hao/websafe-kb
1
0
派生 0
代码 工单 合并请求 1 工作流 软件包 项目 发布 百科 活动
文件
c3a853d2cf868f00cda8fae6ec2ed2a3a2709782
websafe-kb/08-threat-intel/registry/advisories/discourse--9052caf22d.json

146 行
16 KiB
JSON
原始文件 Blame 文件历史

{
"canonical_id": "discourse--9052caf22d",
"system_id": "discourse",
"display_name": "Discourse",
"category": "cms",
"advisory_mode": "core",
"title": "3.6.0.beta1: Color palette editing, user fields on sign up, themeable site setting discovery, images with Google AI, and reliable drafts",
"summary": "<h1><a name=\"p-1859296-new-features-in-360beta1-1\" class=\"anchor\" href=\"https://meta.discourse.org#p-1859296-new-features-in-360beta1-1\" aria-label=\"Heading link\"></a>New features in 3.6.0.beta1</h1>\n<h2><a name=\"p-1859296-smoother-color-palette-editing-with-a-new-interface-2\" class=\"anchor\" href=\"https://meta.discourse.org#p-1859296-smoother-color-palette-editing-with-a-new-interface-2\" aria-label=\"Heading link\"></a>Smoother color palette editing with a new interface</h2>\n<p></p><div class=\"lightbox-wrapper\"><a class=\"lightbox\" href=\"https://d11a6trkgmumsb.cloudfront.net/original/4X/f/b/6/fb6ab581b2efc93dcce2de929f8eabb6c4afd21e.png\" data-download-href=\"/uploads/short-url/zS8t1jfURP3WAI9pEHhrae9L5jo.png?dl=1\" title=\"The new color palette editing interface.\" rel=\"noopener nofollow ugc\"><img src=\"https://d11a6trkgmumsb.cloudfront.net/optimized/4X/f/b/6/fb6ab581b2efc93dcce2de929f8eabb6c4afd21e_2_311x500.png\" alt=\"The new color palette editing interface.\" data-base62-sha1=\"zS8t1jfURP3WAI9pEHhrae9L5jo\" width=\"311\" height=\"500\" srcset=\"https://d11a6trkgmumsb.cloudfront.net/optimized/4X/f/b/6/fb6ab581b2efc93dcce2de929f8eabb6c4afd21e_2_311x500.png, https://d11a6trkgmumsb.cloudfront.net/optimized/4X/f/b/6/fb6ab581b2efc93dcce2de929f8eabb6c4afd21e_2_466x750.png 1.5x, https://d11a6trkgmumsb.cloudfront.net/optimized/4X/f/b/6/fb6ab581b2efc93dcce2de929f8eabb6c4afd21e_2_622x1000.png 2x\" data-dominant-color=\"F9F9F9\"></a></div><p></p>\n<p>Building on our <a href=\"https://meta.discourse.org/tags/c/announcements/67/color-palettes\">recent color palette management improvements</a>, admins now have an even smoother way to customize their site\u2019s colors. The new color palette interface seamlessly integrates with the overall admin design system, delivering a cohesive experience that makes palette management both powerful and approachable. <a href=\"https://meta.discourse.org/t/smoother-color-palette-editing/380477\">Read more in the announcement</a>.</p>\n<h2><a name=\"p-1859296-option-to-hide-custom-fields-on-sign-up-form-3\" class=\"anchor\" href=\"https://meta.discourse.org#p-1859296-option-to-hide-custom-fields-on-sign-up-form-3\" aria-label=\"Heading link\"></a>Option to hide custom fields on sign up form</h2>\n<p></p><div class=\"lightbox-wrapper\"><a class=\"lightbox\" href=\"https://d11a6trkgmumsb.cloudfront.net/original/4X/7/2/6/726b9df2e6f3b701f3d257a7c2f924b8ba69e653.png\" data-download-href=\"/uploads/short-url/gkcZZRnMY9zDTCRO7h6WmmYjDbB.png?dl=1\" title=\"Preferences for custom user fields, showing the new &quot;Show on signup form&quot; option.\" rel=\"noopener nofollow ugc\"><img src=\"https://d11a6trkgmumsb.cloudfront.net/original/4X/7/2/6/726b9df2e6f3b701f3d257a7c2f924b8ba69e653.png\" alt=\"Preferences for custom user fields, showing the new &quot;Show on signup form&quot; option.\" data-base62-sha1=\"gkcZZRnMY9zDTCRO7h6WmmYjDbB\" width=\"229\" height=\"160\"></a></div><p></p>\n<p>To make user fields more flexible and practical, showing them on sign up is now an option that can be switched off for individual fields. This means you can have a way for your members to provide their data without forcing them to provide it as they\u2019re signing up. Existing fields have this option switched on by default, and it can be toggled as needed.