diff --git a/_service b/_service
index 1091a82..1971c26 100644
--- a/_service
+++ b/_service
@@ -5,7 +5,7 @@
     <param name="exclude">.git</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="versionrewrite-pattern">v(.*)</param>
-    <param name="revision">v8.3.4</param>
+    <param name="revision">v8.3.5</param>
     <param name="changesgenerate">enable</param>
   </service>
   <service name="recompress" mode="disabled">
diff --git a/_servicedata b/_servicedata
index 467033c..7d29a95 100644
--- a/_servicedata
+++ b/_servicedata
@@ -1,6 +1,6 @@
 <servicedata>
   <service name="tar_scm">
     <param name="url">https://github.com/grafana/grafana</param>
-    <param name="changesrevision">a551d74b11dd89b512d642da5b620225a5d88cc9</param>
+    <param name="changesrevision">a53fcac7b1b7ebda8c0cb18f7ce92788af92fa32</param>
   </service>
 </servicedata>
\ No newline at end of file
diff --git a/grafana-8.3.4.tar.gz b/grafana-8.3.4.tar.gz
deleted file mode 100644
index 0a23cd3..0000000
--- a/grafana-8.3.4.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f7b7d1e9984d58e4d9814a79f741f95c854b6a4d5fdb1f965fe95aaa27ebcc2b
-size 46200318
diff --git a/grafana-8.3.5.tar.gz b/grafana-8.3.5.tar.gz
new file mode 100644
index 0000000..a033b22
--- /dev/null
+++ b/grafana-8.3.5.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:deac98bbcc68840e8262b36957b8aa47e755b339e699a28042931b4160865900
+size 46195057
diff --git a/grafana.changes b/grafana.changes
index 1fe8c53..c2c1a33 100644
--- a/grafana.changes
+++ b/grafana.changes
@@ -1,3 +1,15 @@
+-------------------------------------------------------------------
+Wed Feb 09 16:10:40 UTC 2022 - witold.bedyk@suse.com
+
+- Update to version 8.3.5 (jsc#SLE-23439, jsc#SLE-23422)
+  + Security:
+    * Fixes XSS vulnerability in handling data sources
+      (bsc#1195726, CVE-2022-21702)
+    * Fixes cross-origin request forgery vulnerability
+      (bsc#1195727, CVE-2022-21703)
+    * Fixes Insecure Direct Object Reference vulnerability in Teams
+      API (bsc#1195728, CVE-2022-21713)
+
 -------------------------------------------------------------------
 Thu Jan 20 14:01:12 UTC 2022 - witold.bedyk@suse.com
 
@@ -5,7 +17,7 @@ Thu Jan 20 14:01:12 UTC 2022 - witold.bedyk@suse.com
 - Add build-time dependency on `wire`.
 - Update license to GNU Affero General Public License v3.0.
 
-- Update to version 8.3.4 (jsc#PM-3191)
+- Update to version 8.3.4
   + Security:
     * GetUserInfo: return an error if no user was found
       (bsc#1194873, CVE-2022-21673)
diff --git a/grafana.spec b/grafana.spec
index f485b3f..f84b49f 100644
--- a/grafana.spec
+++ b/grafana.spec
@@ -22,7 +22,7 @@
 %endif
 
 Name:           grafana
-Version:        8.3.4
+Version:        8.3.5
 Release:        0
 Summary:        The open-source platform for monitoring and observability
 License:        AGPL-3.0-only
diff --git a/vendor.tar.gz b/vendor.tar.gz
index 0d95031..c6ca054 100644
--- a/vendor.tar.gz
+++ b/vendor.tar.gz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:3064ce1cbf8699eb93ca7b2d38cddb6cf8cde132f03a52ac441af8d126e8f6b0
-size 16948630
+oid sha256:3953f42d39266b7d4056fceebd60ff64c877587322c40288ee4bcf7b6b371ce2
+size 16947875