The latest grafana/clickhouse-datasource release has been built with go 1.24.7. That version is affected by the following CVEs:
CVE-2025-47912
CVE-2025-58183
CVE-2025-58186
CVE-2025-58187
CVE-2025-58188
CVE-2025-61724
Please consider building a new release with the latest minor go version (1.24.9 at the time of writing). It will prevent security scanners from being triggered by the plugin. No changes to the source code or dependencies are required.
Thanks in advance!
What happened:
What you expected to happen:
How to reproduce it (as minimally and precisely as possible):
Screenshots
Anything else we need to know?:
Environment:
- Grafana version:
- Plugin version:
- OS Grafana is installed on:
- User OS & Browser:
- Others:
The latest grafana/clickhouse-datasource release has been built with go 1.24.7. That version is affected by the following CVEs:
CVE-2025-47912
CVE-2025-58183
CVE-2025-58186
CVE-2025-58187
CVE-2025-58188
CVE-2025-61724
Please consider building a new release with the latest minor go version (1.24.9 at the time of writing). It will prevent security scanners from being triggered by the plugin. No changes to the source code or dependencies are required.
Thanks in advance!
What happened:
What you expected to happen:
How to reproduce it (as minimally and precisely as possible):
Screenshots
Anything else we need to know?:
Environment: