Hi we got a HackenProof bounty about our Discourse site. We have upgrade to v3.10.beta3 +155 but didn’t see anything relevant in the release notes that is relevant to the bounty reported to us. Is this something new or not of concern?
The danger is that the attacker obtains the source code and sensitive information , and non-public api
The temporary solution is to delete the .map file in the code directory; The permanent solution is to disable the function of generating map files during build
I’m not sure they’re all bogus, but more than a few of them seem like they’re trolling for consulting projects. (But Big Eight accounting firms do that, too, and what they’re usually selling you is a pre-paid report which they revise slightly and charge you $20K.)