Release date:
2026-05-05 01:30:15 UTC
Description:
- CVE-2026-27877: fix exposure of direct data-source passwords via public
dashboards by limiting frontend settings to data sources actually used by
the dashboard
- Note: upstream test additions in pkg/api/frontendsettings_test.go are not
backported. The %check stage only runs the Jest frontend suite (gated on
0), so backend Go tests would not be exercised by this
build, and the upstream test depends on hs.publicDashboardsService which
does not exist in 10.2.6 (the production fix already uses the
hs.PublicDashboardsApi.PublicDashboardService adapter for the same reason)
Updated packages:
-
grafana-10.2.6-15.el9_6.tuxcare.els7.x86_64.rpm
sha:eff695cd7ed979582bf1b1b8e989a285ac61146cb29e8240361be882f1612df6
-
grafana-selinux-10.2.6-15.el9_6.tuxcare.els7.x86_64.rpm
sha:363b4abd4b50f8622bf2e7c5c8f30351c6c4d7eaaf8f61a9c3150cfa5c5cdd8a
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
