---
title: "Grafana Enterprise Metrics v2.17 release notes | Grafana Enterprise Metrics documentation"
description: "Release notes for Grafana Enterprise Metrics version 2.17."
---

# Version 2.17 release notes

Grafana Labs is excited to announce the release of Grafana Enterprise Metrics (GEM) 2.17, which is built on top of Grafana Mimir 2.17.

GEM 2.17 inherits all the features, enhancements, and bug fixes that are in the Grafana Mimir 2.17 release. Given this, it’s best to start with the [Grafana Mimir 2.17 release notes](/docs/mimir/latest/release-notes/v2.17/).

## Features and enhancements

GEM 2.17 contains the following new features and enhancements:

- Federation-frontend: With cross-cluster query federation, allow automatic retries of individual requests that return retryable errors in queries. You can configure the total number of allowed attempts in the `federation.max-attempts-per-request` configuration parameter.
- Federation-frontend: Add HTTP client cluster validation support through the `federation.proxy_targets.cluster_validation_label` configuration parameter.
- Federation-frontend: Add support for [Prometheus remote read API request](https://prometheus.io/docs/prometheus/latest/querying/remote_read_api/).
- Federation-frontend: You can set the `query-frontend.extra-propagated-headers` option to specify extra headers allowed to pass through to the rest of the query path.
- Gateway: Add optional HTTP load balancing to the `cortex.query` and `cortex.distributor` proxies via the `[proxy].load-balancing` and `[proxy].load-balancing-policy` configuration parameters.

## Upgrade considerations

This release also inherits the [upgrade considerations](/docs/mimir/latest/release-notes/v2.17/#important-changes) from the Grafana Mimir 2.17 release.

After you upgrade to GEM 2.17, upgrade your [GEM plugin](/grafana/plugins/grafana-metrics-enterprise-app/) to the latest version. For more information about the most recent enhancements and bug fixes in the GEM plugin, see the [Grafana Enterprise Metrics: Changelog](/grafana/plugins/grafana-metrics-enterprise-app/?tab=changelog).

## Bug fixes

### v2.17.0

- Cross-cluster query federation: Fix unreported partial results when the remote-read stream breaks after the first response.
- Graphite querier: Improve error messages for render errors.
- Ruler: Allow different remotes to re-register `wal_watcher` metrics without panicking.

### v2.17.1

- Update root CA certificates in Docker images.
- Update to Go v1.24.6 to address [CVE-2025-4674](https://nvd.nist.gov/vuln/detail/CVE-2025-4674), [CVE-2025-47907](https://nvd.nist.gov/vuln/detail/CVE-2025-47907).
- Federation-frontend: Correct GEM version requirements in docs.
- Ingester: Fix a bug where ingesters would get stuck in read-only mode after compactions.

### v2.17.2

- Update to Go v1.24.9 to address CVE’s.
- Update distroless images to latest digest to address CVE’s.
- Distributor: Fix a bug where no NHCB passes validation when native histogram bucket limit `-validation.max-native-histogram-buckets` is set.
- Ingest: Fix a data corruption issue caused by memory pooling when a newer version is rolled out and the experimental `-distributor.otel-created-timestamp-zero-ingestion-enabled` feature is enabled.
- Memcached: Ignore invalid responses when discovering cache servers using `dnssrv+` or `dnssrvnoa+` service discovery prefixes.

### v2.17.3

- Update opencontainers/selinux dependency to v1.13.0 to address [CVE-2025-52881](https://nvd.nist.gov/vuln/detail/CVE-2025-52881).
- Update Go crypto dependency to v0.43.0 to address [CVE-2025-47913](https://nvd.nist.gov/vuln/detail/CVE-2025-47913).

### v2.17.4

- Update to Go 1.24.11 to address [CVE-2025-61729](https://nvd.nist.gov/vuln/detail/CVE-2025-61729) and [CVE-2025-61727](https://nvd.nist.gov/vuln/detail/CVE-2025-61727).
- Update Go crypto dependency to v0.45.0 to address [CVE-2025-47914](https://nvd.nist.gov/vuln/detail/CVE-2025-47914) and [CVE-2025-58181](https://nvd.nist.gov/vuln/detail/CVE-2025-58181).

