according to grafana:
https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/
it was the security fix CSRF (CVE-2022-21703) for version 7.5.15 and 8.3.5.
As ovirt engine uses httpd as reverse proxy and the grafana V. 7.5.15:
******
# grafana-server -v
Version 7.5.15 (commit: NA, branch: master)
******
the described configuration of "ProxyPreserveHost" for Host header is needed!
Can the dev. team take this configuration to /etc/httpd/conf.d/ovirt-engine-grafana-proxy.conf
for the next update?
It is not the option to change the default config after every update.
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-leave@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/HBVS4U2NK5XWPGCNOHCZLMUL544ZZI36/