Unable to find discourse version 2.9.0.beta6

41821 · June 29, 2022, 11:58pm

hello,
We’ve received an alert from this CVE that an instance of discourse is vulnerable to cve-website

It is said that the fix is in 2.9.0.beta6 but I’m unable to find and upgrade to that version. Is anyone else having this problem?

Benjamin_D · June 30, 2022, 5:11am

You’re right, the patch is there:
https://github.com/discourse/discourse/commit/115859964d6e3e92d6d933ffe8e1b330b12a3aca
but there has not been any bump in version since

pfaffman · June 30, 2022, 11:02am

You can upgrade now and that commit will be applied. It’s not a critical security issue, so they didn’t bump the version to push it out.

Osama · July 4, 2022, 8:49am

We do a beta bump for a high severity CVE shortly after the fix is released, but we missed to do that for the last CVE (CVE-2022-31096). We released 2.9.0.beta6 last week (Thursday) so this should be resolved now.

Topic		Replies	Views
2.9.0.beta9: Security fix, bug fixes and more Announcements release-notes	1	2415	August 10, 2022
Generated invite links with email can't be redeemed Bug	7	865	August 18, 2021
3.2.1: Security and bug fix release Announcements release-notes	1	963	March 15, 2024
Discourse Vulnerability [False Positive] Support	3	1469	June 10, 2019
Failed upgrade from 2.3.2 to 2.3.6 due to discourse assign plugin Installation	6	658	December 2, 2019

Unable to find discourse version 2.9.0.beta6

Related topics