SUSE-FU-2022:1419-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-FU-2022:1419-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-FU-2022:1419-1
Related
Published
2022-04-27T07:20:15Z
Modified
2022-04-27T07:20:15Z
Summary
Feature update for grafana
Details

This update for grafana fixes the following issues:

Update from version 7.5.12 to version 8.3.5 (jsc#SLE-23422)

  • Security:

    • CVE-2022-21702: XSS vulnerability in handling data sources (bsc#1195726)
    • CVE-2022-21703: cross-origin request forgery vulnerability (bsc#1195727)
    • CVE-2022-21713: Insecure Direct Object Reference vulnerability in Teams API (bsc#1195728)
    • CVE-2022-21673: GetUserInfo: return an error if no user was found (bsc#1194873)
    • CVE-2021-43813, CVE-2021-43815, CVE-2021-41244, CVE-2021-41174, CVE-2021-43798, CVE-2021-39226.
    • Upgrade Docker base image to Alpine 3.14.3.
    • CVE-2021-3711: Docker: Force use of libcrypto1.1 and libssl1.1 versions
    • Update dependencies to fix CVE-2021-36222.
    • Upgrade Go to 1.17.2.
    • Fix stylesheet injection vulnerability.
    • Fix short URL vulnerability.
  • License update:

    • AGPL License: Update license from Apache 2.0 to the GNU Affero General Public License (AGPL).
  • Breaking changes:

    • Grafana 8 Alerting enabled by default for installations that do not use legacy alerting.
    • Keep Last State for 'If execution error or timeout' when upgrading to Grafana 8 alerting.
    • Fix No Data behaviour in Legacy Alerting.
    • The following endpoints were deprecated for Grafana v5.0 and support for them has now been removed:
      • GET /dashboards/db/:slug
      • GET /dashboard-solo/db/:slug
      • GET /api/dashboard/db/:slug
      • DELETE /api/dashboards/db/:slug
    • The default HTTP method for Prometheus data source is now POST.
    • Removes the never refresh option for Query variables.
    • Removes the experimental Tags feature for Variables.
  • Deprecations:

    • The InfoBox & FeatureInfoBox are now deprecated please use the Alert component instead with severity info.
  • Bug fixes:

