SUSE-SU-2021:2660-1: important: Security update for grafana

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Thu Aug 12 13:23:03 UTC 2021


   SUSE Security Update: Security update for grafana
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:2660-1
Rating:             important
References:         #1183803 #1183809 #1183811 #1183813 #1184371 
                    
Cross-References:   CVE-2021-27358 CVE-2021-27962 CVE-2021-28146
                    CVE-2021-28147 CVE-2021-28148
CVSS scores:
                    CVE-2021-27358 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-27358 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-27962 (NVD) : 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
                    CVE-2021-27962 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
                    CVE-2021-28148 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:
                    SUSE Manager Tools 15
______________________________________________________________________________

   An update that fixes 5 vulnerabilities is now available.

Description:

   This update for grafana fixes the following issues:

   - CVE-2021-27358: unauthenticated remote attackers to trigger a Denial of
     Service via a remote API call (bsc#1183803)
   - Update to version 7.5.7:
     * Updated relref to "Configuring exemplars" section (#34240) (#34243)
     * Added exemplar topic (#34147) (#34226)
     * Quota: Do not count folders towards dashboard quota (#32519) (#34025)
     * Instructions to separate emails with semicolons (#32499) (#34138)
     * Docs: Remove documentation of v8 generic OAuth feature (#34018)
     * Annotations: Prevent orphaned annotation tags cleanup when no
       annotations were cleaned (#33957) (#33975)
     * [GH-33898] Add missing --no-cache to Dockerfile. (#33906) (#33935)
     * ReleaseNotes: Updated changelog and release notes for 7.5.6 (#33932)
       (#33936)
     * Stop hoisting @icons/material (#33922)
     * Chore: fix react-color version in yarn.lock (#33914)
     * "Release: Updated versions in package to 7.5.6" (#33909)
     * Loki: fix label browser crashing when + typed (#33900) (#33901)
     * Document `hide_version` flag (#33670) (#33881)
     * Add isolation level db configuration parameter (#33830) (#33878)
     * Sanitize PromLink button (#33874) (#33876)
     * Removed content as per MarcusE's suggestion in
       https://github.com/grafana/grafana/issues/33822. (#33870) (#33872)
     * Docs feedback: /administration/provisioning.md (#33804) (#33842)
     * Docs: delete from high availability docs references to removed
       configurations related to session storage (#33827) (#33851)
     * Docs: Update _index.md (#33797) (#33799)
     * Docs: Update installation.md (#33656) (#33703)
     * GraphNG: uPlot 1.6.9 (#33598) (#33612)
     * dont consider invalid email address a failed email (#33671) (#33681)
     * InfluxDB: Improve measurement-autocomplete behavior in query editor
       (#33494) (#33625)
     * add template for dashboard url parameters  (#33549) (#33588)
     * Add note to Snapshot API doc to specify that user has to provide the
       entire dashboard model  (#33572) (#33586)
     * Update team.md (#33454) (#33536)
     * Removed duplicate file "dashboard_folder_permissions.md (#33497)
     * Document customQueryParameters for prometheus datasource provisioning
       (#33440) (#33495)
     * ReleaseNotes: Updated changelog and release notes for 7.5.5 (#33473)
       (#33492)
     * Documentation: Update developer-guide.md (#33478) (#33490)
     * add closed parenthesis to fix a hyperlink (#33471) (#33481)

   - Update to version 7.5.5:
     * "Release: Updated versions in package to 7.5.5" (#33469)
     * GraphNG: Fix exemplars window position (#33427) (#33462)
     * Remove field limitation from slack notification (#33113) (#33455)
     * Prometheus: Support POST in template variables (#33321) (#33441)
     * Instrumentation: Add success rate metrics for email notifications
       (#33359) (#33409)
     * Use either moment objects (for absolute times in the datepicker) or
       string (for relative time) (#33315) (#33406)
     * Docs: Removed type from find annotations example. (#33399) (#33403)
     * [v7.5.x]: FrontendMetrics: Adds new backend api that frontend can use
       to push frontend measurements and counters to prometheus (#33255)
     * Updated label for add panel. (#33285) (#33286)
     * Bug: Add git to Dockerfile.ubuntu (#33247) (#33248)
     * Docs: Sync latest master docs with 7.5.x (#33156)
     * Docs: Update getting-started-influxdb.md (#33234) (#33241)
     * Doc: Document the X-Grafana-Org-Id HTTP header (#32478) (#33239)
     * Minor Changes in Auditing.md (#31435) (#33238)
     * Docs: Add license check endpoint doc (#32987) (#33236)
     * Postgres: Fix time group macro when TimescaleDB is enabled and
       interval is less than a second (#33153) (#33219)
     * Docs: InfluxDB doc improvements (#32815) (#33185)
     * [v7.5.x] Loki: Pass Skip TLS Verify setting to alert queries (#33031)
     * update cla (#33181)
     * Fix inefficient regular expression (#33155) (#33159)
     * Auth: Don't clear auth token cookie when lookup token fails (#32999)
       (#33136)
     * Elasticsearch:  Add documentation for supported Elasticsearch query
       transformations (#33072) (#33128)
     * Update team.md (#33060) (#33084)
     * GE issue 1268 (#33049) (#33081)
     * Fixed some formatting issues for PRs from yesterday. (#33078) (#33079)
     * Explore: Load default data source in Explore when the provided source
       does not exist (#32992) (#33061)
     * Docs: Replace next with latest in aliases (#33054) (#33059)
     * Added missing link item. (#33052) (#33055)
     * Backport 33034 (#33038)
     * Docs: Backport 32916 to v7.5x  (#33008)
     * ReleaseNotes: Updated changelog and release notes for 7.5.4 (#32973)
       (#32998)
     * Elasticsearch: Force re-rendering of each editor row type change
       (#32993) (#32996)
     * Docs: Sync release branch with latest docs (#32986)

   - Update to version 7.5.4:
     * "Release: Updated versions in package to 7.5.4" (#32971)
     * fix(datasource_srv): prevent infinite loop where default datasource is
       named default (#32949) (#32967)
     * Added Azure Monitor support for
       Microsoft.AppConfiguration/configurationStores namespace (#32123)
       (#32968)
     * fix sqlite3 tx retry condition operator precedence (#32897) (#32952)
     * AzureMonitor: Add support for Virtual WAN namespaces (#32935) (#32947)
     * Plugins: Allow a non-dashboard page to be the default home page
       (#32926) (#32945)
     * GraphNG: uPlot 1.6.8 (#32859) (#32863)
     * Alerting: Add ability to include aliases with dashes (/) and at (@)
       signs in InfluxDB (#32844)
     * Prometheus: Allow exemplars endpoint in data source proxy (#32802)
       (#32804)
     * [v7.5.x] Table: Fixes table data links so they refer to correct row
       after sorting (#32758)
     * TablePanel: Makes sorting case-insensitive (#32435) (#32752)

