2.7.10: Security Release

Discourse 2.7.10 Stable Release

Discourse strongly recommends that all sites follow the default tests-passed branch of Discourse. The “stable” branch is more focused on lack of change than lack of bugs - all releases, including those on tests-passed and beta are production ready.

Changes

Security:

  • Disallow caching of MIME/Content-Type errors (CVE-2021-41271)
  • Ensure _forum_session cookies cannot be reused between sites (CVE-2021-41263)
11 Likes