SUSE-SU-2021:2660-1: important: Security update for grafana
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Thu Aug 12 13:23:03 UTC 2021
SUSE Security Update: Security update for grafana
______________________________________________________________________________
Announcement ID: SUSE-SU-2021:2660-1
Rating: important
References: #1183803 #1183809 #1183811 #1183813 #1184371
Cross-References: CVE-2021-27358 CVE-2021-27962 CVE-2021-28146
CVE-2021-28147 CVE-2021-28148
CVSS scores:
CVE-2021-27358 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-27358 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-27962 (NVD) : 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
CVE-2021-27962 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2021-28148 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Manager Tools 15
______________________________________________________________________________
An update that fixes 5 vulnerabilities is now available.
Description:
This update for grafana fixes the following issues:
- CVE-2021-27358: unauthenticated remote attackers to trigger a Denial of
Service via a remote API call (bsc#1183803)
- Update to version 7.5.7:
* Updated relref to "Configuring exemplars" section (#34240) (#34243)
* Added exemplar topic (#34147) (#34226)
* Quota: Do not count folders towards dashboard quota (#32519) (#34025)
* Instructions to separate emails with semicolons (#32499) (#34138)
* Docs: Remove documentation of v8 generic OAuth feature (#34018)
* Annotations: Prevent orphaned annotation tags cleanup when no
annotations were cleaned (#33957) (#33975)
* [GH-33898] Add missing --no-cache to Dockerfile. (#33906) (#33935)
* ReleaseNotes: Updated changelog and release notes for 7.5.6 (#33932)
(#33936)
* Stop hoisting @icons/material (#33922)
* Chore: fix react-color version in yarn.lock (#33914)
* "Release: Updated versions in package to 7.5.6" (#33909)
* Loki: fix label browser crashing when + typed (#33900) (#33901)
* Document `hide_version` flag (#33670) (#33881)
* Add isolation level db configuration parameter (#33830) (#33878)
* Sanitize PromLink button (#33874) (#33876)
* Removed content as per MarcusE's suggestion in
https://github.com/grafana/grafana/issues/33822. (#33870) (#33872)
* Docs feedback: /administration/provisioning.md (#33804) (#33842)
* Docs: delete from high availability docs references to removed
configurations related to session storage (#33827) (#33851)
* Docs: Update _index.md (#33797) (#33799)
* Docs: Update installation.md (#33656) (#33703)
* GraphNG: uPlot 1.6.9 (#33598) (#33612)
* dont consider invalid email address a failed email (#33671) (#33681)
* InfluxDB: Improve measurement-autocomplete behavior in query editor
(#33494) (#33625)
* add template for dashboard url parameters (#33549) (#33588)
* Add note to Snapshot API doc to specify that user has to provide the
entire dashboard model (#33572) (#33586)
* Update team.md (#33454) (#33536)
* Removed duplicate file "dashboard_folder_permissions.md (#33497)
* Document customQueryParameters for prometheus datasource provisioning
(#33440) (#33495)
* ReleaseNotes: Updated changelog and release notes for 7.5.5 (#33473)
(#33492)
* Documentation: Update developer-guide.md (#33478) (#33490)
* add closed parenthesis to fix a hyperlink (#33471) (#33481)
- Update to version 7.5.5:
* "Release: Updated versions in package to 7.5.5" (#33469)
* GraphNG: Fix exemplars window position (#33427) (#33462)
* Remove field limitation from slack notification (#33113) (#33455)
* Prometheus: Support POST in template variables (#33321) (#33441)
* Instrumentation: Add success rate metrics for email notifications
(#33359) (#33409)
* Use either moment objects (for absolute times in the datepicker) or
string (for relative time) (#33315) (#33406)
* Docs: Removed type from find annotations example. (#33399) (#33403)
* [v7.5.x]: FrontendMetrics: Adds new backend api that frontend can use
to push frontend measurements and counters to prometheus (#33255)
* Updated label for add panel. (#33285) (#33286)
* Bug: Add git to Dockerfile.ubuntu (#33247) (#33248)
* Docs: Sync latest master docs with 7.5.x (#33156)
* Docs: Update getting-started-influxdb.md (#33234) (#33241)
* Doc: Document the X-Grafana-Org-Id HTTP header (#32478) (#33239)
* Minor Changes in Auditing.md (#31435) (#33238)
* Docs: Add license check endpoint doc (#32987) (#33236)
* Postgres: Fix time group macro when TimescaleDB is enabled and
interval is less than a second (#33153) (#33219)
* Docs: InfluxDB doc improvements (#32815) (#33185)
* [v7.5.x] Loki: Pass Skip TLS Verify setting to alert queries (#33031)
* update cla (#33181)
* Fix inefficient regular expression (#33155) (#33159)
* Auth: Don't clear auth token cookie when lookup token fails (#32999)
(#33136)
* Elasticsearch: Add documentation for supported Elasticsearch query
transformations (#33072) (#33128)
* Update team.md (#33060) (#33084)
* GE issue 1268 (#33049) (#33081)
* Fixed some formatting issues for PRs from yesterday. (#33078) (#33079)
* Explore: Load default data source in Explore when the provided source
does not exist (#32992) (#33061)
* Docs: Replace next with latest in aliases (#33054) (#33059)
* Added missing link item. (#33052) (#33055)
* Backport 33034 (#33038)
* Docs: Backport 32916 to v7.5x (#33008)
* ReleaseNotes: Updated changelog and release notes for 7.5.4 (#32973)
(#32998)
* Elasticsearch: Force re-rendering of each editor row type change
(#32993) (#32996)
* Docs: Sync release branch with latest docs (#32986)
- Update to version 7.5.4:
* "Release: Updated versions in package to 7.5.4" (#32971)
* fix(datasource_srv): prevent infinite loop where default datasource is
named default (#32949) (#32967)
* Added Azure Monitor support for
Microsoft.AppConfiguration/configurationStores namespace (#32123)
(#32968)
