Описание
ELSA-2021-1859: grafana security, bug fix, and enhancement update (MODERATE)
[7.3.6-2]
- change working dir to in grafana-cli wrapper (fixes Red Hat BZ #1916083)
- add pcp-redis-datasource to allow_loading_unsigned_plugins config option
[7.3.6-1]
- update to 7.3.6 tagged upstream community sources, see CHANGELOG
- remove dependency on SAML (not supported in the open source version of Grafana)
[7.3.4-1]
- update to 7.3.4 tagged upstream community sources, see CHANGELOG
- bundle golang dependencies
- optionally bundle node.js dependencies and build and test frontend as part of the specfile
- merge all datasources into main grafana package
- change default provisioning path to /etc/grafana/provisioning
- resolve https://bugzilla.redhat.com/show_bug.cgi?id=1843170
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
grafana
7.3.6-2.el8
Oracle Linux x86_64
grafana
7.3.6-2.el8
Связанные CVE
Связанные уязвимости
A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource.
Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource.
Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource.