2.3.1, May 6th, 2026
- Harden vault secret resolution, password-file handling, and metrics row iteration so errors are returned or logged instead of causing panics, exits, or silent scrape success.
- Harden the sample Kubernetes deployment with restrictive pod and container security contexts, switch it to
IfNotPresent, and add a sample NetworkPolicy for ingress to port9161. - Set HTTP server read-header, read, and idle timeouts before handing the listener to the Prometheus exporter toolkit, and expose those timeout defaults through the exporter config file.
- Pin the demo Docker Compose
prom/prometheusandgrafana/grafanaimages to immutable digests instead of floating tags. - Fall back to the default HashiCorp Vault client configuration when
vault.hashicorp.proxySocketis not configured, preventing a nil-pointer panic while still allowing environment-based Vault configuration. - Remove production use of the OCI SDK
example/helperspackage in Vault integrations so OCI Vault and HashiCorp Vault lookup failures return errors instead of terminating the exporter process. - Escape the configured metrics path before rendering the landing page link, preventing self-XSS through
web.telemetry-path. - Fix alert log tail reads to scan backward in fixed-size chunks with a maximum line-length cap, avoiding quadratic string rebuilds on large final log lines.
- Add a per-database
connMaxLifetimesetting with a default of30m, so pooled connections are recycled instead of being reused indefinitely. You may set this to 0 to get the prior default behavior. - Ignore invalid
RESTART_INTERVALandFREE_INTERVALvalues instead of panicking when creating periodic tickers. - Synchronize per-database session and validity state so reconnects, alert-log queries, and metric scrapes no longer race on shared database handles.
- Fix custom metrics hot reload so invalid or partially written metric files are logged and ignored without crashing the exporter, preserving the last known good metric set.
- Fix custom metrics reload tracking so multiple
collector.NewExporterinstances in the same Go process each load and reload custom metrics independently. - Add the exporter release
versionlabel tooracledb_exporter_build_info, matching the standard Prometheus build info metric shape. - Add an initial GitHub Actions workflow to run
make go-testandmake go-buildon approved pull requests targetingmainand on pushes tomain. - Add
CODEOWNERSprotection for GitHub workflow files. - Ignore non-string values returned from HashiCorp Vault secret payloads instead of panicking, so malformed or structured KV data cannot crash the exporter.
- Verify downloaded Go toolchain tarballs against the published SHA256 in the Docker build and macOS release script before extracting them.
- Use a bind variable for the alert-log timestamp query instead of interpolating the last on-disk timestamp into SQL text.
- Update the default
cache_hit_ratiometric to querygv$con_sysmetric, include theinst_idlabel, and report the supported buffer and cursor cache hit ratio metrics. - Update the Go module dependency set, including newer OCI SDK, Prometheus exporter toolkit, YAML, Azure SDK, and
golang.org/x/*versions.
Thank you to the following users for their suggestions and contributions: