SUSE-CU-2022:2083-1: Security update of ses/7.1/ceph/grafana

sle-security-updates at sle-security-updates at
Wed Sep 7 12:23:47 UTC 2022

SUSE Container Update Advisory: ses/7.1/ceph/grafana
Container Advisory ID : SUSE-CU-2022:2083-1
Container Tags        : ses/7.1/ceph/grafana:8.3.5 , ses/7.1/ceph/grafana: , ses/7.1/ceph/grafana:latest , ses/7.1/ceph/grafana:sle15.3.pacific
Container Release     : 2.2.217
Severity              : important
Type                  : security
References            : 1033084 1033085 1033086 1033087 1033088 1033089 1033090 1040589
                        1073299 1082318 1093392 1104264 1104700 1106390 1107066 1107067
                        1111973 1112310 1112723 1112726 1113554 1120402 1121227 1121230
                        1122004 1122021 1123685 1125007 1130557 1137373 1140016 1150451
                        1169582 1172055 1177460 1177460 1177460 1177460 1177460 1177460
                        1178346 1178350 1178353 1181475 1181658 1183533 1184501 1185637
                        1188127 1191157 1191502 1192951 1193086 1193489 1193659 1194131
                        1194550 1194642 1194708 1194848 1194873 1194875 1194883 1195059
                        1195157 1195247 1195258 1195283 1195359 1195529 1195628 1195726
                        1195727 1195728 1195899 1195999 1196044 1196061 1196093 1196107
                        1196125 1196317 1196368 1196490 1196514 1196567 1196647 1196733
                        1196785 1196861 1196925 1196939 1197004 1197024 1197065 1197134
                        1197178 1197443 1197459 1197570 1197684 1197718 1197771 1197794
                        1198062 1198090 1198114 1198176 1198341 1198446 1198507 1198614
                        1198627 1198723 1198731 1198732 1198751 1198752 1198766 1198768
                        1198925 1199042 1199132 1199140 1199166 1199223 1199224 1199232
                        1199240 1200064 1200170 1200334 1200550 1200553 1200735 1200737
                        1200800 1200842 1200855 1200855 1201099 1201225 1201560 1201640
                        1201760 1202175 1202310 1202593 CVE-2017-7607 CVE-2017-7608 CVE-2017-7609
                        CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 CVE-2018-16062
                        CVE-2018-16402 CVE-2018-16403 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521
                        CVE-2018-20573 CVE-2018-20574 CVE-2018-25032 CVE-2019-6285 CVE-2019-6292
                        CVE-2019-7146 CVE-2019-7148 CVE-2019-7149 CVE-2019-7150 CVE-2019-7664
                        CVE-2019-7665 CVE-2021-22570 CVE-2021-28153 CVE-2021-36222 CVE-2021-3711
                        CVE-2021-39226 CVE-2021-3979 CVE-2021-41174 CVE-2021-41244 CVE-2021-43798
                        CVE-2021-43813 CVE-2021-43815 CVE-2022-1271 CVE-2022-1292 CVE-2022-1304
                        CVE-2022-1586 CVE-2022-2068 CVE-2022-2097 CVE-2022-21673 CVE-2022-21702
                        CVE-2022-21703 CVE-2022-21713 CVE-2022-22576 CVE-2022-23308 CVE-2022-27775
                        CVE-2022-27776 CVE-2022-27781 CVE-2022-27782 CVE-2022-29155 CVE-2022-29458
                        CVE-2022-29824 CVE-2022-32206 CVE-2022-32208 CVE-2022-34903 CVE-2022-35252

The container ses/7.1/ceph/grafana was updated. The following patches have been included in this update:

Advisory ID: SUSE-RU-2018:1332-1
Released:    Tue Jul 17 09:01:19 2018
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1073299,1093392
This update for timezone provides the following fixes:

- North Korea switches back from +0830 to +09 on 2018-05-05.
- Ireland's standard time is in the summer, with negative DST offset to standard time used
  in Winter. (bsc#1073299)
- yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd
  timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid
  setting an incorrect timezone. (bsc#1093392)

Advisory ID: SUSE-RU-2018:2463-1
Released:    Thu Oct 25 14:48:34 2018
Summary:     Recommended update for timezone, timezone-java
Type:        recommended
Severity:    moderate
References:  1104700,1112310

This update for timezone, timezone-java fixes the following issues:

The timezone database was updated to 2018f:

- Volgograd moves from +03 to +04 on 2018-10-28.
- Fiji ends DST 2019-01-13, not 2019-01-20.
- Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700)
- Corrections to past timestamps of DST transitions
- Use 'PST' and 'PDT' for Philippine time
- minor code changes to zic handling of the TZif format
- documentation updates

Other bugfixes:

- Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310)

Advisory ID: SUSE-RU-2018:2550-1
Released:    Wed Oct 31 16:16:56 2018
Summary:     Recommended update for timezone, timezone-java
Type:        recommended
Severity:    moderate
References:  1113554
This update provides the latest time zone definitions (2018g), including the following change:

- Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554)

Advisory ID: SUSE-RU-2019:102-1
Released:    Tue Jan 15 18:02:58 2019
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1120402
This update for timezone fixes the following issues:

- Update 2018i:
  São Tomé and Príncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402)
- Update 2018h:
  Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21
  New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move
  Metlakatla, Alaska observes PST this winter only
  Guess Morocco will continue to adjust clocks around Ramadan
  Add predictions for Iran from 2038 through 2090
Advisory ID: SUSE-RU-2019:790-1
Released:    Thu Mar 28 12:06:17 2019
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1130557
This update for timezone fixes the following issues:

timezone was updated 2019a:

* Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23
* Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00
* Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25)
* zic now has an -r option to limit the time range of output data

Advisory ID: SUSE-RU-2019:1815-1
Released:    Thu Jul 11 07:47:55 2019
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1140016
This update for timezone fixes the following issues:

- Timezone update 2019b. (bsc#1140016):
  - Brazil no longer observes DST.
  - 'zic -b slim' outputs smaller TZif files.
  - Palestine's 2019 spring-forward transition was on 03-29, not 03-30.
  - Add info about the Crimea situation.

Advisory ID: SUSE-RU-2019:2762-1
Released:    Thu Oct 24 07:08:44 2019
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1150451
This update for timezone fixes the following issues:

- Fiji observes DST from 2019-11-10 to 2020-01-12.
- Norfolk Island starts observing Australian-style DST.

Advisory ID: SUSE-RU-2020:1303-1
Released:    Mon May 18 09:40:36 2020
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1169582
This update for timezone fixes the following issues:

- timezone update 2020a. (bsc#1169582)
  * Morocco springs forward on 2020-05-31, not 2020-05-24.
  * Canada's Yukon advanced to -07 year-round on 2020-03-08.
  * America/Nuuk renamed from America/Godthab.
  * zic now supports expiration dates for leap second lists.

Advisory ID: SUSE-RU-2020:1542-1
Released:    Thu Jun  4 13:24:37 2020
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1172055
This update for timezone fixes the following issue:

- zdump --version reported 'unknown' (bsc#1172055)
Advisory ID: SUSE-RU-2020:3099-1
Released:    Thu Oct 29 19:33:41 2020
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1177460
This update for timezone fixes the following issues:

- timezone update 2020b (bsc#1177460)
  * Revised predictions for Morocco's changes starting in 2023.
  * Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08.
  * Macquarie Island has stayed in sync with Tasmania since 2011.
  * Casey, Antarctica is at +08 in winter and +11 in summer.
  * zic no longer supports -y, nor the TYPE field of Rules.

Advisory ID: SUSE-RU-2020:3123-1
Released:    Tue Nov  3 09:48:13 2020
Summary:     Recommended update for timezone
Type:        recommended
Severity:    important
References:  1177460,1178346,1178350,1178353
This update for timezone fixes the following issues:

- Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353)
- Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460)
- Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460)

Advisory ID: SUSE-RU-2021:179-1
Released:    Wed Jan 20 13:38:51 2021
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1177460
This update for timezone fixes the following issues:

- timezone update 2020f (bsc#1177460)
  * 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
    fixing a 2020e bug.

- timezone update 2020e (bsc#1177460)
  * Volgograd switches to Moscow time on 2020-12-27 at 02:00.

- timezone update 2020f (bsc#1177460)
  * 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
    fixing a 2020e bug.

- timezone update 2020e (bsc#1177460)
  * Volgograd switches to Moscow time on 2020-12-27 at 02:00.

Advisory ID: SUSE-RU-2021:301-1
Released:    Thu Feb  4 08:46:27 2021
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1177460
This update for timezone fixes the following issues:

- timezone update 2021a (bsc#1177460)
  * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.

- timezone update 2021a (bsc#1177460)
  * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.

Advisory ID: SUSE-RU-2021:2573-1
Released:    Thu Jul 29 14:21:52 2021
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1188127
This update for timezone fixes the following issue:
- From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by
the IANA time zone database package, in addition to '', as before. This makes sure time zone aliases are
now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127).

Advisory ID: SUSE-RU-2021:3883-1
Released:    Thu Dec  2 11:47:07 2021
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1177460
This update for timezone fixes the following issues:

Update timezone to 2021e (bsc#1177460)

- Palestine will fall back 10-29 (not 10-30) at 01:00
- Fiji suspends DST for the 2021/2022 season
- 'zic -r' marks unspecified timestamps with '-00'
- Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers
- Refresh timezone info for china

Advisory ID: SUSE-SU-2022:1040-1
Released:    Wed Mar 30 09:40:58 2022
Summary:     Security update for protobuf
Type:        security
Severity:    moderate
References:  1195258,CVE-2021-22570
This update for protobuf fixes the following issues:

- CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258).

Advisory ID: SUSE-RU-2022:1047-1
Released:    Wed Mar 30 16:20:56 2022
Summary:     Recommended update for pam
Type:        recommended
Severity:    moderate
References:  1196093,1197024
This update for pam fixes the following issues:

- Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093)
- Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. 
  This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024)

Advisory ID: SUSE-SU-2022:1061-1
Released:    Wed Mar 30 18:27:06 2022
Summary:     Security update for zlib
Type:        security
Severity:    important
References:  1197459,CVE-2018-25032
This update for zlib fixes the following issues:

- CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459).

Advisory ID: SUSE-SU-2022:1073-1
Released:    Fri Apr  1 11:45:01 2022
Summary:     Security update for yaml-cpp
Type:        security
Severity:    moderate
References:  1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292
This update for yaml-cpp fixes the following issues:

- CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227).
- CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230).
- CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004).
- CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021).