### v2.17.5

- Update Mimir to 2.17.5. For list of fixes, see related [release notes in Mimir](https://github.com/grafana/mimir/blob/mimir-2.17.5/CHANGELOG.md).
- Update to Go v1.25.5 to align with Mimir 2.17 releases.

### v2.17.6

- Update to Go v1.25.7 to address [CVE-2025-61726](https://pkg.go.dev/vuln/GO-2026-4341).
- Ruler: Add path traversal checks when parsing namespaces and groups, which prevents namespace and group name from containing non-local paths.

### v2.17.7

- Federation: Fix nil pointer dereference when querying a non-existent `__cluster__` with partial queries enabled.
- Federation: Stop emitting `cortex_federation_frontend_partial_results` metric when partial queries are disabled. Previously when partial queries were disabled, the metric would always report a 0% failure rate, even when cluster requests failed.
- Security: Update module golang.org/x/net to v0.45 to address [CVE-2025-58190](https://nvd.nist.gov/vuln/detail/CVE-2025-58190) and [CVE-2025-47911](https://nvd.nist.gov/vuln/detail/CVE-2025-47911).

### v2.17.8

- Skipping this patch to match the mimir version.

### v2.17.9

- Distributor: Add OTLP usage reporter that tracks OTel scope occurrences and periodically exports them to the stats server. Enabled via `-otlp-usage.enabled`.
- Ruler: Propagate GCS object mutation rate limit for rule group uploads.
- Querier: Fix not\_aggregated\_wrapper incorrectly return errors for metric with no sample when MQE is in use.
- Build: Remove support for building and testing “boringcrypto” images since these are no longer used.
- Security: Update to Go v1.25.8 to address [CVE-2026-27142](https://pkg.go.dev/vuln/GO-2026-4603), [CVE-2026-27139](https://pkg.go.dev/vuln/GO-2026-4602), [CVE-2026-25679](https://pkg.go.dev/vuln/GO-2026-4601), [CVE-2026-27138](https://pkg.go.dev/vuln/GO-2026-4600), [CVE-2026-27137](https://pkg.go.dev/vuln/GO-2026-4599).

### v2.17.10

- Ruler: Fix parsing of rule expressions with leading newlines.

### v2.17.11

- Admin API: Fix follower-to-leader proxy failing on IPv6-only clusters due to unbracketed IPv6 address in ring registration.

### v2.17.12

- Security: Upgrade Mimir to 2.17.10 to address [CVE-2026-39883](https://www.cve.org/CVERecord?id=CVE-2026-39883), [GHSA-xmrv-pmrh-hhx2](https://github.com/advisories/GHSA-xmrv-pmrh-hhx2).
- Security: Upgrade to Go 1.25.9 to address [CVE-2026-32283](https://pkg.go.dev/vuln/GO-2026-4870), [CVE-2026-32282](https://pkg.go.dev/vuln/GO-2026-4864), [CVE-2026-27144](https://pkg.go.dev/vuln/GO-2026-4867), [CVE-2026-27143](https://pkg.go.dev/vuln/GO-2026-4868), [CVE-2026-27140](https://pkg.go.dev/vuln/GO-2026-4871), [CVE-2026-32289](https://pkg.go.dev/vuln/GO-2026-4865), [CVE-2026-32288](https://pkg.go.dev/vuln/GO-2026-4869), [CVE-2026-32280](https://pkg.go.dev/vuln/GO-2026-4947), [CVE-2026-32281](https://pkg.go.dev/vuln/GO-2026-4946).

### v2.17.13

- Upgrade `github.com/go-jose/go-jose/v3` to v3.0.5 to address [CVE-2026-34986](https://github.com/advisories/GHSA-78h2-9frx-2jm8).