Grafana security release: New versions of Grafana with security fixes for CVE-2023-28119 and CVE-2023-1387

Grafana has released new versions, including 9.5.1, 9.5.0, 9.4.9, 9.3.13, 9.2.17, and 8.5.24, to address high and medium severity security vulnerabilities identified as CVE-2023-28119 and CVE-2023-1387. These updates include fixes for a vulnerability related to JWT authentication that could lead to unauthorized exposure of sensitive information and a denial of service vulnerability via a deflate decompression bomb when using SAML. Grafana Cloud has been patched as a precaution, and cloud service providers like Amazon Managed Grafana and Azure Managed Grafana have been informed to ensure their services remain secure. Users are advised to upgrade their Grafana instances to mitigate these vulnerabilities, while alternative measures include disabling certain authentication features. Grafana encourages reporting of security vulnerabilities through a specified email and maintains a security blog for updates and patches.