Prometheus vs Auth0
Side-by-side trajectory, velocity, and editorial themes.
Prometheus enters 3.12 RC while running a coordinated security backport across the 3.5 LTS line.
Prometheus published a 3.12.0 release candidate with PromQL and Service Discovery additions, TSDB performance work, and security fixes for a remote-write denial-of-service and a STAC secret leak. In the same window, 3.11.3 and 3.5.3 shipped coordinated security fixes for snappy decoding, AzureAD client_secret handling, and an old-UI XSS, and the prior 3.11.2/3.5.2 pair fixed a metric-name XSS in the web UI. The project is clearly maintaining 3.5 as a long-term branch alongside the active 3.x line.
Cadence is dominated by responsible-disclosure security work, with feature additions concentrated in the upcoming 3.12 release. The fact that 3.5 keeps receiving coordinated backports months after 3.11 suggests Prometheus is informally treating 3.5 as a stable LTS for environments that cannot upgrade quickly.
Expect 3.12.0 to ship final within a few weeks given the RC has already landed, and a 3.5.4 backport to follow the next security disclosure rather than the next feature batch.
Auth0 ships Auth for MCP GA and starts unbundling the rest of identity for AI agents.
Auth0 just made Auth for MCP generally available — a bundle of CIMD client registration, On-Behalf-Of token exchange, and OAuth resource-parameter compatibility purpose-built for AI agents talking to MCP servers. Around it, the team is reworking core identity primitives: non-unique emails reached GA, online refresh tokens entered beta with session binding, and the Account API now supports step-up auth for sensitive scopes. Smaller polish items (CMD+K palette, Resend GA, signing algorithm coverage) round out the release stream.
Auth0 is repositioning from a B2C/B2B login provider to an authorization layer for agent ecosystems. The MCP work is the centerpiece, but the supporting moves — session-bound refresh tokens, step-up auth on the Account API, non-unique emails — all point at use cases where users, agents, and resources have more complex relationships than classic OIDC was designed for. Outbound event streams to AWS EventBridge and Okta Workflows extend the same direction outward.
Expect Auth for MCP to gain a managed catalog of pre-vetted MCP clients and deeper Actions-based policy hooks for OBO token exchange, plus online refresh tokens reaching GA within a quarter.
See more alternatives to Prometheus →
See more alternatives to Auth0 →