   - Update to version 7.5.3:
     * "Release: Updated versions in package to 7.5.3" (#32745)
     * FolderPicker: Prevent dropdown menu from disappearing off screen
       (#32603) (#32741)
     * Loki: Remove empty annotations tags (#32359) (#32490)
     * SingleStat: fix wrong call to getDataLinkUIModel (#32721) (#32739)
     * Prometheus: Fix instant query to run two times when exemplars enabled
       (#32508) (#32726)
     * Elasticsearch: Fix bucket script variable duplication in UI (#32705)
       (#32714)
     * Variables: Confirms selection before opening new picker (#32586)
       (#32710)
     * CloudWarch: Fix service quotas link (#32686) (#32689)
     * Configuration: Prevent browser hanging / crashing with large number of
       org users (#32546) (#32598)
     * chore: bump execa to v2.1.0 (#32543) (#32592)
     * Explore: Fix bug where navigating to explore would result in wrong
       query and datasource to be shown (#32558)
     * Fix broken gtime tests (#32582) (#32587)
     * resolve conflicts (#32567)
     * gtime: Make ParseInterval deterministic (#32539) (#32560)
     * Dashboard: No longer includes default datasource when externally
       exporting dashboard with row (#32494) (#32535)
     * TextboxVariable: Limits the length of the preview value (#32472)
       (#32530)
     * AdHocVariable: Adds default data source (#32470) (#32476)
     * Variables: Fixes Unsupported data format error for null values
       (#32480) (#32487)
     * Prometheus: align exemplars check to latest api change (#32513)
       (#32515)
     * "Release: Updated versions in package to 7.5.2" (#32502)
     * SigV4: Add support EC2 IAM role auth and possibility to toggle auth
       providers  (#32444) (#32488)
     * Set spanNulls to default (#32471) (#32486)
     * Graph: Fix setting right y-axis when standard option unit is
       configured (#32426) (#32442)
     * API: Return 409 on datasource version conflict (#32425) (#32433)
     * API: Return 400 on invalid Annotation requests (#32429) (#32431)
     * Variables: Fixes problem with data source variable when default ds is
       selected (#32384) (#32424)
     * Table: Fixes so links work for image cells (#32370) (#32410)
     * Variables: Fixes error when manually non-matching entering custom
       value in variable input/picker (#32390) (#32394)
     * DashboardQueryEditor: Run query after selecting source panel (#32383)
       (#32395)
     * API: Datasource endpoint should return 400 bad request if id and orgId
       is invalid (#32392) (#32397)
     * "Release: Updated versions in package to 7.5.1" (#32362)
     * MSSQL: Upgrade go-mssqldb (#32347) (#32361)
     * GraphNG: Fix tooltip displaying wrong or no data (#32312) (#32348)
     * "Release: Updated versions in package to 7.5.0" (#32308)
     * Loki: Fix text search in Label browser (#32293) (#32306)
     * Explore: Show all dataFrames in data tab in Inspector (#32161) (#32299)
     * PieChartV2: Add migration from old piechart (#32259) (#32291)
     * LibraryPanels: Adds Type and Description to DB (#32258) (#32288)
     * LibraryPanels: Prevents deletion of connected library panels (#32277)
       (#32284)
     * Library Panels: Add "Discard" button to panel save modal (#31647)
       (#32281)
     * LibraryPanels: Changes to non readonly reducer (#32193) (#32200)
     * Notifications: InfluxDB - Fix regex to include metrics with hyphen in
       aliases (#32224) (#32262)
     * SSE/InfluxDB: Change InfluxQL to work with server side expressions
       (#31691) (#32102)
     * DashboardSettings: Fixes issue with tags list not updating when
       changes are made (#32241) (#32247)
     * Logs: If log message missing, use empty string (#32080) (#32243)
     * CloudWatch: Use latest version of aws sdk (#32217) (#32223)
     * Release: Updated versions in package to 7.5.0-beta.2 (#32158)
     * HttpServer: Make read timeout configurable but disabled by default
       (#31575) (#32154)
     * GraphNG: Ignore string fields when building data for uPlot in GraphNG
       (#32150) (#32151)
     * Fix loading timezone info on windows (#32029) (#32149)
     * SQLStore: Close session in withDbSession (#31775) (#32108)
     * Remove datalink template suggestions for accessing specific fields
       when there are multiple dataframes. (#32057) (#32148)
     * GraphNG: make sure dataset and config are in sync when initializing
       and re-initializing uPlot (#32106) (#32125)
     * MixedDataSource: Name is updated when data source variable changes
       (#32090) (#32144)
     * Backport 32005 to v7.5.x #32128 (#32130)
     * Loki: Label browser UI updates (#31737) (#32119)
     * ValueMappings: Fixes value 0 not being mapped (#31924) (#31929)
     * GraphNG: Fix tooltip series color for multi data frame scenario
       (#32098) (#32103)
     * LibraryPanels: Improves the Get All experience (#32028) (#32093)
     * Grafana/ui: display all selected levels for selected value when
       searching (#32030) (#32032)
     * Exemplars: always query exemplars (#31673) (#32024)
     * [v7.5.x] TimePicker: Fixes hidden time picker shown in kiosk TV mode
       (#32055)
     * Chore: Collect elasticsearch version usage stats (#31787) (#32063)
     * Chore: Tidy up Go deps (#32053)
     * GraphNG: Fix PlotLegend field display name being outdated (#32064)
       (#32066)
     * Data proxy: Fix encoded characters in URL path should be proxied
       encoded (#30597) (#32060)
     * [v7.5.x] Auth: Allow soft token revocation (#32037)
     * Snapshots: Fix usage of sign in link from the snapshot page (#31986)
       (#32036)
     * Make master green (#32011) (#32015)
     * Query editor: avoid avoiding word wrap on query editor components
       (#31949) (#31982)
     * Variables: Fixes filtering in picker with null items (#31979) (#31995)
     * TooltipContainer - use resize observer instead of
       getClientBoundingRect (#31937) (#32003)
     * Loki: Fix autocomplete when re-editing Loki label values (#31828)
       (#31987)
     * Loki: Fix type errors in language_provider (#31902) (#31945)
     * PanelInspect: Interpolates variables in CSV file name (#31936) (#31977)
     * Cloudwatch: use shared library for aws auth (#29550) (#31946)
     * Tooltip: partial perf improvement (#31774) (#31837) (#31957)
