https://github.com/xdev-software/prometheus-metrics-exposition-formats-no-protobuf
Reconfigures prometheus-metrics-exposition-formats to remove protobuf
https://github.com/xdev-software/prometheus-metrics-exposition-formats-no-protobuf
actuator eol prometheus-metrics-exposition-formats protobuf spring spring-boot
Last synced: about 2 months ago
JSON representation
Reconfigures prometheus-metrics-exposition-formats to remove protobuf
- Host: GitHub
- URL: https://github.com/xdev-software/prometheus-metrics-exposition-formats-no-protobuf
- Owner: xdev-software
- License: apache-2.0
- Created: 2024-10-23T07:57:13.000Z (12 months ago)
- Default Branch: develop
- Last Pushed: 2025-08-17T04:20:03.000Z (about 2 months ago)
- Last Synced: 2025-08-18T01:37:47.400Z (about 2 months ago)
- Topics: actuator, eol, prometheus-metrics-exposition-formats, protobuf, spring, spring-boot
- Language: Java
- Homepage:
- Size: 744 KB
- Stars: 2
- Watchers: 1
- Forks: 0
- Open Issues: 5
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Security: SECURITY.md
Awesome Lists containing this project
README
[](https://mvnrepository.com/artifact/software.xdev/prometheus-metrics-exposition-formats-no-protobuf)
[](https://github.com/xdev-software/prometheus-metrics-exposition-formats-no-protobuf/actions/workflows/check-build.yml?query=branch%3Adevelop)
# prometheus-metrics-exposition-formats-no-protobuf
Reconfigures [prometheus-metrics-exposition-formats](https://github.com/prometheus/client_java) to remove [protobuf](https://github.com/protocolbuffers/protobuf).
This module is designed to integrate with [Spring Boot Actuator (Prometheus)](https://docs.spring.io/spring-boot/api/rest/actuator/prometheus.html) or similar services.
### Why remove Protobuf?
1. [Prometheus Protobuf format is obsolete/experimental](https://github.com/prometheus/docs/blob/main/content/docs/instrumenting/exposition_formats.md#protobuf-format), the chance that it's used is near 0
2. The additional library can result in additional attack vectors. For example in [CVE-2024-7254](https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-735f-pc8j-v9w8)
* If the dependency is [reshaded](https://maven.apache.org/plugins/maven-shade-plugin/) it may not be detected by vulnerability scanners (as is the case in ``io.prometheus:prometheus-metrics-exposition-formats <= 1.3.1``)
3. The protobuf dependency is huge (around 10x bigger) in comparison to the other libraries
_See also [prometheus/client_java#1173](https://github.com/prometheus/client_java/issues/1173)_
## Installation
[Installation guide for the latest release](https://github.com/xdev-software/prometheus-metrics-exposition-formats-no-protobuf/releases/latest#Installation)
### Compatibility with ``io.prometheus:prometheus-metrics-exposition-formats``
| ``io.prometheus:prometheus-metrics-exposition-formats`` version | ``prometheus-metrics-exposition-formats-no-protobuf`` version |
| --- | --- |
| 1.3.4+ | [``3`` (optional)](./CHANGELOG.md#300) |
| 1.3.2+ | ``2`` |
| < 1.3.2 | ``1`` |
### Spring Boot Actuator
```xml
org.springframework.boot
spring-boot-dependencies
...
pom
import
software.xdev
prometheus-metrics-exposition-formats-no-protobuf
...
runtime
io.micrometer
micrometer-registry-prometheus
io.prometheus
prometheus-metrics-exposition-formats
runtime
```
## Support
If you need support as soon as possible and you can't wait for any pull request, feel free to use [our support](https://xdev.software/en/services/support).
## Contributing
See the [contributing guide](./CONTRIBUTING.md) for detailed instructions on how to get started with our project.
## Dependencies and Licenses
View the [license of the current project](LICENSE) or the [summary including all dependencies](https://xdev-software.github.io/prometheus-metrics-exposition-formats-no-protobuf/dependencies)