Grafana Enterprise released versions 8.5.3 and 7.5.16 to address a moderate severity security vulnerability identified as CVE-2022-29170, which affects versions 7.4.0-beta1 through 8.5.2. The vulnerability involves an SSRF issue where data source network restrictions could be bypassed via HTTP redirects, specifically impacting instances using the request security feature with a configured host_allow_list or host_deny_list. Grafana OSS and Grafana Cloud are not impacted, and it is advised that affected installations upgrade promptly. Grafana coordinated with cloud providers like Amazon Managed Grafana and Azure Managed Grafana to ensure security, with a detailed timeline indicating a swift response from discovery on May 2, 2022, to public release on May 19, 2022. Users are encouraged to report security issues to Grafana Labs securely, and the company maintains a blog for security announcements and remediations.