Discourse/discourse
Discourse/discourse
0
0
Fork 0
mirror of https://gh.wpcy.net/https://github.com/discourse/discourse.git synced 2026-06-19 01:44:11 +08:00
Code Packages Activity Actions
discourse/plugins/discourse-rewind/spec
History
Exact
Penar Musaraj c3177d729e
SECURITY: BestTopics report includes unlisted topics (#41000) 
## Summary

This is a minor security issue, DiscourseRewind::Action::BestTopics
filters deleted/private/read-restricted topics, but doesn't filter by
`visible=true`.

## Source

- Patch Triage: https://patch.discourse.org/patch-triage/1174
- HackerOne report: https://hackerone.com/reports/3748532

---

🤖 Auto-generated from the patch diff via Patch Triage. Review carefully
before merging.

Co-authored-by: discourse-patch-triage
<272280883+discourse-patch-triage[bot]@users.noreply.github.com>
2026-06-17 17:27:13 -04:00
..
actions SECURITY: BestTopics report includes unlisted topics (#41000) 2026-06-17 17:27:13 -04:00
requests FIX: Only actually fetch initial report count in Rewind (#36940) 2026-01-05 09:34:26 +10:00
serializers FIX: Do not show rewind for new users (#37205) 2026-01-20 17:44:19 +10:00
services FIX: Cache rewind reports with user ID not username (#37872) 2026-02-17 15:14:54 +10:00
system DEV: Update rubocop (#38721) 2026-03-20 00:39:52 +01:00
plugin_helper.rb FIX: Correct the date range in d-rewind (#39805) 2026-05-06 19:58:21 +02:00