Unable to find discourse version 2.9.0.beta6

41821 · June 29, 2022, 11:58pm

hello,
We’ve received an alert from this CVE that an instance of discourse is vulnerable to cve-website

It is said that the fix is in 2.9.0.beta6 but I’m unable to find and upgrade to that version. Is anyone else having this problem?

Benjamin_D · June 30, 2022, 5:11am

You’re right, the patch is there:

but there has not been any bump in version since

pfaffman · June 30, 2022, 11:02am

You can upgrade now and that commit will be applied. It’s not a critical security issue, so they didn’t bump the version to push it out.

Osama · July 4, 2022, 8:49am

We do a beta bump for a high severity CVE shortly after the fix is released, but we missed to do that for the last CVE (CVE-2022-31096). We released 2.9.0.beta6 last week (Thursday) so this should be resolved now.

Topic		Replies	Views
2.9.0.beta9: Security fix, bug fixes and more announcements release-notes	1	2275	August 10, 2022
Generated invite links with email can't be redeemed bug	7	767	August 18, 2021
3.2.1: Security and bug fix release announcements release-notes	1	599	March 15, 2024
Discourse Vulnerability [False Positive] support	3	1396	June 10, 2019
Cannot access topics after upgrade from 1.6.0.beta1 to beta2 support	15	2434	December 31, 2017

Unable to find discourse version 2.9.0.beta6

Related Topics