3.0.3: Security and bug fix release

nat · April 18, 2023, 9:25am

Discourse 3.0.3 Stable Release

Discourse strongly recommends that all sites follow the default tests-passed branch of Discourse. The “stable” branch is more focused on lack of change than lack of bugs - all releases, including those on tests-passed and beta are production ready.

Changes

Bug Fixes

Improve performance of UserStat.ensure_consistency (#21044)

Security Changes

Encode embed URLs (CVE-2023-29196)
Ensure site setting being updated is a configurable site setting (CVE-2023-30606)
Strip xlink:href from uploaded SVGs (CVE-2023-30538)
Update URI gem to 0.12.1 to address CVE-2023-28755 (Advisory)
Limit URL length for theme remote (CVE-2023-28440)

Topic	Replies	Views
3.0.6: Security and bug fix release Announcements release-notes	812	July 28, 2023
3.0.4: Security and bug fix release Announcements release-notes	1035	June 13, 2023
3.0.5: Security and bug fix release Announcements release-notes	842	July 11, 2023
3.2.3: Security and bug fix release Announcements release-notes	262	July 3, 2024
3.1.2: Security and bug fix release Announcements release-notes	873	October 16, 2023

3.0.3: Security and bug fix release

Discourse 3.0.3 Stable Release

Changes

Bug Fixes

Security Changes

Related topics