Discourse/discourse
Discourse/discourse
0
0
Fork 0
mirror of https://gh.wpcy.net/https://github.com/discourse/discourse.git synced 2026-06-19 01:44:11 +08:00
Code Packages Activity Actions
discourse/plugins/discourse-rewind/app
History
Exact
Penar Musaraj c3177d729e
SECURITY: BestTopics report includes unlisted topics (#41000) 
## Summary

This is a minor security issue, DiscourseRewind::Action::BestTopics
filters deleted/private/read-restricted topics, but doesn't filter by
`visible=true`.

## Source

- Patch Triage: https://patch.discourse.org/patch-triage/1174
- HackerOne report: https://hackerone.com/reports/3748532

---

🤖 Auto-generated from the patch diff via Patch Triage. Review carefully
before merging.

Co-authored-by: discourse-patch-triage
<272280883+discourse-patch-triage[bot]@users.noreply.github.com>
2026-06-17 17:27:13 -04:00
..
controllers/discourse_rewind FEATURE: Share Rewind reports publicly by default and allow for making them private (#36587) 2025-12-16 09:29:35 +10:00
services/discourse_rewind SECURITY: BestTopics report includes unlisted topics (#41000) 2026-06-17 17:27:13 -04:00
.gitkeep