    • Azure Monitor: Bug fix for variable interpolations in metrics dropdowns.
    • Azure Monitor: Improved error messages for variable queries.
    • CloudMonitoring: Fixes broken variable queries that use group bys.
    • Configuration: You can now see your expired API keys if you have no active ones.
    • Elasticsearch: Fix handling multiple datalinks for a single field.
    • Export: Fix error when exporting dashboards using query variables that reference the default datasource.
    • ImportDashboard: Fixes issue with importing dashboard and name ending up in uid.
    • Login: Page no longer overflows on mobile.
    • Plugins: Set backend metadata property for core plugins.
    • Prometheus: Fill missing steps with null values.
    • Prometheus: Fix interpolation of $__rate_interval variable.
    • Prometheus: Interpolate variables with curly brackets syntax.
    • Prometheus: Respect the http-method data source setting.
    • Table: Fixes issue with field config applied to wrong fields when hiding columns.
    • Toolkit: Fix bug with rootUrls not being properly parsed when signing a private plugin.
    • Variables: Fix so data source variables are added to adhoc configuration.
    • AnnoListPanel: Fix interpolation of variables in tags.
    • CloudWatch: Allow queries to have no dimensions specified.
    • CloudWatch: Fix broken queries for users migrating from 8.2.4/8.2.5 to 8.3.0.
    • CloudWatch: Make sure MatchExact flag gets the right value.
    • Dashboards: Fix so that empty folders can be deleted from the manage dashboards/folders page.
    • InfluxDB: Improve handling of metadata query errors in InfluxQL.
    • Loki: Fix adding of ad hoc filters for queries with parser and line_format expressions.
    • Prometheus: Fix running of exemplar queries for non-histogram metrics.
    • Prometheus: Interpolate template variables in interval.
    • StateTimeline: Fix toolitp not showing when for frames with multiple fields.
    • TraceView: Fix virtualized scrolling when trace view is opened in right pane in Explore.
    • Variables: Fix repeating panels for on time range changed variables.
    • Variables: Fix so queryparam option works for scoped variables.
    • Alerting: Clear alerting rule evaluation errors after intermittent failures.
    • Alerting: Fix refresh on legacy Alert List panel.
    • Dashboard: Fix queries for panels with non-integer widths.
    • Explore: Fix url update inconsistency.
    • Prometheus: Fix range variables interpolation for time ranges smaller than 1 second.
    • ValueMappings: Fixes issue with regex value mapping that only sets color.
    • AccessControl: Renamed orgs roles, removed fixed:orgs:reader introduced in beta1.
    • Azure Monitor: Add trap focus for modals in grafana/ui and other small a11y fixes for Azure Monitor.
    • CodeEditor: Prevent suggestions from being clipped.
    • Dashboard: Fix cache timeout persistence.
    • Datasource: Fix stable sort order of query responses.
    • Explore: Fix error in query history when removing last item.
    • Logs: Fix requesting of older logs when flipped order.
    • Prometheus: Fix running of health check query based on access mode.
    • TextPanel: Fix suggestions for existing panels.
    • Tracing: Fix incorrect indentations due to reoccurring spanIDs.
    • Tracing: Show start time of trace with milliseconds precision.
    • Variables: Make renamed or missing variable section expandable.
    • API: Fix dashboard quota limit for imports.
    • Alerting: Fix rule editor issues with Azure Monitor data source.
    • Azure monitor: Make sure alert rule editor is not enabled when template variables are being used.
    • CloudMonitoring: Fix annotation queries.
    • CodeEditor: Trigger the latest getSuggestions() passed to CodeEditor.
    • Dashboard: Remove the current panel from the list of options in the Dashboard datasource.
    • Encryption: Fix decrypting secrets in alerting migration.
    • InfluxDB: Fix corner case where index is too large in ALIAS field.
    • NavBar: Order App plugins alphabetically.
    • NodeGraph: Fix zooming sensitivity on touchpads.
    • Plugins: Add OAuth pass-through logic to api/ds/query endpoint.
    • Snapshots: Fix panel inspector for snapshot data.
    • Tempo: Fix basic auth password reset on adding tag.
    • ValueMapping: Fixes issue with regex mappings.
    • TimeSeries: Fix fillBelowTo wrongly affecting fills of unrelated series.
    • Alerting: Fix a bug where the metric in the evaluation string was not correctly populated.
    • Alerting: Fix no data behaviour in Legacy Alerting for alert rules using the AND operator.
    • CloudMonitoring: Ignore min and max aggregation in MQL queries.
    • Dashboards: 'Copy' is no longer added to new dashboard titles.
    • DataProxy: Fix overriding response body when response is a WebSocket upgrade.
    • Elasticsearch: Use field configured in query editor as field for date_histogram aggregations.
    • Explore: Fix running queries without a datasource property set.
    • InfluxDB: Fix numeric aliases in queries.
    • Plugins: Ensure consistent plugin settings list response.
    • Tempo: Fix validation of float durations.
    • Tracing: Correct tags for each span are shown.
    • Alerting: Fix panic when Slack's API sends unexpected response.
    • Alerting: The Create Alert button now appears on the dashboard panel when you are working with a default datasource.
    • Explore: We fixed the problem where the Explore log panel disappears when an Elasticsearch logs query returns no results.
    • Graph: You can now see annotation descriptions on hover.
    • Logs: The system now uses the JSON parser only if the line is parsed to an object.
    • Prometheus: the system did not reuse TCP connections when querying from Grafana alerting.
    • Prometheus: error when a user created a query with a $__interval min step.
    • RowsToFields: the system was not properly interpreting number values.
    • Scale: We fixed how the system handles NaN percent when data min = data max.
    • Table panel: You can now create a filter that includes special characters.
    • Dashboard: Fix rendering of repeating panels.
    • Datasources: Fix deletion of data source if plugin is not found.
    • Packaging: Remove systemcallfilters sections from systemd unit files.
    • Prometheus: Add Headers to HTTP client options.
    • CodeEditor: Ensure that we trigger the latest onSave callback provided to the component.
    • DashboardList/AlertList: Fix for missing All folder value.
    • Alerting: Fixed an issue where the edit page crashes if you tried to preview an alert without a condition set.
    • Alerting: Fixed rules migration to keep existing Grafana 8 alert rules.
    • Alerting: Fixed the silence file content generated during migration.
    • Analytics: Fixed an issue related to interaction event propagation in Azure Application Insights.
    • BarGauge: Fixed an issue where the cell color was lit even though there was no data.
    • BarGauge: Improved handling of streaming data.
    • CloudMonitoring: Fixed INT64 label unmarshal error.
    • ConfirmModal: Fixes confirm button focus on modal open.
    • Dashboard: Add option to generate short URL for variables with values containing spaces.
    • Explore: No longer hides errors containing refId property.
    • Fixed an issue that produced State timeline panel tooltip error when data was not in sync.