Advisory ID: SUSE-RU-2022:1099-1
Released:    Mon Apr  4 12:53:05 2022
Summary:     Recommended update for aaa_base
Type:        recommended
Severity:    moderate
References:  1194883
This update for aaa_base fixes the following issues:

- Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883)
- Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8
  multi byte characters as well as support the vi mode of readline library

Advisory ID: SUSE-RU-2022:1107-1
Released:    Mon Apr  4 17:49:17 2022
Summary:     Recommended update for util-linux
Type:        recommended
Severity:    moderate
References:  1194642
This update for util-linux fixes the following issue:

- Improve throughput and reduce clock sequence increments for high load situation with time based 
  version 1 uuids. (bsc#1194642)

Advisory ID: SUSE-RU-2022:1118-1
Released:    Tue Apr  5 18:34:06 2022
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1177460
This update for timezone fixes the following issues:

- timezone update 2022a (bsc#1177460):
  * Palestine will spring forward on 2022-03-27, not on 03-26
  * `zdump -v` now outputs better failure indications
  * Bug fixes for code that reads corrupted TZif data

Advisory ID: SUSE-SU-2022:1157-1
Released:    Tue Apr 12 13:26:19 2022
Summary:     Security update for libsolv, libzypp, zypper
Type:        security
Severity:    important
References:  1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134
This update for libsolv, libzypp, zypper fixes the following issues:

Security relevant fix:

- Harden package signature checks (bsc#1184501).

libsolv update to 0.7.22:

- reworked choice rule generation to cover more usecases
- support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514)
- support parsing of Debian's Multi-Arch indicator
- fix segfault on conflict resolution when using bindings
- fix split provides not working if the update includes a forbidden vendor change
- support strict repository priorities
- support zstd compressed control files in debian packages
- add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20)
- support setting/reading userdata in solv files
  new functions: repowriter_set_userdata, solv_read_userdata
- support queying of the custom vendor check function
  new function: pool_get_custom_vendorcheck
- support solv files with an idarray block
- allow accessing the toolversion at runtime

libzypp update to 17.30.0:

- ZConfig: Update solver settings if target changes (bsc#1196368)
- Fix possible hang in singletrans mode (bsc#1197134)
- Do 2 retries if mount is still busy.
- Fix package signature check (bsc#1184501)
  Pay attention that header and payload are secured by a valid
  signature and report more detailed which signature is missing.
- Retry umount if device is busy (bsc#1196061, closes #381)
  A previously released ISO image may need a bit more time to
  release it's loop device. So we wait a bit and retry.
- Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925)
- Fix handling of ISO media in releaseAll (bsc#1196061)
- Hint on common ptf resolver conflicts (bsc#1194848)
- Hint on ptf<>patch resolver conflicts (bsc#1194848)

zypper update to 1.14.52:

- info: print the packages upstream URL if available (fixes #426)
- info: Fix SEGV with not installed PTFs (bsc#1196317)
- Don't prevent less restrictive umasks (bsc#1195999)

Advisory ID: SUSE-SU-2022:1158-1
Released:    Tue Apr 12 14:44:43 2022
Summary:     Security update for xz
Type:        security
Severity:    important
References:  1198062,CVE-2022-1271
This update for xz fixes the following issues:

- CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062)

Advisory ID: SUSE-RU-2022:1170-1
Released:    Tue Apr 12 18:20:07 2022
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1191502,1193086,1195247,1195529,1195899,1196567
This update for systemd fixes the following issues:

- Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567)
- When migrating from sysvinit to systemd (it probably won't happen anymore),
  let's use the default systemd target, which is the one.
- Don't open /var journals in volatile mode when runtime_journal==NULL
- udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529)
- man: tweak description of auto/noauto (bsc#1191502)
- shared/install: ignore failures for auxiliary files
- install: make UnitFileChangeType enum anonymous
- shared/install: reduce scope of iterator variables
- systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867)
- Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247)
- Drop or soften some of the deprecation warnings (bsc#1193086)

Advisory ID: SUSE-RU-2022:1281-1
Released:    Wed Apr 20 12:26:38 2022
Summary:     Recommended update for libtirpc
Type:        recommended
Severity:    moderate
References:  1196647
This update for libtirpc fixes the following issues:

- Add option to enforce connection via protocol version 2 first (bsc#1196647)

Advisory ID: SUSE-RU-2022:1302-1
Released:    Fri Apr 22 10:04:46 2022
Summary:     Recommended update for e2fsprogs
Type:        recommended
Severity:    moderate
References:  1196939
This update for e2fsprogs fixes the following issues:

- Add support for 'libreadline7' for Leap. (bsc#1196939)

Advisory ID: SUSE-RU-2022:1374-1
Released:    Mon Apr 25 15:02:13 2022
Summary:     Recommended update for openldap2
Type:        recommended
Severity:    moderate
References:  1191157,1197004
This update for openldap2 fixes the following issues:

- allow specification of max/min TLS version with TLS1.3 (bsc#1191157)
- libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol
  resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004)
- restore CLDAP functionality in CLI tools (jsc#PM-3288)

Advisory ID: SUSE-RU-2022:1409-1
Released:    Tue Apr 26 12:54:57 2022
Summary:     Recommended update for gcc11
Type:        recommended
Severity:    moderate
References:  1195628,1196107
This update for gcc11 fixes the following issues:

- Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from
  packages provided by older GCC work.  Add a requires from that
  package to the corresponding libstc++6 package to keep those
  at the same version.  [bsc#1196107]
- Fixed memory corruption when creating dependences with the D language frontend.
- Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628]
- Put libstdc++6-pp Requires on the shared library and drop
  to Recommends.

Advisory ID: SUSE-feature-2022:1419-1
Released:    Wed Apr 27 09:20:06 2022
Summary:     Feature update for grafana
Type:        feature
Severity:    moderate
References:  1194873,1195726,1195727,1195728,CVE-2021-36222,CVE-2021-3711,CVE-2021-39226,CVE-2021-41174,CVE-2021-41244,CVE-2021-43798,CVE-2021-43813,CVE-2021-43815,CVE-2022-21673,CVE-2022-21702,CVE-2022-21703,CVE-2022-21713
This update for grafana fixes the following issues:

Update from version 7.5.12 to version 8.3.5 (jsc#SLE-23422)

- Security:

    * CVE-2022-21702: XSS vulnerability in handling data sources (bsc#1195726)
    * CVE-2022-21703: cross-origin request forgery vulnerability (bsc#1195727)
    * CVE-2022-21713: Insecure Direct Object Reference vulnerability in Teams API (bsc#1195728)
    * CVE-2022-21673: GetUserInfo: return an error if no user was found (bsc#1194873)
    * CVE-2021-43813, CVE-2021-43815, CVE-2021-41244, CVE-2021-41174, CVE-2021-43798, CVE-2021-39226.
    * Upgrade Docker base image to Alpine 3.14.3.
    * CVE-2021-3711: Docker: Force use of libcrypto1.1 and libssl1.1 versions
    * Update dependencies to fix CVE-2021-36222.
    * Upgrade Go to 1.17.2.
    * Fix stylesheet injection vulnerability.
    * Fix short URL vulnerability.

- License update:
    * AGPL License: Update license from Apache 2.0 to the GNU Affero General Public License (AGPL).

- Breaking changes:
    * Grafana 8 Alerting enabled by default for installations that do not use legacy alerting.
    * Keep Last State for 'If execution error or timeout' when upgrading to Grafana 8 alerting.
    * Fix No Data behaviour in Legacy Alerting.
    * The following endpoints were deprecated for Grafana v5.0 and
      support for them has now been removed:
      * `GET /dashboards/db/:slug`
      * `GET /dashboard-solo/db/:slug`
      * `GET /api/dashboard/db/:slug`
      * `DELETE /api/dashboards/db/:slug`
    * The default HTTP method for Prometheus data source is now POST.
    * Removes the never refresh option for Query variables.
    * Removes the experimental Tags feature for Variables.

- Deprecations:
    * The InfoBox & FeatureInfoBox are now deprecated please use
      the Alert component instead with severity info.

