LoginSign Up
← Back to all sparks
Grafana logo

Grafana

DEVOPSINFRA · APIS
Velocity6.3

Monitoring dashboards

grafana.com

Grafana ships fleet-wide CVE patches across five branches while Dynamic Dashboards anchor the new 13.0 line.

dashboardsobservabilitysecurity-patchesdynamic-dashboardsgit-workflowslogs-exploration
Current state
Grafana is on a brisk monthly minor cadence — 12.2, 12.3, 12.4, and 13.0 all landed between late March and mid-April, with 13.0 making Dynamic Dashboards GA as the new dashboarding primitive. Today they cut a coordinated security release across every supported branch (11.6, 12.2, 12.3, 12.4, 13.0) patching the same set of around ten CVEs. The dual pattern — fast feature iteration on top, broad LTS coverage underneath — is intact.
Where it's heading
The platform is consolidating around Dynamic Dashboards as the default authoring model and pushing Git-driven workflows (Git Sync, templates, shared queries) into the everyday loop. Logs and Drilldown experiences keep getting structural rewrites rather than cosmetic polish, suggesting Grafana sees the exploration UX as the differentiation lever against newer observability vendors. Maintenance discipline is a feature here, not background work: synchronized multi-branch CVE releases keep enterprise customers on a buyable upgrade path.
Prediction
Expect a 13.1 minor inside the next month continuing on Dynamic Dashboards, Git Sync, and Drilldown threads, plus follow-up patch releases as the post-disclosure window for these CVEs closes. A public write-up explaining the ten-CVE batch is likely if any of the bugs turn out to be remotely exploitable.

Recent moves

  1. 9d ago

    Grafana 12.3.6 patches 10 CVEs plus Alertmanager autogenerated-receivers fix

    Patch release on the 12.3 branch carrying the same ten-CVE security batch shipped to every supported Grafana branch today, plus an Alertmanager autogenerated-receivers bug fix. Routine but mandatory upgrade for anyone running 12.3.x.

    View source ↗
  2. 9d ago

    Grafana 12.4.3 ships the shared 10-CVE security batch

    12.4 branch patch carrying the same ten-CVE security batch coordinated across every supported Grafana branch today. Pure security maintenance on the current latest-minus-one line.

    View source ↗
  3. 9d ago

    Grafana 12.2.8 ships the shared 10-CVE security batch

    12.2 branch patch carrying the same ten-CVE security batch shipped fleet-wide today. Confirms 12.2 is still in maintenance scope even as 13.0 is the new GA, which matters for enterprise upgrade planning.

    View source ↗
  4. 9d ago

    Grafana 11.6.14 ships the shared 10-CVE security batch

    11.6 branch patch carrying the same ten-CVE security batch. Notable mainly because 11.6 is still receiving coordinated security updates alongside 13.0 — Grafana is keeping the long-running LTS line covered, not pushing customers off it yet.

    View source ↗
  5. 9d ago

    Grafana 13.0.1 — first security patch on the new GA line

    First security patch on the new 13.0 line, carrying the same ten-CVE batch as the older branches. Tight turnaround on hardening the just-GA release ahead of broad adoption.

    View source ↗
  6. 1mo ago

    What's new in Grafana v13.0

    ⚡ SPARK

    13.0 promotes Dynamic Dashboards to GA, the centerpiece of the new line, alongside template-driven dashboard creation, bundled-data-source dashboards, shared/saved queries, and panel suggestions. Establishes the dashboarding primitive Grafana will iterate on through the 13.x cycle and reframes everyday dashboard authoring around composition and reuse.

    View source ↗