    • InfluxDB: InfluxQL query editor is set to always use resultFormat.
    • Loki: Fixed creating context query for logs with parsed labels.
    • PageToolbar: Fixed alignment of titles.
    • Plugins Catalog: Update to the list of available panels after an install, update or uninstall.
    • TimeSeries: Fixed an issue where the shared cursor was not showing when hovering over in old Graph panel.
    • Variables: Fixed issues related to change of focus or refresh pages when pressing enter in a text box variable input.
    • Variables: Panel no longer crash when using the adhoc variable in data links.
    • Admin: Prevent user from deleting user's current/active organization.
    • LibraryPanels: Fix library panel getting saved in the dashboard's folder.
    • OAuth: Make generic teams URL and JMES path configurable.
    • QueryEditor: Fix broken copy-paste for mouse middle-click
    • Thresholds: Fix undefined color in 'Add threshold'.
    • Timeseries: Add wide-to-long, and fix multi-frame output.
    • TooltipPlugin: Fix behavior of Shared Crosshair when Tooltip is set to All.
    • Alerting: Fix alerts with evaluation interval more than 30 seconds resolving before notification.
    • Elasticsearch/Prometheus: Fix usage of proper SigV4 service namespace.
    • BarChart: Fixes panel error that happens on second refresh.
    • Alerting: Fix notification channel migration.
    • Annotations: Fix blank panels for queries with unknown data sources.
    • BarChart: Fix stale values and x axis labels.
    • Graph: Make old graph panel thresholds work even if ngalert is enabled.
    • InfluxDB: Fix regex to identify / as separator.
    • LibraryPanels: Fix update issues related to library panels in rows.
    • Variables: Fix variables not updating inside a Panel when the preceding Row uses 'Repeat For'.
    • Alerting: Fix alert flapping in the internal alertmanager.
    • Alerting: Fix request handler failed to convert dataframe 'results' to plugins.DataTimeSeriesSlice: input frame is not recognized as a time series.
    • Dashboard: Fix UIDs are not preserved when importing/creating dashboards thru importing .json file.
    • Dashboard: Forces panel re-render when exiting panel edit.
    • Dashboard: Prevent folder from changing when navigating to general settings.
    • Elasticsearch: Fix metric names for alert queries.
    • Elasticsearch: Limit Histogram field parameter to numeric values.
    • Elasticsearch: Prevent pipeline aggregations to show up in terms order by options.
    • LibraryPanels: Prevent duplicate repeated panels from being created.
    • Loki: Fix ad-hoc filter in dashboard when used with parser.
    • Plugins: Track signed files + add warn log for plugin assets which are not signed.
    • Postgres/MySQL/MSSQL: Fix region annotations not displayed correctly.
    • Prometheus: Fix validate selector in metrics browser.
    • Alerting: Fix saving LINE contact point.
    • Annotations: Fix alerting annotation coloring.
    • Annotations: Alert annotations are now visible in the correct Panel.
    • Auth: Hide SigV4 config UI and disable middleware when its config flag is disabled.
    • Dashboard: Prevent incorrect panel layout by comparing window width against theme breakpoints.
    • Elasticsearch: Fix metric names for alert queries.
    • Explore: Fix showing of full log context.
    • PanelEdit: Fix 'Actual' size by passing the correct panel size to Dashboard.
    • Plugins: Fix TLS datasource settings.
    • Variables: Fix issue with empty drop downs on navigation.
    • Variables: Fix URL util converting false into true.
    • CloudWatch Logs: Fix crash when no region is selected.
    • Annotations: Correct annotations that are displayed upon page refresh.
    • Annotations: Fix Enabled button that disappeared from Grafana v8.0.6.
    • Annotations: Fix data source template variable that was not available for annotations.
    • AzureMonitor: Fix annotations query editor that does not load.
    • Geomap: Fix scale calculations.
    • GraphNG: Fix y-axis autosizing.
    • Live: Display stream rate and fix duplicate channels in list response.
    • Loki: Update labels in log browser when time range changes in dashboard.
    • NGAlert: Send resolve signal to alertmanager on alerting -> Normal.
    • PasswordField: Prevent a password from being displayed when you click the Enter button.
    • Renderer: Remove debug.log file when Grafana is stopped.
    • Docker: Fix builds by delaying go mod verify until all required files are copied over.
    • Exemplars: Fix disable exemplars only on the query that failed.
    • SQL: Fix SQL dataframe resampling (fill mode + time intervals).
    • Alerting: Handle marshaling Inf values.
    • AzureMonitor: Fix macro resolution for template variables.
    • AzureMonitor: Fix queries with Microsoft.NetApp/../../volumes resources.
    • AzureMonitor: Request and concat subsequent resource pages.
    • Bug: Fix parse duration for day.
    • Datasources: Improve error handling for error messages.
    • Explore: Correct the functionality of shift-enter shortcut across all uses.
    • Explore: Show all dataFrames in data tab in Inspector.
    • GraphNG: Fix Tooltip mode 'All' for XYChart.
    • Loki: Fix highlight of logs when using filter expressions with backticks.
    • Modal: Force modal content to overflow with scroll.
    • Plugins: Ignore symlinked folders when verifying plugin signature.
    • Alerting: Fix improper alert by changing the handling of empty labels.
    • CloudWatch/Logs: Reestablish Cloud Watch alert behavior.
    • Dashboard: Avoid migration breaking on fieldConfig without defaults field in folded panel.
    • DashboardList: Fix issue not re-fetching dashboard list after variable change.
    • Database: Fix incorrect format of isolation level configuration parameter for MySQL.
    • InfluxDB: Correct tag filtering on InfluxDB data.
    • Links: Fix links that caused a full page reload.
    • Live: Fix HTTP error when InfluxDB metrics have an incomplete or asymmetrical field set.
    • Postgres/MySQL/MSSQL: Change time field to 'Time' for time series queries.
    • Postgres: Fix the handling of a null return value in query results.
    • Tempo: Show hex strings instead of uints for IDs.
    • TimeSeries: Improve tooltip positioning when tooltip overflows.
    • Transformations: Add 'prepare time series' transformer.
    • AzureMonitor: Fix issue where resource group name is missing on the resource picker button.
    • Chore: Fix AWS auth assuming role with workspace IAM.
    • DashboardQueryRunner: Fixes unrestrained subscriptions being created.
    • DateFormats: Fix reading correct setting key for usebrowserlocale.
    • Links: Fix links to other apps outside Grafana when under sub path.
    • Snapshots: Fix snapshot absolute time range issue.
    • Table: Fix data link color.
    • Time Series: Fix X-axis time format when tick increment is larger than a year.
    • Tooltip Plugin: Prevent tooltip render if field is undefined.
    • Elasticsearch: Allow case sensitive custom options in date_histogram interval.
    • Elasticsearch: Restore previous field naming strategy when using variables.
    • Explore: Fix import of queries between SQL data sources.
    • InfluxDB: InfluxQL query editor: fix retention policy handling.
    • Loki: Send correct time range in template variable queries.
