2.7.8: Security Release

jomaxro · September 1, 2021, 5:21pm

Discourse 2.7.8 Stable Release

Discourse strongly recommends that all sites follow the default tests-passed branch of Discourse. The “stable” branch is more focused on lack of change than lack of bugs - all releases, including those on tests-passed and beta are production ready.

Changes

Security:

Sanitize d-popover attributes (CVE-2021-37633)
Destroy EmailToken when EmailChangeRequest is destroyed (CVE-2021-37693)
User’s read state for topic is leaked to unauthorized clients (CVE-2021-37703)
Escape cat name (CVE-2021-39161)

Topic		Replies	Views
2.8.7: Security Release Announcements release-notes	0	792	July 27, 2022
2.7.7: Security Release Announcements release-notes	0	993	July 23, 2021
2.8.11: Security Release Announcements release-notes	0	964	November 14, 2022
2.7.9: Security Release Announcements release-notes	1	1066	October 20, 2021
2.8.8: Security Release Announcements release-notes	0	900	August 10, 2022

2.7.8: Security Release

Discourse 2.7.8 Stable Release

Changes

Security:

Related topics