Tue Jun  1 22:16:11 CET  2026

[Security] CVE-2026-46739

Metric names and values are now validated to ensure they do not contain
characters below ASCII 32 (including newlines), colon (":") or pipe ("|")
characters that might allow metric injection. Offending calls now croak.

More than 10 years since the latest release :-)

Thanks to rrwo@cpansec.org for the report and suggestions.