Upgrade Grafana 12.3.3 → 12.4.2

Patches 7 CVEs including CVE-2026-27880 (unauthenticated OOM DoS, CVSS 7.5). No config changes needed — alerting pending period behavior change is a net improvement for our NoData/Error rules. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-02 11:33:20 -07:00 · 2026-04-02 11:21:26 -07:00 · 2026-04-02 11:21:26 -07:00
commit 4c547745bf
3 changed files with 4 additions and 3 deletions
--- a/containers/grafana/Dockerfile
+++ b/containers/grafana/Dockerfile
@ -1,4 +1,4 @@
-ARG CONTAINER_APP_VERSION=12.3.3
+ARG CONTAINER_APP_VERSION=12.4.2

 FROM alpine:3.22

--- a/docs/changelog.d/upgrade-grafana-12.4.2.infra.md
+++ b/docs/changelog.d/upgrade-grafana-12.4.2.infra.md
@ -0,0 +1 @@
+Upgrade Grafana from 12.3.3 to 12.4.2 — patches 7 CVEs including an unauthenticated DoS (CVE-2026-27880).
--- a/service-versions.yaml
+++ b/service-versions.yaml
@ -97,8 +97,8 @@ services:

  - name: grafana
    type: argocd
-    last-reviewed: 2026-02-23
-    current-version: "12.3.3"
+    last-reviewed: 2026-04-02
+    current-version: "12.4.2"
    upstream-source: https://github.com/grafana/grafana/releases
    notes: Home-built container from Alpine; upgraded from Helm to Kustomize
				`@ -0,0 +1 @@`
				`Upgrade Grafana from 12.3.3 to 12.4.2 — patches 7 CVEs including an unauthenticated DoS (CVE-2026-27880).`