v13.0.2
📦 grafanaView on GitHub →
✨ 12 features🐛 13 fixes🔧 5 symbols
Summary
This patch release includes numerous enhancements to Provisioning, updates to Docker base images and Go version, and several security fixes.
✨ New Features
- Dashboards: Show k8s format in provisioned save.
- Docker: Bump Alpine-based images to 3.23.4.
- Go: Update version to 1.26.3.
- Homepage: Support v2 dashboards if defined by a file.
- LibraryPanels: Return 403 instead of 500 for insufficient permissions.
- Provisioning: Don't mark folders pending due to _folder.json metadata.
- Provisioning: Honor ruleset bypass for write workflow validation.
- Provisioning: Negotiate receive-pack capabilities for git pushes.
- Provisioning: Per-verb fallback for the files subresource.
- Provisioning: Scope repository uniqueness by (URL, branch, path).
- Provisioning: Surface folder uid-too-long and other validation 4xx as sync warnings.
- Provisioning: add public_root_url instance setting for external URLs.
🐛 Bug Fixes
- DashboardDS: Fix Mixed panels not updating on time-range change with stale upstreams.
- Jaeger: Fix log event timestamp unit conversion in trace view.
- K8s Dashboards: Fix folder permission check to use dashboards:create.
- PostgreSQL: Allow sql_engine to return results for EXPLAIN queries.
- Provisioning: Bump nanogit to v0.17.0 to fix pushes with repositories using git modules.
- RBAC: Quick fix for global datasource permissions (Enterprise).
- Security: Addressed CVE-2026-9029.
- Security: Addressed CVE-2026-33382.
- Security: Addressed CVE-2026-42127.
- Security: Addressed CVE-2026-42129.
- Security: Addressed CVE-2026-10601.
- Security: Addressed CVE-2026-8609.
- Security: Addressed CVE-2026-8595.