-
Wed Jan 31 2024 Sam Feifer <sfeifer@redhat.com> 9.2.10-15
- Resolves RHEL-23466
- Resolves RHEL-21027
- Allows for gid to be 0
- Allows for postgreSQL datasource in selinux policy
-
Mon Dec 18 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-14
- Resolves RHEL-19596
- Fixes coredump issue introduced by selinux
- Patches out call to panic when trying to walk "/" directory
- Fixes postgresql AVC denial
-
Fri Dec 01 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-12
- Resolves RHEL-7503
- Adds a selinux policy for grafana
- Resolves RHEL-12650
- fix CVE-2023-39325 CVE-2023-44487 rapid stream resets can cause excessive work
-
Fri Jul 21 2023 Stan Cox <scox@redhat.com> 9.2.10-6
- Add /usr/share/grafana to systemd-sysusers --replace
-
Thu Jul 20 2023 Stan Cox <scox@redhat.com> 9.2.10-5
- resolve CVE-2023-3128 grafana: account takeover possible when using Azure AD OAuth
-
Thu Jun 08 2023 Stan Cox <scox@redhat.com> 9.2.10-4
- bumps exporter-toolkit to v0.7.3, sanitize-url@npm to 6.0.2, skip problematic s390 tests.
-
Thu May 25 2023 Stan Cox <scox@redhat.com> 9.2.10-3
- Use systemd-sysusers --replace
-
Tue May 23 2023 Jan Kurik <jkurik@redhat.com> 9.2.10-2
- Use systemd-sysusers instead of sysusers_create_compat, which is not available in RHEL-8
-
Thu May 04 2023 Stan Cox <scox@redhat.com> 9.2.10-1
- Update to 9.2.10
-
Mon Oct 31 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.15-4
- resolve CVE-2022-39229 grafana: using email as a username can block other users from signing in
- resolve CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY
- resolve CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps
- resolve CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters
- run integration tests in check phase
- update FIPS patch with latest changes in Go packaging