    • TimeSeries: Preserve RegExp series overrides when migrating from old graph panel.
    • Annotations: Fix annotation line and marker colors.
    • AzureMonitor: Fix KQL template variable queries without default workspace.
    • CloudWatch/Logs: Fix missing response data for log queries.
    • Elasticsearch: Restore previous field naming strategy when using variables.
    • LibraryPanels: Fix crash in library panels list when panel plugin is not found.
    • LogsPanel: Fix performance drop when moving logs panel in dashboard.
    • Loki: Parse log levels when ANSI coloring is enabled.
    • MSSQL: Fix issue with hidden queries still being executed.
    • PanelEdit: Display the VisualizationPicker that was not displayed if a panel has an unknown panel plugin.
    • Plugins: Fix loading symbolically linked plugins.
    • Prometheus: Fix issue where legend name was replaced with name Value in stat and gauge panels.
    • State Timeline: Fix crash when hovering over panel.
    • Configuration: Fix changing org preferences in FireFox.
    • PieChart: Fix legend dimension limits.
    • Postgres/MySQL/MSSQL: Fix panic in concurrent map writes.
    • Variables: Hide default data source if missing from regex.
    • Alerting/SSE: Fix 'countnonnull' reducer validation.
    • Cloudwatch: Fix duplicated time series.
    • Cloudwatch: Fix missing defaultRegion.
    • Dashboard: Fix Dashboard init failed error on dashboards with old singlestat panels in collapsed rows.
    • Datasource: Fix storing timeout option as numeric.
    • Postgres/MySQL/MSSQL: Fix annotation parsing for empty responses.
    • Postgres/MySQL/MSSQL: Numeric/non-string values are now returned from query variables.
    • Postgres: Fix an error that was thrown when the annotation query did not return any results.
    • StatPanel: Fix an issue with the appearance of the graph when switching color mode.
    • Visualizations: Fix an issue in the Stat/BarGauge/Gauge/PieChart panels where all values mode were showing the same name if they had the same value.
    • AzureMonitor: Fix Azure Resource Graph queries in Azure China.
    • Checkbox: Fix vertical layout issue with checkboxes due to fixed height.
    • Dashboard: Fix Table view when editing causes the panel data to not update.
    • Dashboard: Fix issues where unsaved-changes warning is not displayed.
    • Login: Fixes Unauthorized message showing when on login page or snapshot page.
    • NodeGraph: Fix sorting markers in grid view.
    • Short URL: Include orgId in generated short URLs.
    • Variables: Support raw values of boolean type.
    • Admin: Fix infinite loading edit on the profile page.
    • Color: Fix issues with random colors in string and date fields.
    • Dashboard: Fix issue with title or folder change has no effect after exiting settings view.
    • DataLinks: Fix an issue __series.name is not working in data link.
    • Datasource: Fix dataproxy timeout should always be applied for outgoing data source HTTP requests.
    • Elasticsearch: Fix NewClient not passing httpClientProvider to client impl.
    • Explore: Fix Browser title not updated on Navigation to Explore.
    • GraphNG: Remove fieldName and hideInLegend properties from UPlotSeriesBuilder.
    • OAuth: Fix fallback to autoassignorg_role setting for Azure AD OAuth when no role claims exists.
    • PanelChrome: Fix issue with empty panel after adding a non data panel and coming back from panel edit.
    • StatPanel: Fix data link tooltip not showing for single value.
    • Table: Fix sorting for number fields.
    • Table: Have text underline for datalink, and add support for image datalink.
    • Time series panel: Position tooltip correctly when window is scrolled or resized.
    • Transformations: Prevent FilterByValue transform from crashing panel edit.
    • Annotations panel: Remove subpath from dashboard links.
    • Content Security Policy: Allow all image sources by default.
    • Content Security Policy: Relax default template wrt. loading of scripts, due to nonces not working.
    • Datasource: Fix tracing propagation for alert execution by introducing HTTP client outgoing tracing middleware.
    • InfluxDB: InfluxQL always apply time interval end.
    • Library Panels: Fixes 'error while loading library panels'.
    • NewsPanel: Fixes rendering issue in Safari.
    • PanelChrome: Fix queries being issued again when scrolling in and out of view.
    • Plugins: Fix Azure token provider cache panic and auth param nil value.
    • Snapshots: Fix key and deleteKey being ignored when creating an external snapshot.
    • Table: Fix issue with cell border not showing with colored background cells.
    • Table: Makes tooltip scrollable for long JSON values.
    • TimeSeries: Fix for Connected null values threshold toggle during panel editing.
    • Variables: Fixes inconsistent selected states on dashboard load.
    • Variables: Refreshes all panels even if panel is full screen.
    • APIKeys: Fixes issue with adding first api key.
    • Alerting: Add checks for non supported units - disable defaulting to seconds.
    • Alerting: Fix issue where Slack notifications won't link to user IDs.
    • Alerting: Omit empty message in PagerDuty notifier.
    • AzureMonitor: Fix migration error from older versions of App Insights queries.
    • CloudWatch: Fix AWS/Connect dimensions.
    • CloudWatch: Fix broken AWS/MediaTailor dimension name.
    • Dashboards: Allow string manipulation as advanced variable format option.
    • DataLinks: Includes harmless extended characters like Cyrillic characters.
    • Drawer: Fixes title overflowing its container.
    • Explore: Fix issue when some query errors were not shown.
    • Generic OAuth: Prevent adding duplicated users.
    • Graphite: Handle invalid annotations.
    • Graphite: Fix autocomplete when tags are not available.
    • InfluxDB: Fix Cannot read property 'length' of undefined in when parsing response.
    • Instrumentation: Enable tracing when Jaeger host and port are set.
    • Instrumentation: Prefix metrics with grafana.
    • MSSQL: By default let driver choose port.
    • OAuth: Add optional strict parsing of roleattributepath.
    • Panel: Fixes description markdown with inline code being rendered on newlines and full width.
    • PanelChrome: Ignore data updates & errors for non data panels.
    • Permissions: Fix inherited folder permissions can prevent new permissions being added to a dashboard.
    • Plugins: Remove pre-existing plugin installs when installing with grafana-cli.
    • Plugins: Support installing to folders with whitespace and fix pluginUrl trailing and leading whitespace failures.
    • Postgres/MySQL/MSSQL: Don't return connection failure details to the client.
    • Postgres: Fix ms precision of interval in time group macro when TimescaleDB is enabled.
    • Provisioning: Use dashboard checksum field as change indicator.
    • SQL: Fix so that all captured errors are returned from sql engine.
    • Shortcuts: Fixes panel shortcuts so they always work.
    • Table: Fixes so border is visible for cells with links.
    • Variables: Clear query when data source type changes.
    • Variables: Filters out builtin variables from unknown list.
    • Variables: Refreshes all panels even if panel is full screen.
    • Alerting: Fix NoDataFound for alert rules using AND operator.
  • Features and enhancements:

