Discourse-patreon vulnerability?

Joplin just posted that they had a vulnerability and user list was leaked.

Is there any more information about what happened?

1 Like

Our security advisory for this is here:


Thank you I looked quite a bit but couldn’t find anything

1 Like

I looked at the discourse GitHub but didn’t occur to me to check the plugin pages. Is there a best way to look for vulnerability across the board (discourse+plugins)? Whether an RSS feed or status page or?