- Bug fixes:
    * Azure Monitor: Bug fix for variable interpolations in metrics dropdowns.
    * Azure Monitor: Improved error messages for variable queries.
    * CloudMonitoring: Fixes broken variable queries that use group bys.
    * Configuration: You can now see your expired API keys if you have no active ones.
    * Elasticsearch: Fix handling multiple datalinks for a single field.
    * Export: Fix error when exporting dashboards using query variables that reference the default datasource.
    * ImportDashboard: Fixes issue with importing dashboard and name ending up in uid.
    * Login: Page no longer overflows on mobile.
    * Plugins: Set backend metadata property for core plugins.
    * Prometheus: Fill missing steps with null values.
    * Prometheus: Fix interpolation of `$__rate_interval` variable.
    * Prometheus: Interpolate variables with curly brackets syntax.
    * Prometheus: Respect the http-method data source setting.
    * Table: Fixes issue with field config applied to wrong fields when hiding columns.
    * Toolkit: Fix bug with rootUrls not being properly parsed when signing a private plugin.
    * Variables: Fix so data source variables are added to adhoc configuration.
    * AnnoListPanel: Fix interpolation of variables in tags.
    * CloudWatch: Allow queries to have no dimensions specified.
    * CloudWatch: Fix broken queries for users migrating from 8.2.4/8.2.5 to 8.3.0.
    * CloudWatch: Make sure MatchExact flag gets the right value.
    * Dashboards: Fix so that empty folders can be deleted from the manage dashboards/folders page.
    * InfluxDB: Improve handling of metadata query errors in InfluxQL.
    * Loki: Fix adding of ad hoc filters for queries with parser and line_format expressions.
    * Prometheus: Fix running of exemplar queries for non-histogram metrics.
    * Prometheus: Interpolate template variables in interval.
    * StateTimeline: Fix toolitp not showing when for frames with multiple fields.
    * TraceView: Fix virtualized scrolling when trace view is opened in right pane in Explore.
    * Variables: Fix repeating panels for on time range changed variables.
    * Variables: Fix so queryparam option works for scoped variables.
    * Alerting: Clear alerting rule evaluation errors after intermittent failures.
    * Alerting: Fix refresh on legacy Alert List panel.
    * Dashboard: Fix queries for panels with non-integer widths.
    * Explore: Fix url update inconsistency.
    * Prometheus: Fix range variables interpolation for time ranges smaller than 1 second.
    * ValueMappings: Fixes issue with regex value mapping that only sets color.
    * AccessControl: Renamed orgs roles, removed fixed:orgs:reader introduced in beta1.
    * Azure Monitor: Add trap focus for modals in grafana/ui and other small a11y fixes for Azure Monitor.
    * CodeEditor: Prevent suggestions from being clipped.
    * Dashboard: Fix cache timeout persistence.
    * Datasource: Fix stable sort order of query responses.
    * Explore: Fix error in query history when removing last item.
    * Logs: Fix requesting of older logs when flipped order.
    * Prometheus: Fix running of health check query based on access mode.
    * TextPanel: Fix suggestions for existing panels.
    * Tracing: Fix incorrect indentations due to reoccurring spanIDs.
    * Tracing: Show start time of trace with milliseconds precision.
    * Variables: Make renamed or missing variable section expandable.
    * API: Fix dashboard quota limit for imports.
    * Alerting: Fix rule editor issues with Azure Monitor data source.
    * Azure monitor: Make sure alert rule editor is not enabled when template variables are being used.
    * CloudMonitoring: Fix annotation queries.
    * CodeEditor: Trigger the latest getSuggestions() passed to CodeEditor.
    * Dashboard: Remove the current panel from the list of options in the Dashboard datasource.
    * Encryption: Fix decrypting secrets in alerting migration.
    * InfluxDB: Fix corner case where index is too large in ALIAS field.
    * NavBar: Order App plugins alphabetically.
    * NodeGraph: Fix zooming sensitivity on touchpads.
    * Plugins: Add OAuth pass-through logic to api/ds/query endpoint.
    * Snapshots: Fix panel inspector for snapshot data.
    * Tempo: Fix basic auth password reset on adding tag.
    * ValueMapping: Fixes issue with regex mappings.
    * TimeSeries: Fix fillBelowTo wrongly affecting fills of unrelated series.
    * Alerting: Fix a bug where the metric in the evaluation string was not correctly populated.
    * Alerting: Fix no data behaviour in Legacy Alerting for alert rules using the AND operator.
    * CloudMonitoring: Ignore min and max aggregation in MQL queries.
    * Dashboards: 'Copy' is no longer added to new dashboard titles.
    * DataProxy: Fix overriding response body when response is a WebSocket upgrade.
    * Elasticsearch: Use field configured in query editor as field for date_histogram aggregations.
    * Explore: Fix running queries without a datasource property set.
    * InfluxDB: Fix numeric aliases in queries.
    * Plugins: Ensure consistent plugin settings list response.
    * Tempo: Fix validation of float durations.
    * Tracing: Correct tags for each span are shown.
    * Alerting: Fix panic when Slack's API sends unexpected response.
    * Alerting: The Create Alert button now appears on the dashboard panel when you are working with a default 
    * Explore: We fixed the problem where the Explore log panel disappears when an Elasticsearch logs query returns no 
    * Graph: You can now see annotation descriptions on hover.
    * Logs: The system now uses the JSON parser only if the line is parsed to an object.
    * Prometheus: the system did not reuse TCP connections when querying from Grafana alerting.
    * Prometheus: error when a user created a query with a `$__interval` min step.
    * RowsToFields: the system was not properly interpreting number values.
    * Scale: We fixed how the system handles NaN percent when data min = data max.
    * Table panel: You can now create a filter that includes special characters.
    * Dashboard: Fix rendering of repeating panels.
    * Datasources: Fix deletion of data source if plugin is not found.
    * Packaging: Remove systemcallfilters sections from systemd unit files.
    * Prometheus: Add Headers to HTTP client options.
    * CodeEditor: Ensure that we trigger the latest onSave callback provided to the component.
    * DashboardList/AlertList: Fix for missing All folder value.
    * Alerting: Fixed an issue where the edit page crashes if you tried to preview an alert without a condition set.
    * Alerting: Fixed rules migration to keep existing Grafana 8 alert rules.
    * Alerting: Fixed the silence file content generated during migration.
    * Analytics: Fixed an issue related to interaction event propagation in Azure Application Insights.
    * BarGauge: Fixed an issue where the cell color was lit even though there was no data.
    * BarGauge: Improved handling of streaming data.
    * CloudMonitoring: Fixed INT64 label unmarshal error.
    * ConfirmModal: Fixes confirm button focus on modal open.
    * Dashboard: Add option to generate short URL for variables with values containing spaces.
    * Explore: No longer hides errors containing refId property.
    * Fixed an issue that produced State timeline panel tooltip error when data was not in sync.
    * InfluxDB: InfluxQL query editor is set to always use resultFormat.
    * Loki: Fixed creating context query for logs with parsed labels.
    * PageToolbar: Fixed alignment of titles.
    * Plugins Catalog: Update to the list of available panels after an install, update or uninstall.
    * TimeSeries: Fixed an issue where the shared cursor was not showing when hovering over in old Graph panel.
    * Variables: Fixed issues related to change of focus or refresh pages when pressing enter in a text box variable 
    * Variables: Panel no longer crash when using the adhoc variable in data links.
    * Admin: Prevent user from deleting user's current/active organization.
    * LibraryPanels: Fix library panel getting saved in the dashboard's folder.
    * OAuth: Make generic teams URL and JMES path configurable.
    * QueryEditor: Fix broken copy-paste for mouse middle-click
    * Thresholds: Fix undefined color in 'Add threshold'.
    * Timeseries: Add wide-to-long, and fix multi-frame output.
    * TooltipPlugin: Fix behavior of Shared Crosshair when Tooltip is set to All.
    * Alerting: Fix alerts with evaluation interval more than 30
      seconds resolving before notification.
    * Elasticsearch/Prometheus: Fix usage of proper SigV4 service
    * BarChart: Fixes panel error that happens on second refresh.
    * Alerting: Fix notification channel migration.
    * Annotations: Fix blank panels for queries with unknown data
    * BarChart: Fix stale values and x axis labels.
    * Graph: Make old graph panel thresholds work even if ngalert
      is enabled.
    * InfluxDB: Fix regex to identify / as separator.
    * LibraryPanels: Fix update issues related to library panels in
    * Variables: Fix variables not updating inside a Panel when the
      preceding Row uses 'Repeat For'.
    * Alerting: Fix alert flapping in the internal alertmanager.
    * Alerting: Fix request handler failed to convert dataframe
      'results' to plugins.DataTimeSeriesSlice: input frame is not
      recognized as a time series.
    * Dashboard: Fix UIDs are not preserved when importing/creating
      dashboards thru importing .json file.
    * Dashboard: Forces panel re-render when exiting panel edit.
    * Dashboard: Prevent folder from changing when navigating to
      general settings.
    * Elasticsearch: Fix metric names for alert queries.
    * Elasticsearch: Limit Histogram field parameter to numeric values.
    * Elasticsearch: Prevent pipeline aggregations to show up in
      terms order by options.
    * LibraryPanels: Prevent duplicate repeated panels from being created.
    * Loki: Fix ad-hoc filter in dashboard when used with parser.
    * Plugins: Track signed files + add warn log for plugin assets
      which are not signed.
    * Postgres/MySQL/MSSQL: Fix region annotations not displayed correctly.
    * Prometheus: Fix validate selector in metrics browser.
    * Alerting: Fix saving LINE contact point.
    * Annotations: Fix alerting annotation coloring.
    * Annotations: Alert annotations are now visible in the correct
    * Auth: Hide SigV4 config UI and disable middleware when its
      config flag is disabled.
    * Dashboard: Prevent incorrect panel layout by comparing window
      width against theme breakpoints.
    * Elasticsearch: Fix metric names for alert queries.
    * Explore: Fix showing of full log context.
    * PanelEdit: Fix 'Actual' size by passing the correct panel
      size to Dashboard.
    * Plugins: Fix TLS datasource settings.
    * Variables: Fix issue with empty drop downs on navigation.
    * Variables: Fix URL util converting false into true.
    * CloudWatch Logs: Fix crash when no region is selected.
    * Annotations: Correct annotations that are displayed upon page refresh.
    * Annotations: Fix Enabled button that disappeared from Grafana v8.0.6.
    * Annotations: Fix data source template variable that was not available for annotations.
    * AzureMonitor: Fix annotations query editor that does not load.
    * Geomap: Fix scale calculations.
    * GraphNG: Fix y-axis autosizing.
    * Live: Display stream rate and fix duplicate channels in list response.
    * Loki: Update labels in log browser when time range changes in dashboard.
    * NGAlert: Send resolve signal to alertmanager on alerting -> Normal.
    * PasswordField: Prevent a password from being displayed when you click the Enter button.
    * Renderer: Remove debug.log file when Grafana is stopped.
    * Docker: Fix builds by delaying go mod verify until all required files are copied over.
    * Exemplars: Fix disable exemplars only on the query that failed.
    * SQL: Fix SQL dataframe resampling (fill mode + time intervals).
    * Alerting: Handle marshaling Inf values.
    * AzureMonitor: Fix macro resolution for template variables.
    * AzureMonitor: Fix queries with Microsoft.NetApp/../../volumes
    * AzureMonitor: Request and concat subsequent resource pages.
    * Bug: Fix parse duration for day.
    * Datasources: Improve error handling for error messages.
    * Explore: Correct the functionality of shift-enter shortcut
      across all uses.
    * Explore: Show all dataFrames in data tab in Inspector.
    * GraphNG: Fix Tooltip mode 'All' for XYChart.
    * Loki: Fix highlight of logs when using filter expressions
      with backticks.
    * Modal: Force modal content to overflow with scroll.
    * Plugins: Ignore symlinked folders when verifying plugin
    * Alerting: Fix improper alert by changing the handling of
      empty labels.
    * CloudWatch/Logs: Reestablish Cloud Watch alert behavior.
    * Dashboard: Avoid migration breaking on fieldConfig without
      defaults field in folded panel.
    * DashboardList: Fix issue not re-fetching dashboard list after
      variable change.
    * Database: Fix incorrect format of isolation level
      configuration parameter for MySQL.
    * InfluxDB: Correct tag filtering on InfluxDB data.
    * Links: Fix links that caused a full page reload.
    * Live: Fix HTTP error when InfluxDB metrics have an incomplete
      or asymmetrical field set.
    * Postgres/MySQL/MSSQL: Change time field to 'Time' for time
      series queries.
    * Postgres: Fix the handling of a null return value in query
    * Tempo: Show hex strings instead of uints for IDs.
    * TimeSeries: Improve tooltip positioning when tooltip
    * Transformations: Add 'prepare time series' transformer.
    * AzureMonitor: Fix issue where resource group name is missing
      on the resource picker button.
    * Chore: Fix AWS auth assuming role with workspace IAM.
    * DashboardQueryRunner: Fixes unrestrained subscriptions being
    * DateFormats: Fix reading correct setting key for
    * Links: Fix links to other apps outside Grafana when under sub
    * Snapshots: Fix snapshot absolute time range issue.
    * Table: Fix data link color.
    * Time Series: Fix X-axis time format when tick increment is
      larger than a year.
    * Tooltip Plugin: Prevent tooltip render if field is undefined.
    * Elasticsearch: Allow case sensitive custom options in
      date_histogram interval.
    * Elasticsearch: Restore previous field naming strategy when
      using variables.
    * Explore: Fix import of queries between SQL data sources.
    * InfluxDB: InfluxQL query editor: fix retention policy
    * Loki: Send correct time range in template variable queries.
    * TimeSeries: Preserve RegExp series overrides when migrating
      from old graph panel.
    * Annotations: Fix annotation line and marker colors.
    * AzureMonitor: Fix KQL template variable queries without
      default workspace.
    * CloudWatch/Logs: Fix missing response data for log queries.
    * Elasticsearch: Restore previous field naming strategy when
      using variables.
    * LibraryPanels: Fix crash in library panels list when panel
      plugin is not found.
    * LogsPanel: Fix performance drop when moving logs panel in
    * Loki: Parse log levels when ANSI coloring is enabled.
    * MSSQL: Fix issue with hidden queries still being executed.
    * PanelEdit: Display the VisualizationPicker that was not
      displayed if a panel has an unknown panel plugin.
    * Plugins: Fix loading symbolically linked plugins.
    * Prometheus: Fix issue where legend name was replaced with
      name Value in stat and gauge panels.
    * State Timeline: Fix crash when hovering over panel.
    * Configuration: Fix changing org preferences in FireFox.
    * PieChart: Fix legend dimension limits.
    * Postgres/MySQL/MSSQL: Fix panic in concurrent map writes.
    * Variables: Hide default data source if missing from regex.
    * Alerting/SSE: Fix 'count_non_null' reducer validation.
    * Cloudwatch: Fix duplicated time series.
    * Cloudwatch: Fix missing defaultRegion.
    * Dashboard: Fix Dashboard init failed error on dashboards with
      old singlestat panels in collapsed rows.
    * Datasource: Fix storing timeout option as numeric.
    * Postgres/MySQL/MSSQL: Fix annotation parsing for empty
    * Postgres/MySQL/MSSQL: Numeric/non-string values are now
      returned from query variables.
    * Postgres: Fix an error that was thrown when the annotation
      query did not return any results.
    * StatPanel: Fix an issue with the appearance of the graph when
      switching color mode.
    * Visualizations: Fix an issue in the
      Stat/BarGauge/Gauge/PieChart panels where all values mode
      were showing the same name if they had the same value.
    * AzureMonitor: Fix Azure Resource Graph queries in Azure
    * Checkbox: Fix vertical layout issue with checkboxes due to
      fixed height.
    * Dashboard: Fix Table view when editing causes the panel data
      to not update.
    * Dashboard: Fix issues where unsaved-changes warning is not
    * Login: Fixes Unauthorized message showing when on login page
      or snapshot page.
    * NodeGraph: Fix sorting markers in grid view.
    * Short URL: Include orgId in generated short URLs.
    * Variables: Support raw values of boolean type.
    * Admin: Fix infinite loading edit on the profile page.
    * Color: Fix issues with random colors in string and date
    * Dashboard: Fix issue with title or folder change has no
      effect after exiting settings view.
    * DataLinks: Fix an issue is not working in data
    * Datasource: Fix dataproxy timeout should always be applied
      for outgoing data source HTTP requests.
    * Elasticsearch: Fix NewClient not passing httpClientProvider
      to client impl.
    * Explore: Fix Browser title not updated on Navigation to
    * GraphNG: Remove fieldName and hideInLegend properties from
    * OAuth: Fix fallback to auto_assign_org_role setting for Azure
      AD OAuth when no role claims exists.
    * PanelChrome: Fix issue with empty panel after adding a non
      data panel and coming back from panel edit.
    * StatPanel: Fix data link tooltip not showing for single
    * Table: Fix sorting for number fields.
    * Table: Have text underline for datalink, and add support for
      image datalink.
    * Time series panel: Position tooltip correctly when window is
      scrolled or resized.
    * Transformations: Prevent FilterByValue transform from
      crashing panel edit.
    * Annotations panel: Remove subpath from dashboard links.
    * Content Security Policy: Allow all image sources by default.
    * Content Security Policy: Relax default template wrt. loading
      of scripts, due to nonces not working.
    * Datasource: Fix tracing propagation for alert execution by
      introducing HTTP client outgoing tracing middleware.
    * InfluxDB: InfluxQL always apply time interval end.
    * Library Panels: Fixes 'error while loading library panels'.
    * NewsPanel: Fixes rendering issue in Safari.
    * PanelChrome: Fix queries being issued again when scrolling in
      and out of view.
    * Plugins: Fix Azure token provider cache panic and auth param
      nil value.
    * Snapshots: Fix key and deleteKey being ignored when creating
      an external snapshot.
    * Table: Fix issue with cell border not showing with colored
      background cells.
    * Table: Makes tooltip scrollable for long JSON values.
    * TimeSeries: Fix for Connected null values threshold toggle
      during panel editing.
    * Variables: Fixes inconsistent selected states on dashboard
    * Variables: Refreshes all panels even if panel is full screen.
    * APIKeys: Fixes issue with adding first api key.
    * Alerting: Add checks for non supported units - disable
      defaulting to seconds.
    * Alerting: Fix issue where Slack notifications won't link to
      user IDs.
    * Alerting: Omit empty message in PagerDuty notifier.
    * AzureMonitor: Fix migration error from older versions of App
      Insights queries.
    * CloudWatch: Fix AWS/Connect dimensions.
    * CloudWatch: Fix broken AWS/MediaTailor dimension name.
    * Dashboards: Allow string manipulation as advanced variable
      format option.
    * DataLinks: Includes harmless extended characters like
      Cyrillic characters.
    * Drawer: Fixes title overflowing its container.
    * Explore: Fix issue when some query errors were not shown.
    * Generic OAuth: Prevent adding duplicated users.
    * Graphite: Handle invalid annotations.
    * Graphite: Fix autocomplete when tags are not available.
    * InfluxDB: Fix Cannot read property 'length' of undefined in
      when parsing response.
    * Instrumentation: Enable tracing when Jaeger host and port are
    * Instrumentation: Prefix metrics with grafana.
    * MSSQL: By default let driver choose port.
    * OAuth: Add optional strict parsing of role_attribute_path.
    * Panel: Fixes description markdown with inline code being
      rendered on newlines and full width.
    * PanelChrome: Ignore data updates & errors for non data
    * Permissions: Fix inherited folder permissions can prevent new
      permissions being added to a dashboard.
    * Plugins: Remove pre-existing plugin installs when installing
      with grafana-cli.
    * Plugins: Support installing to folders with whitespace and
      fix pluginUrl trailing and leading whitespace failures.
    * Postgres/MySQL/MSSQL: Don't return connection failure details
      to the client.
    * Postgres: Fix ms precision of interval in time group macro
      when TimescaleDB is enabled.
    * Provisioning: Use dashboard checksum field as change
    * SQL: Fix so that all captured errors are returned from sql
    * Shortcuts: Fixes panel shortcuts so they always work.
    * Table: Fixes so border is visible for cells with links.
    * Variables: Clear query when data source type changes.
    * Variables: Filters out builtin variables from unknown list.
    * Variables: Refreshes all panels even if panel is full screen.
    * Alerting: Fix NoDataFound for alert rules using AND operator.

