Grafana has released versions 5.2.3 and 4.6.4, addressing a critical security vulnerability, CVE-2018-558213, affecting all installations using LDAP or OAuth authentication. This vulnerability allowed potential attackers to generate a valid "remember me" cookie with only a username, posing a significant risk to users without a local Grafana password. Grafana Labs acted swiftly upon receiving the vulnerability report from Sebastian Solnica, developing and deploying a patch for affected versions, and updating all Grafana Cloud instances to version 5.2.3. The company acknowledged the incident as a learning opportunity to enhance its incident response strategies, including handling vulnerability disclosures and improving security protocols. Users are urged to upgrade their installations promptly or adopt alternative authentication methods if upgrades are not feasible. Grafana Labs has also implemented a new process for reporting security issues and created a Security Announcements category for updates on security patches.