Hi, I’m getting messages from our central IT complaining that our Discourse instance is triggering a security warning on CVE-2021-41163, which regards the /webhooks/aws endpoint. I’ve told them that we’ve kept the software up to date since 2021 (we do a “launcher app rebuild” every month automatic…

Sounds like a bad CISO then… :roll_eyes: File a bug report at the scanner corp?

[изображение] rbos: So I’m pretty sure their scanner is just mis-parsing the version string, It shouldn’t be too hard to explain to them that there is a new versioning scheme and their scanner doesn’t understand? Which is the same reason why Microsoft skipped Windows 9. Esp since you can pro…

You would really think so. I’ve done that three times, but scanner says bad therefore bad.

CVE-2021-41163 ложное срабатывание

Поддержка

RGJ (Richard - Communiteq) 06.Январь.2026 22:23:40 4

Sounds like a bad CISO then…

File a bug report at the scanner corp?

4 лайка

Тема		Ответов	Просм.
Discourse Vulnerability CVE-2021-41163 Self-hosting	11	1465	29.11.2021
Unable to find discourse version 2.9.0.beta6 Support	4	645	04.07.2022
Discourse Vulnerability [False Positive] Support	3	1493	10.06.2019
Discourse updates - Microsoft Defender reports detection of Wacatac malware Support	7	208	04.02.2025
⚠ v2026.3.0-latest.1 has 33 security fixes, is already 6 days old Support	9	203	27.03.2026

CVE-2021-41163 ложное срабатывание

Связанные темы