CPBR-3611: Upgrade jmx_prometheus_javaagent from 0.18.0 to 1.0.1

[Nitin Singh (nitsingh-ui)]

Summary

• Upgrade jmx_prometheus_javaagent from 0.18.0 to 1.0.1 to remediate CVE/security vulnerability
• This is a major version bump (0.x → 1.x) — the 1.0.x release includes security fixes, performance improvements, and updated dependencies
• Version 0.18.0 is flagged as vulnerable per CPBR-3611 / CFK-4241

Jira

• CPBR-3611
• CFK-4241

[Jan Werner (janjwerner-confluent)]

This is a breaking change, that will affect CFK and other downstream uses as the metrics path, and some JVM metric names are changing.

See:
https://github.com/prometheus/jmx_exporter/releases/tag/1.0.1

1. Metrics are no longer served on the root (/) path. You will be required to change the scrape URL to /metrics

2. Some JVM metric names have changed to conform with the OpenMetrics specification.

Dashboards will need to be changed if referencing the changed JVM metrics.

https://prometheus.github.io/client_java/migration/simpleclient/#jvm-metrics

3. MBean names that are normalized to the same metric name will now contain a label named _objectname that references the MBean that provided the metric.

The latest version available 1.5.0 is not available via mavenrepository and needs to be downloaded from: https://github.com/prometheus/jmx_exporter/releases