3.3.3: Security and maintenance release

Saif · December 19, 2024, 4:53pm

Discourse 3.3.3 Stable Release

Discourse strongly recommends that all sites follow the default tests-passed branch of Discourse. The “stable” branch is more focused on lack of change than lack of bugs - all releases, including those on tests-passed and beta are production ready.

Security Updates

This release includes fixes for these security issues reported by our community and HackerOne.

Bypass of Discourse Connect using other login paths if enabled (CVE-2024-49765)
Moderators can view Screened emails even when the “moderators view emails” option is disabled (CVE-2024-52589)
Magnific lightbox susceptible to XSS (CVE-2024-52794)
Potential Backup file leaked via Nginx (CVE-2024-53991)

Topic	Replies	Views
3.3.2: Security and maintenance release Announcements release-notes	517	October 7, 2024
3.2.5: Security and bug fix release Announcements release-notes	233	July 30, 2024
3.2.3: Security and bug fix release Announcements release-notes	276	July 3, 2024
3.0.3: Security and bug fix release Announcements release-notes	1025	April 18, 2023
3.1.5: Security and bug fix release Announcements release-notes	1640	January 30, 2024

3.3.3: Security and maintenance release

Discourse 3.3.3 Stable Release

Security Updates

Related topics