Download page What's new highlights

Features and enhancements

• Dashboards: Show k8s format in provisioned save #123045, @stephaniehingtgen
• Docker: Bump Alpine-based images to 3.23.4 #122938, @Proximyst
• Go: Update version to 1.26.3 #124454, @macabu
• Homepage: Support v2 dashboards if defined by a file #123029, @stephaniehingtgen
• LibraryPanels: Return 403 instead of 500 for insufficient permissions #123467, @MissingRoberto
• Provisioning: Don't mark folders pending due to _folder.json metadata #124139, @MissingRoberto
• Provisioning: Honor ruleset bypass for write workflow validation #124128, @MissingRoberto
• Provisioning: Negotiate receive-pack capabilities for git pushes #124130, @MissingRoberto
• Provisioning: Per-verb fallback for the files subresource #123900, @MissingRoberto
• Provisioning: Scope repository uniqueness by (URL, branch, path) #124121, @ferruvich
• Provisioning: Surface folder uid-too-long and other validation 4xx as sync warnings #123888, @MissingRoberto
• Provisioning: add public_root_url instance setting for external URLs #124258, @MissingRoberto

Bug fixes

• DashboardDS: Fix Mixed panels not updating on time-range change with stale upstreams #124894, @ivanortegaalba
• Jaeger: Fix log event timestamp unit conversion in trace view #123707, @ktw4071
• K8s Dashboards: Fix folder permission check to use dashboards:create #124942, @mihai-turdean
• PostgreSQL: Allow sql_engine to return results for EXPLAIN queries #123246, @sdague
• Provisioning: Bump nanogit to v0.17.0 to fix pushes with repositories using git modules #124140, @MissingRoberto
• RBAC: Quick fix for global datasource permissions (Enterprise)
• Security: CVE-2026-9029
• Security: CVE-2026-33382
• Security: CVE-2026-42127
• Security: CVE-2026-42129
• Security: CVE-2026-10601
• Security: CVE-2026-8609
• Security: CVE-2026-8595