Grafana's release of version 6.1.5 included a crucial security fix after a mistake in the previous version 5.3.3, where a patch was not merged back to the master, leaving releases from 5.3.3 to 6.1.4 vulnerable. This oversight led to the release of a new patch on April 29 and prompted Grafana to publish an incident review outlining the timeline, contributing factors, and future security release plans. The review aims to serve as a learning opportunity for others. Grafana Labs encourages the reporting of security vulnerabilities via a dedicated email, offering a PGP key for encrypted communication, and provides security announcements on their community site with summaries and remediation details for security patches. Users can subscribe to updates via email or RSS feed for the latest security information.