Discourse/discourse
Discourse/discourse
0
0
Fork 0
mirror of https://gh.wpcy.net/https://github.com/discourse/discourse.git synced 2026-06-18 23:39:11 +08:00
Code Packages Activity Actions
discourse/plugins/discourse-rewind
History
Exact
Penar Musaraj c3177d729e
SECURITY: BestTopics report includes unlisted topics (#41000) 
## Summary

This is a minor security issue, DiscourseRewind::Action::BestTopics
filters deleted/private/read-restricted topics, but doesn't filter by
`visible=true`.

## Source

- Patch Triage: https://patch.discourse.org/patch-triage/1174
- HackerOne report: https://hackerone.com/reports/3748532

---

🤖 Auto-generated from the patch diff via Patch Triage. Review carefully
before merging.

Co-authored-by: discourse-patch-triage
<272280883+discourse-patch-triage[bot]@users.noreply.github.com>
2026-06-17 17:27:13 -04:00
..
app SECURITY: BestTopics report includes unlisted topics (#41000) 2026-06-17 17:27:13 -04:00
assets DEV: Consolidate reusable components into ui-kit (#38703) 2026-05-11 18:07:36 -03:00
config I18N: Update translations (#40823) 2026-06-12 16:19:35 +02:00
db DEV: Promote old post-deploy migrations to pre-deploy (#38595) 2026-03-13 19:09:30 +00:00
lib/discourse_rewind DEV: Enable Rails/FilePath rubocop rule (#40097) 2026-05-19 19:07:54 +02:00
public UX: various visual fixes to rewind plugin (#36535) 2025-12-08 11:15:00 -05:00
spec SECURITY: BestTopics report includes unlisted topics (#41000) 2026-06-17 17:27:13 -04:00
test/javascripts
package.json DEV: Add a script for generating external types in discourse-types (#37095) 2026-03-09 20:37:43 +01:00
plugin.rb DEV: Enable Style/RedundantSelf rubocop rule (#40098) 2026-05-19 19:27:45 +02:00
README.md
tsconfig.json DEV: Add a script for generating external types in discourse-types (#37095) 2026-03-09 20:37:43 +01:00

README.md

DiscourseRewind

Display stats on your last year of Discourse usage.

Usage

Navigate to /my/activity/rewind