diff options
author | Drew Blessing <drew@blessing.io> | 2019-08-13 01:00:09 +0000 |
---|---|---|
committer | Drew Blessing <drew@blessing.io> | 2019-08-13 01:00:09 +0000 |
commit | 204c3ed3dd912d59c8f878dfac925a26286992d2 (patch) | |
tree | 7f743c9b41c871d93b158c13ce1241faa9eeef7d | |
parent | 7801f297cbb2a90b1a49f956e419a5eaefe37e1e (diff) | |
parent | 4a523610ec13421838f3bab1e91e39cdba8b587d (diff) | |
download | gitlab-ce-204c3ed3dd912d59c8f878dfac925a26286992d2.tar.gz |
Merge branch 'philbz-master-patch-49694' into 'master'
Update Grafana doc for security update
See merge request gitlab-org/gitlab-ce!31739
-rw-r--r-- | doc/administration/monitoring/performance/grafana_configuration.md | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/doc/administration/monitoring/performance/grafana_configuration.md b/doc/administration/monitoring/performance/grafana_configuration.md index 6778c339922..95be0d5fd88 100644 --- a/doc/administration/monitoring/performance/grafana_configuration.md +++ b/doc/administration/monitoring/performance/grafana_configuration.md @@ -118,6 +118,36 @@ If you have set up Grafana, you can enable a link to access it easily from the s 1. Click **Save changes**. 1. The new link will be available in the admin area under **Monitoring > Metrics Dashboard**. +## Security Update + +Users running GitLab version 12.0 or later should immediately upgrade to one of the following security releases due to a known vulnerability with the embedded Grafana dashboard: + +- 12.0.6 +- 12.1.6 + +After upgrading, the Grafana dashboard will be disabled and the location of your existing Grafana data will be changed from `/var/opt/gitlab/grafana/data/` to `/var/opt/gitlab/grafana/data.bak.#{Date.today}/`. + +To prevent the data from being relocated, you can run the following command prior to upgrading: + +```sh +echo "0" > /var/opt/gitlab/grafana/CVE_reset_status +``` + +To reinstate your old data, move it back into its original location: + +``` +sudo mv /var/opt/gitlab/grafana/data.bak.xxxx/ /var/opt/gitlab/grafana/data/ +``` + +However, you should **not** reinstate your old data _except_ under one of the following conditions: + +1. If you are certain that you changed your default admin password when you enabled Grafana +1. If you run GitLab in a private network, accessed only by trusted users, and your Grafana login page has not been exposed to the internet + +If you require access to your old Grafana data but do not meet one of these criteria, you may consider reinstating it temporarily, [exporting the dashboards](https://grafana.com/docs/reference/export_import/#exporting-a-dashboard) you need, then refreshing the data and [re-importing your dashboards](https://grafana.com/docs/reference/export_import/#importing-a-dashboard). Note that this poses a temporary vulnerability while your old Grafana data is in use, and the decision to do so should be weighed carefully with your need to access existing data and dashboards. + +For more information and further mitigation details, please refer to our [blog post on the security release](https://about.gitlab.com/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/). + --- Read more on: |