Security

We discovered the Grafana Loki Helm chart had a default configuration that could potentially lead to unintended requests to third-party Amazon S3...

A security report claiming there’s a SQL injection attack in Grafana is incorrect. It is the intended and documented behavior for authenticated users...

Learn how Grafana Labs maintains the highest standards of data privacy and security with Grafana Cloud, our fully managed observability platform.

We have released Grafana 10.4, 10.3.4, 10.2.5, 10.1.8, 10.0.12 and 9.5.17, which include a medium severity security fix. If you are affected, we...

Today we are releasing Grafana 10.3.3, 10.2.4, 10.1.7, 10.0.11 and 9.5.16, which include a medium severity security fix. If you are affected, we...

With the new 'No basic role' in Grafana, you'll improve access control and the overall security of your Grafana instance.

Today we are releasing Grafana Image Renderer v3.8.3 which includes an important security fix. If you are affected, we recommend that you install...

Today we are releasing Grafana 10.1.5, 10.0.9, 9.5.13, and 9.4.17, which include a medium severity security fix. If you are affected, we recommend...

As a follow-up to our report regarding our GPG signing key rotation, we are sharing our full post-incident review and timeline.

In response to an incident in which our GPG private key was unintentionally exposed, we have issued a new public key. If you are affected, we...

with the release of Grafana 10.0, we have introduced a new user interface that simplifies the configuration of SAML authentication for your Grafana...

Learn what Trusted Types are, why we decided to adopt them, and how we've implemented them in Grafana to address XSS vulnerabilities.