    • Alerting: Allow configuration of non-ready alertmanagers.
    • Alerting: Allow customization of Google chat message.
    • AppPlugins: Support app plugins with only default nav.
    • InfluxDB: query editor: skip fields in metadata queries.
    • Postgres/MySQL/MSSQL: Cancel in-flight SQL query if user cancels query in grafana.
    • Prometheus: Forward oauth tokens after prometheus datasource migration.
    • BarChart: Use new data error view component to show actions in panel edit.
    • CloudMonitor: Iterate over pageToken for resources.
    • Macaron: Prevent WriteHeader invalid HTTP status code panic
    • Alerting: Prevent folders from being deleted when they contain alerts.
    • Alerting: Show full preview value in tooltip.
    • BarGauge: Limit title width when name is really long.
    • CloudMonitoring: Avoid to escape regexps in filters.
    • CloudWatch: Add support for AWS Metric Insights.
    • TooltipPlugin: Remove other panels' shared tooltip in edit panel.
    • Visualizations: Limit y label width to 40% of visualization width.
    • Alerting: Create DatasourceError alert if evaluation returns error.
    • Alerting: Make Unified Alerting enabled by default for those who do not use legacy alerting.
    • Alerting: Support mute timings configuration through the api for the embedded alert manager.
    • CloudWatch: Add missing AWS/Events metrics.
    • Docs: Add easier to find deprecation notices to certain data sources and to the changelog.
    • Plugins Catalog: Enable install controls based on the pluginAdminEnabled flag.
    • Table: Add space between values for the DefaultCell and JSONViewCell.
    • Tracing: Make query editors available in dashboard for Tempo and Zipkin.
    • Alerting: Add UI for contact point testing with custom annotations and labels.
    • Alerting: Make alert state indicator in panel header work with Grafana 8 alerts.
    • Alerting: Option for Discord notifier to use webhook name.
    • Annotations: Deprecate AnnotationsSrv.
    • Auth: Omit all base64 paddings in JWT tokens for the JWT auth.
    • Azure Monitor: Clean up fields when editing Metrics.
    • AzureMonitor: Add new starter dashboards.
    • AzureMonitor: Add starter dashboard for app monitoring with Application Insights.
    • Barchart/Time series: Allow x axis label.
    • CLI: Improve error handling for installing plugins.
    • CloudMonitoring: Migrate to use backend plugin SDK contracts.
    • CloudWatch Logs: Add retry strategy for hitting max concurrent queries.
    • CloudWatch: Add AWS RoboMaker metrics and dimension.
    • CloudWatch: Add AWS Transfer metrics and dimension.
    • Dashboard: replace datasource name with a reference object.
    • Dashboards: Show logs on time series when hovering.
    • Elasticsearch: Add support for Elasticsearch 8.0 (Beta).
    • Elasticsearch: Add time zone setting to Date Histogram aggregation.
    • Elasticsearch: Enable full range log volume histogram.
    • Elasticsearch: Full range logs volume.
    • Explore: Allow changing the graph type.
    • Explore: Show ANSI colors when highlighting matched words in the logs panel.
    • Graph(old) panel: Listen to events from Time series panel.
    • Import: Load gcom dashboards from URL.
    • LibraryPanels: Improves export and import of library panels between orgs.
    • OAuth: Support PKCE.
    • Panel edit: Overrides now highlight correctly when searching.
    • PanelEdit: Display drag indicators on draggable sections.
    • Plugins: Refactor Plugin Management.
    • Prometheus: Add custom query parameters when creating PromLink url.
    • Prometheus: Remove limits on metrics, labels, and values in Metrics Browser.
    • StateTimeline: Share cursor with rest of the panels.
    • Tempo: Add error details when json upload fails.
    • Tempo: Add filtering for service graph query.
    • Tempo: Add links to nodes in Service Graph pointing to Prometheus metrics.
    • Time series/Bar chart panel: Add ability to sort series via legend.
    • TimeSeries: Allow multiple axes for the same unit.
    • TraceView: Allow span links defined on dataFrame.
    • Transformations: Support a rows mode in labels to fields.
    • ValueMappings: Don't apply field config defaults to time fields.
    • Variables: Only update panels that are impacted by variable change.
    • Annotations: We have improved tag search performance.
    • Application: You can now configure an error-template title.
    • AzureMonitor: We removed a restriction from the resource filter query.
    • Packaging: We removed the ProcSubset option in systemd. This option prevented Grafana from starting in LXC environments.
    • Prometheus: We removed the autocomplete limit for metrics.
    • Table: We improved the styling of the type icons to make them more distinct from column / field name.
    • ValueMappings: You can now use value mapping in stat, gauge, bar gauge, and pie chart visualizations.
    • AWS: Updated AWS authentication documentation.
    • Alerting: Added support Alertmanager data source for upstream Prometheus AM implementation.
    • Alerting: Allows more characters in label names so notifications are sent.
    • Alerting: Get alert rules for a dashboard or a panel using /api/v1/rules endpoints.
    • Annotations: Improved rendering performance of event markers.
    • CloudWatch Logs: Skip caching for log queries.
    • Explore: Added an opt-in configuration for Node Graph in Jaeger, Zipkin, and Tempo.
    • Packaging: Add stricter systemd unit options.
    • Prometheus: Metrics browser can now handle label values with special characters.
    • AccessControl: Document new permissions restricting data source access.
    • TimePicker: Add fiscal years and search to time picker.
    • Alerting: Added support for Unified Alerting with Grafana HA.
    • Alerting: Added support for tune rule evaluation using configuration options.
    • Alerting: Cleanups alertmanager namespace from key-value store when disabling Grafana 8 alerts.
    • Alerting: Remove ngalert feature toggle and introduce two new settings for enabling Grafana 8 alerts and disabling them for specific organisations.
    • CloudWatch: Introduced new math expression where it is necessary to specify the period field.
    • InfluxDB: Added support for $__interval and $__interval_ms inFlux queries for alerting.
    • InfluxDB: Flux queries can use more precise start and end timestamps with nanosecond-precision.
    • Plugins Catalog: Make the catalog the default way to interact with plugins.
    • Prometheus: Removed autocomplete limit for metrics.
    • AccessControl: Introduce new permissions to restrict access for reloading provisioning configuration.
    • Alerting: Add UI to edit Cortex/Loki namespace, group names, and group evaluation interval.
    • Alerting: Add a Test button to test contact point.
    • Alerting: Allow creating/editing recording rules for Loki and Cortex.
    • Alerting: Metrics should have the label org instead of user.
    • Alerting: Sort notification channels by name to make them easier to locate.
    • Alerting: Support org level isolation of notification configuration.
    • AzureMonitor: Add data links to deep link to Azure Portal Azure Resource Graph.
    • AzureMonitor: Add support for annotations from Azure Monitor Metrics and Azure Resource Graph services.
    • AzureMonitor: Show error message when subscriptions request fails in ConfigEditor.
    • CloudWatch Logs: Add link to X-Ray data source for trace IDs in logs.
    • CloudWatch Logs: Disable query path using websockets (Live) feature.