* fix sqlite3 tx retry condition operator precedence (#32897) (#32952)
* AzureMonitor: Add support for Virtual WAN namespaces (#32935) (#32947)
* Plugins: Allow a non-dashboard page to be the default home page
(#32926) (#32945)
* GraphNG: uPlot 1.6.8 (#32859) (#32863)
* Alerting: Add ability to include aliases with dashes (/) and at (@)
signs in InfluxDB (#32844)
* Prometheus: Allow exemplars endpoint in data source proxy (#32802)
(#32804)
* [v7.5.x] Table: Fixes table data links so they refer to correct row
after sorting (#32758)
* TablePanel: Makes sorting case-insensitive (#32435) (#32752)
- Update to version 7.5.3:
* "Release: Updated versions in package to 7.5.3" (#32745)
* FolderPicker: Prevent dropdown menu from disappearing off screen
(#32603) (#32741)
* Loki: Remove empty annotations tags (#32359) (#32490)
* SingleStat: fix wrong call to getDataLinkUIModel (#32721) (#32739)
* Prometheus: Fix instant query to run two times when exemplars enabled
(#32508) (#32726)
* Elasticsearch: Fix bucket script variable duplication in UI (#32705)
(#32714)
* Variables: Confirms selection before opening new picker (#32586)
(#32710)
* CloudWarch: Fix service quotas link (#32686) (#32689)
* Configuration: Prevent browser hanging / crashing with large number of
org users (#32546) (#32598)
* chore: bump execa to v2.1.0 (#32543) (#32592)
* Explore: Fix bug where navigating to explore would result in wrong
query and datasource to be shown (#32558)
* Fix broken gtime tests (#32582) (#32587)
* resolve conflicts (#32567)
* gtime: Make ParseInterval deterministic (#32539) (#32560)
* Dashboard: No longer includes default datasource when externally
exporting dashboard with row (#32494) (#32535)
* TextboxVariable: Limits the length of the preview value (#32472)
(#32530)
* AdHocVariable: Adds default data source (#32470) (#32476)
* Variables: Fixes Unsupported data format error for null values
(#32480) (#32487)
* Prometheus: align exemplars check to latest api change (#32513)
(#32515)
* "Release: Updated versions in package to 7.5.2" (#32502)
* SigV4: Add support EC2 IAM role auth and possibility to toggle auth
providers (#32444) (#32488)
* Set spanNulls to default (#32471) (#32486)
* Graph: Fix setting right y-axis when standard option unit is
configured (#32426) (#32442)
* API: Return 409 on datasource version conflict (#32425) (#32433)
* API: Return 400 on invalid Annotation requests (#32429) (#32431)
* Variables: Fixes problem with data source variable when default ds is
selected (#32384) (#32424)
* Table: Fixes so links work for image cells (#32370) (#32410)
* Variables: Fixes error when manually non-matching entering custom
value in variable input/picker (#32390) (#32394)
* DashboardQueryEditor: Run query after selecting source panel (#32383)
(#32395)
* API: Datasource endpoint should return 400 bad request if id and orgId
is invalid (#32392) (#32397)
* "Release: Updated versions in package to 7.5.1" (#32362)
* MSSQL: Upgrade go-mssqldb (#32347) (#32361)
* GraphNG: Fix tooltip displaying wrong or no data (#32312) (#32348)
* "Release: Updated versions in package to 7.5.0" (#32308)
* Loki: Fix text search in Label browser (#32293) (#32306)
* Explore: Show all dataFrames in data tab in Inspector (#32161) (#32299)
* PieChartV2: Add migration from old piechart (#32259) (#32291)
* LibraryPanels: Adds Type and Description to DB (#32258) (#32288)
* LibraryPanels: Prevents deletion of connected library panels (#32277)
(#32284)
* Library Panels: Add "Discard" button to panel save modal (#31647)
(#32281)
* LibraryPanels: Changes to non readonly reducer (#32193) (#32200)
* Notifications: InfluxDB - Fix regex to include metrics with hyphen in
aliases (#32224) (#32262)
* SSE/InfluxDB: Change InfluxQL to work with server side expressions
(#31691) (#32102)
* DashboardSettings: Fixes issue with tags list not updating when
changes are made (#32241) (#32247)
* Logs: If log message missing, use empty string (#32080) (#32243)
* CloudWatch: Use latest version of aws sdk (#32217) (#32223)
* Release: Updated versions in package to 7.5.0-beta.2 (#32158)
* HttpServer: Make read timeout configurable but disabled by default
(#31575) (#32154)
* GraphNG: Ignore string fields when building data for uPlot in GraphNG
(#32150) (#32151)
* Fix loading timezone info on windows (#32029) (#32149)
* SQLStore: Close session in withDbSession (#31775) (#32108)
* Remove datalink template suggestions for accessing specific fields
when there are multiple dataframes. (#32057) (#32148)
* GraphNG: make sure dataset and config are in sync when initializing
and re-initializing uPlot (#32106) (#32125)
* MixedDataSource: Name is updated when data source variable changes
(#32090) (#32144)
* Backport 32005 to v7.5.x #32128 (#32130)
* Loki: Label browser UI updates (#31737) (#32119)
* ValueMappings: Fixes value 0 not being mapped (#31924) (#31929)
* GraphNG: Fix tooltip series color for multi data frame scenario
(#32098) (#32103)
* LibraryPanels: Improves the Get All experience (#32028) (#32093)
* Grafana/ui: display all selected levels for selected value when
searching (#32030) (#32032)
* Exemplars: always query exemplars (#31673) (#32024)
* [v7.5.x] TimePicker: Fixes hidden time picker shown in kiosk TV mode
(#32055)
* Chore: Collect elasticsearch version usage stats (#31787) (#32063)
* Chore: Tidy up Go deps (#32053)
* GraphNG: Fix PlotLegend field display name being outdated (#32064)
(#32066)
* Data proxy: Fix encoded characters in URL path should be proxied
encoded (#30597) (#32060)
* [v7.5.x] Auth: Allow soft token revocation (#32037)
* Snapshots: Fix usage of sign in link from the snapshot page (#31986)
(#32036)
* Make master green (#32011) (#32015)
* Query editor: avoid avoiding word wrap on query editor components
(#31949) (#31982)
* Variables: Fixes filtering in picker with null items (#31979) (#31995)
