SUSE-SU-2024:1530-2

Описание

This update for grafana and mybatis fixes the following issues:

grafana was updated to version 9.5.18:

• Grafana now requires Go 1.20

• Security issues fixed:

  • CVE-2024-1313: Require same organisation when deleting snapshots (bsc#1222155)
  • CVE-2023-6152: Add email verification when updating user email (bsc#1219912)

• Other non-security related changes:

  • Version 9.5.17:

    • [FEATURE] Alerting: Backport use Alertmanager API v2

  • Version 9.5.16:

    • [BUGFIX] Annotations: Split cleanup into separate queries and deletes to avoid deadlocks on MySQL

  • Version 9.5.15:

    • [FEATURE] Alerting: Attempt to retry retryable errors

  • Version 9.5.14:

    • [BUGFIX] Alerting: Fix state manager to not keep datasource_uid and ref_id labels in state after Error
    • [BUGFIX] Transformations: Config overrides being lost when config from query transform is applied
    • [BUGFIX] LDAP: Fix enable users on successfull login

  • Version 9.5.13:

    • [BUGFIX] BrowseDashboards: Only remember the most recent expanded folder
    • [BUGFIX] Licensing: Pass func to update env variables when starting plugin

  • Version 9.5.12:

    • [FEATURE] Azure: Add support for Workload Identity authentication

  • Version 9.5.9:

    • [FEATURE] SSE: Fix DSNode to not panic when response has empty response
    • [FEATURE] Prometheus: Handle the response with different field key order
    • [BUGFIX] LDAP: Fix user disabling

mybatis:

• apache-commons-ognl is now a non-optional dependency
• Fixed building with log4j v1 and v2 dependencies