mirror of
https://github.com/NixOS/nixpkgs.git
synced 2026-06-05 21:03:40 +00:00
bf49b33367
https://releases.discourse.org/changelog/v2026.1.4/ Fixes: - CVE-2026-44779 Bot debug endpoints disclose whisper translation audit logs - CVE-2026-44782 GroupPostSerializer leaks hidden full names through reaction post association - CVE-2026-44783 Replying to a whisper lets non-whisperers create staff-only whisper posts - CVE-2026-44786 Public chat MessageBus broadcasts are not restricted to chat-eligible users - CVE-2026-45085 Chat misauthorization and information disclosure - CVE-2026-44784 Non-staff group owners can see email password in plaintext through group history - CVE-2026-44785 Hidden reply-to post raw can be disclosed through AI explain prompts - CVE-2026-45775 Cross-site backup access via path traversal in multisite local backups - (CVE Pending) Don't leak restricted tag group names via tag info - CVE-2026-34154 Subscription access bypass in discourse-subscriptions plugin - CVE-2026-33514 Information Disclosure in Form Template API Due to Missing Authorization - CVE-2026-44780 Category queue reviewers can read raw incoming emails from queued posts - (CVE Pending) Prevent webhook payload disclosure on event redelivery - CVE-2026-32244 Cached outdated summaries can leak removed content