Grafana has released versions 6.7.5, 7.2.3, and 7.3.6 to address a critical security vulnerability affecting Grafana Enterprise versions 6.3 through 7.3.5, with vulnerabilities identified as CVE-2020-29509, CVE-2020-29510, CVE-2020-29511, and CVE-2020-27846. These vulnerabilities do not impact Grafana OSS, as it does not utilize SAML. The patching follows a private notification from Mattermost, highlighting issues in Go's encoding/xml package, with Grafana Cloud instances already updated and Grafana Enterprise customers receiving the patched binaries on December 14, 2020. Grafana encourages users to report any security vulnerabilities via their dedicated email, ensuring encrypted communication, and maintains a Security Announcements section on their community site for updates on security fixes, remediation, and mitigation details.