Forum² Admin AWS Posted October 7 Forum² Admin Posted October 7 Discourse 3.3.2 Stable Release Discourse strongly recommends that all sites follow the default tests-passed branch of Discourse. The “stable” branch is more focused on lack of change than lack of bugs - all releases, including those on tests-passed and beta are production ready. Security Updates This release includes fixes for these security issues reported by our community and HackerOne. DoS by the absence of restrictions on replies to posts (CVE-2024-43789) Bypass of email address validation via encoded email addresses (CVE-2024-45051) Prevent topic list filtering by hidden tags for unauthorized users (CVE-2024-45297) XSS via chat excerpts when CSP disabled (CVE-2024-47772) Anonymous cache poisoning via XHR requests (CVE-2024-47773) 1 post - 1 participant Read full topic IPB Webmaster - For Invision Community Enthusiasts - SEO Help Forum
Recommended Posts