greenstatic
commented
2 years ago Yes I agree but this is not related to bigbluebutton-monitoring repo.
If you are talking about bigbluebutton-exporter.
The CVE doesn't affect bbb-exporter because the only place where we use Grafana (as in a version of Grafana) is in the all in one monitoring, which is using version 7.1.1, not 8.0.0-beta1 to 8.3.0 which the CVE is for.
But this issue reminded me that it would be wise to update the container versions from the all in one monitoring docker compose file.
Grafana needs urgent upgrade: https://grafana.com/blog/2021/12/07/grafana-8.3.1-8.2.7-8.1.8-and-8.0.7-released-with-high-severity-security-fix/