* TooltipContainer - use resize observer instead of
getClientBoundingRect (#31937) (#32003)
* Loki: Fix autocomplete when re-editing Loki label values (#31828)
(#31987)
* Loki: Fix type errors in language_provider (#31902) (#31945)
* PanelInspect: Interpolates variables in CSV file name (#31936) (#31977)
* Cloudwatch: use shared library for aws auth (#29550) (#31946)
* Tooltip: partial perf improvement (#31774) (#31837) (#31957)
* Backport 31913 to v7.5.x (#31955)
* Grafana/ui: fix searchable options for Cascader with options update
(#31906) (#31938)
* Variables: Do not reset description on variable type change (#31933)
(#31939)
* [v7.5.x] AnnotationList: Adds spacing to UI (#31888) (#31894)
* Elasticseach: Support histogram fields (#29079) (#31914)
* Chore: upgrade eslint and fork-ts-checker-webpack-plugin (#31854)
(#31896)
* Update scripts and Dockerfiles to use Go 1.16.1 (#31881) (#31891)
* Templating: use dashboard timerange when variables are set to refresh
'On Dashboard Load' (#31721) (#31801)
* [v7.5.x] Tempo: Add test for backend data source (#31835) (#31882)
* Run go mod tidy to update go.mod and go.sum (#31859)
* Grafana/ui: display all selected levels for Cascader (#31729) (#31862)
* CloudWatch: Consume the grafana/aws-sdk (#31807) (#31861)
* Cloudwatch: ListMetrics API page limit (#31788) (#31851)
* Remove invalid attribute (#31848) (#31850)
* CloudWatch: Restrict auth provider and assume role usage according
to⦠(#31845)
* CloudWatch: Add support for EC2 IAM role (#31804) (#31841)
* Loki, Prometheus: Change the placement for query type explanation
(#31784) (#31819)
* Variables: Improves inspection performance and unknown filtering
(#31811) (#31813)
* Change piechart plugin state to beta (#31797) (#31798)
* ReduceTransform: Include series with numeric string names (#31763)
(#31794)
* Annotations: Make the annotation clean up batch size configurable
(#31487) (#31769)
* Fix escaping in ANSI and dynamic button removal (#31731) (#31767)
* DataLinks: Bring back single click links for Stat, Gauge and BarGauge
panel (#31692) (#31718)
* log skipped, performed and duration for migrations (#31722) (#31754)
* Search: Make items more compact (#31734) (#31750)
* loki_datasource: add documentation to label_format and line_format
(#31710) (#31746)
* Tempo: Convert tempo to backend data source2 (#31733)
* Elasticsearch: Fix script fields in query editor (#31681) (#31727)
* Elasticsearch: revert to isoWeek when resolving weekly indices
(#31709) (#31717)
* Admin: Keeps expired api keys visible in table after delete (#31636)
(#31675)
* Tempo: set authentication header properly (#31699) (#31701)
* Tempo: convert to backend data source (#31618) (#31695)
* Update package.json (#31672)
* Release: Bump version to 7.5.0-beta.1 (#31664)
* Fix whatsNewUrl version to 7.5 (#31666)
* Chore: add alias for what's new 7.5 (#31669)
* Docs: Update doc for PostgreSQL authentication (#31434)
* Docs: document report template variables (#31637)
* AzureMonitor: Add deprecation message for App Insights/Insights
Analytics (#30633)
* Color: Fixes issue where colors where reset to gray when switch panels
(#31611)
* Live: Use pure WebSocket transport (#31630)
* Docs: Fix broken image link (#31661)
* Docs: Add Whats new in 7.5 (#31659)
* Docs: Fix links for 7.5 (#31658)
* Update enterprise-configuration.md (#31656)
* Explore/Logs: Escaping of incorrectly escaped log lines (#31352)
* Tracing: Small improvements to trace types (#31646)
* Update _index.md (#31645)
* AlertingNG: code refactoring (#30787)
* Remove pkill gpg-agent (#31169)
* Remove format for plugin routes (#31633)
* Library Panels: Change unsaved change detection logic (#31477)
* CloudWatch: Added AWS Timestream Metrics and Dimensions (#31624)
* add new metrics and dimensions (#31595)
* fix devenv dashboard content typo (#31583)
* DashList: Sort starred and searched dashboard alphabetically (#31605)
* Docs: Update whats-new-in-v7-4.md (#31612)
* SSE: Add "Classic Condition" on backend (#31511)
* InfluxDB: Improve maxDataPoints error-message in Flux-mode, raise
limits (#31259)
* Alerting: PagerDuty: adding current state to the payload (#29270)
* devenv: Fix typo (#31589)
* Loki: Label browser (#30351)
* LibraryPanels: No save modal when user is on same dashboard (#31606)
* Bug: adding resolution for `react-use-measure` to prevent plugin tests
from failing. (#31603)
* Update node-graph.md (#31571)
* test: pass Cypress options objects into selector wrappers (#31567)
* Loki: Add support for alerting (#31424)
* Tracing: Specify type of the data frame that is expected for TraceView
(#31465)
* LibraryPanels: Adds version column (#31590)
* PieChart: Add color changing options to pie chart (#31588)
* Explore: keep enabled/disabled state in angular based QueryEditors
correctly (#31558)
* Bring back correct legend sizing afer PlotLegend refactor (#31582)
* Alerting: Fix bug in Discord for when name for metric value is absent
(#31257)
* LibraryPanels: Deletes library panels during folder deletion (#31572)
* chore: bump lodash to 4.17.21 (#31549)
* Elasticsearch: Fix impossibility to perform non-logs queries after
importing queries from loki or prometheus in explore (#31518)
* TestData: Fixes never ending annotations scenario (#31573)
* CloudWatch: Added AWS Network Firewall metrics and dimensions (#31498)
* propagate plugin unavailable message to UI (#31560)
* ConfirmButton: updates story from knobs to controls (#31476)
* Loki: Refactor line limit to use grafana/ui component (#31509)
* LibraryPanels: Adds folder checks and permissions (#31473)
* Add guide on custom option editors (#31254)
* PieChart: Update text color and minor changes (#31546)
* Grafana-data: bump markedjs to v2.x to resolve vulnerability (#31036)
* Chore(deps): Bump google.golang.org/api from 0.39.0 to 0.40.0 (#31210)
* PieChart: Improve piechart legend and options (#31446)
