3.1.3: Security and bug fix release

jomaxro · November 9, 2023, 5:21pm

Discourse 3.1.3 Stable Release

Discourse strongly recommends that all sites follow the default tests-passed branch of Discourse. The “stable” branch is more focused on lack of change than lack of bugs - all releases, including those on tests-passed and beta are production ready.

Security Changes

Prevent Onebox cache overflow by limiting downloads and URL lengths CVE-2023-47120
Filter unread bookmark reminders the user cannot see CVE-2023-45816
Limit height of pre/svg elements CVE-2023-46130
Onebox templates’ HTML injections. CVE-2023-47119
SSRF vulnerability in TopicEmbed CVE-2023-47121
Escape display names CVE-2023-45806

Topic	Replies	Views
3.1.2: Security and bug fix release Announcements release-notes	907	October 16, 2023
3.2.3: Security and bug fix release Announcements release-notes	318	July 3, 2024
3.1.1: Security and bug fix release Announcements release-notes	897	September 12, 2023
3.2.5: Security and bug fix release Announcements release-notes	270	July 30, 2024
3.3.2: Security and maintenance release Announcements release-notes	638	October 7, 2024

3.1.3: Security and bug fix release

Discourse 3.1.3 Stable Release

Security Changes

Related topics