grafana: update to 7.4.2

This includes a fix for I216528a76307189d8d87bd2fcfeff95c6ceb53cc.
Now it's released we can be a bit more explicit about why we added the
workaround.

Change-Id: Ibaf1850549b5e7ec3622418b650bc5e59a289ab6
This commit is contained in:
Ian Wienand 2021-02-19 09:54:31 +11:00
parent 7c30c3d668
commit 7577439ff8
2 changed files with 8 additions and 1 deletions

View File

@ -13,7 +13,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
FROM docker.io/grafana/grafana:7.4.1-ubuntu
FROM docker.io/grafana/grafana:7.4.2-ubuntu
LABEL maintainer="infra-root@openstack.org"

View File

@ -34,6 +34,13 @@
SSLCertificateKeyFile /etc/letsencrypt-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.key
SSLCertificateChainFile /etc/letsencrypt-certs/{{ inventory_hostname }}/ca.cer
# NOTE(ianw) 2021-02-19
# This was for a security issue fixed in 7.4.2
# where anonymous users could cause a write to disk, fixed
# with
# https://github.com/grafana/grafana/pull/31263/
# We leave it because we don't use the API, but if we need
# it, we can remove this.
RewriteEngine on
RewriteRule "^/api/snapshots(.*?)$" "-" [F]