2.8.9: Security Release

jomaxro · September 29, 2022, 7:02pm

Discourse 2.8.9 Stable Release

Discourse strongly recommends that all sites follow the default tests-passed branch of Discourse. The “stable” branch is more focused on lack of change than lack of bugs - all releases, including those on tests-passed and beta are production ready.

Changes

Security:

Limit user profile field length (CVE-2022-39226)
Moderator shouldn’t be able to import a theme via API (CVE-2022-36068)
Prevent arbitrary file write when decompressing files (CVE-2022-36066)

Topic		Replies	Views
2.8.8: Security Release Announcements release-notes	0	901	August 10, 2022
2.7.9: Security Release Announcements release-notes	1	1066	October 20, 2021
2.8.7: Security Release Announcements release-notes	0	793	July 27, 2022
2.8.11: Security Release Announcements release-notes	0	965	November 14, 2022
2.8.5: Security Release Announcements release-notes	0	800	June 21, 2022

2.8.9: Security Release

Discourse 2.8.9 Stable Release

Changes

Security:

Related topics