* Chore(deps): Bump google.golang.org/grpc from 1.35.0 to 1.36.0 (#31541)
* Chore(deps): Bump github.com/aws/aws-sdk-go from 1.37.7 to 1.37.20
(#31538)
* Chore(deps): Bump github.com/prometheus/common from 0.17.0 to 0.18.0
(#31539)
* Add multiselect options ui (#31501)
* Profile: Fixes profile preferences being accessible when anonymous
access was enabled (#31516)
* Variables: Fixes error with: cannot read property length of undefined
(#31458)
* Explore: Show ANSI colored logs in logs context (#31510)
* LogsPanel: Show all received logs (#31505)
* AddPanel: Design polish (#31484)
* TimeSeriesPanel: Remove unnecessary margin from legend (#31467)
* influxdb: flux: handle is-hidden (#31324)
* Graph: Fix tooltip not showing when close to the edge of viewport
(#31493)
* FolderPicker: Remove useNewForms from FolderPicker (#31485)
* Add reportVariables feature toggle (#31469)
* Grafana datasource: support multiple targets (#31495)
* Update license-restrictions.md (#31488)
* Docs: Derived fields links in logs detail view (#31482)
* Docs: Add new data source links to Enterprise page (#31480)
* Convert annotations to dataframes (#31400)
* ReleaseNotes: Updated changelog and release notes for v7.4.2 (#31475)
* GrafanaUI: Fixes typescript error for missing css prop (#31479)
* Login: handle custom token creation error messages (#31283)
* Library Panels: Don't list current panel in available panels list
(#31472)
* DashboardSettings: Migrate Link Settings to React (#31150)
* Frontend changes for library panels feature (#30653)
* Alerting notifier SensuGo: improvements in default message (#31428)
* AppPlugins: Options to disable showing config page in nav (#31354)
* add aws config (#31464)
* Heatmap: Fix missing/wrong value in heatmap legend (#31430)
* Chore: Fixes small typos (#31461)
* Graphite/SSE: update graphite to work with server side expressions
(#31455)
* update the lastest version to 7.4.3 (#31457)
* ReleaseNotes: Updated changelog and release notes for 7.4.3 (#31454)
* AWS: Add aws plugin configuration (#31312)
* Revert ""Release: Updated versions in package to 7.4.3" (#31444)"
(#31452)
* Remove UserSyncInfo.tsx (#31450)
* Elasticsearch: Add word highlighting to search results (#30293)
* Chore: Fix eslint react hook warnings in grafana-ui (#31092)
* CloudWatch: Make it possible to specify custom api endpoint (#31402)
* Chore: fixed incorrect naming for disable settings (#31448)
* TraceViewer: Fix show log marker in spanbar (#30742)
* LibraryPanels: Adds permissions to getAllHandler (#31416)
* NamedColorsPalette: updates story from knobs to controls (#31443)
* "Release: Updated versions in package to 7.4.3" (#31444)
* ColorPicker: updates story from knobs to controls (#31429)
* Streaming: Fixes an issue with time series panel and streaming data
source when scrolling back from being out of view (#31431)
* ClipboardButton: updates story from knobs to controls (#31422)
* we should never log unhashed tokens (#31432)
* CI: Upgrade Dockerfiles wrt. Go, Node, Debian (#31407)
* Elasticsearch: Fix query initialization logic & query transformation
from Promethous/Loki (#31322)
* Postgres: allow providing TLS/SSL certificates as text in addition to
file paths (#30353)
* CloudWatch: Added AWS Ground Station metrics and dimensions (#31362)
* TraceViewer: Fix trace to logs icon to show in right pane (#31414)
* add hg team as migrations code owners (#31420)
* Remove tidy-check script (#31423)
* InfluxDB: handle columns named "table" (#30985)
* Prometheus: Use configured HTTP method for /series and /labels
endpoints (#31401)
* Devenv: Add gdev-influxdb2 data source (#31250)
* Update grabpl from 0.5.38 to 0.5.42 version (#31419)
* Move NOOP_CONTROL to storybook utils and change to a standalone file
(#31421)
* remove squadcast details from docs (#31413)
* Add new Cloudwatch AWS/DDoSProtection metrics and dimensions (#31297)
* Logging: add frontend logging helpers to @grafana/runtime package
(#30482)
* CallToActionCard: updates story from knobs to controls (#31393)
* Add eu-south-1 cloudwatch region, closes #31197 (#31198)
* Chore: Upgrade eslint packages (#31408)
* Cascader: updates story from knobs to controls (#31399)
* addressed issues 28763 and 30314. (#31404)
* Added section Query a time series database by id (#31337)
* Prometheus: Change default httpMethod for new instances to POST
(#31292)
* Data source list: Use Card component (#31326)
* Chore: Remove gotest.tools dependency (#31391)
* Revert "StoryBook: Introduces Grafana Controls (#31351)" (#31388)
* Chore(deps): Bump github.com/prometheus/common from 0.15.0 to 0.17.0
(#31387)
* AdHocVariables: Fixes crash when values are stored as numbers (#31382)
* Chore(deps): Bump github.com/golang/mock from 1.4.4 to 1.5.0 (#31379)
* Chore: Fix strict errors, down to 416 (#31365)
* Chore(deps): Bump github.com/getsentry/sentry-go from 0.9.0 to 0.10.0
(#31378)
* StoryBook: Introduces Grafana Controls (#31351)
* ReleaseNotes: Updated changelog and release notes for 7.4.2 (#31313)
* Theming: Support for runtime theme switching and hooks for custom
themes (#31301)
* Devenv: Remove old-versioned loki blocks and update prometheus2 block
(#31282)
* Zipkin: Show success on test data source (#30829)
* Update grot template (needs more info) (#31350)
* DatasourceSrv: Fix instance retrieval when datasource variable value
set to "default" (#31347)
* TimeSeriesPanel: Fixes overlapping time axis ticks (#31332)
* Grafana/UI: Add basic legend to the PieChart (#31278)
* SAML: single logout only enabled in enterprise (#31325)
* QueryEditor: handle query.hide changes in angular based query-editors
(#31336)
* DashboardLinks: Fixes another issue where dashboard links cause full
page reload (#31334)
* LibraryPanels: Syncs panel title with name (#31311)
* Chore: Upgrade golangci-lint (#31330)
* Add info to docs about concurrent session limits (#31333)
