Discourse Releases

AI Discover's continue conversation allows to impersonate user

DoS vulnerability in username change endpoint

Users archives leaked to users with moderation privileges

Moderators can access admin-only reports exposing private upload URLs

Insecure default configuration allows non-admin moderators to non-staff accounts via email change

Staff action logs expose sensitive information to moderators

Subscriptions are susceptible to takeover

FinalDestination hostname matching allows SSRF protection bypass

Permalinks to restricted resources leak resource slugs to unauthorized users

Topic conversion permission vulnerability for moderators

Non-admin moderators can exfiltrate private content via post ownership transfer

Denial of Service (DoS) Vulnerability in Drafts Creation Endpoint

Script execution in uploaded HTML/XML files on S3

Stored XSS via Katex in discourse-math plugin