     * Backport 31913 to v7.5.x (#31955)
     * Grafana/ui: fix searchable options for Cascader with options update
       (#31906) (#31938)
     * Variables: Do not reset description on variable type change (#31933)
       (#31939)
     * [v7.5.x] AnnotationList: Adds spacing to UI  (#31888) (#31894)
     * Elasticseach: Support histogram fields (#29079) (#31914)
     * Chore: upgrade eslint and fork-ts-checker-webpack-plugin (#31854)
       (#31896)
     * Update scripts and Dockerfiles to use Go 1.16.1 (#31881) (#31891)
     * Templating: use dashboard timerange when variables are set to refresh
       'On Dashboard Load' (#31721) (#31801)
     * [v7.5.x] Tempo: Add test for backend data source (#31835) (#31882)
     * Run go mod tidy to update go.mod and go.sum (#31859)
     * Grafana/ui: display all selected levels for Cascader (#31729) (#31862)
     * CloudWatch: Consume the grafana/aws-sdk (#31807) (#31861)
     * Cloudwatch: ListMetrics API page limit (#31788) (#31851)
     * Remove invalid attribute (#31848) (#31850)
     * CloudWatch: Restrict auth provider and assume role usage according
       to… (#31845)
     * CloudWatch: Add support for EC2 IAM role (#31804) (#31841)
     * Loki, Prometheus: Change the placement for query type explanation
       (#31784) (#31819)
     * Variables: Improves inspection performance and unknown filtering
       (#31811) (#31813)
     * Change piechart plugin state to beta (#31797) (#31798)
     * ReduceTransform: Include series with numeric string  names (#31763)
       (#31794)
     * Annotations: Make the annotation clean up batch size configurable
       (#31487) (#31769)
     * Fix escaping in ANSI and dynamic button removal (#31731) (#31767)
     * DataLinks: Bring back single click links for Stat, Gauge and BarGauge
       panel (#31692) (#31718)
     * log skipped, performed and duration for migrations (#31722) (#31754)
     * Search: Make items more compact (#31734) (#31750)
     * loki_datasource: add documentation to label_format and line_format
       (#31710) (#31746)
     * Tempo: Convert tempo to backend data source2 (#31733)
     * Elasticsearch: Fix script fields in query editor (#31681) (#31727)
     * Elasticsearch: revert to isoWeek when resolving weekly indices
       (#31709) (#31717)
     * Admin: Keeps expired api keys visible in table after delete (#31636)
       (#31675)
     * Tempo: set authentication header properly (#31699) (#31701)
     * Tempo: convert to backend data source (#31618) (#31695)
     * Update package.json (#31672)
     * Release: Bump version to 7.5.0-beta.1 (#31664)
     * Fix whatsNewUrl version to 7.5 (#31666)
     * Chore: add alias for what's new 7.5 (#31669)
     * Docs: Update doc for PostgreSQL authentication (#31434)
     * Docs: document report template variables (#31637)
     * AzureMonitor: Add deprecation message for App Insights/Insights
       Analytics (#30633)
     * Color: Fixes issue where colors where reset to gray when switch panels
       (#31611)
     * Live: Use pure WebSocket transport (#31630)
     * Docs: Fix broken image link (#31661)
     * Docs: Add Whats new in 7.5 (#31659)
     * Docs: Fix links for 7.5 (#31658)
     * Update enterprise-configuration.md (#31656)
     * Explore/Logs: Escaping of incorrectly escaped log lines (#31352)
     * Tracing: Small improvements to trace types (#31646)
     * Update _index.md (#31645)
     * AlertingNG: code refactoring (#30787)
     * Remove pkill gpg-agent (#31169)
     * Remove format for plugin routes (#31633)
     * Library Panels: Change unsaved change detection logic (#31477)
     * CloudWatch: Added AWS Timestream Metrics and Dimensions (#31624)
     * add new metrics and dimensions (#31595)
     * fix devenv dashboard content typo (#31583)
     * DashList: Sort starred and searched dashboard alphabetically (#31605)
     * Docs: Update whats-new-in-v7-4.md (#31612)
     * SSE: Add "Classic Condition" on backend (#31511)
     * InfluxDB: Improve maxDataPoints error-message in Flux-mode, raise
       limits (#31259)
     * Alerting: PagerDuty: adding current state to the payload (#29270)
     * devenv: Fix typo (#31589)
     * Loki: Label browser (#30351)
     * LibraryPanels: No save modal when user is on same dashboard (#31606)
     * Bug: adding resolution for `react-use-measure` to prevent plugin tests
       from failing. (#31603)
     * Update node-graph.md (#31571)
     * test: pass Cypress options objects into selector wrappers (#31567)
     * Loki: Add support for alerting (#31424)
     * Tracing: Specify type of the data frame that is expected for TraceView
       (#31465)
     * LibraryPanels: Adds version column (#31590)
     * PieChart: Add color changing options to pie chart (#31588)
     * Explore: keep enabled/disabled state in angular based QueryEditors
       correctly (#31558)
     * Bring back correct legend sizing afer PlotLegend refactor (#31582)
     * Alerting: Fix bug in Discord for when name for metric value is absent
       (#31257)
     * LibraryPanels: Deletes library panels during folder deletion (#31572)
     * chore: bump lodash to 4.17.21 (#31549)
     * Elasticsearch: Fix impossibility to perform non-logs queries after
       importing queries from loki or prometheus in explore (#31518)
     * TestData: Fixes never ending annotations scenario (#31573)
     * CloudWatch: Added AWS Network Firewall metrics and dimensions (#31498)
     * propagate plugin unavailable message to UI (#31560)
     * ConfirmButton: updates story from knobs to controls (#31476)
     * Loki: Refactor line limit to use grafana/ui component (#31509)
     * LibraryPanels: Adds folder checks and permissions (#31473)
     * Add guide on custom option editors (#31254)
     * PieChart: Update text color and minor changes (#31546)
     * Grafana-data: bump markedjs to v2.x to resolve vulnerability (#31036)
     * Chore(deps): Bump google.golang.org/api from 0.39.0 to 0.40.0 (#31210)
     * PieChart: Improve piechart legend and options (#31446)
     * Chore(deps): Bump google.golang.org/grpc from 1.35.0 to 1.36.0 (#31541)
     * Chore(deps): Bump github.com/aws/aws-sdk-go from 1.37.7 to 1.37.20
       (#31538)
     * Chore(deps): Bump github.com/prometheus/common from 0.17.0 to 0.18.0
       (#31539)
     * Add multiselect options ui (#31501)