- Features and enhancements:
    * Alerting: Allow configuration of non-ready alertmanagers.
    * Alerting: Allow customization of Google chat message.
    * AppPlugins: Support app plugins with only default nav.
    * InfluxDB: query editor: skip fields in metadata queries.
    * Postgres/MySQL/MSSQL: Cancel in-flight SQL query if user cancels query in grafana.
    * Prometheus: Forward oauth tokens after prometheus datasource  migration.
    * BarChart: Use new data error view component to show actions in panel edit.
    * CloudMonitor: Iterate over pageToken for resources.
    * Macaron: Prevent WriteHeader invalid HTTP status code panic
    * Alerting: Prevent folders from being deleted when they  contain alerts.
    * Alerting: Show full preview value in tooltip.
    * BarGauge: Limit title width when name is really long.
    * CloudMonitoring: Avoid to escape regexps in filters.
    * CloudWatch: Add support for AWS Metric Insights.
    * TooltipPlugin: Remove other panels' shared tooltip in edit panel.
    * Visualizations: Limit y label width to 40% of visualization width.
    * Alerting: Create DatasourceError alert if evaluation returns error.
    * Alerting: Make Unified Alerting enabled by default for those who do not use legacy alerting.
    * Alerting: Support mute timings configuration through the api for the embedded alert manager.
    * CloudWatch: Add missing AWS/Events metrics.
    * Docs: Add easier to find deprecation notices to certain data sources and to the changelog.
    * Plugins Catalog: Enable install controls based on the pluginAdminEnabled flag.
    * Table: Add space between values for the DefaultCell and JSONViewCell.
    * Tracing: Make query editors available in dashboard for Tempo and Zipkin.
    * Alerting: Add UI for contact point testing with custom annotations and labels.
    * Alerting: Make alert state indicator in panel header work with Grafana 8 alerts.
    * Alerting: Option for Discord notifier to use webhook name.
    * Annotations: Deprecate AnnotationsSrv.
    * Auth: Omit all base64 paddings in JWT tokens for the JWT auth.
    * Azure Monitor: Clean up fields when editing Metrics.
    * AzureMonitor: Add new starter dashboards.
    * AzureMonitor: Add starter dashboard for app monitoring with Application Insights.
    * Barchart/Time series: Allow x axis label.
    * CLI: Improve error handling for installing plugins.
    * CloudMonitoring: Migrate to use backend plugin SDK contracts.
    * CloudWatch Logs: Add retry strategy for hitting max concurrent queries.
    * CloudWatch: Add AWS RoboMaker metrics and dimension.
    * CloudWatch: Add AWS Transfer metrics and dimension.
    * Dashboard: replace datasource name with a reference object.
    * Dashboards: Show logs on time series when hovering.
    * Elasticsearch: Add support for Elasticsearch 8.0 (Beta).
    * Elasticsearch: Add time zone setting to Date Histogram aggregation.
    * Elasticsearch: Enable full range log volume histogram.
    * Elasticsearch: Full range logs volume.
    * Explore: Allow changing the graph type.
    * Explore: Show ANSI colors when highlighting matched words in the logs panel.
    * Graph(old) panel: Listen to events from Time series panel.
    * Import: Load gcom dashboards from URL.
    * LibraryPanels: Improves export and import of library panels between orgs.
    * OAuth: Support PKCE.
    * Panel edit: Overrides now highlight correctly when searching.
    * PanelEdit: Display drag indicators on draggable sections.
    * Plugins: Refactor Plugin Management.
    * Prometheus: Add custom query parameters when creating PromLink url.
    * Prometheus: Remove limits on metrics, labels, and values in Metrics Browser.
    * StateTimeline: Share cursor with rest of the panels.
    * Tempo: Add error details when json upload fails.
    * Tempo: Add filtering for service graph query.
    * Tempo: Add links to nodes in Service Graph pointing to Prometheus metrics.
    * Time series/Bar chart panel: Add ability to sort series via legend.
    * TimeSeries: Allow multiple axes for the same unit.
    * TraceView: Allow span links defined on dataFrame.
    * Transformations: Support a rows mode in labels to fields.
    * ValueMappings: Don't apply field config defaults to time fields.
    * Variables: Only update panels that are impacted by variable change.
    * Annotations: We have improved tag search performance.
    * Application: You can now configure an error-template title.
    * AzureMonitor: We removed a restriction from the resource filter query.
    * Packaging: We removed the ProcSubset option in systemd. This option prevented Grafana from starting in 
      LXC environments.
    * Prometheus: We removed the autocomplete limit for metrics.
    * Table: We improved the styling of the type icons to make them more distinct from column / field name.
    * ValueMappings: You can now use value mapping in stat, gauge, bar gauge, and pie chart visualizations.
    * AWS: Updated AWS authentication documentation.
    * Alerting: Added support Alertmanager data source for upstream Prometheus AM implementation.
    * Alerting: Allows more characters in label names so notifications are sent.
    * Alerting: Get alert rules for a dashboard or a panel using `/api/v1/rules` endpoints.
    * Annotations: Improved rendering performance of event markers.
    * CloudWatch Logs: Skip caching for log queries.
    * Explore: Added an opt-in configuration for Node Graph in Jaeger, Zipkin, and Tempo.
    * Packaging: Add stricter systemd unit options.
    * Prometheus: Metrics browser can now handle label values with special characters.
    * AccessControl: Document new permissions restricting data source access.
    * TimePicker: Add fiscal years and search to time picker.
    * Alerting: Added support for Unified Alerting with Grafana HA.
    * Alerting: Added support for tune rule evaluation using configuration options.
    * Alerting: Cleanups alertmanager namespace from key-value store when disabling Grafana 8 alerts.
    * Alerting: Remove ngalert feature toggle and introduce two new settings for enabling Grafana 8 alerts and 
      disabling them for specific organisations.
    * CloudWatch: Introduced new math expression where it is necessary to specify the period field.
    * InfluxDB: Added support for `$__interval` and `$__interval_ms` inFlux queries for alerting.
    * InfluxDB: Flux queries can use more precise start and end timestamps with nanosecond-precision.
    * Plugins Catalog: Make the catalog the default way to interact with plugins.
    * Prometheus: Removed autocomplete limit for metrics.
    * AccessControl: Introduce new permissions to restrict access for reloading provisioning configuration.
    * Alerting: Add UI to edit Cortex/Loki namespace, group names, and group evaluation interval.
    * Alerting: Add a Test button to test contact point.
    * Alerting: Allow creating/editing recording rules for Loki and Cortex.
    * Alerting: Metrics should have the label org instead of user.
    * Alerting: Sort notification channels by name to make them easier to locate.
    * Alerting: Support org level isolation of notification configuration.
    * AzureMonitor: Add data links to deep link to Azure Portal Azure Resource Graph.
    * AzureMonitor: Add support for annotations from Azure Monitor Metrics and Azure Resource Graph services.
    * AzureMonitor: Show error message when subscriptions request fails in ConfigEditor.
    * CloudWatch Logs: Add link to X-Ray data source for trace IDs in logs.
    * CloudWatch Logs: Disable query path using websockets (Live) feature.
    * CloudWatch/Logs: Don't group dataframes for non time series queries.
    * Cloudwatch: Migrate queries that use multiple stats to one query per stat.
    * Dashboard: Keep live timeseries moving left (v2).
    * Datasources: Introduce response_limit for datasource responses.
    * Explore: Add filter by trace or span ID to trace to logs feature.
    * Explore: Download traces as JSON in Explore Inspector.
    * Explore: Reuse Dashboard's QueryRows component.
    * Explore: Support custom display label for derived fields buttons for Loki datasource.
    * Grafana UI: Update monaco-related dependencies.
    * Graphite: Deprecate browser access mode.
    * InfluxDB: Improve handling of intervals in alerting.
    * InfluxDB: InfluxQL query editor: Handle unusual characters in tag values better.
    * Jaeger: Add ability to upload JSON file for trace data.
    * LibraryElements: Enable specifying UID for new and existing library elements.
    * LibraryPanels: Remove library panel icon from the panel header so you can no longer tell that a panel is a 
      library panel from the dashboard view.
    * Logs panel: Scroll to the bottom on page refresh when sorting in ascending order.
    * Loki: Add fuzzy search to label browser.
    * Navigation: Implement active state for items in the Sidemenu.
    * Packaging: Add stricter systemd unit options.
    * Packaging: Update PID file location from /var/run to /run.
    * Plugins: Add Hide OAuth Forward config option.
    * Postgres/MySQL/MSSQL: Add setting to limit the maximum number of rows processed.
    * Prometheus: Add browser access mode deprecation warning.
    * Prometheus: Add interpolation for built-in-time variables to backend.
    * Tempo: Add ability to upload trace data in JSON format.
    * TimeSeries/XYChart: Allow grid lines visibility control in XYChart and TimeSeries panels.
    * Transformations: Convert field types to time string number or boolean.
    * Value mappings: Add regular-expression based value mapping.
    * Zipkin: Add ability to upload trace JSON.
    * Explore: Ensure logs volume bar colors match legend colors.
    * LDAP: Search all DNs for users.
    * AzureMonitor: Add support for PostgreSQL and MySQL Flexible Servers.
    * Datasource: Change HTTP status code for failed datasource
      health check to 400.
    * Explore: Add span duration to left panel in trace viewer.
    * Plugins: Use file extension allowlist when serving plugin
      assets instead of checking for UNIX executable.
    * Profiling: Add support for binding pprof server to custom
      network interfaces.
    * Search: Make search icon keyboard navigable.
    * Template variables: Keyboard navigation improvements.
    * Tooltip: Display ms within minute time range.
    * Alerting: Deduplicate receivers during migration.
    * ColorPicker: Display colors as RGBA.
    * Select: Make portalling the menu opt-in, but opt-in everywhere.
    * TimeRangePicker: Improve accessibility.
    * Alerting: Support label matcher syntax in alert rule list filter.
    * IconButton: Put tooltip text as aria-label.
    * Live: Experimental HA with Redis.
    * UI: FileDropzone component.
    * CloudWatch: Add AWS LookoutMetrics.
    * Alerting: Expand the value string in alert annotations and labels.
    * Auth: Add Azure HTTP authentication middleware.
    * Auth: Auth: Pass user role when using the authentication proxy.
    * Gazetteer: Update countries.json file to allow for linking to 3-letter country codes.
    * Alerting: Add Alertmanager notifications tab.
    * Alerting: Add button to deactivate current Alertmanager
    * Alerting: Add toggle in Loki/Prometheus data source
      configuration to opt out of alerting UI.
    * Alerting: Allow any 'evaluate for' value >=0 in the alert
