Grafana 5.2.3 and 4.6.4 released with important security fix

Grafana Labs released versions 5.2.3 and 4.6.4 to address a critical security vulnerability affecting installations using LDAP or OAuth authentication. This issue, identified as CVE-2018-558213, allowed potential attackers to generate valid cookies with just a username, posing a significant security risk. Grafana's team quickly responded by developing patches for the affected versions and updating Grafana Cloud instances. The release was strategically timed to ensure users could prepare without impacting weekend schedules. The company acknowledged the incident as a learning opportunity, enhancing their vulnerability handling processes. Users are urged to upgrade to the latest versions or implement alternative security measures.