blumeops

eblume/blumeops

Fork 0

Commit graph

Author	SHA1	Message	Date
Erich Blume	b1e2811077	Upgrade Grafana 12.3.3 → 12.4.2 (#322 ) All checks were successful Build Container / detect (push) Successful in 2s Details Build Container / build-dockerfile (grafana) (push) Successful in 7s Details ## Summary - Bumps Grafana from 12.3.3 to 12.4.2 - Patches 7 CVEs, notably CVE-2026-27880 (unauthenticated OOM DoS, CVSS 7.5) and CVE-2026-27879 (authenticated OOM via resample queries) - No config changes required — reviewed alerting, datasources, OIDC, and feature toggles against 12.4.x breaking changes ## Breaking changes reviewed \| Change \| Impact \| \|--------\|--------\| \| Alerting: pending period applies to NoData/Error \| Net positive — reduces noise from transient blips \| \| Default notification uses empty receiver \| No impact — we explicitly set `ntfy-infra` \| \| Removed feature toggles (4) \| No impact — none configured \| \| OAuth ID token signature validation \| Low risk — verify OIDC login post-deploy \| \| OpsGenie deprecated \| No impact — using webhook \| ## Test plan - [ ] Container build completes at forge - [ ] Update kustomization.yaml with new image tag - [ ] `argocd app set grafana --revision upgrade/grafana-12.4.2 && argocd app sync grafana` - [ ] Verify Grafana UI loads at grafana.ops.eblu.me - [ ] Verify OIDC login via Authentik - [ ] Verify dashboards and datasources load - [ ] Check alerting rules are intact 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: #322	2026-04-02 11:33:19 -07:00

Author

SHA1

Message

Date

Erich Blume

b1e2811077

Upgrade Grafana 12.3.3 → 12.4.2 (#322 )

Build Container / detect (push) Successful in 2s

Details

Build Container / build-dockerfile (grafana) (push) Successful in 7s

Details

## Summary

- Bumps Grafana from 12.3.3 to 12.4.2
- Patches 7 CVEs, notably CVE-2026-27880 (unauthenticated OOM DoS, CVSS 7.5) and CVE-2026-27879 (authenticated OOM via resample queries)
- No config changes required — reviewed alerting, datasources, OIDC, and feature toggles against 12.4.x breaking changes

## Breaking changes reviewed

| Change | Impact |
|--------|--------|
| Alerting: pending period applies to NoData/Error | Net positive — reduces noise from transient blips |
| Default notification uses empty receiver | No impact — we explicitly set `ntfy-infra` |
| Removed feature toggles (4) | No impact — none configured |
| OAuth ID token signature validation | Low risk — verify OIDC login post-deploy |
| OpsGenie deprecated | No impact — using webhook |

## Test plan

- [ ] Container build completes at forge
- [ ] Update kustomization.yaml with new image tag
- [ ] `argocd app set grafana --revision upgrade/grafana-12.4.2 && argocd app sync grafana`
- [ ] Verify Grafana UI loads at grafana.ops.eblu.me
- [ ] Verify OIDC login via Authentik
- [ ] Verify dashboards and datasources load
- [ ] Check alerting rules are intact

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Reviewed-on: #322

2026-04-02 11:33:19 -07:00

1 commit