      rule form.
    * Alerting: Load default configuration from status endpoint, if
      Cortex Alertmanager returns empty user configuration. 
    * Alerting: view to display alert rule and its underlying data.
    * Annotation panel: Release the annotation panel.
    * Annotations: Add typeahead support for tags in built-in
    * AzureMonitor: Add curated dashboards for Azure services.
    * AzureMonitor: Add support for deep links to Microsoft Azure
      portal for Metrics.
    * AzureMonitor: Remove support for different credentials for
      Azure Monitor Logs.
    * AzureMonitor: Support querying any Resource for Logs queries.
    * Elasticsearch: Add frozen indices search support.
    * Elasticsearch: Name fields after template variables values
      instead of their name.
    * Elasticsearch: add rate aggregation.
    * Email: Allow configuration of content types for email
    * Explore: Add more meta information when line limit is hit.
    * Explore: UI improvements to trace view.
    * FieldOverrides: Added support to change display name in an
      override field and have it be matched by a later rule.
    * HTTP Client: Introduce dataproxy_max_idle_connections config
    * InfluxDB: InfluxQL: adds tags to timeseries data.
    * InfluxDB: InfluxQL: make measurement search case insensitive.
      Legacy Alerting: Replace simplejson with a struct in webhook
      notification channel.
    * Legend: Updates display name for Last (not null) to just
    * Logs panel: Add option to show common labels.
    * Loki: Add $__range variable.
    * Loki: Add support for 'label_values(log stream selector,
      label)' in templating.
    * Loki: Add support for ad-hoc filtering in dashboard.
    * MySQL Datasource: Add timezone parameter.
    * NodeGraph: Show gradient fields in legend.
    * PanelOptions: Don't mutate panel options/field config object
      when updating.
    * PieChart: Make pie gradient more subtle to match other
    * Prometheus: Update PromQL typeahead and highlighting.
    * Prometheus: interpolate variable for step field.
    * Provisioning: Improve validation by validating across all
      dashboard providers.
    * SQL Datasources: Allow multiple string/labels columns with
      time series.
    * Select: Portal select menu to document.body.
    * Team Sync: Add group mapping to support team sync in the
      Generic OAuth provider.
    * Tooltip: Make active series more noticeable.
    * Tracing: Add support to configure trace to logs start and end
    * Transformations: Skip merge when there is only a single data
    * ValueMapping: Added support for mapping text to color,
      boolean values, NaN and Null. Improved UI for value mapping.
    * Visualizations: Dynamically set any config (min, max, unit,
      color, thresholds) from query results.
    * live: Add support to handle origin without a value for the
      port when matching with root_url.
    * Alerting: Add annotation upon alert state change.
    * Alerting: Allow space in label and annotation names.
    * InfluxDB: Improve legend labels for InfluxDB query results.
    * Cloudwatch Logs: Send error down to client.
    * Folders: Return 409 Conflict status when folder already
    * TimeSeries: Do not show series in tooltip if it's hidden in
      the viz.
    * Live: Rely on app url for origin check.
    * PieChart: Sort legend descending, update placeholder.
    * TimeSeries panel: Do not reinitialize plot when thresholds
      mode change.
    * Alerting: Increase alertmanager_conf column if MySQL.
    * Time series/Bar chart panel: Handle infinite numbers as nulls
      when converting to plot array.
    * TimeSeries: Ensure series overrides that contain color are
      migrated, and migrate the previous fieldConfig when changing
      the panel type.
    * ValueMappings: Improve singlestat value mappings migration.
    * Datasource: Add support for max_conns_per_host in dataproxy
    * AzureMonitor: Require default subscription for workspaces()
      template variable query.
    * AzureMonitor: Use resource type display names in the UI.
    * Dashboard: Remove support for loading and deleting dashboard
      by slug.
    * InfluxDB: Deprecate direct browser access in data source.
    * VizLegend: Add a read-only property.
    * API: Support folder UID in dashboards API.
    * Alerting: Add support for configuring avatar URL for the
      Discord notifier.
    * Alerting: Clarify that Threema Gateway Alerts support only
      Basic IDs.
    * Azure: Expose Azure settings to external plugins.
    * AzureMonitor: Deprecate using separate credentials for Azure
      Monitor Logs.
    * AzureMonitor: Display variables in resource picker for Azure
      Monitor Logs.
    * AzureMonitor: Hide application insights for data sources not
      using it.
    * AzureMonitor: Support querying subscriptions and resource
      groups in Azure Monitor Logs.
    * AzureMonitor: remove requirement for default subscription.
    * CloudWatch: Add Lambda at Edge Amazon CloudFront metrics.
    * CloudWatch: Add missing AWS AppSync metrics.
    * ConfirmModal: Auto focus delete button.
    * Explore: Add caching for queries that are run from logs
    * Loki: Add formatting for annotations.
    * Loki: Bring back processed bytes as meta information.
    * NodeGraph: Display node graph collapsed by default with trace
    * Overrides: Include a manual override option to hide something
      from visualization.
    * PieChart: Support row data in pie charts.
    * Prometheus: Update default HTTP method to POST for existing
      data sources.
    * Time series panel: Position tooltip correctly when window is
      scrolled or resized.
    * AppPlugins: Expose react-router to apps.
    * AzureMonitor: Add Azure Resource Graph.
    * AzureMonitor: Managed Identity configuration UI.
    * AzureMonitor: Token provider with support for Managed
    * AzureMonitor: Update Logs workspace() template variable query
      to return resource URIs.
    * BarChart: Value label sizing.
    * CloudMonitoring: Add support for preprocessing.
    * CloudWatch: Add AWS/EFS StorageBytes metric.
    * CloudWatch: Allow use of missing AWS namespaces using custom
    * Datasource: Shared HTTP client provider for core backend data
      sources and any data source using the data source proxy.
    * InfluxDB: InfluxQL: allow empty tag values in the query
    * Instrumentation: Instrument incoming HTTP request with
      histograms by default.
    * Library Panels: Add name endpoint & unique name validation to
    * Logs panel: Support details view.
    * PieChart: Always show the calculation options dropdown in the
    * PieChart: Remove beta flag.
    * Plugins: Enforce signing for all plugins.
    * Plugins: Remove support for deprecated backend plugin
      protocol version.
    * Tempo/Jaeger: Add better display name to legend.
    * Timeline: Add time range zoom.
    * Timeline: Adds opacity & line width option.
    * Timeline: Value text alignment option.
    * ValueMappings: Add duplicate action, and disable dismiss on
      backdrop click.
    * Zipkin: Add node graph view to trace response.
    * API: Add org users with pagination.
    * API: Return 404 when deleting nonexistent API key.
    * API: Return query results as JSON rather than base64 encoded
    * Alerting: Allow sending notification tags to Opsgenie as
      extra properties.
    * Alerts: Replaces all uses of InfoBox & FeatureInfoBox with
    * Auth: Add support for JWT Authentication.
    * AzureMonitor: Add support for
      Microsoft.SignalRService/SignalR metrics.
    * AzureMonitor: Azure settings in Grafana server config.
    * AzureMonitor: Migrate Metrics query editor to React.
    * BarChart panel: enable series toggling via legend.
    * BarChart panel: Adds support for Tooltip in BarChartPanel.
    * PieChart panel: Change look of highlighted pie slices.
    * CloudMonitoring: Migrate config editor from angular to react.
    * CloudWatch: Add Amplify Console metrics and dimensions.
    * CloudWatch: Add missing Redshift metrics to CloudWatch data
    * CloudWatch: Add metrics for managed RabbitMQ service.
    * DashboardList: Enable templating on search tag input.
    * Datasource config: correctly remove single custom http
    * Elasticsearch: Add generic support for template variables.
    * Elasticsearch: Allow omitting field when metric supports
      inline script.
    * Elasticsearch: Allow setting a custom limit for log queries.
    * Elasticsearch: Guess field type from first non-empty value.
    * Elasticsearch: Use application/x-ndjson content type for
      multisearch requests.
    * Elasticsearch: Use semver strings to identify ES version.
    * Explore: Add logs navigation to request more logs.
    * Explore: Map Graphite queries to Loki.
    * Explore: Scroll split panes in Explore independently.
    * Explore: Wrap each panel in separate error boundary.
    * FieldDisplay: Smarter naming of stat values when visualising
      row values (all values) in stat panels.
    * Graphite: Expand metric names for variables.
    * Graphite: Handle unknown Graphite functions without breaking
      the visual editor.
    * Graphite: Show graphite functions descriptions.
    * Graphite: Support request cancellation properly (Uses new
      backendSrv.fetch Observable request API).
    * InfluxDB: Flux: Improve handling of complex
    * InfluxDB: Support region annotations.
    * Inspector: Download logs for manual processing.
    * Jaeger: Add node graph view for trace.
    * Jaeger: Search traces.
    * Loki: Use data source settings for alerting queries.
    * NodeGraph: Exploration mode.
    * OAuth: Add support for empty scopes.
    * PanelChrome: New logic-less emotion based component with no
      dependency on PanelModel or DashboardModel.
    * PanelEdit: Adds a table view toggle to quickly view data in
      table form.
    * PanelEdit: Highlight matched words when searching options.
    * PanelEdit: UX improvements.
    * Plugins: PanelRenderer and simplified QueryRunner to be used
      from plugins.
    * Plugins: AuthType in route configuration and params
    * Plugins: Enable plugin runtime install/uninstall
    * Plugins: Support set body content in plugin routes.
    * Plugins: Introduce marketplace app.
    * Plugins: Moving the DataSourcePicker to grafana/runtime so it
      can be reused in plugins.
    * Prometheus: Add custom query params for alert and exemplars
    * Prometheus: Use fuzzy string matching to autocomplete metric
      names and label.
    * Routing: Replace Angular routing with react-router.
    * Slack: Use chat.postMessage API by default.
    * Tempo: Search for Traces by querying Loki directly from
    * Tempo: Show graph view of the trace.
    * Themes: Switch theme without reload using global shortcut.
    * TimeSeries panel: Add support for shared cursor.
    * TimeSeries panel: Do not crash the panel if there is no time
      series data in the response.
    * Variables: Do not save repeated panels, rows and scopedVars.
    * Variables: Removes experimental Tags feature.
    * Variables: Removes the never refresh option.
    * Visualizations: Unify tooltip options across visualizations.
    * Visualizations: Refactor and unify option creation between
      new visualizations.
    * Visualizations: Remove singlestat panel.

