hello, We’ve received an alert from this CVE that an instance of discourse is vulnerable to cve-website It is said that the fix is in 2.9.0.beta6 but I’m unable to find and upgrade to that version. Is anyone else having this problem?

You can upgrade now and that commit will be applied. It’s not a critical security issue, so they didn’t bump the version to push it out.

Unable to find discourse version 2.9.0.beta6

support

Osama July 4, 2022, 8:49am 9

We do a beta bump for a high severity CVE shortly after the fix is released, but we missed to do that for the last CVE (CVE-2022-31096). We released 2.9.0.beta6 last week (Thursday) so this should be resolved now.

4 Likes

Topic		Replies	Views
2.9.0.beta9: Security fix, bug fixes and more announcements release-notes	1	2292	August 10, 2022
Generated invite links with email can't be redeemed bug	7	779	August 18, 2021
3.2.1: Security and bug fix release announcements release-notes	1	656	March 15, 2024
Discourse Vulnerability [False Positive] support	3	1402	June 10, 2019
Cannot access topics after upgrade from 1.6.0.beta1 to beta2 support	15	2454	December 31, 2017

Unable to find discourse version 2.9.0.beta6

Related Topics