Change8

v13.0.2

📦 grafanaView on GitHub →
12 features🐛 13 fixes🔧 5 symbols

Summary

This patch release includes numerous enhancements to Provisioning, updates to Docker base images and Go version, and several security fixes.

✨ New Features

  • Dashboards: Show k8s format in provisioned save.
  • Docker: Bump Alpine-based images to 3.23.4.
  • Go: Update version to 1.26.3.
  • Homepage: Support v2 dashboards if defined by a file.
  • LibraryPanels: Return 403 instead of 500 for insufficient permissions.
  • Provisioning: Don't mark folders pending due to _folder.json metadata.
  • Provisioning: Honor ruleset bypass for write workflow validation.
  • Provisioning: Negotiate receive-pack capabilities for git pushes.
  • Provisioning: Per-verb fallback for the files subresource.
  • Provisioning: Scope repository uniqueness by (URL, branch, path).
  • Provisioning: Surface folder uid-too-long and other validation 4xx as sync warnings.
  • Provisioning: add public_root_url instance setting for external URLs.

🐛 Bug Fixes

  • DashboardDS: Fix Mixed panels not updating on time-range change with stale upstreams.
  • Jaeger: Fix log event timestamp unit conversion in trace view.
  • K8s Dashboards: Fix folder permission check to use dashboards:create.
  • PostgreSQL: Allow sql_engine to return results for EXPLAIN queries.
  • Provisioning: Bump nanogit to v0.17.0 to fix pushes with repositories using git modules.
  • RBAC: Quick fix for global datasource permissions (Enterprise).
  • Security: Addressed CVE-2026-9029.
  • Security: Addressed CVE-2026-33382.
  • Security: Addressed CVE-2026-42127.
  • Security: Addressed CVE-2026-42129.
  • Security: Addressed CVE-2026-10601.
  • Security: Addressed CVE-2026-8609.
  • Security: Addressed CVE-2026-8595.

Affected Symbols