Announcing:
Prometheus Exporter for LSWS and OLS v0.2.0 and v0.2.1
In this release: hardening, installer polish, bug fixes, and more!
RELEASE LOG:
v0.2.1
--
- [Bug fix] Empty `/metrics` on systemd hosts due to `PrivateTmp` hiding LSWS's `.rtreport`.
- [Bug fix] Startup no longer aborts when `.rtreport` is a symlink.
- [Bug fix] Missing `.rtreport` at startup is now logged quietly instead of as an error.
- [Build] Pinned release workflow to Go 1.25.x with a toolchain sanity check.
- [Build] Makefile pins `GOTOOLCHAIN` so `make all` works on hosts with older system Go.
- [Install] Hardened top-level `install.sh` for reliable use under `curl … | sudo sh`.
- [Docs] Corrected install URL to use the `master` branch.
v0.2.0
--
- [Install] New one-line `install.sh` installer with SHA-256 verification.
- [Install] Manual downloads now ship a SHA-256 sidecar and SLSA build-provenance attestations.
- [Feature] Added HTTP Basic authentication on `/metrics`.
- [Feature] VHost name parser now handles names containing `[` or `]`.
- [Feature] Added `--litespeed-pid-file` and `--pid-directory` flags.
- [Security] HTTP server now enforces timeouts and a header size cap to mitigate Slowloris-style DoS.
- [Security] Default handler rejects unexpected methods and paths, and avoids accidental pprof exposure.
- [Security] `cleanupBadFiles` no longer follows symlinks and is confined to the `--rtreport` directory.
- [Security] PID file is created with mode `0600` under `/run` when available.
- [Security] TLS cert/key and password files are validated at startup; credentials are never logged.
- [Security] Scrape goroutine no longer panics on label cardinality bugs.
- [Security] Bumped Go to 1.25 and refreshed dependencies; `govulncheck` reports zero reachable stdlib CVEs.
- [Build] Releases published via GitHub Actions with reproducible tarballs and provenance attestations.
- [Compat] Accepts the legacy `--password_file` spelling from v0.1.4 systemd units.
- [Ops] Bundled systemd unit adds layered hardening and uses `RuntimeDirectory` for the PID file.
- [Docs] Added `SECURITY.md` and `RELEASING.md`.
https://github.com/litespeedtech/litespeed-prometheus-exporter/tree/master
Cheers!
Prometheus Exporter for LSWS and OLS v0.2.0 and v0.2.1
In this release: hardening, installer polish, bug fixes, and more!
RELEASE LOG:
v0.2.1
--
- [Bug fix] Empty `/metrics` on systemd hosts due to `PrivateTmp` hiding LSWS's `.rtreport`.
- [Bug fix] Startup no longer aborts when `.rtreport` is a symlink.
- [Bug fix] Missing `.rtreport` at startup is now logged quietly instead of as an error.
- [Build] Pinned release workflow to Go 1.25.x with a toolchain sanity check.
- [Build] Makefile pins `GOTOOLCHAIN` so `make all` works on hosts with older system Go.
- [Install] Hardened top-level `install.sh` for reliable use under `curl … | sudo sh`.
- [Docs] Corrected install URL to use the `master` branch.
v0.2.0
--
- [Install] New one-line `install.sh` installer with SHA-256 verification.
- [Install] Manual downloads now ship a SHA-256 sidecar and SLSA build-provenance attestations.
- [Feature] Added HTTP Basic authentication on `/metrics`.
- [Feature] VHost name parser now handles names containing `[` or `]`.
- [Feature] Added `--litespeed-pid-file` and `--pid-directory` flags.
- [Security] HTTP server now enforces timeouts and a header size cap to mitigate Slowloris-style DoS.
- [Security] Default handler rejects unexpected methods and paths, and avoids accidental pprof exposure.
- [Security] `cleanupBadFiles` no longer follows symlinks and is confined to the `--rtreport` directory.
- [Security] PID file is created with mode `0600` under `/run` when available.
- [Security] TLS cert/key and password files are validated at startup; credentials are never logged.
- [Security] Scrape goroutine no longer panics on label cardinality bugs.
- [Security] Bumped Go to 1.25 and refreshed dependencies; `govulncheck` reports zero reachable stdlib CVEs.
- [Build] Releases published via GitHub Actions with reproducible tarballs and provenance attestations.
- [Compat] Accepts the legacy `--password_file` spelling from v0.1.4 systemd units.
- [Ops] Bundled systemd unit adds layered hardening and uses `RuntimeDirectory` for the PID file.
- [Docs] Added `SECURITY.md` and `RELEASING.md`.
https://github.com/litespeedtech/litespeed-prometheus-exporter/tree/master
Cheers!