smarthome.codes
smarthome.codes
Grafana

Grafana Releases Critical Security Updates for Multiple Versions

Adriana
2 days ago
Add comment
2 min read
Grafana

Grafana Rolls Out Security Updates Across Multiple Versions

Grafana has released important security patches for several versions of its monitoring platform. These updates address critical vulnerabilities and boost stability from versions 10.4.x through 11.6.0, with a special focus on patching multiple CVE-listed security flaws.

Key Takeaways

  • Critical vulnerabilities fixed, including CVE-2025-3454 and CVE-2025-2703
  • Go programming language upgraded to 1.24.2 for newer releases and 1.23.7 for legacy versions
  • Enhancements to SAML authentication and user management
  • Bug fixes for Slack notifications, dashboard navigation, and organization switching
  • Updated various dependencies with known security risks

Current Security Updates

Versions 11.3.6 and 11.2.9

The latest updates for versions 11.3.6 and 11.2.9 bring identical fixes, including:

  • Updating libraries with known security vulnerabilities
  • Upgrading to Go 1.24.2
  • Resolving SAML user authentication issues
  • Fixing the “ErrUserAlreadyExists” error by re-fetching user data
  • Addressing security flaws CVE-2025-3454 and CVE-2025-2703

Version 10.4.18

For users running older Grafana setups, version 10.4.18 delivers crucial security fixes:

  • Updated golang-jwt/jwt/v4 and golang-jwt/jwt/v5 packages to patch vulnerabilities
  • Upgrade to Go 1.24.2
  • Improvements to SAML user authentication
  • Fix for security issue CVE-2025-3454

Security Patches for Existing Versions

Version 11.6.0+security-01

This targeted security update for the latest major release closes three critical vulnerabilities:

  • CVE-2025-3454
  • CVE-2025-2703
  • CVE-2025-3260

Versions 11.5.3, 11.4.3, 11.3.5, and 11.2.8

All of these releases now carry the “+security-01” suffix and include similar improvements:

  • Upgraded to Go 1.23.7
  • Fixed issues with Slack image uploads in notifications
  • Enhancements to service accounts and UI error messages
  • Patched security flaws CVE-2025-3454 and CVE-2025-2703

Additional Bug Fixes and Improvements

Beyond security updates, the new versions include a variety of other tweaks and improvements:

Dashboard and User Interface

  • Fixed unintended updates to time range and variables when saving (11.5.3)
  • Restored missing keyboard shortcuts (v/e/i) to quickly return to the dashboard (11.5.3)
  • Improved organization linking (11.5.3)

Authentication and User Management

  • Corrected AzureAD configuration in ClientAuthentication settings (11.5.3)
  • Fixed crashes occurring on the LDAP test page (11.5.3)
  • Eliminated error pop-ups for service account and renderer UI workflows

Data Sources

  • Improved handling of template variables in regular expressions for InfluxDB (InfluxQL)

https://github.com/grafana/grafana/releases/tag/v11.3.6
https://github.com/grafana/grafana/releases/tag/v11.2.9
https://github.com/grafana/grafana/releases/tag/v10.4.18
https://github.com/grafana/grafana/releases/tag/v11.6.0%2Bsecurity-01
https://github.com/grafana/grafana/releases/tag/v11.5.3%2Bsecurity-01
https://github.com/grafana/grafana/releases/tag/v11.4.3%2Bsecurity-01
https://github.com/grafana/grafana/releases/tag/v11.3.5%2Bsecurity-01
https://github.com/grafana/grafana/releases/tag/v11.2.8%2Bsecurity-01
https://github.com/grafana/grafana/releases/tag/v10.4.17%2Bsecurity-01

EmailFacebookXLinkedIn

Adriana

I have been fascinated by everything to do with technology for many years, especially when it comes to making my own home smarter and more comfortable. For me, a smart home is not just a technical gimmick, but above all a real improvement in quality of life. It all started very small with a networked thermostat, but this little experiment quickly turned into a great passion. My home now comprises a sophisticated system of lighting control, heating automation and security solutions that make my everyday life noticeably easier. For me, a smart home is much more than just technology: it means convenience, sustainability and a real improvement in quality of life. It is particularly important to me that systems are intuitive to use and can be easily integrated into everyday life, regardless of brand or manufacturer. My vision is a home that not only reacts to commands, but also thinks and acts with foresight. I dream of a smart home that saves energy, adapts individually to residents and the environment and always puts people at the center.

Here on my blog, I share personal experiences, helpful tips and interesting insights on the topic of smart homes.
I'm particularly looking forward to exchanging ideas with you, whether you're just starting out with your smart home or are already a real pro.

Do you have any questions, suggestions or just want to chat? Then feel free to write me a comment.

View all posts

Add comment

You may also like

Donations