pool/grafana
SHA256
12
0
Fork 1
Code Issues Pull Requests Activity

Update to version 11.6.3+security-01:

Browse Source 
CVE-2025-6023: Fix cross-site-scripting via scripted dashboards (bsc#1246735)
  CVE-2025-6197: Fix open redirect in organization switching (bsc#1246736)

OBS-URL: https://build.opensuse.org/package/show/server:monitoring/grafana?expand=0&rev=174
This commit is contained in:
Marius Kittler
2025-07-22 20:17:54 +00:00
committed by Git OBS Bridge
parent 1b90ac6b55
commit e7cfd43506
6 changed files with 29 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
_service
View File

@@ -4,8 +4,9 @@
<param name="scm">git</param>
<param name="exclude">.git</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="revision">v11.6.3</param>
<param name="versionrewrite-pattern">v(.*)-(.*)</param>
<param name="versionrewrite-replacement">\1\2</param>
<param name="revision">v11.6.3+security-01</param>
</service>
<service name="recompress" mode="manual">
<param name="compression">gz</param>
@@ -13,5 +14,6 @@
</service>
<service name="set_version" mode="manual">
<param name="basename">grafana</param>
<param name="version">11.6.3+security01</param>
</service>
</services>

3
grafana-11.6.3+security01.tar.gz Normal file
View File

@@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:693b6a5eab498df59c36e848044fb42c4c6fb4a238d3ab74c2eede6545afa8d9
size 101231168

3
grafana-11.6.3.tar.gz
View File

@@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:5ce17eb029e4951d75ca8e77eee4ac4996862049c3a9b1a0c4a066457ae24c50
size 101203716

18
grafana.changes
View File

@@ -1,3 +1,20 @@
-------------------------------------------------------------------
Tue Jul 22 13:10:21 UTC 2025 - Witek Bedyk <witold.bedyk@suse.com>
- Update to version 11.6.3+security-01:
Security:
CVE-2025-6023: Fix cross-site-scripting via scripted dashboards
(bsc#1246735)
CVE-2025-6197: Fix open redirect in organization switching
(bsc#1246736)
Features and enhancements:
* Profiles: Stop passing response headers for Grafana-Pyroscope
and parca datasources.
Bug fixes:
* FlameGraph: Fix bug for function names that conflict with
JavaScript object prototype properties.
- Require Go 1.24 for building
-------------------------------------------------------------------
Thu Jul 10 13:36:29 UTC 2025 - Witek Bedyk <witold.bedyk@suse.com>
@@ -9519,6 +9536,7 @@ Thu Feb 08 14:12:39 UTC 2018 - jfajerski@suse.com
-------------------------------------------------------------------
-------------------------------------------------------------------
Mon Jan 29 11:04:08 UTC 2018 - jan.fajerski@suse.com
- Use %{_fillupdir} for sysconfig file

4
grafana.spec
View File

@@ -22,7 +22,7 @@
%endif
Name: grafana
Version: 11.6.3
Version: 11.6.3+security01
Release: 0
Summary: The open-source platform for monitoring and observability
License: AGPL-3.0-only
@@ -40,7 +40,7 @@ Patch2: 0002-Use-bash-instead-of-env.patch
BuildRequires: fdupes
BuildRequires: git-core
BuildRequires: wire
BuildRequires: golang(API) >= 1.23.7
BuildRequires: golang(API) >= 1.24
Requires(post): %fillup_prereq
Requires: group(grafana)
Requires: user(grafana)

4
vendor.tar.gz
View File

@@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b230c153027bbb20c6cc421e354f445e671b4dcae8a63b4aaf796e90ff06db67
size 102764002
oid sha256:2cb06ba5352c87c28aa6c0c09665f74bc6d7df6545bd6a4218560160be4ea539
size 102766004