From 7577439ff8ab22445a5bc39bd9ef0576aa54e503 Mon Sep 17 00:00:00 2001 From: Ian Wienand Date: Fri, 19 Feb 2021 09:54:31 +1100 Subject: [PATCH] grafana: update to 7.4.2 This includes a fix for I216528a76307189d8d87bd2fcfeff95c6ceb53cc. Now it's released we can be a bit more explicit about why we added the workaround. Change-Id: Ibaf1850549b5e7ec3622418b650bc5e59a289ab6 --- docker/grafana/Dockerfile | 2 +- playbooks/roles/grafana/templates/grafana.vhost.j2 | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/docker/grafana/Dockerfile b/docker/grafana/Dockerfile index 81f4cc0fd1..78a24b637d 100644 --- a/docker/grafana/Dockerfile +++ b/docker/grafana/Dockerfile @@ -13,7 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM docker.io/grafana/grafana:7.4.1-ubuntu +FROM docker.io/grafana/grafana:7.4.2-ubuntu LABEL maintainer="infra-root@openstack.org" diff --git a/playbooks/roles/grafana/templates/grafana.vhost.j2 b/playbooks/roles/grafana/templates/grafana.vhost.j2 index afddd47487..07a5caf3ce 100644 --- a/playbooks/roles/grafana/templates/grafana.vhost.j2 +++ b/playbooks/roles/grafana/templates/grafana.vhost.j2 @@ -34,6 +34,13 @@ SSLCertificateKeyFile /etc/letsencrypt-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.key SSLCertificateChainFile /etc/letsencrypt-certs/{{ inventory_hostname }}/ca.cer + # NOTE(ianw) 2021-02-19 + # This was for a security issue fixed in 7.4.2 + # where anonymous users could cause a write to disk, fixed + # with + # https://github.com/grafana/grafana/pull/31263/ + # We leave it because we don't use the API, but if we need + # it, we can remove this. RewriteEngine on RewriteRule "^/api/snapshots(.*?)$" "-" [F]