Discourse 3.2.5 Stable Release
Discourse strongly recommends that all sites follow the default tests-passed branch of Discourse. The “stable” branch is more focused on lack of change than lack of bugs - all releases, including those on tests-passed and beta are production ready.
Security Updates
This release includes fixes for these security issues reported by our community and HackerOne .
- XSS via Onebox system (CVE-2024-37165)
- Iframe injection though default site setting (CVE-2024-39320)
- DoS via Tag Group (CVE-2024-37299)