Discourse strongly recommends that all sites follow the default tests-passed branch of Discourse. The “stable” branch is more focused on lack of change than lack of bugs - all releases, including those on tests-passed and beta are production ready.
- Add a default limit as to when logs should be truncated CVE-2023-44388
- Prevent unauthorized access to grouped poll results CVE-2023-43814
- Prevent arbitrary topic custom fields from being set CVE-2023-45147
- Correctly escape ‘text’ email preview CVE-2023-43659
- Hide user profiles from public CVE-2023-44391
- Add permissions to MessageBus in chat CVE-2023-45131