Discourse/discourse
Discourse/discourse
0
0
Fork 0
mirror of https://gh.wpcy.net/https://github.com/discourse/discourse.git synced 2026-06-19 04:25:50 +08:00
Code Packages Activity Actions
discourse/plugins/discourse-rewind/app/services/discourse_rewind
History
Exact
Penar Musaraj c3177d729e
SECURITY: BestTopics report includes unlisted topics (#41000) 
## Summary

This is a minor security issue, DiscourseRewind::Action::BestTopics
filters deleted/private/read-restricted topics, but doesn't filter by
`visible=true`.

## Source

- Patch Triage: https://patch.discourse.org/patch-triage/1174
- HackerOne report: https://hackerone.com/reports/3748532

---

🤖 Auto-generated from the patch diff via Patch Triage. Review carefully
before merging.

Co-authored-by: discourse-patch-triage
<272280883+discourse-patch-triage[bot]@users.noreply.github.com>
2026-06-17 17:27:13 -04:00
..
action SECURITY: BestTopics report includes unlisted topics (#41000) 2026-06-17 17:27:13 -04:00
dismiss.rb FEATURE: Store rewind dismiss state in database instead of localStorage (#36625) 2025-12-12 15:16:22 +10:00
fetch_report.rb FIX: Correct the date range in d-rewind (#39805) 2026-05-06 19:58:21 +02:00
fetch_reports.rb FIX: Correct the date range in d-rewind (#39805) 2026-05-06 19:58:21 +02:00
toggle_share.rb FEATURE: Share Rewind reports publicly by default and allow for making them private (#36587) 2025-12-16 09:29:35 +10:00