    • CloudWatch/Logs: Don't group dataframes for non time series queries.
    • Cloudwatch: Migrate queries that use multiple stats to one query per stat.
    • Dashboard: Keep live timeseries moving left (v2).
    • Datasources: Introduce response_limit for datasource responses.
    • Explore: Add filter by trace or span ID to trace to logs feature.
    • Explore: Download traces as JSON in Explore Inspector.
    • Explore: Reuse Dashboard's QueryRows component.
    • Explore: Support custom display label for derived fields buttons for Loki datasource.
    • Grafana UI: Update monaco-related dependencies.
    • Graphite: Deprecate browser access mode.
    • InfluxDB: Improve handling of intervals in alerting.
    • InfluxDB: InfluxQL query editor: Handle unusual characters in tag values better.
    • Jaeger: Add ability to upload JSON file for trace data.
    • LibraryElements: Enable specifying UID for new and existing library elements.
    • LibraryPanels: Remove library panel icon from the panel header so you can no longer tell that a panel is a library panel from the dashboard view.
    • Logs panel: Scroll to the bottom on page refresh when sorting in ascending order.
    • Loki: Add fuzzy search to label browser.
    • Navigation: Implement active state for items in the Sidemenu.
    • Packaging: Add stricter systemd unit options.
    • Packaging: Update PID file location from /var/run to /run.
    • Plugins: Add Hide OAuth Forward config option.
    • Postgres/MySQL/MSSQL: Add setting to limit the maximum number of rows processed.
    • Prometheus: Add browser access mode deprecation warning.
    • Prometheus: Add interpolation for built-in-time variables to backend.
    • Tempo: Add ability to upload trace data in JSON format.
    • TimeSeries/XYChart: Allow grid lines visibility control in XYChart and TimeSeries panels.
    • Transformations: Convert field types to time string number or boolean.
    • Value mappings: Add regular-expression based value mapping.
    • Zipkin: Add ability to upload trace JSON.
    • Explore: Ensure logs volume bar colors match legend colors.
    • LDAP: Search all DNs for users.
    • AzureMonitor: Add support for PostgreSQL and MySQL Flexible Servers.
    • Datasource: Change HTTP status code for failed datasource health check to 400.
    • Explore: Add span duration to left panel in trace viewer.
    • Plugins: Use file extension allowlist when serving plugin assets instead of checking for UNIX executable.
    • Profiling: Add support for binding pprof server to custom network interfaces.
    • Search: Make search icon keyboard navigable.
    • Template variables: Keyboard navigation improvements.
    • Tooltip: Display ms within minute time range.
    • Alerting: Deduplicate receivers during migration.
    • ColorPicker: Display colors as RGBA.
    • Select: Make portalling the menu opt-in, but opt-in everywhere.
    • TimeRangePicker: Improve accessibility.
    • Alerting: Support label matcher syntax in alert rule list filter.
    • IconButton: Put tooltip text as aria-label.
    • Live: Experimental HA with Redis.
    • UI: FileDropzone component.
    • CloudWatch: Add AWS LookoutMetrics.
    • Alerting: Expand the value string in alert annotations and labels.
    • Auth: Add Azure HTTP authentication middleware.
    • Auth: Auth: Pass user role when using the authentication proxy.
    • Gazetteer: Update countries.json file to allow for linking to 3-letter country codes.
    • Alerting: Add Alertmanager notifications tab.
    • Alerting: Add button to deactivate current Alertmanager configuration.
    • Alerting: Add toggle in Loki/Prometheus data source configuration to opt out of alerting UI.
    • Alerting: Allow any 'evaluate for' value >=0 in the alert rule form.
    • Alerting: Load default configuration from status endpoint, if Cortex Alertmanager returns empty user configuration.
    • Alerting: view to display alert rule and its underlying data.
    • Annotation panel: Release the annotation panel.
    • Annotations: Add typeahead support for tags in built-in annotations.
    • AzureMonitor: Add curated dashboards for Azure services.
    • AzureMonitor: Add support for deep links to Microsoft Azure portal for Metrics.
    • AzureMonitor: Remove support for different credentials for Azure Monitor Logs.
    • AzureMonitor: Support querying any Resource for Logs queries.
    • Elasticsearch: Add frozen indices search support.
    • Elasticsearch: Name fields after template variables values instead of their name.
    • Elasticsearch: add rate aggregation.
    • Email: Allow configuration of content types for email notifications.
    • Explore: Add more meta information when line limit is hit.
    • Explore: UI improvements to trace view.
    • FieldOverrides: Added support to change display name in an override field and have it be matched by a later rule.
    • HTTP Client: Introduce dataproxymaxidle_connections config variable.
    • InfluxDB: InfluxQL: adds tags to timeseries data.
    • InfluxDB: InfluxQL: make measurement search case insensitive. Legacy Alerting: Replace simplejson with a struct in webhook notification channel.
    • Legend: Updates display name for Last (not null) to just Last*.
    • Logs panel: Add option to show common labels.
    • Loki: Add $__range variable.
    • Loki: Add support for 'label_values(log stream selector, label)' in templating.
    • Loki: Add support for ad-hoc filtering in dashboard.
    • MySQL Datasource: Add timezone parameter.
    • NodeGraph: Show gradient fields in legend.
    • PanelOptions: Don't mutate panel options/field config object when updating.
    • PieChart: Make pie gradient more subtle to match other charts.
    • Prometheus: Update PromQL typeahead and highlighting.
    • Prometheus: interpolate variable for step field.
    • Provisioning: Improve validation by validating across all dashboard providers.
    • SQL Datasources: Allow multiple string/labels columns with time series.
    • Select: Portal select menu to document.body.
    • Team Sync: Add group mapping to support team sync in the Generic OAuth provider.
    • Tooltip: Make active series more noticeable.
    • Tracing: Add support to configure trace to logs start and end time.
    • Transformations: Skip merge when there is only a single data frame.
    • ValueMapping: Added support for mapping text to color, boolean values, NaN and Null. Improved UI for value mapping.
    • Visualizations: Dynamically set any config (min, max, unit, color, thresholds) from query results.
    • live: Add support to handle origin without a value for the port when matching with root_url.
    • Alerting: Add annotation upon alert state change.
    • Alerting: Allow space in label and annotation names.
    • InfluxDB: Improve legend labels for InfluxDB query results.
    • Cloudwatch Logs: Send error down to client.
    • Folders: Return 409 Conflict status when folder already exists.
    • TimeSeries: Do not show series in tooltip if it's hidden in the viz.
    • Live: Rely on app url for origin check.
    • PieChart: Sort legend descending, update placeholder.
    • TimeSeries panel: Do not reinitialize plot when thresholds mode change.
    • Alerting: Increase alertmanager_conf column if MySQL.
    • Time series/Bar chart panel: Handle infinite numbers as nulls when converting to plot array.
    • TimeSeries: Ensure series overrides that contain color are migrated, and migrate the previous fieldConfig when changing the panel type.
    • ValueMappings: Improve singlestat value mappings migration.
