[ol8_appstream] grafana-9.2.10-7.el8_9.aarch64

Name:	grafana
Version:	9.2.10
Release:	7.el8_9
Architecture:	aarch64
Group:	Unspecified
Size:	312166136
License:	AGPLv3
RPM:	grafana-9.2.10-7.el8_9.aarch64.rpm
Source RPM:	grafana-9.2.10-7.el8_9.src.rpm
Build Date:	Wed Nov 15 2023
Build Host:	build-ol8-aarch64.oracle.com
Vendor:	Oracle America
URL:	https://grafana.org
Summary:	Metrics dashboard and graph editor
Description:	Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.

Changelog (Show File list) (Show related packages)

Wed Oct 18 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-7

- resolve RHEL-12649
- resolve CVE-2023-39325 CVE-2023-44487 rapid stream resets can cause excessive work
- testing is turned off due to test failures caused by testing date mismatch

Fri Jul 21 2023 Stan Cox <scox@redhat.com> 9.2.10-6

- Add /usr/share/grafana to systemd-sysusers --replace

Thu Jul 20 2023 Stan Cox <scox@redhat.com> 9.2.10-5

- resolve CVE-2023-3128 grafana: account takeover possible when using Azure AD OAuth

Thu Jun 08 2023 Stan Cox <scox@redhat.com> 9.2.10-4

- bumps exporter-toolkit to v0.7.3, sanitize-url@npm to 6.0.2, skip problematic s390 tests.

Thu May 25 2023 Stan Cox <scox@redhat.com> 9.2.10-3
```
- Use systemd-sysusers --replace
```

Tue May 23 2023 Jan Kurik <jkurik@redhat.com> 9.2.10-2

- Use systemd-sysusers instead of sysusers_create_compat, which is not available in RHEL-8

Thu May 04 2023 Stan Cox <scox@redhat.com> 9.2.10-1
```
- Update to 9.2.10
```

Mon Oct 31 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.15-4

- resolve CVE-2022-39229 grafana: using email as a username can block other users from signing in
- resolve CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY
- resolve CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps
- resolve CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters
- run integration tests in check phase
- update FIPS patch with latest changes in Go packaging

Wed Aug 10 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.15-3

- resolve CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions
- resolve CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header
- resolve CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
- resolve CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
- resolve CVE-2022-30630 golang: io/fs: stack exhaustion in Glob
- resolve CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob
- resolve CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode
- resolve CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip
- resolve CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal

Wed Jul 20 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.15-2
```
- resolve CVE-2022-31107 grafana: OAuth account takeover
```