     * Profile: Fixes profile preferences being accessible when anonymous
       access was enabled (#31516)
     * Variables: Fixes error with: cannot read property length of undefined
       (#31458)
     * Explore: Show ANSI colored logs in logs context (#31510)
     * LogsPanel: Show all received logs  (#31505)
     * AddPanel: Design polish  (#31484)
     * TimeSeriesPanel: Remove unnecessary margin from legend  (#31467)
     * influxdb: flux: handle is-hidden (#31324)
     * Graph: Fix tooltip not showing when close to the edge of viewport
       (#31493)
     * FolderPicker: Remove useNewForms from FolderPicker (#31485)
     * Add reportVariables feature toggle (#31469)
     * Grafana datasource: support multiple targets (#31495)
     * Update license-restrictions.md (#31488)
     * Docs: Derived fields links in logs detail view (#31482)
     * Docs: Add new data source links to Enterprise page (#31480)
     * Convert annotations to dataframes (#31400)
     * ReleaseNotes: Updated changelog and release notes for v7.4.2 (#31475)
     * GrafanaUI: Fixes typescript error for missing css prop (#31479)
     * Login: handle custom token creation error messages (#31283)
     * Library Panels: Don't list current panel in available panels list
       (#31472)
     * DashboardSettings: Migrate Link Settings to React (#31150)
     * Frontend changes for library panels feature (#30653)
     * Alerting notifier SensuGo: improvements in default message (#31428)
     * AppPlugins: Options to disable showing config page in nav (#31354)
     * add aws config (#31464)
     * Heatmap: Fix missing/wrong value in heatmap legend (#31430)
     * Chore: Fixes small typos (#31461)
     * Graphite/SSE: update graphite to work with server side expressions
       (#31455)
     * update the lastest version to 7.4.3 (#31457)
     * ReleaseNotes: Updated changelog and release notes for 7.4.3 (#31454)
     * AWS: Add aws plugin configuration (#31312)
     * Revert ""Release: Updated versions in package to 7.4.3" (#31444)"
       (#31452)
     * Remove UserSyncInfo.tsx (#31450)
     * Elasticsearch: Add word highlighting to search results (#30293)
     * Chore: Fix eslint react hook warnings in grafana-ui (#31092)
     * CloudWatch: Make it possible to specify custom api endpoint (#31402)
     * Chore: fixed incorrect naming for disable settings (#31448)
     * TraceViewer: Fix show log marker in spanbar (#30742)
     * LibraryPanels: Adds permissions to getAllHandler (#31416)
     * NamedColorsPalette: updates story from knobs to controls (#31443)
     * "Release: Updated versions in package to 7.4.3" (#31444)
     * ColorPicker: updates story from knobs to controls (#31429)
     * Streaming: Fixes an issue with time series panel and streaming data
       source when scrolling back from being out of view (#31431)
     * ClipboardButton: updates story from knobs to controls (#31422)
     * we should never log unhashed tokens (#31432)
     * CI: Upgrade Dockerfiles wrt. Go, Node, Debian (#31407)
     * Elasticsearch: Fix query initialization logic & query transformation
       from Promethous/Loki (#31322)
     * Postgres: allow providing TLS/SSL certificates as text in addition to
       file paths (#30353)
     * CloudWatch: Added AWS Ground Station metrics and dimensions (#31362)
     * TraceViewer: Fix trace to logs icon to show in right pane (#31414)
     * add hg team as migrations code owners (#31420)
     * Remove tidy-check script (#31423)
     * InfluxDB: handle columns named "table" (#30985)
     * Prometheus: Use configured HTTP method for /series and /labels
       endpoints (#31401)
     * Devenv: Add gdev-influxdb2 data source (#31250)
     * Update grabpl from 0.5.38 to 0.5.42 version (#31419)
     * Move NOOP_CONTROL to storybook utils and change to a standalone file
       (#31421)
     * remove squadcast details from docs (#31413)
     * Add new Cloudwatch AWS/DDoSProtection metrics and dimensions (#31297)
     * Logging: add frontend logging helpers to @grafana/runtime package
       (#30482)
     * CallToActionCard: updates story from knobs to controls (#31393)
     * Add eu-south-1 cloudwatch region, closes #31197 (#31198)
     * Chore: Upgrade eslint packages (#31408)
     * Cascader: updates story from knobs to controls (#31399)
     * addressed issues 28763 and 30314. (#31404)
     * Added section Query a time series database by id (#31337)
     * Prometheus: Change default httpMethod for new instances to POST
       (#31292)
     * Data source list: Use Card component (#31326)
     * Chore: Remove gotest.tools dependency (#31391)
     * Revert "StoryBook: Introduces Grafana Controls (#31351)" (#31388)
     * Chore(deps): Bump github.com/prometheus/common from 0.15.0 to 0.17.0
       (#31387)
     * AdHocVariables: Fixes crash when values are stored as numbers (#31382)
     * Chore(deps): Bump github.com/golang/mock from 1.4.4 to 1.5.0 (#31379)
     * Chore: Fix strict errors, down to 416 (#31365)
     * Chore(deps): Bump github.com/getsentry/sentry-go from 0.9.0 to 0.10.0
       (#31378)
     * StoryBook: Introduces Grafana Controls (#31351)
     * ReleaseNotes: Updated changelog and release notes for 7.4.2 (#31313)
     * Theming: Support for runtime theme switching and hooks for custom
       themes (#31301)
     * Devenv: Remove old-versioned loki blocks and update prometheus2 block
       (#31282)
     * Zipkin: Show success on test data source (#30829)
     * Update grot template (needs more info) (#31350)
     * DatasourceSrv: Fix instance retrieval when datasource variable value
       set to "default" (#31347)
     * TimeSeriesPanel: Fixes overlapping time axis ticks (#31332)
     * Grafana/UI: Add basic legend to the PieChart (#31278)
     * SAML: single logout only enabled in enterprise (#31325)
     * QueryEditor: handle query.hide changes in angular based query-editors
       (#31336)
     * DashboardLinks: Fixes another issue where dashboard links cause full
       page reload (#31334)
     * LibraryPanels: Syncs panel title with name (#31311)
     * Chore: Upgrade golangci-lint (#31330)
     * Add info to docs about concurrent session limits (#31333)
     * Table: Fixes issue with fixed min and auto max with bar gauge cell
       (#31316)
     * BarGuage: updates story from knobs to controls (#31223)