    • Datasource: Add support for maxconnsper_host in dataproxy settings.
    • AzureMonitor: Require default subscription for workspaces() template variable query.
    • AzureMonitor: Use resource type display names in the UI.
    • Dashboard: Remove support for loading and deleting dashboard by slug.
    • InfluxDB: Deprecate direct browser access in data source.
    • VizLegend: Add a read-only property.
    • API: Support folder UID in dashboards API.
    • Alerting: Add support for configuring avatar URL for the Discord notifier.
    • Alerting: Clarify that Threema Gateway Alerts support only Basic IDs.
    • Azure: Expose Azure settings to external plugins.
    • AzureMonitor: Deprecate using separate credentials for Azure Monitor Logs.
    • AzureMonitor: Display variables in resource picker for Azure Monitor Logs.
    • AzureMonitor: Hide application insights for data sources not using it.
    • AzureMonitor: Support querying subscriptions and resource groups in Azure Monitor Logs.
    • AzureMonitor: remove requirement for default subscription.
    • CloudWatch: Add Lambda@Edge Amazon CloudFront metrics.
    • CloudWatch: Add missing AWS AppSync metrics.
    • ConfirmModal: Auto focus delete button.
    • Explore: Add caching for queries that are run from logs navigation.
    • Loki: Add formatting for annotations.
    • Loki: Bring back processed bytes as meta information.
    • NodeGraph: Display node graph collapsed by default with trace view.
    • Overrides: Include a manual override option to hide something from visualization.
    • PieChart: Support row data in pie charts.
    • Prometheus: Update default HTTP method to POST for existing data sources.
    • Time series panel: Position tooltip correctly when window is scrolled or resized.
    • AppPlugins: Expose react-router to apps.
    • AzureMonitor: Add Azure Resource Graph.
    • AzureMonitor: Managed Identity configuration UI.
    • AzureMonitor: Token provider with support for Managed Identities.
    • AzureMonitor: Update Logs workspace() template variable query to return resource URIs.
    • BarChart: Value label sizing.
    • CloudMonitoring: Add support for preprocessing.
    • CloudWatch: Add AWS/EFS StorageBytes metric.
    • CloudWatch: Allow use of missing AWS namespaces using custom metrics.
    • Datasource: Shared HTTP client provider for core backend data sources and any data source using the data source proxy.
    • InfluxDB: InfluxQL: allow empty tag values in the query editor.
    • Instrumentation: Instrument incoming HTTP request with histograms by default.
    • Library Panels: Add name endpoint & unique name validation to AddLibraryPanelModal.
    • Logs panel: Support details view.
    • PieChart: Always show the calculation options dropdown in the editor.
    • PieChart: Remove beta flag.
    • Plugins: Enforce signing for all plugins.
    • Plugins: Remove support for deprecated backend plugin protocol version.
    • Tempo/Jaeger: Add better display name to legend.
    • Timeline: Add time range zoom.
    • Timeline: Adds opacity & line width option.
    • Timeline: Value text alignment option.
    • ValueMappings: Add duplicate action, and disable dismiss on backdrop click.
    • Zipkin: Add node graph view to trace response.
    • API: Add org users with pagination.
    • API: Return 404 when deleting nonexistent API key.
    • API: Return query results as JSON rather than base64 encoded Arrow.
    • Alerting: Allow sending notification tags to Opsgenie as extra properties.
    • Alerts: Replaces all uses of InfoBox & FeatureInfoBox with Alert.
    • Auth: Add support for JWT Authentication.
    • AzureMonitor: Add support for Microsoft.SignalRService/SignalR metrics.
    • AzureMonitor: Azure settings in Grafana server config.
    • AzureMonitor: Migrate Metrics query editor to React.
    • BarChart panel: enable series toggling via legend.
    • BarChart panel: Adds support for Tooltip in BarChartPanel.
    • PieChart panel: Change look of highlighted pie slices.
    • CloudMonitoring: Migrate config editor from angular to react.
    • CloudWatch: Add Amplify Console metrics and dimensions.
    • CloudWatch: Add missing Redshift metrics to CloudWatch data source.
    • CloudWatch: Add metrics for managed RabbitMQ service.
    • DashboardList: Enable templating on search tag input.
    • Datasource config: correctly remove single custom http header.
    • Elasticsearch: Add generic support for template variables.
    • Elasticsearch: Allow omitting field when metric supports inline script.
    • Elasticsearch: Allow setting a custom limit for log queries.
    • Elasticsearch: Guess field type from first non-empty value.
    • Elasticsearch: Use application/x-ndjson content type for multisearch requests.
    • Elasticsearch: Use semver strings to identify ES version.
    • Explore: Add logs navigation to request more logs.
    • Explore: Map Graphite queries to Loki.
    • Explore: Scroll split panes in Explore independently.
    • Explore: Wrap each panel in separate error boundary.
    • FieldDisplay: Smarter naming of stat values when visualising row values (all values) in stat panels.
    • Graphite: Expand metric names for variables.
    • Graphite: Handle unknown Graphite functions without breaking the visual editor.
    • Graphite: Show graphite functions descriptions.
    • Graphite: Support request cancellation properly (Uses new backendSrv.fetch Observable request API).
    • InfluxDB: Flux: Improve handling of complex response-structures.
    • InfluxDB: Support region annotations.
    • Inspector: Download logs for manual processing.
    • Jaeger: Add node graph view for trace.
    • Jaeger: Search traces.
    • Loki: Use data source settings for alerting queries.
    • NodeGraph: Exploration mode.
    • OAuth: Add support for empty scopes.
    • PanelChrome: New logic-less emotion based component with no dependency on PanelModel or DashboardModel.
    • PanelEdit: Adds a table view toggle to quickly view data in table form.
    • PanelEdit: Highlight matched words when searching options.
    • PanelEdit: UX improvements.
    • Plugins: PanelRenderer and simplified QueryRunner to be used from plugins.
    • Plugins: AuthType in route configuration and params interpolation.
    • Plugins: Enable plugin runtime install/uninstall capabilities.
    • Plugins: Support set body content in plugin routes.
    • Plugins: Introduce marketplace app.
    • Plugins: Moving the DataSourcePicker to grafana/runtime so it can be reused in plugins.
    • Prometheus: Add custom query params for alert and exemplars queries.
    • Prometheus: Use fuzzy string matching to autocomplete metric names and label.
    • Routing: Replace Angular routing with react-router.
    • Slack: Use chat.postMessage API by default.
    • Tempo: Search for Traces by querying Loki directly from Tempo.
    • Tempo: Show graph view of the trace.
    • Themes: Switch theme without reload using global shortcut.
    • TimeSeries panel: Add support for shared cursor.
    • TimeSeries panel: Do not crash the panel if there is no time series data in the response.
    • Variables: Do not save repeated panels, rows and scopedVars.
    • Variables: Removes experimental Tags feature.
    • Variables: Removes the never refresh option.
    • Visualizations: Unify tooltip options across visualizations.
    • Visualizations: Refactor and unify option creation between new visualizations.
    • Visualizations: Remove singlestat panel.
  • Plugin development fixes & changes:

