Discourse/discourse
Discourse/discourse
0
0
Fork 0
mirror of https://gh.wpcy.net/https://github.com/discourse/discourse.git synced 2026-05-21 03:19:56 +08:00
Code Packages Activity Actions
discourse/plugins/discourse-reactions/spec
History
Exact
discourse-patch-triage[bot] 7155883b6b SECURITY: GroupPostSerializer leaks hidden full names through reaction post association 
`GroupPostSerializer` declared `include_user_long_name?` as the predicate
  for its `:name` attribute, but AMS looks for `include_name?`. The misnamed
  predicate was never called, so object.user.name was always serialized
  regardless of `SiteSetting.enable_names`.

  https://github.com/discourse/discourse/security/advisories/GHSA-h3mq-9r6w-h33j
2026-05-19 00:26:04 +01:00
..
fabricators
lib UX: Reactions default improvements (#38776) 2026-03-24 10:41:14 +10:00
models DEV: Restore a post_mover spec (#39551) 2026-04-27 10:43:43 +02:00
reports DEV: Update rubocop-discourse to 3.13 and autofix issues (#35073) 2025-10-06 16:11:01 +02:00
requests SECURITY: GroupPostSerializer leaks hidden full names through reaction post association 2026-05-19 00:26:04 +01:00
serializers UX: Ignored users reactions/likes should not show up (#39672) 2026-05-11 15:32:29 -03:00
services FEATURE: Prevent silenced users from liking and using reactions (#37040) 2026-01-13 13:59:57 +01:00
system UX: open post reactions menu with initial filter (#39656) 2026-05-07 10:46:53 +04:00
plugin_spec.rb DEV: Clean up scope resolution operators in plugins (#34979) 2025-09-30 14:36:34 +02:00