Discourse strongly recommends that all sites follow the default tests-passed branch of Discourse. The “stable” branch is more focused on lack of change than lack of bugs - all releases, including those on tests-passed and beta are production ready.
- Strip unrendered unicode bidirectional chars in code blocks (CVE-2021-42574)
- Only show tags to users with permission (CVE-2021-43792)
- Remove ember-cli specific response from application routes (CVE-2021-43794)
- Validate number of votes allowed per poll per user (CVE-2021-43793)