     * Docs: Clarifies how to add Key/Value pairs (#31303)
     * Usagestats: Exclude folders from total dashboard count (#31320)
     * ButtonCascader: updates story from knobs to controls (#31288)
     * test: allow check for Table as well as Graph for Explore e2e flow
       (#31290)
     * Grafana-UI: Update tooltip type (#31310)
     * fix 7.4.2 release note (#31299)
     * Add `--tries 3` arg when triggering e2e-tests upon releasing (#31285)
     * Chore: reduce strict errors for variables (#31241)
     * update latest release version (#31296)
     * ReleaseNotes: Updated changelog and release notes for 7.4.2 (#31291)
     * Correct name of Discord notifier tests (#31277)
     * Docs: Clarifies custom date formats for variables (#31271)
     * BigValue: updates story from knobs to controls (#31240)
     * Docs: Annotations update (#31194)
     * Introduce functions for interacting with library panels API (#30993)
     * Search: display sort metadata (#31167)
     * Folders: Editors should be able to edit name and delete folders
       (#31242)
     * Make Datetime local (No date if today) working (#31274)
     * UsageStats: Purpose named variables (#31264)
     * Snapshots: Disallow anonymous user to create snapshots (#31263)
     * only update usagestats every 30min (#31131)
     * Chore: grafana-toolkit uses grafana-ui and grafana-data workspaces
       (#30701)
     * Grafana-UI: Add id to Select to make it easier to test (#31230)
     * Prometheus: Fix enabling of disabled queries when editing in dashboard
       (#31055)
     * UI/Card: Fix handling of 'onClick' callback (#31225)
     * Loki: Add line limit for annotations (#31183)
     * Remove deprecated and breaking loki config field (#31227)
     * SqlDataSources: Fixes the Show Generated SQL button in query editors
       (#31236)
     * LibraryPanels: Disconnect before connect during dashboard save (#31235)
     * Disable Change Password for OAuth users (#27886)
     * TagsInput: Design update and component refactor (#31163)
     * Variables: Adds back default option for data source variable (#31208)
     * IPv6: Support host address configured with enclosing square brackets
       (#31226)
     * Postgres: Fix timeGroup macro converts long intervals to invalid
       numbers when TimescaleDB is enabled (#31179)
     * GraphNG: refactor core to class component (#30941)
     * Remove last synchronisation field from LDAP debug view (#30984)
     * Chore: Upgrade grafana-plugin-sdk-go to v0.88.0 (#30975)
     * Graph: Make axes unit option work even when field option unit is set
       (#31205)
     * AlertingNG:  Test definition  (#30886)
     * Docs: Update Influx config options (#31146)
     * WIP: Skip this call when we skip migrations (#31216)
     * use 0.1.0 (#31215)
     * DataSourceSrv: Filter out non queryable data sources by default
       (#31144)
     * QueryEditors: Fixes issue that happens after moving queries then
       editing would update other queries (#31193)
     * Chore: report eslint no-explicit-any errors to metrics (#31182)
     * Chore(deps): Bump cloud.google.com/go/storage from 1.12.0 to 1.13.0
       (#31211)
     * Chore(deps): Bump xorm.io/xorm from 0.8.1 to 0.8.2 (#30773)
     * Alerting: Fix modal text for deleting obsolete notifier (#31171)
     * Chore(deps): Bump github.com/linkedin/goavro/v2 from 2.9.7 to 2.10.0
       (#31204)
     * Variables: Fixes missing empty elements from regex filters (#31156)
     * StatPanels: Fixes to palette color scheme is not cleared when loading
       panel (#31126)
     * Fixed the typo. (#31189)
     * Docs: Rewrite preferences docs (#31154)
     * Explore/Refactor: Simplify URL handling (#29173)
     * DashboardLinks: Fixes links always cause full page reload (#31178)
     * Replace PR with Commit truncated hash when build fails (#31177)
     * Alert: update story to use controls (#31145)
     * Permissions: Fix team and role permissions on folders/dashboards not
       displayed for non Grafana Admin users (#31132)
     * CloudWatch: Ensure empty query row errors are not passed to the panel
       (#31172)
     * Update prometheus.md (#31173)
     * Variables: Extend option pickers to accept custom onChange callback
       (#30913)
     * Prometheus: Multiply exemplars timestamp to follow api change (#31143)
     * DashboardListPanel: Fixes issue with folder picker always showing All
       and using old form styles (#31160)
     * Add author name and pr number in drone pipeline notifications (#31124)
     * Prometheus: Add documentation for ad-hoc filters (#31122)
     * DataSourceSettings: Fixes add header button, it should not trigger a
       save & test action (#31135)
     * Alerting: Fix so that sending an alert with the Alertmanager notifier
       doesn't fail when one of multiple configured URL's are down (#31079)
     * Chore: Update latest.json (#31139)
     * Docs: add 7.4.1 relese notes link (#31137)
     * PieChart: Progress on new core pie chart  (#28020)
     * ReleaseNotes: Updated changelog and release notes for 7.4.1 (#31133)
     * Eslint: no-duplicate-imports rule (bump grafana-eslint-config) (#30989)
     * Transforms: Fixes Outer join issue with duplicate field names not
       getting the same unique field names as before  (#31121)
     * MuxWriter: Handle error for already closed file (#31119)
     * Logging: sourcemap transform asset urls from CDN in logged stacktraces
       (#31115)
     * Search: add sort information in dashboard results (#30609)
     * area/grafana/e2e: ginstall should pull version specified (#31056)
     * Exemplars: Change CTA style (#30880)
     * Influx: Make max series limit configurable and show the limiting
       message if applied (#31025)
     * Docs: request security (#30937)
     * update configurePanel for 7.4.0 changes (#31093)
     * Elasticsearch: fix log row context erroring out (#31088)
     * Prometheus: Fix issues with ad-hoc filters (#30931)
     * LogsPanel: Add deduplication option for logs (#31019)
     * Drone: Make sure CDN upload is ok before pushing docker images (#31075)
     * PluginManager: Remove some global state (#31081)
     * test: update addDashboard flow for v7.4.0 changes (#31059)
     * Transformations: Fixed typo in FilterByValue transformer description.
