Following #3149 (comment) this is the case.

So it would be great to follow best practice an update the chart then?

I highly recommend you not to use this chart, its very old and makes your cluster vulnerable to attacks if you don't add Ingress whitelist blocks for grafana itself to your specific IP.

Maybe someone should do a pull request to remove the chart completely

@OliverStutz would you elaborate please?
Even then updating the chart is important so people using that chart get the info.

@erkules well, you patch your windows, linux OS versions hopefully at least weekly. This is unpatched since march and its super dangerous to use this in production, even in development environments.

This helm chart is a ticking timebomb for your safety. I understand that you want it patched but for myself i consider a chart which is 6 month old , too old.

Elaborate about ingress, grafana and whitelisting and the kind of attackvector please.

@erkules put your grafana dashboard behind an ingress and safeguard it by only allowing certain ips.

you can use the following under the ingress annotation to protect it and only allow certain ranges to access.
nginx.ingress.kubernetes.io/whitelist-source-range: "192.168.1.1/24"

Looking at the vulnerability scanner, there are so many attack vectors which are possible, looking at the amount of outdated images it would not be a huge effort to rebuild those versions and push new images i recon, that there are still Issues detected on that image from 2022 is frightening;

CVE-2022-32207 for curl/7.79.1-r1 (alpine)
CVE-2022-37434 for zlib/1.2.12-r0 (alpine)
CVE-2023-23914 for curl/7.79.1-r1 (alpine)
-> Upwards from here are critical
CVE-2022-2309 for libxml2/2.9.14-r0 (alpine)
CVE-2022-27781 for curl/7.79.1-r1 (alpine)
CVE-2022-27782 for curl/7.79.1-r1 (alpine)
CVE-2022-29458 for ncurses/6.2_p20210612-r0 (alpine)
CVE-2022-40303 for libxml2/2.9.14-r0 (alpine)
CVE-2022-40304 for libxml2/2.9.14-r0 (alpine)
CVE-2022-43551 for curl/7.79.1-r1 (alpine)
CVE-2022-4450 for openssl/1.1.1n-r0 (alpine)
CVE-2023-0215 for openssl/1.1.1n-r0 (alpine)
CVE-2023-0286 for openssl/1.1.1n-r0 (alpine)
CVE-2023-0464 for openssl/1.1.1n-r0 (alpine)
CVE-2023-27533 for curl/7.79.1-r1 (alpine)
CVE-2023-27534 for curl/7.79.1-r1 (alpine)
-> Upwards from here are high
CVE-2022-2097 for openssl/1.1.1n-r0 (alpine)
CVE-2022-32205 for curl/7.79.1-r1 (alpine)
CVE-2022-32206 for curl/7.79.1-r1 (alpine)
CVE-2022-32208 for curl/7.79.1-r1 (alpine)
CVE-2022-4304 for openssl/1.1.1n-r0 (alpine)
CVE-2022-43552 for curl/7.79.1-r1 (alpine)
CVE-2023-0465 for openssl/1.1.1n-r0 (alpine)
CVE-2023-23915 for curl/7.79.1-r1 (alpine)
CVE-2023-23916 for curl/7.79.1-r1 (alpine)
CVE-2023-27535 for curl/7.79.1-r1 (alpine)
CVE-2023-27536 for curl/7.79.1-r1 (alpine)
CVE-2023-27537 for curl/7.79.1-r1 (alpine)
CVE-2023-27538 for curl/7.79.1-r1 (alpine)
CVE-2022-35252 for curl/7.79.1-r1 (alpine)

grafana/loki-stack 2.10.2 v2.9.3 Loki: like Prometheus, but for logs.

Is the loki-stack helm chart package deprecate for now?