* Table: Fixes issue with fixed min and auto max with bar gauge cell
(#31316)
* BarGuage: updates story from knobs to controls (#31223)
* Docs: Clarifies how to add Key/Value pairs (#31303)
* Usagestats: Exclude folders from total dashboard count (#31320)
* ButtonCascader: updates story from knobs to controls (#31288)
* test: allow check for Table as well as Graph for Explore e2e flow
(#31290)
* Grafana-UI: Update tooltip type (#31310)
* fix 7.4.2 release note (#31299)
* Add `--tries 3` arg when triggering e2e-tests upon releasing (#31285)
* Chore: reduce strict errors for variables (#31241)
* update latest release version (#31296)
* ReleaseNotes: Updated changelog and release notes for 7.4.2 (#31291)
* Correct name of Discord notifier tests (#31277)
* Docs: Clarifies custom date formats for variables (#31271)
* BigValue: updates story from knobs to controls (#31240)
* Docs: Annotations update (#31194)
* Introduce functions for interacting with library panels API (#30993)
* Search: display sort metadata (#31167)
* Folders: Editors should be able to edit name and delete folders
(#31242)
* Make Datetime local (No date if today) working (#31274)
* UsageStats: Purpose named variables (#31264)
* Snapshots: Disallow anonymous user to create snapshots (#31263)
* only update usagestats every 30min (#31131)
* Chore: grafana-toolkit uses grafana-ui and grafana-data workspaces
(#30701)
* Grafana-UI: Add id to Select to make it easier to test (#31230)
* Prometheus: Fix enabling of disabled queries when editing in dashboard
(#31055)
* UI/Card: Fix handling of 'onClick' callback (#31225)
* Loki: Add line limit for annotations (#31183)
* Remove deprecated and breaking loki config field (#31227)
* SqlDataSources: Fixes the Show Generated SQL button in query editors
(#31236)
* LibraryPanels: Disconnect before connect during dashboard save (#31235)
* Disable Change Password for OAuth users (#27886)
* TagsInput: Design update and component refactor (#31163)
* Variables: Adds back default option for data source variable (#31208)
* IPv6: Support host address configured with enclosing square brackets
(#31226)
* Postgres: Fix timeGroup macro converts long intervals to invalid
numbers when TimescaleDB is enabled (#31179)
* GraphNG: refactor core to class component (#30941)
* Remove last synchronisation field from LDAP debug view (#30984)
* Chore: Upgrade grafana-plugin-sdk-go to v0.88.0 (#30975)
* Graph: Make axes unit option work even when field option unit is set
(#31205)
* AlertingNG: Test definition (#30886)
* Docs: Update Influx config options (#31146)
* WIP: Skip this call when we skip migrations (#31216)
* use 0.1.0 (#31215)
* DataSourceSrv: Filter out non queryable data sources by default
(#31144)
* QueryEditors: Fixes issue that happens after moving queries then
editing would update other queries (#31193)
* Chore: report eslint no-explicit-any errors to metrics (#31182)
* Chore(deps): Bump cloud.google.com/go/storage from 1.12.0 to 1.13.0
(#31211)
* Chore(deps): Bump xorm.io/xorm from 0.8.1 to 0.8.2 (#30773)
* Alerting: Fix modal text for deleting obsolete notifier (#31171)
* Chore(deps): Bump github.com/linkedin/goavro/v2 from 2.9.7 to 2.10.0
(#31204)
* Variables: Fixes missing empty elements from regex filters (#31156)
* StatPanels: Fixes to palette color scheme is not cleared when loading
panel (#31126)
* Fixed the typo. (#31189)
* Docs: Rewrite preferences docs (#31154)
* Explore/Refactor: Simplify URL handling (#29173)
* DashboardLinks: Fixes links always cause full page reload (#31178)
* Replace PR with Commit truncated hash when build fails (#31177)
* Alert: update story to use controls (#31145)
* Permissions: Fix team and role permissions on folders/dashboards not
displayed for non Grafana Admin users (#31132)
* CloudWatch: Ensure empty query row errors are not passed to the panel
(#31172)
* Update prometheus.md (#31173)
* Variables: Extend option pickers to accept custom onChange callback
(#30913)
* Prometheus: Multiply exemplars timestamp to follow api change (#31143)
* DashboardListPanel: Fixes issue with folder picker always showing All
and using old form styles (#31160)
* Add author name and pr number in drone pipeline notifications (#31124)
* Prometheus: Add documentation for ad-hoc filters (#31122)
* DataSourceSettings: Fixes add header button, it should not trigger a
save & test action (#31135)
* Alerting: Fix so that sending an alert with the Alertmanager notifier
doesn't fail when one of multiple configured URL's are down (#31079)
* Chore: Update latest.json (#31139)
* Docs: add 7.4.1 relese notes link (#31137)
* PieChart: Progress on new core pie chart (#28020)
* ReleaseNotes: Updated changelog and release notes for 7.4.1 (#31133)
* Eslint: no-duplicate-imports rule (bump grafana-eslint-config) (#30989)
* Transforms: Fixes Outer join issue with duplicate field names not
getting the same unique field names as before (#31121)
* MuxWriter: Handle error for already closed file (#31119)
* Logging: sourcemap transform asset urls from CDN in logged stacktraces
(#31115)
* Search: add sort information in dashboard results (#30609)
* area/grafana/e2e: ginstall should pull version specified (#31056)
* Exemplars: Change CTA style (#30880)
* Influx: Make max series limit configurable and show the limiting
message if applied (#31025)
* Docs: request security (#30937)
* update configurePanel for 7.4.0 changes (#31093)
* Elasticsearch: fix log row context erroring out (#31088)
* Prometheus: Fix issues with ad-hoc filters (#30931)
* LogsPanel: Add deduplication option for logs (#31019)
* Drone: Make sure CDN upload is ok before pushing docker images (#31075)
* PluginManager: Remove some global state (#31081)
* test: update addDashboard flow for v7.4.0 changes (#31059)
* Transformations: Fixed typo in FilterByValue transformer description.