       (#31078)
     * Docs: Group id should be 0 instead of 1 in Docker upgrade notes
       (#31074)
     * Usage stats: Adds source/distributor setting (#31039)
     * CDN: Add CDN upload step to enterprise and release pipelines (#31058)
     * Chore: Replace native select with grafana ui select  (#31030)
     * Docs: Update json-model.md (#31066)
     * Docs: Update whats-new-in-v7-4.md (#31069)
     * Added hyperlinks to Graphite documentation (#31064)
     * DashboardSettings: Update to new form styles (#31022)
     * CDN: Fixing drone CI config (#31052)
     * convert path to posix by default (#31045)
     * DashboardLinks: Fixes crash when link has no title (#31008)
     * Alerting: Fixes so notification channels are properly deleted (#31040)
     * Explore: Remove emotion error when displaying logs (#31026)
     * Elasticsearch: Fix alias field value not being shown in query editor
       (#30992)
     * CDN: Adds uppload to CDN step to drone CI (#30879)
     * Improved glossary (#31004)
     * BarGauge: Improvements to value sizing and table inner width
       calculations  (#30990)
     * Drone: Fix deployment image (#31027)
     * ColorPicker: migrated styles from sass to emotion (#30909)
     * Dashboard: Migrate general settings to react (#30914)
     * Chore(deps): Bump github.com/jung-kurt/gofpdf from 1.10.1 to 1.16.2
       (#30586)
     * Chore(deps): Bump github.com/aws/aws-sdk-go from 1.36.31 to 1.37.7
       (#31018)
     * Prometheus: Min step defaults to seconds when no unit is set to
       prevent errors when running alerts. (#30966)
     * Chore(deps): Bump github.com/magefile/mage from 1.10.0 to 1.11.0
       (#31017)
     * Chore(deps): Bump github.com/grpc-ecosystem/go-grpc-middleware (#31013)
     * Graph: Fixes so graph is shown for non numeric time values (#30972)
     * CloudMonitoring: Prevent resource type variable function from crashing
       (#30901)
     * Chore(deps): Bump google.golang.org/api from 0.33.0 to 0.39.0 (#30971)
     * Build: Releases e2e and e2e-selectors too (#31006)
     * TextPanel: Fixes so panel title is updated when variables change
       (#30884)
     * Docs: Update configuration.md
       (login_maximum_inactive_lifetime_duration,
       login_maximum_lifetime_duration) (#31000)
     * instrumentation: make the first database histogram bucket smaller
       (#30995)
     * Grafana/UI: Remove DismissableFeatureInfoBox and replace with
       LocalSt… (#30988)
     * StatPanel: Fixes issue formatting date values using unit option
       (#30979)
     * Chore(deps): Bump actions/cache from v2 to v2.1.4 (#30973)
     * Units: Fixes formatting of duration units (#30982)
     * Elasticsearch: Show Size setting for raw_data metric (#30980)
     * Alerts: Dedupe alerts so that we do not fill the screen with the same
       alert messsage (#30935)
     * make sure service and slo display name is passed to segment comp
       (#30900)
     * assign changes in cloud datasources to the new cloud datasources team
       (#30645)
     * Table: Updates devenv test dashboard after change to TestData Randrom
       Table response (#30927)
     * Theme: Use higher order theme color variables rather then is
       light/dark logic (#30939)
     * Docs: Add alias for what's new in 7.4 (#30945)
     * e2e: extends selector factory to plugins (#30932)
     * Chore: Upgrade docker build image (#30820)
     * Docs: updated developer guide (#29978)
     * Alerts: Update Alert storybook to show more states (#30908)
     * Variables: Adds queryparam formatting option (#30858)
     * Chore: pad unknown values with undefined (#30808)
     * Transformers: add search to transform selection (#30854)
     * Exemplars: change api to reflect latest changes (#30910)
     * docs: use selinux relabelling on docker containers (#27685)
     * Docs: Fix bad image path for alert notification template (#30911)
     * Make value mappings correctly interpret numeric-like strings (#30893)
     * Chore: Update latest.json (#30905)
     * Docs: Update whats-new-in-v7-4.md (#30882)
     * Dashboard: Ignore changes to dashboard when the user session expires
       (#30897)
     * ReleaseNotes: Updated changelog and release notes for 7.4.0 (#30902)
     * test: add support for timeout to be passed in for addDatasource
       (#30736)
     * increase page size and make sure the cache supports query params
       (#30892)
     * DataSourceSettings: Adds info box and link to Grafana Cloud (#30891)
     * OAuth: custom username docs (#28400)
     * Panels: Remove value mapping of values that have been formatted #26763
       (#30868)
     * Alerting: Fixes alert panel header icon not showing (#30840)
     * AlertingNG: Edit Alert Definition (#30676)
     * Logging: sourcemap support for frontend stacktraces (#30590)
     * Added "Restart Grafana" topic. (#30844)
     * Docs: Org, Team, and User Admin (#30756)
     * bump grabpl version to 0.5.36 (#30874)
     * Plugins: Requests validator (#30445)
     * Docs: Update whats-new-in-v7-4.md (#30876)
     * Docs: Add server view folder (#30849)
     * Fixed image name and path  (#30871)
     * Grafana-ui: fixes closing modals with escape key (#30745)
     * InfluxDB: Add http configuration when selecting InfluxDB v2 flavor
       (#30827)
     * TestData: Fixes issue with for ever loading state when all queries are
       hidden (#30861)
     * Chart/Tooltip: refactored style declaration (#30824)
     * ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1
       (#30853)
     * Grafana-ui: fixes no data message in Table component (#30821)
     * grafana/ui: Update pagination component for large number of pages
       (#30151)
     * Alerting: Customise OK notification priorities for Pushover notifier
       (#30169)
     * DashboardLinks: Support variable expression in to tooltip - Issue
       #30409 (#30569)
     * Chore: Remove panelTime.html, closes #30097 (#30842)
     * Docs: Time series panel, bar alignment docs (#30780)
     * Chore: add more docs annotations (#30847)
     * Transforms: allow boolean in field calculations (#30802)
     * Prometheus: Add tooltip to explain possibility to use patterns in text
       and title fields in annotations (#30825)
     * Update prometheus.md with image link fix (#30833)
