Discourse strongly recommends that all sites follow the default tests-passed branch of Discourse. The “stable” branch is more focused on lack of change than lack of bugs - all releases, including those on tests-passed and beta are production ready.
- Prevent Onebox cache overflow by limiting downloads and URL lengths CVE-2023-47120
- Filter unread bookmark reminders the user cannot see CVE-2023-45816
- Limit height of pre/svg elements CVE-2023-46130
- Onebox templates’ HTML injections. CVE-2023-47119
- SSRF vulnerability in TopicEmbed CVE-2023-47121
- Escape display names CVE-2023-45806