diff --git a/helm.tf b/helm.tf
index c93b23e..0c3fbca 100644
--- a/helm.tf
+++ b/helm.tf
@@ -4,7 +4,7 @@ resource "helm_release" "this" {
 
   repository = "https://grafana.github.io/helm-charts"
   chart      = "grafana"
-  version    = "6.52.2"
+  version    = "7.0.8"
 
   values = [
     jsonencode({
@@ -61,6 +61,10 @@ resource "helm_release" "this" {
         // below, the `?` is necessary to fix a bad assumtion on grafana's side
         GF_AUTH_GENERIC_OAUTH_API_URL = "${local.cognito_userinfo_url}?"
         GF_AUTH_GENERIC_OAUTH_SCOPES  = "email openid profile"
+		// https://github.com/grafana/grafana/issues/70203#issuecomment-1603895013
+		// https://github.com/advisories/GHSA-mpv3-g8m3-3fjc
+		// https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/#enable-email-lookup
+		GF_AUTH_OAUTH_ALLOW_INSECURE_EMAIL_LOOKUP = "true"
       }
     })
   ]