I manage a few Discourse instances and I usually have a fixed update schedule. (Every two weeks)
A RCE vulnerability was recently reported in discourse which was then reported by someone via our Bug bounty system.
Is there a RSS Feed of vulnerabilities reported in Discourse? That way, I can subscribe to the feed and update the systems as soon as a fix is out instead of just completely missing it for a few days even when a fix was available.