    • Toolkit: Revert build config so tslib is bundled with plugins to prevent plugins from crashing.
    • Select: Select menus now properly scroll during keyboard navigation.
    • grafana/ui: Enable slider marks display.
    • Plugins: Create a mock icon component to prevent console errors.
    • Grafana UI: Fix TS error property css is missing in type.
    • Toolkit: Fix matchMedia not found error.
    • Toolkit: Improve error messages when tasks fail.
    • Toolkit: Resolve external fonts when Grafana is served from a sub path.
    • QueryField: Remove carriage return character from pasted text.
    • Button: Introduce buttonStyle prop.
    • DataQueryRequest: Remove deprecated props showingGraph and showingTabel and exploreMode.
    • grafana/ui: Update React Hook Form to v7.
    • IconButton: Introduce variant for red and blue icon buttons.
    • Plugins: Expose the getTimeZone function to be able to get the current selected timeZone.
    • TagsInput: Add className to TagsInput.
    • VizLegend: Move onSeriesColorChanged to PanelContext (breaking change).
  • Other changes:

    • Update to Go 1.17.
    • Add build-time dependency on wire.
References

Affected packages

openSUSE:Leap 15.3 / grafana

Package

Name
grafana
Purl
purl:rpm/suse/grafana&distro=openSUSE%20Leap%2015.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.3.5-150200.3.21.1

Ecosystem specific

{
    "binaries": [
        {
            "grafana": "8.3.5-150200.3.21.1"
        }
    ]
}

openSUSE:Leap 15.4 / grafana

Package

Name
grafana
Purl
purl:rpm/suse/grafana&distro=openSUSE%20Leap%2015.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.3.5-150200.3.21.1

Ecosystem specific

{
    "binaries": [
        {
            "grafana": "8.3.5-150200.3.21.1"
        }
    ]
}