Grafana 5.3.3 and 4.6.5 released with important security fix

Grafana has released versions 5.3.3 and 4.6.5 to address a critical security vulnerability (CVE-2018-19039) affecting installations between versions 4.1.0 and 5.3.2, which could allow users with Editor or Admin permissions unauthorized access to the filesystem. While Grafana Cloud instances have been updated automatically, users of affected versions are urged to upgrade immediately to prevent unauthorized access, or alternatively, set users to viewer status and remove dashboards containing text panels if upgrading is not possible. The vulnerability was reported on November 5, 2018, by Sebastian Solnica, with Grafana quickly confirming the issue and preparing a fix, which was publicly released on November 13, 2018. Grafana encourages users to report any further security vulnerabilities via their dedicated email address, and provides a PGP key for encrypted communication.