Grafana has released versions 5.4.4 and 6.1.5 to address a significant security vulnerability affecting installations between versions 5.4.0 and 6.1.6, specifically targeting the file exfiltration vulnerability identified as CVE-2018-19039. This vulnerability allows users with Editor or Admin permissions to potentially access any file that the Grafana process can read, but it is only exploitable by legitimate users with the necessary access credentials. While Grafana installations from 6.0.0 to 6.1.4 are less vulnerable due to existing security improvements, it is recommended that all affected installations be upgraded immediately to minimize risk. Grafana Cloud instances are unaffected, and Grafana Enterprise customers were provided with updated binaries before the public disclosure. The security patch was developed after discovering that a previous fix was not merged into the main codebase, and further mitigation steps include downgrading user permissions and removing specific dashboards if an upgrade isn't immediately possible. Additionally, Grafana provides a dedicated channel for reporting security vulnerabilities and maintains a Security Announcements category for updates on their community site.