(#31078)
* Docs: Group id should be 0 instead of 1 in Docker upgrade notes
(#31074)
* Usage stats: Adds source/distributor setting (#31039)
* CDN: Add CDN upload step to enterprise and release pipelines (#31058)
* Chore: Replace native select with grafana ui select (#31030)
* Docs: Update json-model.md (#31066)
* Docs: Update whats-new-in-v7-4.md (#31069)
* Added hyperlinks to Graphite documentation (#31064)
* DashboardSettings: Update to new form styles (#31022)
* CDN: Fixing drone CI config (#31052)
* convert path to posix by default (#31045)
* DashboardLinks: Fixes crash when link has no title (#31008)
* Alerting: Fixes so notification channels are properly deleted (#31040)
* Explore: Remove emotion error when displaying logs (#31026)
* Elasticsearch: Fix alias field value not being shown in query editor
(#30992)
* CDN: Adds uppload to CDN step to drone CI (#30879)
* Improved glossary (#31004)
* BarGauge: Improvements to value sizing and table inner width
calculations (#30990)
* Drone: Fix deployment image (#31027)
* ColorPicker: migrated styles from sass to emotion (#30909)
* Dashboard: Migrate general settings to react (#30914)
* Chore(deps): Bump github.com/jung-kurt/gofpdf from 1.10.1 to 1.16.2
(#30586)
* Chore(deps): Bump github.com/aws/aws-sdk-go from 1.36.31 to 1.37.7
(#31018)
* Prometheus: Min step defaults to seconds when no unit is set to
prevent errors when running alerts. (#30966)
* Chore(deps): Bump github.com/magefile/mage from 1.10.0 to 1.11.0
(#31017)
* Chore(deps): Bump github.com/grpc-ecosystem/go-grpc-middleware (#31013)
* Graph: Fixes so graph is shown for non numeric time values (#30972)
* CloudMonitoring: Prevent resource type variable function from crashing
(#30901)
* Chore(deps): Bump google.golang.org/api from 0.33.0 to 0.39.0 (#30971)
* Build: Releases e2e and e2e-selectors too (#31006)
* TextPanel: Fixes so panel title is updated when variables change
(#30884)
* Docs: Update configuration.md
(login_maximum_inactive_lifetime_duration,
login_maximum_lifetime_duration) (#31000)
* instrumentation: make the first database histogram bucket smaller
(#30995)
* Grafana/UI: Remove DismissableFeatureInfoBox and replace with
LocalSt⦠(#30988)
* StatPanel: Fixes issue formatting date values using unit option
(#30979)
* Chore(deps): Bump actions/cache from v2 to v2.1.4 (#30973)
* Units: Fixes formatting of duration units (#30982)
* Elasticsearch: Show Size setting for raw_data metric (#30980)
* Alerts: Dedupe alerts so that we do not fill the screen with the same
alert messsage (#30935)
* make sure service and slo display name is passed to segment comp
(#30900)
* assign changes in cloud datasources to the new cloud datasources team
(#30645)
* Table: Updates devenv test dashboard after change to TestData Randrom
Table response (#30927)
* Theme: Use higher order theme color variables rather then is
light/dark logic (#30939)
* Docs: Add alias for what's new in 7.4 (#30945)
* e2e: extends selector factory to plugins (#30932)
* Chore: Upgrade docker build image (#30820)
* Docs: updated developer guide (#29978)
* Alerts: Update Alert storybook to show more states (#30908)
* Variables: Adds queryparam formatting option (#30858)
* Chore: pad unknown values with undefined (#30808)
* Transformers: add search to transform selection (#30854)
* Exemplars: change api to reflect latest changes (#30910)
* docs: use selinux relabelling on docker containers (#27685)
* Docs: Fix bad image path for alert notification template (#30911)
* Make value mappings correctly interpret numeric-like strings (#30893)
* Chore: Update latest.json (#30905)
* Docs: Update whats-new-in-v7-4.md (#30882)
* Dashboard: Ignore changes to dashboard when the user session expires
(#30897)
* ReleaseNotes: Updated changelog and release notes for 7.4.0 (#30902)
* test: add support for timeout to be passed in for addDatasource
(#30736)
* increase page size and make sure the cache supports query params
(#30892)
* DataSourceSettings: Adds info box and link to Grafana Cloud (#30891)
* OAuth: custom username docs (#28400)
* Panels: Remove value mapping of values that have been formatted #26763
(#30868)
* Alerting: Fixes alert panel header icon not showing (#30840)
* AlertingNG: Edit Alert Definition (#30676)
* Logging: sourcemap support for frontend stacktraces (#30590)
* Added "Restart Grafana" topic. (#30844)
* Docs: Org, Team, and User Admin (#30756)
* bump grabpl version to 0.5.36 (#30874)
* Plugins: Requests validator (#30445)
* Docs: Update whats-new-in-v7-4.md (#30876)
* Docs: Add server view folder (#30849)
* Fixed image name and path (#30871)
* Grafana-ui: fixes closing modals with escape key (#30745)
* InfluxDB: Add http configuration when selecting InfluxDB v2 flavor
(#30827)
* TestData: Fixes issue with for ever loading state when all queries are
hidden (#30861)
* Chart/Tooltip: refactored style declaration (#30824)
* ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1
(#30853)
* Grafana-ui: fixes no data message in Table component (#30821)
* grafana/ui: Update pagination component for large number of pages
(#30151)
* Alerting: Customise OK notification priorities for Pushover notifier
(#30169)
* DashboardLinks: Support variable expression in to tooltip - Issue
#30409 (#30569)
* Chore: Remove panelTime.html, closes #30097 (#30842)
* Docs: Time series panel, bar alignment docs (#30780)
* Chore: add more docs annotations (#30847)
* Transforms: allow boolean in field calculations (#30802)
* Prometheus: Add tooltip to explain possibility to use patterns in text
and title fields in annotations (#30825)
* Update prometheus.md with image link fix (#30833)
* BarChart: inside-align strokes, upgrade uPlot to 1.6.4. (#30806)
