2.7.11: Security Release

Discourse 2.7.11 Stable Release

Discourse strongly recommends that all sites follow the default tests-passed branch of Discourse. The “stable” branch is more focused on lack of change than lack of bugs - all releases, including those on tests-passed and beta are production ready.

Changes

Security:

  • Strip unrendered unicode bidirectional chars in code blocks (CVE-2021-42574)
  • Only show tags to users with permission (CVE-2021-43792)
  • Remove ember-cli specific response from application routes (CVE-2021-43794)
  • Validate number of votes allowed per poll per user (CVE-2021-43793)
9 Likes