     * BarChart: inside-align strokes, upgrade uPlot to 1.6.4. (#30806)
     * Update license-expiration.md (#30839)
     * Explore rewrite (#30804)
     * Prometheus: Set type of labels to string (#30831)
     * GrafanaUI: Add a way to persistently close InfoBox (#30716)
     * Fix typo in transformer registry (#30712)
     * Elasticsearch: Display errors with text responses (#30122)
     * CDN: Fixes cdn path when Grafana is under sub path (#30822)
     * TraceViewer: Fix lazy loading (#30700)
     * FormField: migrated sass styling to emotion (#30392)
     * AlertingNG: change API permissions (#30781)
     * Variables: Clears drop down state when leaving dashboard (#30810)
     * Grafana-UI: Add story/docs for ErrorBoundary (#30304)
     * Add missing callback dependency (#30797)
     * PanelLibrary: Adds library panel meta information to dashboard json
       (#30770)
     * Chore(deps): Bump gonum.org/v1/gonum from 0.6.0 to 0.8.2 (#30343)
     * Chore(deps): Bump gopkg.in/yaml.v2 from 2.3.0 to 2.4.0 (#30771)
     * GraphNG: improve behavior when switching between solid/dash/dots
       (#30796)
     * Chore(deps): Bump github.com/hashicorp/go-hclog from 0.14.1 to 0.15.0
       (#30778)
     * Add width for Variable Editors (#30791)
     * Chore: Remove warning when calling resource (#30752)
     * Auth: Use SigV4 lib from grafana-aws-sdk  (#30713)
     * Panels: Fixes so panels are refreshed when scrolling past them fast
       (#30784)
     * GraphNG: add bar alignment option (#30499)
     * Expressions: Measure total transformation requests and elapsed time
       (#30514)
     * Menu: Mark menu components as internal (#30740)
     * TableInputCSV: migrated styles from sass to emotion (#30554)
     * CDN: Fix passing correct prefix to GetContentDeliveryURL (#30777)
     * Chore(deps): Bump gopkg.in/ini.v1 from 1.57.0 to 1.62.0 (#30772)
     * CDN: Adds support for serving assets over a CDN (#30691)
     * PanelEdit: Trigger refresh when changing data source (#30744)
     * Chore: remove __debug_bin (#30725)
     * BarChart: add alpha bar chart panel (#30323)
     * Docs: Time series panel (#30690)
     * Backend Plugins: Convert test data source to use SDK contracts (#29916)
     * Docs: Update whats-new-in-v7-4.md (#30747)
     * Add link to Elasticsearch docs. (#30748)
     * Mobile: Fixes issue scrolling on mobile in chrome (#30746)
     * TagsInput: Make placeholder configurable (#30718)
     * Docs: Add config settings for fonts in reporting (#30421)
     * Add menu.yaml to .gitignore (#30743)
     * bump cypress to 6.3.0 (#30644)
     * Datasource: Use json-iterator configuration compatible with standard
       library (#30732)
     * AlertingNG: Update UX to use new PageToolbar component (#30680)
     * Docs: Add usage insights export feature (#30376)
     * skip symlinks to directories when generating plugin manifest (#30721)
     * PluginCiE2E: Upgrade base images (#30696)
     * Variables: Fixes so text format will show All instead of custom all
       (#30730)
     * PanelLibrary: better handling of deleted panels (#30709)
     * Added section "Curated dashboards for Google Cloud Monitoring" for 7.4
       What's New (#30724)
     * Added "curated dashboards" information and broke down, rearranged
       topics. (#30659)
     * Transform: improve the "outer join" performance/behavior (#30407)
     * Add alt text to plugin logos (#30710)
     * Deleted menu.yaml file (#30717)
     * Dashboard: Top Share URL icon should share panel URL when on viewPanel
       page (#30000)
     * Added entry for web server. (#30715)
     * DashboardPicker: switch to promise-based debounce, return dashboard
       UID (#30706)
     * Use connected GraphNG in Explore (#30707)
     * Fix documentation for streaming data sources (#30704)
     * PanelLibrary: changes casing of responses and adds meta property
       (#30668)
     * Influx: Show all datapoints for dynamically windowed flux query
       (#30688)
     * Trace: trace to logs design update (#30637)
     * DeployImage: Switch base images to Debian (#30684)
     * Chore: remove CSP debug logging line (#30689)
     * Docs: 7.4 documentation for expressions (#30524)
     * PanelEdit: Get rid of last remaining usage of navbar-button (#30682)
     * Grafana-UI: Fix setting default value for MultiSelect (#30671)
     * CustomScrollbar: migrated styles from sass to emotion (#30506)
     * DashboardSettings & PanelEdit: Use new PageToolbar (#30675)
     * Explore: Fix jumpy live tailing (#30650)
     * ci(npm-publish): add missing github package token to env vars (#30665)
     * PageToolbar: Extracting navbar styles & layout into a modern emotion
       based component (#30588)
     * AlertingNG: pause/unpause definitions via the API (#30627)
     * Docs: Refer to product docs in whats new for alerting templating
       feature (#30652)
     * ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1
       (#30666)
     * Variables: Fixes display value when using capture groups in regex
       (#30636)
     * Docs: Update _index.md (#30655)
     * Docs: Auditing updates (#30433)
     * Docs: add hidden_users configuration field (#30435)
     * Docs: Define TLS/SSL terminology (#30533)
     * Docs: Fix expressions enabled description (#30589)
     * Docs: Update ES screenshots (#30598)
     * Licensing Docs: Adding license restrictions docs (#30216)
     * Update documentation-style-guide.md (#30611)
     * Docs: Update queries.md (#30616)
     * chore(grafana-ui): bump storybook to 6.1.15 (#30642)
     * DashboardSettings: fixes vertical scrolling (#30640)
     * Usage Stats: Remove unused method for getting user stats (#30074)
     * Grafana/UI: Unit picker should not set a category as unit (#30638)
     * Graph: Fixes auto decimals issue in legend and tooltip (#30628)
     * AlertingNG: List saved Alert definitions in Alert Rule list (#30603)
     * chore: bump redux toolkit to 1.5.0 for immer 8.0.1 vulnerability fix
       (#30605)
     * Grafana/UI: Add disable prop to Segment (#30539)
     * Variables: Fixes so queries work for numbers values too (#30602)
     * Admin: Fixes so form values are filled in from backend (#30544)
     * Docs: Add new override info and add whats new 7.4 links (#30615)
     * TestData: Improve what's new in v7.4 (#30612)
