hello, We’ve received an alert from this CVE that an instance of discourse is vulnerable to cve-website It is said that the fix is in 2.9.0.beta6 but I’m unable to find and upgrade to that version. Is anyone else having this problem?

You can upgrade now and that commit will be applied. It’s not a critical security issue, so they didn’t bump the version to push it out.

You’re right, the patch is there: SECURITY: Validate email constraints when trying to redeem an invite committed 10:32AM - 21 Jun 22 UTC (UTC) [image] tgxworld …

Unable to find discourse version 2.9.0.beta6

Support

Osama July 4, 2022, 8:49am 9

We do a beta bump for a high severity CVE shortly after the fix is released, but we missed to do that for the last CVE (CVE-2022-31096). We released 2.9.0.beta6 last week (Thursday) so this should be resolved now.

Topic		Replies	Views
Your Discourse installation is out of date. Click here to upgrade Self-hosting	1	357	December 6, 2023
Do I need to upgrade to version 1.8.0.beta11? Support	23	1957	June 8, 2024
Up to date with 2.6.0.beta1 Support	5	1074	September 19, 2020
Discourse Upgrade Not Working Support	3	139	November 5, 2024
Stable version upgrade to 2.4.0 Support	5	725	February 27, 2020

Unable to find discourse version 2.9.0.beta6

Related topics