Security maintenance policy

khbafl · February 19, 2021, 2:21pm

Hello,

What is the maintenance policy of the grafana releases regarding security patches? Is it only the latest version that receives security updates?

For example I am looking for something like this: Releases | Node.js

The grafana documentation does not mention it.

Same question for Prometheus.

Thank you,

wlargou · February 19, 2021, 9:34pm

Hi,

Found the following:

Prometheus:

Prometheus is maintained by volunteers, not by a company. Therefore, fixing security issues is done on a best-effort basis. We strive to release security fixes within 7 days for: Prometheus, Alertmanager, Node Exporter, Blackbox Exporter, and Pushgateway.

Reference: Security | Prometheus

Grafana :
Security bugs are treated with high priority and are included in Grafana as soon as tested.
Reference: Grafana 6.7.4 and 7.0.2 released with important security fix | Grafana Labs

Note : Read more on Grafana Cloud Security Compliance

Hope it helps.

Good Luck

melrose · February 19, 2021, 11:04pm

grafana releases up to 2 years of age are always supported with security patches. thank you for the good question

khbafl · February 22, 2021, 11:02am

Thank you for your answer,

Is there an official mention of that somewhere in the docs or the website to use it as reference ?
Thank you,

melrose · February 22, 2021, 6:19pm

yes here in the support forums.

jangaraj · February 22, 2021, 11:08pm

Could you provide the link to that discussion here on the forum, please? I’m not able to find any relevant result with standard forum search.

melrose · February 23, 2021, 8:20pm

helo now i am confused who is asked the question ?

jangaraj · February 23, 2021, 9:05pm

Someone who is able to pass Turing test :-). But I’m confused if someone who is answering with the question is able to pass it as well. My question:

Could you provide the link to that discussion here on the forum, please?

melrose · February 24, 2021, 4:00pm

why dont you copy it from your browser by yourself and what sort of nonsense requests are we discussing here. Please do not capture the ops thread

jangaraj · February 24, 2021, 6:07pm

You have mentioned:

in the context:

grafana releases up to 2 years of age are always supported with security patches

I’m just asking to prove that, because it looks like your statement is not right. I’m asking you kindly: please provide link where anyone can prove your statement “grafana releases up to 2 years of age are always supported with security patches”. Please prove it, so we will know that you provide high quality answers here.

melrose · February 24, 2021, 6:50pm

as i said, you insult people, capture tasks and expect high quality answers, while yourself making unfunded insults . please go and ask your own question this discussion becoming realy off topic and leading to nothing

jangaraj · February 24, 2021, 6:53pm

Please accept my apology. Live long and prosper.

system · February 19, 2022, 2:22pm

This topic was automatically closed after 365 days. New replies are no longer allowed.

Topic		Replies	Views
Support policy for previous releases Grafana legacy-grafana , policy	3	3176	September 15, 2022
Clarifications on Grafana Release/Support lifecycle Releases release , policy	11	4845	April 18, 2023
Server security updates are no longer displayed Prometheus datasource , promql , prometheus	0	466	February 13, 2023
Release Notes v7.3.x Releases	4	8109	December 20, 2020
Release Notes v5.2.x Releases	3	22352	August 30, 2018

Security maintenance policy

Related topics