SUSE-SU-2024:1530-1
Vulnerability Summary
Timeline
Description
Security update for grafana and mybatis This update for grafana and mybatis fixes the following issues: grafana was updated to version 9.5.18: - Grafana now requires Go 1.20 - Security issues fixed: * CVE-2024-1313: Require same organisation when deleting snapshots (bsc#1222155) * CVE-2023-6152: Add email verification when updating user email (bsc#1219912) - Other non-security related changes: * Version 9.5.17: + [FEATURE] Alerting: Backport use Alertmanager API v2 * Version 9.5.16: + [BUGFIX] Annotations: Split cleanup into separate queries and deletes to avoid deadlocks on MySQL * Version 9.5.15: + [FEATURE] Alerting: Attempt to retry retryable errors * Version 9.5.14: + [BUGFIX] Alerting: Fix state manager to not keep datasource_uid and ref_id labels in state after Error + [BUGFIX] Transformations: Config overrides being lost when config from query transform is applied + [BUGFIX] LDAP: Fix enable users on successfull login * Version 9.5.13: + [BUGFIX] BrowseDashboards: Only remember the most recent expanded folder + [BUGFIX] Licensing: Pass func to update env variables when starting plugin * Version 9.5.12: + [FEATURE] Azure: Add support for Workload Identity authentication * Version 9.5.9: + [FEATURE] SSE: Fix DSNode to not panic when response has empty response + [FEATURE] Prometheus: Handle the response with different field key order + [BUGFIX] LDAP: Fix user disabling mybatis: - `apache-commons-ognl` is now a non-optional dependency - Fixed building with log4j v1 and v2 dependencies
Affected Systems
- opensuse•grafana&distro=openSUSE Leap 15.5
< 9.5.18-150200.3.56.1
- opensuse•mybatis&distro=openSUSE Leap 15.5
< 3.5.6-150200.5.6.1
- suse•grafana&distro=SUSE Linux Enterprise Module for Package Hub 15 SP5
< 9.5.18-150200.3.56.1