Description:
This update for grafana fixes the following issues:
grafana was updated from version 11.5.5 to 11.5.10:
- Security issues fixed:
* CVE-2025-64751: Dropped experimental implementation of authorization Zanzana server/client (version 11.5.10)
(bsc#1254113)
* CVE-2025-47911: Fixed parsing HTML documents (version 11.5.10) (bsc#1251454)
* CVE-2025-58190: Fixed excessive memory consumption (version 11.5.10) (bsc#1251657)
* CVE-2025-11065: Fixed sensitive information leak in logs (version 11.5.9) (bsc#1250616)
* CVE-2025-6023: Fixed cross-site-scripting via scripted dashboards (version 11.5.7) (bsc#1246735)
* CVE-2025-6197: Fixed open redirect in organization switching (version 11.5.7) (bsc#1246736)
* CVE-2025-3415: Fixed exposure of DingDing alerting integration URL to Viewer level users (version 11.5.6)
(bsc#1245302)
- Other changes, new features and bugs fixed:
* Version 11.5.10:
+ Use forked wire from Grafana repository instead of external package (jsc#PED-14178)
+ Auth: Fix render user OAuth passthrough.
+ LDAP Authentication: Fix URL to propagate username context as parameter.
+ Plugins: Dependencies do not inherit parent URL for preinstall.
* Version 11.5.9:
+ Auditing: Document new options for recording datasource query request/response body.
+ Login: Fixed redirection after login when Grafana is served from subpath.
* Version 11.5.7:
+ Azure: Fixed legend formatting and resource name determination in template variable queries.