--- title: "Grafana Enterprise Metrics v2.15 release notes | Grafana Enterprise Metrics documentation" description: "Release notes for Grafana Enterprise Metrics version 2.15." --- # Version 2.15 release notes Grafana Labs is excited to announce the release of Grafana Enterprise Metrics (GEM) 2.15, which is built on top of Grafana Mimir 2.15. GEM 2.15 inherits all the features, enhancements, and bug fixes that are in the Grafana Mimir 2.15 release. Given this, it’s best to start with the [Grafana Mimir 2.15 release notes](/docs/mimir/latest/release-notes/v2.15/). ## Features and enhancements This release introduces changes to the federation-frontend, which now requires GEM clusters as proxy targets and mandates upgrading to GEM 2.15+ before updating the frontend. It also updates the Ruler to handle missing rule groups gracefully and resolves several bugs, including fixes for cross-cluster query federation label handling, token creation ETag responses, and critical security vulnerabilities in go-jose and go-oidc. ## Upgrade considerations This release also inherits the [upgrade considerations](/docs/mimir/latest/release-notes/v2.15/#important-changes) from the Grafana Mimir 2.15 release. After you upgrade to GEM 2.15, upgrade your [GEM plugin](/grafana/plugins/grafana-metrics-enterprise-app/) to the latest version. For more information about the most recent enhancements and bug fixes in the GEM plugin, see the [Grafana Enterprise Metrics: Changelog](/grafana/plugins/grafana-metrics-enterprise-app/?tab=changelog). ## Bug fixes ### v2.15.0 - Include the initial ETag version in the token creation response when using the Admin API - When using cross-cluster query federation, series with the label name `__cluster__` were incorrectly handled in shardable queries, which are queries that can be divided up and sent to different clusters and then combined later. This fixes that issue and allows users to use `original___cluster__` as a label matcher to match that label and `__cluster__` to match the cluster they defined, making it consistent with the behavior of other kinds of queries. This applies to aggregation grouping labels as well. - Upgrade dependencies to address [CVE-2024-28180](https://nvd.nist.gov/vuln/detail/CVE-2024-28180). - Upgrade dependencies to address [CVE-2024-28180](https://nvd.nist.gov/vuln/detail/CVE-2024-28180). ### v2.15.1 - Upgrade Go base image to 1.23.6. - Update base image to `alpine:3.20.5`. - Upgrade to github.com/golang/glog to v1.2.4 to resolve [CVE-2024-45339](https://github.com/advisories/GHSA-6wxm-mpqj-6jpf). ### v2.15.2 - Update module golang.org/x/net to v0.36.0 to address [CVE-2025-22870](https://nvd.nist.gov/vuln/detail/CVE-2025-22870). - Update module github.com/golang-jwt/jwt/v5 to v5.2.2 to address [CVE-2025-30204](https://nvd.nist.gov/vuln/detail/CVE-2025-30204). - Update module github.com/golang-jwt/jwt/v4 to v4.2.2 to address [CVE-2025-30204](https://nvd.nist.gov/vuln/detail/CVE-2025-30204). - Update module github.com/golang-jwt/jwt/v3 to v3.0.4 to address [CVE-2025-30204](https://nvd.nist.gov/vuln/detail/CVE-2025-30204). - Update module golang.org/x/oauth2 to v0.27.0 to address [CVE-2025-22868](https://nvd.nist.gov/vuln/detail/CVE-2025-22868). - Update module golang.org/x/crypto to v0.35.0 to address [CVE-2025-22869](https://nvd.nist.gov/vuln/detail/CVE-2025-22869). - Update module github.com/go-jose/go-jose/v4 to v4.0.5 to address [CVE-2025-27144](https://nvd.nist.gov/vuln/detail/CVE-2025-27144). - Upgrade Go base image to 1.23.7.