc#1251138)
  • Run smdba and reindex only during migration (bsc#1244534)
  • Support config: collect podman inspect for hub container (bsc#1245099)
  • Add --registry-host, --registry-user and --registry-password to pull images from an authenticate registry
  • Deprecate --registry
  • Use new dedicated path for Cobbler settings (bsc#1244027)
  • Migrate custom auto installation snippets (bsc#1246320)
  • Add SLE15SP7 to buildin productmap
  • Fix loading product map from mgradm configuration file (bsc#1246068)
  • Fix channel override for distro copy
  • Do not use sudo when running as a root user (bsc#1246882)
  • Do not require backups to be at the same location for restoring (bsc#1246906)
  • Check for restorecon presence before calling (bsc#1246925)
  • Automatically get up-to-date systemid file on salt based proxy hosts (bsc#1246789)
  • Fix recomputing proxy images when installing a ptf or test (bsc#1246553)
  • Add migration for server monitoring configuration (bsc#1247688)
• Version 0.1.36-0
  • Bump the default image tag
• Version 0.1.35-0
  • Restore SELinux contexts for restored backup volumes (bsc#1244127)
• Version 0.1.34-0
  • Fix mgradm backup create handling of images and systemd files (bsc#1246738)
• Version 0.1.33-0
  • Restore volumes using tar instead of podman import (bsc#1244127)