Grafana 11.6.1, 11.5.4 & 11.4.4 Security Updates and Enhancements

Grafana Releases: Security Updates and Improvements in Versions 11.6.1, 11.5.4, and 11.4.4

Grafana has recently released important updates for its platform that include several critical security improvements and feature enhancements. Versions 11.6.1, 11.5.4, and 11.4.4 address known vulnerabilities and bring useful optimizations. These updates are particularly relevant for administrators and users of Grafana installations.

Key Takeaways:

• All three versions fix critical security vulnerabilities (CVE-2025-3454 and CVE-2025-2703)
• Update of Go version to 1.24.2 in all recent releases
• Version 11.6.1 additionally fixes CVE-2025-3260 and updates the JWT library (CVE-2025-30204)
• Improved support for Prometheus data sources from cloud partners
• Numerous Azure Monitor improvements in version 11.5.4
• Fixed issues with InfluxDB variable interpolation and LDAP tests

Grafana Version 11.6.1: The Latest Update

Features and Enhancements

• Updated JWT library to address CVE-2025-30204
• Corrected slug in self-referencing data links in DashboardScenePage
• Updated github.com/redis/go-redis/v9 to version 9.7.3 to address CVE-2025-29923
• Updated to Go 1.24.2
• Improved interactive tooltip handler in GrafanaUI
• Added support for Prometheus data sources from cloud partners

Bug Fixes

• Added role-based access control for Alertmanager via the reqAction field
• Removed blurred background from overlay backdrops to improve performance
• Fixed nested variable interpolation in InfluxDB
• Fixed page crashes in LDAP tests
• Corrected linking between organizations
• Fixed multiple security vulnerabilities: CVE-2025-3454, CVE-2025-2703, and CVE-2025-3260

Grafana Version 11.5.4: Key Changes

Features and Enhancements

• Azure Monitor Improvements:
  • Filtering namespaces by resource group
  • Support for custom namespaces and custom metrics variable queries
  • Resource picker optimizations
  • Support for more complex variable interpolation
  • Improvements to variable editor and resource picker
• Updated dependencies with known vulnerabilities
• Corrected slug in self-referencing data links in DashboardScenePage
• Updated github.com/redis/go-redis/v9 to version 9.6.3 to address CVE-2025-29923
• Updated to Go 1.24.2
• Added support for Prometheus data sources from cloud partners

Bug Fixes

• Fixed nested variable interpolation in InfluxDB
• Fixed page crashes in LDAP tests
• Fixed security vulnerabilities CVE-2025-3454 and CVE-2025-2703

Grafana Version 11.4.4: Security Updates

Features and Enhancements

• Updated to Go 1.24.2 (Enterprise)

Bug Fixes

• Fixed security vulnerabilities CVE-2025-3454 and CVE-2025-2703

For more information and downloads, visit:

• Grafana v11.6.1 Release Notes
• Grafana v11.5.4 Release Notes
• Grafana v11.4.4 Release Notes