- Grafana v12.1.1 (df5de8219b)
- Red Hat Enterprise Linux 8.10 (Ootpa)
During a security review, we found that Grafana automatically updated the grafana-pyroscope-app plugin after a restart.
My username (I am in the admin group) is in the logs, but I did not take any action on my part in the GUI to update plugins
(and the log statement is just a second after the restart). Logs attached at the end.
Our preinstall config values are the defaults
preinstall =
preinstall_sync =
preinstall_disabled = false
and
# Set to false to disable all checks to https://grafana.com
# for new versions of plugins. The check is used
# in some UI views to notify that a plugin update exists.
# This option does not cause any auto updates, nor send any information
# only a GET request to https://grafana.com to get the latest versions.
check_for_plugin_updates = true
Is this automatic update expected? How do I disable that?
I did not find any explicit config options for that.
I am planning to set
plugin_admin_enabled = false
but it’s not clear to me from the documentation that this will also prevent these automatic updates.
My goal would be to see in the GUI plugin section if updates are available, have no option in the GUI to update, have no automated updates happening, but then update manually via downloaded ZIP files.
How do I achieve this behavior?
Thanks!
logger=settings t=2025-09-25T13:55:44.668440844-04:00 level=info msg="Starting Grafana" version=12.1.1 commit=df5de8219b41d1e639e003bf5f3a85913761d167 branch=HEAD compiled=2025-09-25T13:55:44-04:00
[…]
logger=ngalert.scheduler t=2025-09-25T13:55:45.10079498-04:00 level=info msg="Starting scheduler" tickInterval=10s maxAttempts=3
logger=ticker t=2025-09-25T13:55:45.100871683-04:00 level=info msg=starting first_tick=2025-09-25T13:55:50-04:00
logger=provisioning.alerting t=2025-09-25T13:55:45.193221944-04:00 level=info msg="starting to provision alerting"
logger=provisioning.alerting t=2025-09-25T13:55:45.193286947-04:00 level=info msg="finished to provision alerting"
logger=provisioning.dashboard t=2025-09-25T13:55:45.19366376-04:00 level=info msg="starting to provision dashboards"
logger=provisioning.dashboard t=2025-09-25T13:55:45.193688261-04:00 level=info msg="finished to provision dashboards"
logger=grafana.update.checker t=2025-09-25T13:55:45.225125706-04:00 level=info msg="Update check succeeded" duration=176.712131ms
logger=plugin.backgroundinstaller t=2025-09-25T13:55:45.353331472-04:00 level=info msg="Installing plugin" pluginId=grafana-pyroscope-app version=
logger=grafana-apiserver t=2025-09-25T13:55:45.356976905-04:00 level=info msg="Adding GroupVersion iam.grafana.app v0alpha1 to ResourceManager"
logger=grafana-apiserver t=2025-09-25T13:55:45.357660029-04:00 level=info msg="Adding GroupVersion userstorage.grafana.app v0alpha1 to ResourceManager"
logger=grafana-apiserver t=2025-09-25T13:55:45.358307153-04:00 level=info msg="Adding GroupVersion playlist.grafana.app v0alpha1 to ResourceManager"
logger=grafana-apiserver t=2025-09-25T13:55:45.359124683-04:00 level=info msg="Adding GroupVersion folder.grafana.app v1beta1 to ResourceManager"
logger=grafana-apiserver t=2025-09-25T13:55:45.359380492-04:00 level=info msg="Adding GroupVersion features.grafana.app v0alpha1 to ResourceManager"
logger=grafana-apiserver t=2025-09-25T13:55:45.361310962-04:00 level=info msg="Adding GroupVersion advisor.grafana.app v0alpha1 to ResourceManager"
logger=grafana-apiserver t=2025-09-25T13:55:45.363957459-04:00 level=info msg="Adding GroupVersion notifications.alerting.grafana.app v0alpha1 to ResourceManager"
logger=grafana-apiserver t=2025-09-25T13:55:45.373630911-04:00 level=info msg="Adding GroupVersion dashboard.grafana.app v1beta1 to ResourceManager"
logger=grafana-apiserver t=2025-09-25T13:55:45.374296935-04:00 level=info msg="Adding GroupVersion dashboard.grafana.app v0alpha1 to ResourceManager"
logger=grafana-apiserver t=2025-09-25T13:55:45.374916657-04:00 level=info msg="Adding GroupVersion dashboard.grafana.app v2alpha1 to ResourceManager"
logger=app-registry t=2025-09-25T13:55:45.435914678-04:00 level=info msg="app registry initialized"
logger=plugin.installer t=2025-09-25T13:55:45.447291092-04:00 level=info msg="Updating plugin" pluginId=grafana-pyroscope-app from=1.9.0 to=1.10.0
logger=plugins.update.checker t=2025-09-25T13:55:45.649625956-04:00 level=info msg="Update check succeeded" duration=600.986875ms
logger=context userId=4 orgId=1 uname=XXXXXXXX t=2025-09-25T13:55:45.708960316-04:00 level=info msg="Request Completed" method=GET path=/api/live/ws status=-1 remote_addr=XXX.XXX.XXX time_ms=14 duration=14.057811ms size=0 referer= handler=/api/live/ws status_source=server
logger=context userId=4 orgId=1 uname=XXXXXXXX t=2025-09-25T13:55:45.906156893-04:00 level=info msg="Request Completed" method=GET path=/api/live/ws status=-1 remote_addr=XXX.XXX.XXX time_ms=4 duration=4.835376ms size=0 referer= handler=/api/live/ws status_source=server
logger=installer.fs t=2025-09-25T13:55:46.088350324-04:00 level=info msg="Downloaded and extracted grafana-pyroscope-app v1.10.0 zip successfully to /opt/prometheus/data/grafana/plugins/grafana-pyroscope-app"
logger=plugins.registration t=2025-09-25T13:55:46.107550023-04:00 level=info msg="Plugin registered" pluginId=grafana-pyroscope-app
logger=plugin.backgroundinstaller t=2025-09-25T13:55:46.107605225-04:00 level=info msg="Plugin successfully installed" pluginId=grafana-pyroscope-app version= duration=754.213551ms