Grafana 5.4.4 and 6.1.6 released with important security fix

Grafana has released versions 5.4.4 and 6.1.6, which include critical security fixes for installations between versions 5.4.0 and 6.1.6, addressing a vulnerability (CVE-2018-19039) that could allow users with Editor or Admin permissions to access any file readable by the Grafana process. The vulnerability is less severe in versions 6.0.0 to 6.1.4 due to prior security improvements but remains a concern if default security settings are disabled. Administrators are urged to upgrade to the latest versions to mitigate risks, and Grafana Cloud instances remain unaffected. A detailed timeline of the discovery and patching process is provided, along with guidance for reporting security issues and subscribing to security updates.