- Plugin development fixes & changes:
    * Toolkit: Revert build config so tslib is bundled with plugins to prevent plugins from crashing.
    * Select: Select menus now properly scroll during keyboard navigation.
    * grafana/ui: Enable slider marks display.
    * Plugins: Create a mock icon component to prevent console errors.
    * Grafana UI: Fix TS error property css is missing in type.
    * Toolkit: Fix matchMedia not found error.
    * Toolkit: Improve error messages when tasks fail.
    * Toolkit: Resolve external fonts when Grafana is served from a
      sub path.
    * QueryField: Remove carriage return character from pasted text.
    * Button: Introduce buttonStyle prop.
    * DataQueryRequest: Remove deprecated props showingGraph and showingTabel and exploreMode.
    * grafana/ui: Update React Hook Form to v7.
    * IconButton: Introduce variant for red and blue icon buttons.
    * Plugins: Expose the getTimeZone function to be able to get the current selected timeZone.
    * TagsInput: Add className to TagsInput.
    * VizLegend: Move onSeriesColorChanged to PanelContext (breaking change).

- Other changes:

    * Update to Go 1.17.
    * Add build-time dependency on `wire`.

Advisory ID: SUSE-RU-2022:1451-1
Released:    Thu Apr 28 10:47:22 2022
Summary:     Recommended update for perl
Type:        recommended
Severity:    moderate
References:  1193489
This update for perl fixes the following issues:

- Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489)

Advisory ID: SUSE-SU-2022:1455-1
Released:    Thu Apr 28 11:31:51 2022
Summary:     Security update for glib2
Type:        security
Severity:    low
References:  1183533,CVE-2021-28153
This update for glib2 fixes the following issues:

- CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533).

Advisory ID: SUSE-RU-2022:1626-1
Released:    Tue May 10 15:55:13 2022
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1198090,1198114
This update for systemd fixes the following issues:

- tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090)
- journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114)
- tmpfiles: constify item_compatible() parameters
- test tmpfiles: add a test for 'w+'
- test: add test checking tmpfiles conf file precedence
- journald: make use of CLAMP() in cache_space_refresh()
- journal-file: port journal_file_open() to openat_report_new()
- fs-util: make sure openat_report_new() initializes return param also on shortcut
- fs-util: fix typos in comments
- fs-util: add openat_report_new() wrapper around openat()

Advisory ID: SUSE-RU-2022:1655-1
Released:    Fri May 13 15:36:10 2022
Summary:     Recommended update for pam
Type:        recommended
Severity:    moderate
References:  1197794
This update for pam fixes the following issue:

- Do not include obsolete header files (bsc#1197794)

Advisory ID: SUSE-SU-2022:1657-1
Released:    Fri May 13 15:39:07 2022
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1198614,1198723,1198766,CVE-2022-22576,CVE-2022-27775,CVE-2022-27776
This update for curl fixes the following issues:

- CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766)
- CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723)
- CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614)

Advisory ID: SUSE-RU-2022:1658-1
Released:    Fri May 13 15:40:20 2022
Summary:     Recommended update for libpsl
Type:        recommended
Severity:    important
References:  1197771
This update for libpsl fixes the following issues:

- Fix libpsl compilation issues (bsc#1197771)

Advisory ID: SUSE-SU-2022:1670-1
Released:    Mon May 16 10:06:30 2022
Summary:     Security update for openldap2
Type:        security
Severity:    important
References:  1199240,CVE-2022-29155
This update for openldap2 fixes the following issues:

- CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240).

Advisory ID: SUSE-SU-2022:1688-1
Released:    Mon May 16 14:02:49 2022
Summary:     Security update for e2fsprogs
Type:        security
Severity:    important
References:  1198446,CVE-2022-1304
This update for e2fsprogs fixes the following issues:

- CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault
  and possibly arbitrary code execution. (bsc#1198446)

Advisory ID: SUSE-RU-2022:1691-1
Released:    Mon May 16 15:13:39 2022
Summary:     Recommended update for augeas
Type:        recommended
Severity:    moderate
References:  1197443
This update for augeas fixes the following issue:

- Sysctl keys can contain some more non-alphanumeric characters. (bsc#1197443) 

Advisory ID: SUSE-SU-2022:1750-1
Released:    Thu May 19 15:28:20 2022
Summary:     Security update for libxml2
Type:        security
Severity:    important
References:  1196490,1199132,CVE-2022-23308,CVE-2022-29824
This update for libxml2 fixes the following issues:

- CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490).
- CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132).