     * Docs: Update 7.4 What's New to use more correct description of
       alerting notification template feature (#30502)
     * NodeGraph: Add docs (#30504)
     * Loki: Improve live tailing errors and fix Explore's logs container
       type errors (#30517)
     * TimeRangePicker: Updates components to use new ToolbarButton &
       ButtonGroup (#30570)
     * Update styling.md guide (#30594)
     * TestData: Adding what's new in v7.4 to the devenv dashboards (#30568)
     * Chore(deps): Bump github.com/aws/aws-sdk-go from 1.35.5 to 1.36.31
       (#30583)
     * Chore(deps): Bump github.com/prometheus/client_golang (#30585)
     * Chore(deps): Bump gopkg.in/macaron.v1 from 1.3.9 to 1.4.0 (#30587)
     * Chore(deps): Bump github.com/google/uuid from 1.1.5 to 1.2.0 (#30584)
     * Explore: Fix logs hover state so that it is visible and in dark mode &
       simply hover code (#30572)
     * RefreshPicker: Fixes so valid intervals in url are visible in
       RefreshPicker (#30474)
     * Add documentation for Exemplars (#30317)
     * OldGraph: Fix height issue in Firefox (#30565)
     * XY Chart: fix editor error with empty frame (no fields) (#30573)
     * ButtonSelect & RefreshPicker: Rewrite of components to use new emotion
       based ToolbarButton & Menu (#30510)
     * XY Chart: share legend config with timeseries (#30559)
     * configuration.md: Document Content Security Policy options (#30413)
     * DataFrame: cache frame/field index in field state (#30529)
     * List + before -; rm old Git ref; reformat. (#30543)
     * Expressions: Add option to disable feature (#30541)
     * Explore: Fix loading visualisation on the top of the new time series
       panel (#30553)
     * Prometheus: Fix show query instead of Value if no __name__ and metric
       (#30511)
     * Decimals: Big Improvements to auto decimals and fixes to auto decimals
       bug found in 7.4-beta1  (#30519)
     * Postgres: Convert tests to stdlib (#30536)
     * Storybook: Migrate card story to use controls  (#30535)
     * AlertingNG: Enable UI to Save Alert Definitions (#30394)
     * Postgres: Be consistent about TLS/SSL terminology (#30532)
     * Loki: Append refId to logs uid (#30418)
     * Postgres: Fix indentation (#30531)
     * GraphNG: uPlot 1.6.3 (fix bands not filling below 0). close #30523.
       (#30527)
     * updates for e2e docker image (#30465)
     * GraphNG: uPlot 1.6.2 (#30521)
     * Docs: Update whats-new-in-v7-4.md (#30520)
     * Prettier: ignore build and devenv dirs (#30501)
     * Chore: Upgrade grabpl version (#30486)
     * Explore: Update styling of buttons (#30493)
     * Cloud Monitoring: Fix legend naming with display name override (#30440)
     * GraphNG: Disable Plot logging by default (#30390)
     * Admin: Fixes so whole org drop down is visible when adding users to
       org (#30481)
     * Docs: include Makefile option for local assets (#30455)
     * Footer: Fixes layout issue in footer  (#30443)
     * TimeSeriesPanel: Fixed default value for gradientMode (#30484)
     * Docs: fix typo in what's new doc (#30489)
     * Chore: adds wait to e2e test (#30488)
     * chore: update packages dependent on dot-prop to fix security
       vulnerability (#30432)
     * Dashboard: Remove Icon and change copy -> Copy to clipboard in the
       share embedded panel modal (#30480)
     * Chore: fix spelling mistake (#30473)
     * Chore: Restrict internal imports from other packages (#30453)
     * Docs: What's new fixes and improvements (#30469)
     * Timeseries: only migrage point size when configured (#30461)
     * Alerting: Hides threshold handle for percentual thresholds (#30431)
     * Graph: Fixes so only users with correct permissions can add
       annotations (#30419)
     * Chore: update latest version to 7.4.0-beta1 (#30452)
     * Docs: Add whats new 7.4 links (#30463)
     * Update whats-new-in-v7-4.md (#30460)
     * docs: 7.4 what's new (Add expressions note) (#30446)
     * Chore: Upgrade build pipeline tool (#30456)
     * PanelModel: Make sure the angular options are passed to react panel
       type changed handler (#30441)
     * Expressions: Fix button icon (#30444)
     * ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1
       (#30449)
     * Docs: Fix img link for alert notification template (#30436)
     * grafana/ui: Fix internal import from grafana/data (#30439)
     * prevent field config from being overwritten (#30437)
     * PanelOptions: Refactoring applying panel and field options out of
       PanelModel and add property clean up for properties not in field
       config registry  (#30389)
     * Dashboard: Remove template variables option from ShareModal (#30395)
     * Added doc content for variables inspector code change by Hugo (#30408)
     * Docs: update license expiration behavior for reporting (#30420)
     * Chore: use old version format in package.json (#30430)
     * Chore: upgrade NPM security vulnerabilities (#30397)
     * "Release: Updated versions in package to 7.5.0-pre.0" (#30428)
     * contribute: Add backend and configuration guidelines for PRs (#30426)
     * Chore: Update what's new URL (#30424)
   - Update to version 7.4.5
   - CVE-2021-28146, CVE-2021-28147: Fix API permissions issues related to
     team-sync. (Enterprise) (bsc#1183811, bsc#1183809)
   - CVE-2021-28148: Usage insights requires signed in users. (Enterprise)
     (bsc#1183813)
   - CVE-2021-27962: Do not allow editors to incorrectly bypass permissions
     on the default data source. (Enterprise) (bsc#1184371)


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Manager Tools 15:

      zypper in -t patch SUSE-SLE-Manager-Tools-15-2021-2660=1



Package List:

   - SUSE Manager Tools 15 (aarch64 ppc64le s390x x86_64):

      grafana-7.5.7-1.21.1


References:

   https://www.suse.com/security/cve/CVE-2021-27358.html
   https://www.suse.com/security/cve/CVE-2021-27962.html
   https://www.suse.com/security/cve/CVE-2021-28146.html
   https://www.suse.com/security/cve/CVE-2021-28147.html
   https://www.suse.com/security/cve/CVE-2021-28148.html
   https://bugzilla.suse.com/1183803
   https://bugzilla.suse.com/1183809
   https://bugzilla.suse.com/1183811
   https://bugzilla.suse.com/1183813
   https://bugzilla.suse.com/1184371



More information about the sle-security-updates mailing list