Discourse CVE RSS Feed

ishan · October 27, 2021, 1:43pm

Hi there!

I manage a few Discourse instances and I usually have a fixed update schedule. (Every two weeks)

A RCE vulnerability was recently reported in discourse which was then reported by someone via our Bug bounty system.

Is there a RSS Feed of vulnerabilities reported in Discourse? That way, I can subscribe to the feed and update the systems as soon as a fix is out instead of just completely missing it for a few days even when a fix was available.

Thank you

Falco · October 27, 2021, 1:48pm

Something like Latest security vulnerabilities Discourse products ?

pmusaraj · October 27, 2021, 1:56pm

You can also watch release-notes, it will all list all releases, but the security ones are clearly highlighted there as well.

ishan · October 27, 2021, 2:09pm

Thank you! This is perfect. I was on their site earlier and missed the “Vulnerability feeds & Widgets” setting.

system · November 26, 2021, 2:09pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Discourse security announcements Feature	2	631	September 10, 2020
New Version Notifications Feature	4	719	August 30, 2018
Security RSS feed vs mailing list Community	3	1163	September 13, 2018
What is Discourse's policy on penetration testing and reporting security bugs? Site feedback	4	2951	May 19, 2014
2.7.9: Security Release Announcements release-notes	1	1065	October 20, 2021

Discourse CVE RSS Feed

Related Topics