Advisory ID: SUSE-SU-2022:1870-1
Released:    Fri May 27 10:03:40 2022
Summary:     Security update for curl
Type:        security
Severity:    important
References:  1199223,1199224,CVE-2022-27781,CVE-2022-27782
This update for curl fixes the following issues:

- CVE-2022-27781: Fixed CERTINFO never-ending busy-loop (bsc#1199223)
- CVE-2022-27782: Fixed TLS and SSH connection too eager reuse (bsc#1199224)

Advisory ID: SUSE-RU-2022:1887-1
Released:    Tue May 31 09:24:18 2022
Summary:     Recommended update for grep
Type:        recommended
Severity:    moderate
References:  1040589
This update for grep fixes the following issues:

- Make profiling deterministic. (bsc#1040589, SLE-24115)

Advisory ID: SUSE-RU-2022:1899-1
Released:    Wed Jun  1 10:43:22 2022
Summary:     Recommended update for libtirpc
Type:        recommended
Severity:    important
References:  1198176
This update for libtirpc fixes the following issues:

- Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176)

Advisory ID: SUSE-RU-2022:1909-1
Released:    Wed Jun  1 16:25:35 2022
Summary:     Recommended update for glibc
Type:        recommended
Severity:    moderate
References:  1198751
This update for glibc fixes the following issues:

- Add the correct name for the IBM Z16 (bsc#1198751).

Advisory ID: SUSE-RU-2022:2019-1
Released:    Wed Jun  8 16:50:07 2022
Summary:     Recommended update for gcc11
Type:        recommended
Severity:    moderate
References:  1192951,1193659,1195283,1196861,1197065
This update for gcc11 fixes the following issues:

Update to the GCC 11.3.0 release.

* includes SLS hardening backport on x86_64.  [bsc#1195283]
* includes change to adjust gnats idea of the target, fixing the build of gprbuild.  [bsc#1196861]
* fixed miscompile of embedded premake in 0ad on i586.  [bsc#1197065]
* use --with-cpu rather than specifying --with-arch/--with-tune 
* Fix D memory corruption in -M output.
* Fix ICE in is_this_parameter with coroutines.  [bsc#1193659]
* fixes issue with debug dumping together with -o /dev/null
* fixes libgccjit issue showing up in emacs build  [bsc#1192951]
* Package mwaitintrin.h

Advisory ID: SUSE-RU-2022:2025-1
Released:    Thu Jun  9 10:13:50 2022
Summary:     Recommended update for grafana-status-panel
Type:        recommended
Severity:    low
References:  1198768
This update for grafana-status-panel fixes the following issues:

- Update to version 1.0.11, signed for use with grafana v8.x (bsc#1198768)

Advisory ID: SUSE-SU-2022:2251-1
Released:    Mon Jul  4 09:52:25 2022
Summary:     Security update for openssl-1_1
Type:        security
Severity:    moderate
References:  1185637,1199166,1200550,CVE-2022-1292,CVE-2022-2068
This update for openssl-1_1 fixes the following issues:
- CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166).
- CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550)

Advisory ID: SUSE-SU-2022:2327-1
Released:    Thu Jul  7 15:06:13 2022
Summary:     Security update for curl
Type:        security
Severity:    important
References:  1200735,1200737,CVE-2022-32206,CVE-2022-32208
This update for curl fixes the following issues:

- CVE-2022-32206: HTTP compression denial of service (bsc#1200735)
- CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737)

Advisory ID: SUSE-SU-2022:2328-1
Released:    Thu Jul  7 15:07:35 2022
Summary:     Security update for openssl-1_1
Type:        security
Severity:    important
References:  1201099,CVE-2022-2097
This update for openssl-1_1 fixes the following issues:

- CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099).

Advisory ID: SUSE-SU-2022:2361-1
Released:    Tue Jul 12 12:05:01 2022
Summary:     Security update for pcre
Type:        security
Severity:    important
References:  1199232,CVE-2022-1586
This update for pcre fixes the following issues:

- CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232)

Advisory ID: SUSE-RU-2022:2406-1
Released:    Fri Jul 15 11:49:01 2022
Summary:     Recommended update for glibc
Type:        recommended
Severity:    moderate
References:  1197718,1199140,1200334,1200855
This update for glibc fixes the following issues:

- powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334)
- Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718)
- i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718)
- rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051)

This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit).

Advisory ID: SUSE-RU-2022:2470-1
Released:    Thu Jul 21 04:40:14 2022
Summary:     Recommended update for systemd
Type:        recommended
Severity:    important
References:  1137373,1181658,1194708,1195157,1197570,1198507,1198732,1200170
This update for systemd fixes the following issues:

- Allow control characters in environment variable values (bsc#1200170)
- Call pam_loginuid when creating user at .service (bsc#1198507)
- Fix parsing error in s390 udev rules conversion script (bsc#1198732)
- Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570)
- Flagsify EscapeStyle and make ESCAPE_BACKSLASH_ONELINE implicit
- Revert 'basic/env-util: (mostly) follow POSIX for what variable names are allowed'
- basic/env-util: (mostly) follow POSIX for what variable names are allowed
- basic/env-util: make function shorter
- basic/escape: add mode where empty arguments are still shown as ''
- basic/escape: always escape newlines in shell_escape()
- basic/escape: escape control characters, but not utf-8, in shell quoting
- basic/escape: use consistent location for '*' in function declarations
- basic/string-util: inline iterator variable declarations
- basic/string-util: simplify how str_realloc() is used
- basic/string-util: split out helper function
- core/device: device_coldplug(): don't set DEVICE_DEAD
- core/device: do not downgrade device state if it is already enumerated
- core/device: drop unnecessary condition
- string-util: explicitly cast character to unsigned
- string-util: fix build error on aarch64
- test-env-util: Verify that \r is disallowed in env var values
- test-env-util: print function headers

Advisory ID: SUSE-RU-2022:2494-1
Released:    Thu Jul 21 15:16:42 2022
Summary:     Recommended update for glibc
Type:        recommended
Severity:    important
References:  1200855,1201560,1201640
This update for glibc fixes the following issues:

- Remove tunables from static tls surplus patch which caused crashes (bsc#1200855)
- i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788)

Advisory ID: SUSE-SU-2022:2546-1
Released:    Mon Jul 25 14:43:22 2022
Summary:     Security update for gpg2
Type:        security
Severity:    important
References:  1196125,1201225,CVE-2022-34903
This update for gpg2 fixes the following issues:

- CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225).
- Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125)

Advisory ID: SUSE-RU-2022:2572-1
Released:    Thu Jul 28 04:22:33 2022
Summary:     Recommended update for libzypp, zypper
Type:        recommended
Severity:    moderate
References:  1194550,1197684,1199042
This update for libzypp, zypper fixes the following issues:


- appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684)
- zypp-rpm: flush rpm script output buffer before sending endOfScriptTag
- PluginRepoverification: initial version hooked into repo::Downloader and repo refresh
- Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042)
- singletrans: no dry-run commit if doing just download-only
- Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were 
  removed at the  beginning of the repo.


- Basic JobReport for 'cmdout/monitor'
- versioncmp: if verbose, also print the edition 'parts' which are compared
- Make sure MediaAccess is closed on exception (bsc#1194550)
- Display plus-content hint conditionally
- Honor the NO_COLOR environment variable when auto-detecting whether to use color
- Define table columns which should be sorted natural [case insensitive]
- lr/ls: Use highlight color on name and alias as well

Advisory ID: SUSE-SU-2022:2614-1
Released:    Mon Aug  1 10:41:04 2022
Summary:     Security update for dwarves and elfutils
Type:        security
Severity:    moderate
References:  1033084,1033085,1033086,1033087,1033088,1033089,1033090,1082318,1104264,1106390,1107066,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2017-7607,CVE-2017-7608,CVE-2017-7609,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7146,CVE-2019-7148,CVE-2019-7149,CVE-2019-7150,CVE-2019-7664,CVE-2019-7665
This update for dwarves and elfutils fixes the following issues:

elfutils was updated to version 0.177 (jsc#SLE-24501):
- elfclassify: New tool to analyze ELF objects.
- readelf: Print DW_AT_data_member_location as decimal offset.
             Decode DW_AT_discr_list block attributes.
- libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias.
- libdwelf: Add dwelf_elf_e_machine_string.
            dwelf_elf_begin now only returns NULL when there is an error
            reading or decompressing a file. If the file is not an ELF file
            an ELF handle of type ELF_K_NONE is returned.
- backends: Add support for C-SKY.
Update to version 0.176:

- build: Add new --enable-install-elfh option.
         Do NOT use this for system installs (it overrides glibc elf.h).
- backends: riscv improved core file and return value location support.
- Fixes:
  - CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685)
  - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bsc#1125007)
Update to version 0.175:
- readelf: Handle mutliple .debug_macro sections.
           Recognize and parse GNU Property, NT_VERSION and
           GNU Build Attribute ELF Notes.
- strip: Handle SHT_GROUP correctly.
         Add strip --reloc-debug-sections-only option.
         Handle relocations against GNU compressed sections.
- libdwelf: New function dwelf_elf_begin.
- libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT
            and BPF_JSLE.
    backends: RISCV handles ADD/SUB relocations.
              Handle SHT_X86_64_UNWIND.
  - CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723)
  - CVE-2018-18310: Invalid Address Read problem in dwfl_segment_report_module.c (bsc#1111973)
  - CVE-2018-18520: eu-size: Bad handling of ar files inside are files (bsc#1112726)
Update to version 0.174:
- libelf, libdw and all tools now handle extended shnum and
  shstrndx correctly.
- elfcompress: Don't rewrite input file if no section data needs
               updating. Try harder to keep same file mode bits
               (suid) on rewrite.
- strip: Handle mixed (out of order) allocated/non-allocated sections.
- unstrip: Handle SHT_GROUP sections.
- backends: RISCV and M68K now have backend implementations to
            generate CFI based backtraces.
- Fixes:
  - CVE-2018-16402: libelf: denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) Double-free crash in nm and readelf
  - CVE-2018-16403: heap buffer overflow in readelf (bsc#1107067)
  - CVE-2018-16062: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390)
Update to version 0.173:
- More fixes for crashes and hangs found by afl-fuzz. In particular various
  functions now detect and break infinite loops caused by bad DIE tree cycles.
- readelf: Will now lookup the size and signedness of constant value types
           to display them correctly (and not just how they were encoded).
- libdw: New function dwarf_next_lines to read CU-less .debug_line data.
         dwarf_begin_elf now accepts ELF files containing just .debug_line
         or .debug_frame sections (which can be read without needing a DIE
         tree from the .debug_info section).
         Removed dwarf_getscn_info, which was never implemented.
- backends: Handle BPF simple relocations.
            The RISCV backends now handles ABI specific CFI and knows about
            RISCV register types and names.
Update to version 0.172:
- Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data.
  Thanks to running the afl fuzzer on eu-readelf and various testcases.
Update to version 0.171:
- DWARF5 and split dwarf, including GNU DebugFission, are supported now.
  Data can be read from the new DWARF sections .debug_addr, .debug_line_str,
  .debug_loclists, .debug_str_offsets and .debug_rnglists.  Plus the new
  DWARF5 and GNU DebugFission encodings of the existing .debug sections.
  Also in split DWARF .dwo (DWARF object) files.  This support is mostly
  handled by existing functions (dwarf_getlocation*, dwarf_getsrclines,
  dwarf_ranges, dwarf_form*, etc.) now returning the data from the new
  sections and data formats.  But some new functions have been added
  to more easily get information about skeleton and split compile units
  (dwarf_get_units and dwarf_cu_info), handle new attribute data
  (dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies
  that might come from different sections or files (dwarf_die_addr_die).
- Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary)
  files, the .debug_names index, the .debug_cu_index and .debug_tu_index
  sections. Only a single .debug_info (and .debug_types) section are
  currently handled.
- readelf: Handle all new DWARF5 sections.
           --debug-dump=info+ will show split unit DIEs when found.
           --dwarf-skeleton can be used when inspecting a .dwo file.
     Recognizes GNU locviews with --debug-dump=loc.
- libdw: New functions dwarf_die_addr_die, dwarf_get_units,
         dwarf_getabbrevattr_data and dwarf_cu_info.
         libdw will now try to resolve the alt file on first use of
         an alt attribute FORM when not set yet with dwarf_set_alt.
         dwarf_aggregate_size() now works with multi-dimensional arrays.
- libdwfl: Use process_vm_readv when available instead of ptrace.
  backends: Add a RISC-V backend.
  There were various improvements to build on Windows.
  The sha1 and md5 implementations have been removed, they weren't used.

