I didn’t see any message associated with this commit, so I was wondering whether we need to quickly upgrade our site to incorporate this new patch, or whether the original security issue turned out to be a non-problem:
https://github.com/discourse/discourse/commit/899caf35baaf4a33e816207d771b7c1ab069a1e5