* Update license-expiration.md (#30839)
* Explore rewrite (#30804)
* Prometheus: Set type of labels to string (#30831)
* GrafanaUI: Add a way to persistently close InfoBox (#30716)
* Fix typo in transformer registry (#30712)
* Elasticsearch: Display errors with text responses (#30122)
* CDN: Fixes cdn path when Grafana is under sub path (#30822)
* TraceViewer: Fix lazy loading (#30700)
* FormField: migrated sass styling to emotion (#30392)
* AlertingNG: change API permissions (#30781)
* Variables: Clears drop down state when leaving dashboard (#30810)
* Grafana-UI: Add story/docs for ErrorBoundary (#30304)
* Add missing callback dependency (#30797)
* PanelLibrary: Adds library panel meta information to dashboard json
(#30770)
* Chore(deps): Bump gonum.org/v1/gonum from 0.6.0 to 0.8.2 (#30343)
* Chore(deps): Bump gopkg.in/yaml.v2 from 2.3.0 to 2.4.0 (#30771)
* GraphNG: improve behavior when switching between solid/dash/dots
(#30796)
* Chore(deps): Bump github.com/hashicorp/go-hclog from 0.14.1 to 0.15.0
(#30778)
* Add width for Variable Editors (#30791)
* Chore: Remove warning when calling resource (#30752)
* Auth: Use SigV4 lib from grafana-aws-sdk (#30713)
* Panels: Fixes so panels are refreshed when scrolling past them fast
(#30784)
* GraphNG: add bar alignment option (#30499)
* Expressions: Measure total transformation requests and elapsed time
(#30514)
* Menu: Mark menu components as internal (#30740)
* TableInputCSV: migrated styles from sass to emotion (#30554)
* CDN: Fix passing correct prefix to GetContentDeliveryURL (#30777)
* Chore(deps): Bump gopkg.in/ini.v1 from 1.57.0 to 1.62.0 (#30772)
* CDN: Adds support for serving assets over a CDN (#30691)
* PanelEdit: Trigger refresh when changing data source (#30744)
* Chore: remove __debug_bin (#30725)
* BarChart: add alpha bar chart panel (#30323)
* Docs: Time series panel (#30690)
* Backend Plugins: Convert test data source to use SDK contracts (#29916)
* Docs: Update whats-new-in-v7-4.md (#30747)
* Add link to Elasticsearch docs. (#30748)
* Mobile: Fixes issue scrolling on mobile in chrome (#30746)
* TagsInput: Make placeholder configurable (#30718)
* Docs: Add config settings for fonts in reporting (#30421)
* Add menu.yaml to .gitignore (#30743)
* bump cypress to 6.3.0 (#30644)
* Datasource: Use json-iterator configuration compatible with standard
library (#30732)
* AlertingNG: Update UX to use new PageToolbar component (#30680)
* Docs: Add usage insights export feature (#30376)
* skip symlinks to directories when generating plugin manifest (#30721)
* PluginCiE2E: Upgrade base images (#30696)
* Variables: Fixes so text format will show All instead of custom all
(#30730)
* PanelLibrary: better handling of deleted panels (#30709)
* Added section "Curated dashboards for Google Cloud Monitoring" for 7.4
What's New (#30724)
* Added "curated dashboards" information and broke down, rearranged
topics. (#30659)
* Transform: improve the "outer join" performance/behavior (#30407)
* Add alt text to plugin logos (#30710)
* Deleted menu.yaml file (#30717)
* Dashboard: Top Share URL icon should share panel URL when on viewPanel
page (#30000)
* Added entry for web server. (#30715)
* DashboardPicker: switch to promise-based debounce, return dashboard
UID (#30706)
* Use connected GraphNG in Explore (#30707)
* Fix documentation for streaming data sources (#30704)
* PanelLibrary: changes casing of responses and adds meta property
(#30668)
* Influx: Show all datapoints for dynamically windowed flux query
(#30688)
* Trace: trace to logs design update (#30637)
* DeployImage: Switch base images to Debian (#30684)
* Chore: remove CSP debug logging line (#30689)
* Docs: 7.4 documentation for expressions (#30524)
* PanelEdit: Get rid of last remaining usage of navbar-button (#30682)
* Grafana-UI: Fix setting default value for MultiSelect (#30671)
* CustomScrollbar: migrated styles from sass to emotion (#30506)
* DashboardSettings & PanelEdit: Use new PageToolbar (#30675)
* Explore: Fix jumpy live tailing (#30650)
* ci(npm-publish): add missing github package token to env vars (#30665)
* PageToolbar: Extracting navbar styles & layout into a modern emotion
based component (#30588)
* AlertingNG: pause/unpause definitions via the API (#30627)
* Docs: Refer to product docs in whats new for alerting templating
feature (#30652)
* ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1
(#30666)
* Variables: Fixes display value when using capture groups in regex
(#30636)
* Docs: Update _index.md (#30655)
* Docs: Auditing updates (#30433)
* Docs: add hidden_users configuration field (#30435)
* Docs: Define TLS/SSL terminology (#30533)
* Docs: Fix expressions enabled description (#30589)
* Docs: Update ES screenshots (#30598)
* Licensing Docs: Adding license restrictions docs (#30216)
* Update documentation-style-guide.md (#30611)
* Docs: Update queries.md (#30616)
* chore(grafana-ui): bump storybook to 6.1.15 (#30642)
* DashboardSettings: fixes vertical scrolling (#30640)
* Usage Stats: Remove unused method for getting user stats (#30074)
* Grafana/UI: Unit picker should not set a category as unit (#30638)
* Graph: Fixes auto decimals issue in legend and tooltip (#30628)
* AlertingNG: List saved Alert definitions in Alert Rule list (#30603)
* chore: bump redux toolkit to 1.5.0 for immer 8.0.1 vulnerability fix
(#30605)
* Grafana/UI: Add disable prop to Segment (#30539)
* Variables: Fixes so queries work for numbers values too (#30602)
* Admin: Fixes so form values are filled in from backend (#30544)
* Docs: Add new override info and add whats new 7.4 links (#30615)
* TestData: Improve what's new in v7.4 (#30612)
* Docs: Update 7.4 What's New to use more correct description of
