Unable to find discourse version 2.9.0.beta6

41821 · June 29, 2022, 11:58pm

hello,
We’ve received an alert from this CVE that an instance of discourse is vulnerable to cve-website

It is said that the fix is in 2.9.0.beta6 but I’m unable to find and upgrade to that version. Is anyone else having this problem?

Benjamin_D · June 30, 2022, 5:11am

You’re right, the patch is there:

but there has not been any bump in version since

pfaffman · June 30, 2022, 11:02am

You can upgrade now and that commit will be applied. It’s not a critical security issue, so they didn’t bump the version to push it out.

Osama · July 4, 2022, 8:49am

We do a beta bump for a high severity CVE shortly after the fix is released, but we missed to do that for the last CVE (CVE-2022-31096). We released 2.9.0.beta6 last week (Thursday) so this should be resolved now.

Topic		Replies	Views
2.9.0.beta9: Security fix, bug fixes and more Announcements release-notes	1	2413	August 10, 2022
3.2.1: Security and bug fix release Announcements release-notes	1	949	March 15, 2024
2.7.0.beta9: Messages with Invites, "Blank Page" Education Text, Like Webhooks, and more Announcements release-notes	1	2132	May 10, 2021
2.8.10: Security Release Announcements release-notes	0	939	November 1, 2022
Discourse 2.5.0.beta7 Release Notes Announcements release-notes	1	2663	June 10, 2020

Unable to find discourse version 2.9.0.beta6

Related topics