[9.2.10-7] – resolve RHEL-12649 – resolve CVE-2023-39325 CVE-2023-44487 rapid stream resets can cause excessive work – testing is turned off due to test failures caused by testing date mismatch [9.2.10-6] – Add /usr/share/grafana to systemd-sysusers –replace [9.2.10-5] – resolve CVE-2023-3128 grafana: account takeover possible when using Azure AD OAuth [9.2.10-4] – bumps exporter-toolkit to v0.7.3, sanitize-url@npm to 6.0.2, skip problematic s390 tests. [9.2.10-3] – Use systemd-sysusers –replace [9.2.10-2] – Use systemd-sysusers instead of sysusers_create_compat, which is not available in RHEL-8 [9.2.10-1] – Update to 9.2.10 [7.5.15-4] – resolve CVE-2022-39229 grafana: using email as a username can block other users from signing in – resolve CVE-2022-27664 golang: net/https: handle server errors after sending GOAWAY – resolve CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps – resolve CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters – run integration tests in check phase – update FIPS patch with latest changes in Go packaging [7.5.15-3] – resolve CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse functions – resolve CVE-2022-1705 golang: net/https: improper sanitization of Transfer-Encoding header – resolve CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy – omit X-Forwarded-For not working – resolve CVE-2022-30631 golang: compress/gzip: stack exhaustion in…Read More
References
Back to Main