3.0.5: Security and bug fix release

jomaxro · July 11, 2023, 11:21pm

Discourse 3.0.5 Stable Release

Discourse strongly recommends that all sites follow the default tests-passed branch of Discourse. The “stable” branch is more focused on lack of change than lack of bugs - all releases, including those on tests-passed and beta are production ready.

Changes

Bug Fixes

Fix broken topic embedding because of incomplete security patch

Security Changes

limit amount of links in custom sidebar section CVE-2023-36818
Don’t reuse CSP nonce between requests CVE-2023-36473
ensure topic is valid before updating category CVE-2023-36466
ReDoS vulnerability in URI gem Ruby CVE-2023-36617

Topic	Replies	Views
3.0.3: Security and bug fix release Announcements release-notes	1024	April 18, 2023
3.0.4: Security and bug fix release Announcements release-notes	1035	June 13, 2023
3.2.5: Security and bug fix release Announcements release-notes	220	July 30, 2024
3.0.6: Security and bug fix release Announcements release-notes	812	July 28, 2023
3.2.2: Bug fix release Announcements release-notes	527	May 15, 2024

3.0.5: Security and bug fix release

Discourse 3.0.5 Stable Release

Changes

Bug Fixes

Security Changes

Related topics