Security maintenance policy

Hello,

What is the maintenance policy of the grafana releases regarding security patches? Is it only the latest version that receives security updates?

For example I am looking for something like this: Releases | Node.js

The grafana documentation does not mention it.

Same question for Prometheus.

Thank you,

Hi,

Found the following:

Prometheus:

Prometheus is maintained by volunteers, not by a company. Therefore, fixing security issues is done on a best-effort basis. We strive to release security fixes within 7 days for: Prometheus, Alertmanager, Node Exporter, Blackbox Exporter, and Pushgateway.

Reference: Security | Prometheus

Grafana :
Security bugs are treated with high priority and are included in Grafana as soon as tested.
Reference: Grafana 6.7.4 and 7.0.2 released with important security fix | Grafana Labs

Note : Read more on Grafana Cloud Security Compliance

Hope it helps.

Good Luck

2 Likes

grafana releases up to 2 years of age are always supported with security patches. thank you for the good question

2 Likes

Thank you for your answer,

Is there an official mention of that somewhere in the docs or the website to use it as reference ?
Thank you,

yes here in the support forums.

Could you provide the link to that discussion here on the forum, please? I’m not able to find any relevant result with standard forum search.

1 Like

helo now i am confused who is asked the question ?

Someone who is able to pass Turing test :-). But I’m confused if someone who is answering with the question is able to pass it as well. My question:

Could you provide the link to that discussion here on the forum, please?

why dont you copy it from your browser by yourself and what sort of nonsense requests are we discussing here. Please do not capture the ops thread

You have mentioned:

in the context:

grafana releases up to 2 years of age are always supported with security patches

I’m just asking to prove that, because it looks like your statement is not right. I’m asking you kindly: please provide link where anyone can prove your statement “grafana releases up to 2 years of age are always supported with security patches”. Please prove it, so we will know that you provide high quality answers here.

as i said, you insult people, capture tasks and expect high quality answers, while yourself making unfunded insults . please go and ask your own question this discussion becoming realy off topic and leading to nothing

Please accept my apology. Live long and prosper.