Discourse/discourse
Discourse/discourse
0
0
Fork 0
mirror of https://gh.wpcy.net/https://github.com/discourse/discourse.git synced 2026-05-28 01:19:30 +08:00
Code Packages Activity Actions
discourse/plugins/discourse-reactions/spec/requests
History
Exact
discourse-patch-triage[bot] 7155883b6b SECURITY: GroupPostSerializer leaks hidden full names through reaction post association 
`GroupPostSerializer` declared `include_user_long_name?` as the predicate
  for its `:name` attribute, but AMS looks for `include_name?`. The misnamed
  predicate was never called, so object.user.name was always serialized
  regardless of `SiteSetting.enable_names`.

  https://github.com/discourse/discourse/security/advisories/GHSA-h3mq-9r6w-h33j
2026-05-19 00:26:04 +01:00
..
custom_reactions_controller_custom_emoji_spec.rb FEATURE: Promote discourse_reactions_allow_any_emoji out of experimental (#35589) 2025-10-24 16:51:18 +10:00
custom_reactions_controller_spec.rb SECURITY: GroupPostSerializer leaks hidden full names through reaction post association 2026-05-19 00:26:04 +01:00
post_action_users_controller_spec.rb
topics_controller_spec.rb UX: Ignored users reactions/likes should not show up (#39672) 2026-05-11 15:32:29 -03:00