Incident Review for Grafana’s Security Release 6.1.5

In April, Grafana released version 6.1.5, which addressed a significant security vulnerability that was overlooked due to a process error where a crucial patch from version 5.3.3 was not merged back to the master branch, leaving subsequent versions exposed until 6.1.4. This oversight was identified and corrected with the new patch released on April 29, prompting Grafana to conduct an incident review to share the timeline, factors contributing to the error, and future security release plans. The company encourages feedback and provides a dedicated email for reporting security vulnerabilities, emphasizing the importance of encrypting such communications. Additionally, Grafana maintains a Security Announcements category on its community site to disseminate information about patches, their remediation, and mitigation details, offering users options to subscribe to updates via email or RSS feed.