prometheus-boshrelease icon indicating copy to clipboard operation
prometheus-boshrelease copied to clipboard
verified publisher icon cloudfoundry

Any plans for upgrading to Grafana 9?

Open nrekretep opened this issue 3 years ago • 3 comments

Hi there,

are there any plans for upgrading this prometheus-boshrelease to a newer grafana version (e.g. version 9) or will this repo stay on the grafana 7.x.y version?

Thanks!

nrekretep avatar Oct 04 '22 10:10 nrekretep

Hi @nrekretep ,

I myself am not quite sure about if we can use that new grafana version (due to the new license) in here, that is the reason I did not bump it so far.

:-/

benjaminguttmann-avtq avatar Oct 07 '22 13:10 benjaminguttmann-avtq

Hi @benjaminguttmann-avtq ,

thank you for answering my question. The licensing of open source software still seems to be uncertain territory especially when it comes to AGPLv3.

There is a blog post with Q&A about the license change (https://grafana.com/blog/2021/04/20/qa-with-our-ceo-on-relicensing/). I am not sure if bosh-prometheus falls into the same category as the question about "Cloud Foundry", but maybe it helps to clarify things.

nrekretep avatar Oct 10 '22 05:10 nrekretep

Hi @nrekretep ,

thanks for sharing that. I saw that blogpost when the license change was done and also the section about "Cloud Foundry" but still I am not sure. I tried to find other open sources projects that are using grafana and see if they bumped beyond v7 but wasn't able to find any. I think everyone is uncertain about that.

benjaminguttmann-avtq avatar Oct 12 '22 06:10 benjaminguttmann-avtq

Grafana 7.x is now EOL and not receiving security fixes for the likes of https://grafana.com/blog/2022/09/20/grafana-security-releases-new-versions-with-moderate-severity-security-fixes-for-cve-2022-35957-and-cve-2022-36062/

risicle avatar Oct 24 '22 11:10 risicle

That's a good point. After some searching I wasn't able to find an official EOL policy for grafana. There are some posts according to which there is a n -1 support policy.

This would mean that with the release of grafana 9.x the support for grafana 7.x has ended.

From the above mentioned cve it is hard to tell, at least for me, if there will never be any new security fixes in grafana 7.x or if this cve just does not exist in grafana 7.x and therefore does not need fixing.

But nevertheless eol of 7.x is around the corner or has already arrived and there should be a statement about how this project will handle this.

nrekretep avatar Oct 26 '22 06:10 nrekretep

I will try to look into this issue next week. Current plan would be to release one version with Grafana 8 first and then another one with Grafana 9.

benjaminguttmann-avtq avatar Dec 22 '22 14:12 benjaminguttmann-avtq

We just released a new release including Grafana8 from here we will soon proceed to Grafana9.

benjaminguttmann-avtq avatar Jan 05 '23 10:01 benjaminguttmann-avtq

@nrekretep @risicle happy to announce that within v28.0.0 we bumped Grafana to v9.

benjaminguttmann-avtq avatar Mar 14 '23 06:03 benjaminguttmann-avtq