alerting notification template feature (#30502)
* NodeGraph: Add docs (#30504)
* Loki: Improve live tailing errors and fix Explore's logs container
type errors (#30517)
* TimeRangePicker: Updates components to use new ToolbarButton &
ButtonGroup (#30570)
* Update styling.md guide (#30594)
* TestData: Adding what's new in v7.4 to the devenv dashboards (#30568)
* Chore(deps): Bump github.com/aws/aws-sdk-go from 1.35.5 to 1.36.31
(#30583)
* Chore(deps): Bump github.com/prometheus/client_golang (#30585)
* Chore(deps): Bump gopkg.in/macaron.v1 from 1.3.9 to 1.4.0 (#30587)
* Chore(deps): Bump github.com/google/uuid from 1.1.5 to 1.2.0 (#30584)
* Explore: Fix logs hover state so that it is visible and in dark mode &
simply hover code (#30572)
* RefreshPicker: Fixes so valid intervals in url are visible in
RefreshPicker (#30474)
* Add documentation for Exemplars (#30317)
* OldGraph: Fix height issue in Firefox (#30565)
* XY Chart: fix editor error with empty frame (no fields) (#30573)
* ButtonSelect & RefreshPicker: Rewrite of components to use new emotion
based ToolbarButton & Menu (#30510)
* XY Chart: share legend config with timeseries (#30559)
* configuration.md: Document Content Security Policy options (#30413)
* DataFrame: cache frame/field index in field state (#30529)
* List + before -; rm old Git ref; reformat. (#30543)
* Expressions: Add option to disable feature (#30541)
* Explore: Fix loading visualisation on the top of the new time series
panel (#30553)
* Prometheus: Fix show query instead of Value if no __name__ and metric
(#30511)
* Decimals: Big Improvements to auto decimals and fixes to auto decimals
bug found in 7.4-beta1 (#30519)
* Postgres: Convert tests to stdlib (#30536)
* Storybook: Migrate card story to use controls (#30535)
* AlertingNG: Enable UI to Save Alert Definitions (#30394)
* Postgres: Be consistent about TLS/SSL terminology (#30532)
* Loki: Append refId to logs uid (#30418)
* Postgres: Fix indentation (#30531)
* GraphNG: uPlot 1.6.3 (fix bands not filling below 0). close #30523.
(#30527)
* updates for e2e docker image (#30465)
* GraphNG: uPlot 1.6.2 (#30521)
* Docs: Update whats-new-in-v7-4.md (#30520)
* Prettier: ignore build and devenv dirs (#30501)
* Chore: Upgrade grabpl version (#30486)
* Explore: Update styling of buttons (#30493)
* Cloud Monitoring: Fix legend naming with display name override (#30440)
* GraphNG: Disable Plot logging by default (#30390)
* Admin: Fixes so whole org drop down is visible when adding users to
org (#30481)
* Docs: include Makefile option for local assets (#30455)
* Footer: Fixes layout issue in footer (#30443)
* TimeSeriesPanel: Fixed default value for gradientMode (#30484)
* Docs: fix typo in what's new doc (#30489)
* Chore: adds wait to e2e test (#30488)
* chore: update packages dependent on dot-prop to fix security
vulnerability (#30432)
* Dashboard: Remove Icon and change copy -> Copy to clipboard in the
share embedded panel modal (#30480)
* Chore: fix spelling mistake (#30473)
* Chore: Restrict internal imports from other packages (#30453)
* Docs: What's new fixes and improvements (#30469)
* Timeseries: only migrage point size when configured (#30461)
* Alerting: Hides threshold handle for percentual thresholds (#30431)
* Graph: Fixes so only users with correct permissions can add
annotations (#30419)
* Chore: update latest version to 7.4.0-beta1 (#30452)
* Docs: Add whats new 7.4 links (#30463)
* Update whats-new-in-v7-4.md (#30460)
* docs: 7.4 what's new (Add expressions note) (#30446)
* Chore: Upgrade build pipeline tool (#30456)
* PanelModel: Make sure the angular options are passed to react panel
type changed handler (#30441)
* Expressions: Fix button icon (#30444)
* ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1
(#30449)
* Docs: Fix img link for alert notification template (#30436)
* grafana/ui: Fix internal import from grafana/data (#30439)
* prevent field config from being overwritten (#30437)
* PanelOptions: Refactoring applying panel and field options out of
PanelModel and add property clean up for properties not in field
config registry (#30389)
* Dashboard: Remove template variables option from ShareModal (#30395)
* Added doc content for variables inspector code change by Hugo (#30408)
* Docs: update license expiration behavior for reporting (#30420)
* Chore: use old version format in package.json (#30430)
* Chore: upgrade NPM security vulnerabilities (#30397)
* "Release: Updated versions in package to 7.5.0-pre.0" (#30428)
* contribute: Add backend and configuration guidelines for PRs (#30426)
* Chore: Update what's new URL (#30424)
- Update to version 7.4.5
- CVE-2021-28146, CVE-2021-28147: Fix API permissions issues related to
team-sync. (Enterprise) (bsc#1183811, bsc#1183809)
- CVE-2021-28148: Usage insights requires signed in users. (Enterprise)
(bsc#1183813)
- CVE-2021-27962: Do not allow editors to incorrectly bypass permissions
on the default data source. (Enterprise) (bsc#1184371)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Manager Tools 15:
zypper in -t patch SUSE-SLE-Manager-Tools-15-2021-2660=1
Package List:
- SUSE Manager Tools 15 (aarch64 ppc64le s390x x86_64):
grafana-7.5.7-1.21.1
References:
https://www.suse.com/security/cve/CVE-2021-27358.html
https://www.suse.com/security/cve/CVE-2021-27962.html
https://www.suse.com/security/cve/CVE-2021-28146.html
https://www.suse.com/security/cve/CVE-2021-28147.html
https://www.suse.com/security/cve/CVE-2021-28148.html
https://bugzilla.suse.com/1183803
https://bugzilla.suse.com/1183809
https://bugzilla.suse.com/1183811
https://bugzilla.suse.com/1183813
https://bugzilla.suse.com/1184371
More information about the sle-security-updates
mailing list