{"affected":[{"ecosystem_specific":{"binaries":[{"grafana":"9.5.18-150200.3.56.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15 SP6","name":"grafana","purl":"pkg:rpm/suse/grafana&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"9.5.18-150200.3.56.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"grafana":"9.5.18-150200.3.56.1","mybatis":"3.5.6-150200.5.6.1","mybatis-javadoc":"3.5.6-150200.5.6.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"grafana","purl":"pkg:rpm/opensuse/grafana&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"9.5.18-150200.3.56.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"grafana":"9.5.18-150200.3.56.1","mybatis":"3.5.6-150200.5.6.1","mybatis-javadoc":"3.5.6-150200.5.6.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"mybatis","purl":"pkg:rpm/opensuse/mybatis&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.5.6-150200.5.6.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for grafana and mybatis fixes the following issues:\n\ngrafana was updated to version 9.5.18:\n\n- Grafana now requires Go 1.20\n- Security issues fixed:\n\n  * CVE-2024-1313: Require same organisation when deleting snapshots (bsc#1222155)\n  * CVE-2023-6152: Add email verification when updating user email (bsc#1219912)\n\n- Other non-security related changes:\n\n  * Version 9.5.17:\n\n    + [FEATURE] Alerting: Backport use Alertmanager API v2\n\n  * Version 9.5.16:\n\n    + [BUGFIX] Annotations: Split cleanup into separate queries and\n      deletes to avoid deadlocks on MySQL\n\n  * Version 9.5.15:\n\n    + [FEATURE] Alerting: Attempt to retry retryable errors\n\n  * Version 9.5.14:\n\n    + [BUGFIX] Alerting: Fix state manager to not keep\n      datasource_uid and ref_id labels in state after Error\n    + [BUGFIX] Transformations: Config overrides being lost when\n      config from query transform is applied\n    + [BUGFIX] LDAP: Fix enable users on successfull login\n\n  * Version 9.5.13:\n\n    + [BUGFIX] BrowseDashboards: Only remember the most recent\n      expanded folder\n    + [BUGFIX] Licensing: Pass func to update env variables when\n      starting plugin\n\n  * Version 9.5.12:\n\n    + [FEATURE] Azure: Add support for Workload Identity\n      authentication\n\n  * Version 9.5.9:\n\n    + [FEATURE] SSE: Fix DSNode to not panic when response has empty\n      response\n    + [FEATURE] Prometheus: Handle the response with different field\n      key order\n    + [BUGFIX] LDAP: Fix user disabling\n\n\nmybatis:\n\n- `apache-commons-ognl` is now a non-optional dependency\n- Fixed building with log4j v1 and v2 dependencies\n","id":"SUSE-SU-2024:1530-2","modified":"2024-06-24T16:19:43Z","published":"2024-06-24T16:19:43Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20241530-2/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1219912"},{"type":"REPORT","url":"https://bugzilla.suse.com/1222155"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-6152"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-1313"}],"related":["CVE-2023-6152","CVE-2024-1313"],"summary":"Security update for grafana and mybatis","upstream":["CVE-2023-6152","CVE-2024-1313"]}