Forum² Admin AWS Posted February 5 Forum² Admin Posted February 5 Discourse 3.3.4 Stable Release Discourse strongly recommends that all sites follow the default tests-passed branch of Discourse. The “stable” branch is more focused on lack of change than lack of bugs - all releases, including those on tests-passed and beta are production ready. Security Updates This release includes fixes for these security issues reported by our community and HackerOne. XSS via topic titles when CSP disabled (CVE-2024-53266) Partial DoS via inline oneboxes (CVE-2024-53851) Potential bypass of chat permissions (CVE-2024-53994) Users can see other user’s tagged PMs (CVE-2024-56197) HTMLi(XSS without CSP) via Onebox URLs (CVE-2024-56328) Stored DOM-based XSS (without CSP) via video placeholders (CVE-2025-22602) Anonymous cache poisoning via XHR requests (CVE-2024-55948) Anonymous cache poisoning via request headers (CVE-2025-23023) 2 posts - 2 participants Read full topic Quote General Forums - Where People Converse
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.