Update to version 0.170:

- libdw: Added new DWARF5 attribute, tag, character encoding, language code,
         calling convention, defaulted member function and macro constants
         to dwarf.h.
	 New functions dwarf_default_lower_bound and dwarf_line_file.
  	 dwarf_peel_type now handles DWARF5 immutable, packed and shared tags.
  	 dwarf_getmacros now handles DWARF5 .debug_macro sections.
- strip: Add -R, --remove-section=SECTION and --keep-section=SECTION.
- backends: The bpf disassembler is now always build on all platforms.

Update to version 0.169:

- backends: Add support for EM_PPC64 GNU_ATTRIBUTES.
            Frame pointer unwinding fallback support for i386, x86_64, aarch64.
- translations: Update Polish translation.
  - CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033088)
  - CVE-2017-7610: elflint: heap-based buffer overflow in check_group (bsc#1033087)
  - CVE-2017-7609: memory allocation failure in __libelf_decompress (bsc#1033086)
  - CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi (readelf.c) (bsc#1033084)
  - CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) (bsc#1033085)
  - CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bsc#1033090)
  - CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089)
- Don't make elfutils recommend elfutils-lang as elfutils-lang
  already supplements elfutils.

dwarves is shipped new in version 1.22 to provide tooling for use by the Linux Kernel BTF verification framework.

Advisory ID: SUSE-SU-2022:2717-1
Released:    Tue Aug  9 12:54:16 2022
Summary:     Security update for ncurses
Type:        security
Severity:    moderate
References:  1198627,CVE-2022-29458
This update for ncurses fixes the following issues:

- CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627).

Advisory ID: SUSE-OU-2022:2795-1
Released:    Fri Aug 12 12:50:56 2022
Summary:     Optional update for SUSE Package Hub
Type:        optional
Severity:    moderate
References:  1201760
This optional update provides the following changes:

- Fix grafana missing binaries in SUSE Linux Enterprise Desktop 15 Service Pack 4 via PackageHub (bsc#1201055)
- Affected source packages: grafana grafana-piechart-panel grafana-status-panel system-user-grafana

Advisory ID: SUSE-SU-2022:2817-1
Released:    Tue Aug 16 12:03:46 2022
Summary:     Security update for ceph
Type:        security
Severity:    important
References:  1194131,1194875,1195359,1196044,1196733,1196785,1200064,1200553,CVE-2021-3979
This update for ceph fixes the following issues:

- Update to 16.2.9-536-g41a9f9a5573:
  + (bsc#1195359, bsc#1200553) rgw: check bucket shard init status in RGWRadosBILogTrimCR 
  + (bsc#1194131) ceph-volume: honour osd_dmcrypt_key_size option (CVE-2021-3979)

- Update to 16.2.9-158-gd93952c7eea:
  + cmake: check for python(\d)\.(\d+) when building boost
  + make-dist: patch boost source to support python 3.10

- Update to ceph-16.2.9-58-ge2e5cb80063:
  + (bsc#1200064, pr#480) Remove last vestiges of image paths

- Update to
  + (jsc#SES-2515) High-availability NFS export 
  + (bsc#1196044) cephadm: prometheus: The generatorURL in alerts is only using hostname
  + (bsc#1196785) cephadm: avoid crashing on expected non-zero exit

- Update to 16.2.7-969-g6195a460d89
  + (jsc#SES-2515) High-availability NFS export 

- Update to v16.2.7-654-gd5a90ff46f0
  + (bsc#1196733) remove build directory during %clean 

- Update to v16.2.7-652-gf5dc462fdb5 
  + (bsc#1194875) [SES7P] include/buffer: include memory

Advisory ID: SUSE-RU-2022:2904-1
Released:    Fri Aug 26 05:28:34 2022
Summary:     Recommended update for openldap2
Type:        recommended
Severity:    moderate
References:  1198341
This update for openldap2 fixes the following issues:

- Prevent memory reuse which may lead to instability (bsc#1198341)

Advisory ID: SUSE-RU-2022:2921-1
Released:    Fri Aug 26 15:17:43 2022
Summary:     Recommended update for systemd
Type:        recommended
Severity:    important
References:  1195059
This update for systemd fixes the following issues:

- Drop or soften some of the deprecation warnings (jsc#PED-944)
- Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059)
- tmpfiles: check for the correct directory

Advisory ID: SUSE-RU-2022:2929-1
Released:    Mon Aug 29 11:21:47 2022
Summary:     Recommended update for timezone
Type:        recommended
Severity:    important
References:  1202310
This update for timezone fixes the following issue:

- Reflect new Chile DST change (bsc#1202310)

Advisory ID: SUSE-RU-2022:2944-1
Released:    Wed Aug 31 05:39:14 2022
Summary:     Recommended update for procps
Type:        recommended
Severity:    important
References:  1181475
This update for procps fixes the following issues:

- Fix 'free' command reporting misleading 'used' value (bsc#1181475)

Advisory ID: SUSE-SU-2022:2947-1
Released:    Wed Aug 31 09:16:21 2022
Summary:     Security update for zlib
Type:        security
Severity:    important
References:  1202175,CVE-2022-37434
This update for zlib fixes the following issues:

- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).

Advisory ID: SUSE-RU-2022:2982-1
Released:    Thu Sep  1 12:33:47 2022
Summary:     Recommended update for util-linux
Type:        recommended
Severity:    moderate
References:  1197178,1198731,1200842
This update for util-linux fixes the following issues:

- su: Change owner and mode for pty (bsc#1200842)
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
- mesg: use only stat() to get the current terminal status (bsc#1200842)

Advisory ID: SUSE-RU-2022:2994-1
Released:    Fri Sep  2 10:44:54 2022
Summary:     Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame
Type:        recommended
Severity:    moderate
References:  1198925

This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925)

No codechanges were done in this update.

Advisory ID: SUSE-SU-2022:3004-1
Released:    Fri Sep  2 15:02:14 2022
Summary:     Security update for curl
Type:        security
Severity:    low
References:  1202593,CVE-2022-35252
This update for curl fixes the following issues:

- CVE-2022-35252: Fixed a potential injection of control characters
  into cookies, which could be exploited by sister sites to cause a
  denial of service (bsc#1202593).

Advisory ID: SUSE-RU-2022:3127-1
Released:    Wed Sep  7 04:36:10 2022
Summary:     Recommended update for libtirpc
Type:        recommended
Severity:    moderate
References:  1198752,1200800
This update for libtirpc fixes the following issues:

- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)

The following package changes have been done:

- aaa_base-84.87+git20180409.04c9dae-3.57.1 updated
- ceph-grafana-dashboards- updated
- glibc-2.31-150300.37.1 updated
- gpg2-2.2.27-150300.3.5.1 updated
- grafana-piechart-panel-1.6.1-150200.3.8.1 updated
- grafana-status-panel-1.0.11-150200.3.10.1 updated
- grafana-8.3.5-150200.3.23.1 updated
- grep-3.1-150000.4.6.1 updated
- libaugeas0-1.10.1-150000.3.12.1 updated
- libblkid1-2.36.2-150300.4.23.1 updated
- libcom_err2-1.43.8-150000.4.33.1 updated
- libcrypt1-4.4.15-150300.4.4.3 updated
- libcurl4-7.66.0-150200.4.39.1 updated
- libdw1-0.177-150300.11.3.1 updated
- libebl-plugins-0.177-150300.11.3.1 updated
- libelf1-0.177-150300.11.3.1 updated
- libfdisk1-2.36.2-150300.4.23.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.9.1 updated
- libglib-2_0-0-2.62.6-150200.3.9.1 updated
- libldap-2_4-2-2.4.46-150200.14.11.2 updated
- libldap-data-2.4.46-150200.14.11.2 updated
- liblzma5-5.2.3-150000.4.7.1 updated
- libmount1-2.36.2-150300.4.23.1 updated
- libncurses6-6.1-150000.5.12.1 updated
- libopenssl1_1-hmac-1.1.1d-150200.11.51.1 updated
- libopenssl1_1-1.1.1d-150200.11.51.1 updated
- libpcre1-8.45-150000.20.13.1 updated
- libprocps7-3.3.15-150000.7.25.1 updated
- libprotobuf-lite20-3.9.2-4.12.1 updated
- libpsl5-0.20.1-150000.3.3.1 updated
- libsmartcols1-2.36.2-150300.4.23.1 updated
- libsolv-tools-0.7.22-150200.12.1 updated
- libstdc++6-11.3.0+git1637-150000.1.9.1 updated
- libsystemd0-246.16-150300.7.51.1 updated
- libtirpc-netconfig-1.2.6-150300.3.11.1 updated
- libtirpc3-1.2.6-150300.3.11.1 updated
- libudev1-246.16-150300.7.51.1 updated
- libusb-1_0-0-1.0.21-150000.3.5.1 updated
- libuuid1-2.36.2-150300.4.23.1 updated
- libxml2-2-2.9.7-150000.3.46.1 updated
- libyaml-cpp0_6-0.6.1-4.5.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libzypp-17.30.2-150200.39.1 updated
- ncurses-utils-6.1-150000.5.12.1 updated
- openssl-1_1-1.1.1d-150200.11.51.1 updated
- pam-1.3.0-150000.6.58.3 updated
- perl-base-5.26.1-150300.17.3.1 updated
- procps-3.3.15-150000.7.25.1 updated
- system-user-grafana-1.0.0-150200.5.5.1 updated
- terminfo-base-6.1-150000.5.12.1 updated
- timezone-2022a-150000.75.10.1 added
- util-linux-2.36.2-150300.4.23.1 updated
- zypper-1.14.53-150200.33.1 updated
- container:sles15-image-15.0.0-17.20.29 updated

More information about the sle-security-updates mailing list