From 4c547745bfe3a0685bbbf19d8f4ebfdfeb486d55 Mon Sep 17 00:00:00 2001 From: Erich Blume Date: Thu, 2 Apr 2026 11:21:26 -0700 Subject: [PATCH] =?UTF-8?q?Upgrade=20Grafana=2012.3.3=20=E2=86=92=2012.4.2?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Patches 7 CVEs including CVE-2026-27880 (unauthenticated OOM DoS, CVSS 7.5). No config changes needed — alerting pending period behavior change is a net improvement for our NoData/Error rules. Co-Authored-By: Claude Opus 4.6 (1M context) --- containers/grafana/Dockerfile | 2 +- docs/changelog.d/upgrade-grafana-12.4.2.infra.md | 1 + service-versions.yaml | 4 ++-- 3 files changed, 4 insertions(+), 3 deletions(-) create mode 100644 docs/changelog.d/upgrade-grafana-12.4.2.infra.md diff --git a/containers/grafana/Dockerfile b/containers/grafana/Dockerfile index 3d5b12b..3b33dd9 100644 --- a/containers/grafana/Dockerfile +++ b/containers/grafana/Dockerfile @@ -1,4 +1,4 @@ -ARG CONTAINER_APP_VERSION=12.3.3 +ARG CONTAINER_APP_VERSION=12.4.2 FROM alpine:3.22 diff --git a/docs/changelog.d/upgrade-grafana-12.4.2.infra.md b/docs/changelog.d/upgrade-grafana-12.4.2.infra.md new file mode 100644 index 0000000..11bba26 --- /dev/null +++ b/docs/changelog.d/upgrade-grafana-12.4.2.infra.md @@ -0,0 +1 @@ +Upgrade Grafana from 12.3.3 to 12.4.2 — patches 7 CVEs including an unauthenticated DoS (CVE-2026-27880). diff --git a/service-versions.yaml b/service-versions.yaml index b8441c0..2a568b4 100644 --- a/service-versions.yaml +++ b/service-versions.yaml @@ -97,8 +97,8 @@ services: - name: grafana type: argocd - last-reviewed: 2026-02-23 - current-version: "12.3.3" + last-reviewed: 2026-04-02 + current-version: "12.4.2" upstream-source: https://github.com/grafana/grafana/releases notes: Home-built container from Alpine; upgraded from Helm to Kustomize