3.2.3: Security and bug fix release

Saif · July 3, 2024, 1:14pm

Discourse 3.2.3 Stable Release

Discourse strongly recommends that all sites follow the default tests-passed branch of Discourse. The “stable” branch is more focused on lack of change than lack of bugs - all releases, including those on tests-passed and beta are production ready.

Security Updates

This release includes fixes for these security issues reported by our community and HackerOne.

DoS through Onebox (CVE-2024-35227)
Stored-dom XSS via Facebook Oneboxes (CVE-2024-35234)
Missing authorization checks for suspending admins/moderators (CVE-2024-36113)
Limit reviewable user serializer payload (CVE-2024-36122)
SSRF via FastImage (CVE-2024-37157)

Topic		Replies	Views
3.2.2: Bug fix release Announcements release-notes	0	531	May 15, 2024
3.2.5: Security and bug fix release Announcements release-notes	0	233	July 30, 2024
2.7.3: Security Release Announcements release-notes	1	572	June 8, 2021
3.0.3: Security and bug fix release Announcements release-notes	0	1025	April 18, 2023
3.3.2: Security and maintenance release Announcements release-notes	0	517	October 7, 2024

3.2.3: Security and bug fix release

Discourse 3.2.3 Stable Release

Security Updates

Related topics