hello, We’ve received an alert from this CVE that an instance of discourse is vulnerable to https://www.cve.org/CVERecord?id=CVE-2022-31096 It is said that the fix is in 2.9.0.beta6 but I’m unable to find and upgrade to that version. Is anyone else having this problem?

You can upgrade now and that commit will be applied. It’s not a critical security issue, so they didn’t bump the version to push it out.

You’re right, the patch is there: https://github.com/discourse/discourse/commit/115859964d6e3e92d6d933ffe8e1b330b12a3aca but there has not been any bump in version since :thinking:

Unable to find discourse version 2.9.0.beta6

Support

Osama July 4, 2022, 8:49am 9

We do a beta bump for a high severity CVE shortly after the fix is released, but we missed to do that for the last CVE (CVE-2022-31096). We released 2.9.0.beta6 last week (Thursday) so this should be resolved now.

Topic		Replies	Views
Your Discourse installation is out of date. Click here to upgrade Self-hosting	1	359	December 6, 2023
Do I need to upgrade to version 1.8.0.beta11? Support	22	1976	May 7, 2017
Up to date with 2.6.0.beta1 Support	4	1090	August 20, 2020
Discourse Upgrade Not Working Support	3	169	November 5, 2024
Stable version upgrade to 2.4.0 Support	4	733	February 27, 2020

Unable to find discourse version 2.9.0.beta6

Related topics