This release includes 5 security fixes for security teams reviewing exposed deployments.
Topics
+7 more
ReleasePort's take
Moderate signalThe v12.2.9 release patches CVE-2026-33382.
Why it matters: CVE severity is rated at 90; operators with the affected surface should patch immediately.
Summary
AI summaryUpdates Features and enhancements, https://github.com/Proximyst, and https://github.com/grafana/grafana/pull/123031 across a mixed release.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Security | Critical |
Patches CVE-2026-33382. Patches CVE-2026-33382. Source: llm_adapter@2026-06-09 Confidence: high |
— |
| Dependency | Medium |
Updates Docker Alpine base image to version 3.23.4. Updates Docker Alpine base image to version 3.23.4. Source: llm_adapter@2026-06-09 Confidence: high |
— |
| Dependency | Medium |
Updates Go runtime to version 1.26.3. Updates Go runtime to version 1.26.3. Source: llm_adapter@2026-06-09 Confidence: high |
— |
Full changelog
Download page
What's new highlights
Features and enhancements
- Docker: Bump Alpine-based images to 3.23.4 #123031, @Proximyst
- Go: Update version to 1.26.3 #124458, @macabu
- Security: CVE-2026-33382
- Security: CVE-2026-42127
- Security: CVE-2026-42129
- Security: CVE-2026-10601
- Security: CVE-2026-8609
Security Fixes
- CVE-2026-33382
- CVE-2026-42127
- CVE-2026-42129
- CVE-2026-10601
- CVE-2026-8609
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About grafana
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
Beta — feedback welcome: [email protected]