</p>\n<h2><a name=\"p-1859296-themeable-site-settings-more-easily-available-4\" class=\"anchor\" href=\"https://meta.discourse.org#p-1859296-themeable-site-settings-more-easily-available-4\" aria-label=\"Heading link\"></a>Themeable site settings more easily available</h2>\n<p></p><div class=\"lightbox-wrapper\"><a class=\"lightbox\" href=\"https://d11a6trkgmumsb.cloudfront.net/original/4X/1/7/6/1760eab558026cec2d6af8d547dea7fd0c644144.png\" data-download-href=\"/uploads/short-url/3kOCL9x6NhsVZb6L243q8HptajW.png?dl=1\" title=\"A themeable site setting within a regular settings page.\" rel=\"noopener nofollow ugc\"><img src=\"https://d11a6trkgmumsb.cloudfront.net/optimized/4X/1/7/6/1760eab558026cec2d6af8d547dea7fd0c644144_2_690x203.png\" alt=\"A themeable site setting within a regular settings page.\" data-base62-sha1=\"3kOCL9x6NhsVZb6L243q8HptajW\" width=\"690\" height=\"203\" srcset=\"https://d11a6trkgmumsb.cloudfront.net/optimized/4X/1/7/6/1760eab558026cec2d6af8d547dea7fd0c644144_2_690x203.png, https://d11a6trkgmumsb.cloudfront.net/optimized/4X/1/7/6/1760eab558026cec2d6af8d547dea7fd0c644144_2_1035x304.png 1.5x, https://d11a6trkgmumsb.cloudfront.net/original/4X/1/7/6/1760eab558026cec2d6af8d547dea7fd0c644144.png 2x\" data-dominant-color=\"F7F7F7\"></a></div><p></p>\n<p>We <a href=\"https://meta.discourse.org/t/themeable-site-settings-are-now-available/374232\">recently announced themeable site settings</a> as a way for theme developers to more tightly couple the user experience to their theme. As a subsequent improvement to this new way of managing settings like this, they are now readily available for admins to find in the standard settings pages. Themeable settings are displayed alongside other site settings with their default value and a link to the default theme\u2019s edit page, where they can be modified as needed.</p>\n<h2><a name=\"p-1859296-support-for-googles-new-ai-image-model-5\" class=\"anchor\" href=\"https://meta.discourse.org#p-1859296-support-for-googles-new-ai-image-model-5\" aria-label=\"Heading link\"></a>Support for Google\u2019s new AI image model</h2>\n<p>Discourse\u2019s AI tools now enable you and your members to generate images using <a href=\"https://blog.google/products/gemini/updated-image-editing-model/\" rel=\"noopener nofollow ugc\">Google\u2019s top-rated new model</a> right from your Discourse site. This model provides greater control over your image output, native image generation, more customization options, image blending, and much more\u2014all available at your fingertips in Discourse.</p>\n<h2><a name=\"p-1859296-more-reliable-saving-of-drafts-with-improved-composer-controls-6\" class=\"anchor\" href=\"https://meta.discourse.org#p-1859296-more-reliable-saving-of-drafts-with-improved-composer-controls-6\" aria-label=\"Heading link\"></a>More reliable saving of drafts with improved composer controls</h2>\n<p></p><div class=\"lightbox-wrapper\"><a class=\"lightbox\" href=\"https://d11a6trkgmumsb.cloudfront.net/original/4X/f/5/1/f519b3fbe08ebc8b35ad500d036f23723e5cfe8f.png\" data-download-href=\"/uploads/short-url/yYg31Em64KF714XLx8IHsRi76vJ.png?dl=1\" title=\"The composer with new close and discard buttons.\" rel=\"noopener nofollow ugc\"><img src=\"https://d11a6trkgmumsb.cloudfront.net/optimized/4X/f/5/1/f519b3fbe08ebc8b35ad500d036f23723e5cfe8f_2_328x500.png\" alt=\"The composer with new close and discard buttons.\" data-base62-sha1=\"yYg31Em64KF714XLx8IHsRi76vJ\" width=\"328\" height=\"500\" srcset=\"https://d11a6trkgmumsb.cloudfront.net/optimized/4X/f/5/1/f519b3fbe08ebc8b35ad500d036f23723e5cfe8f_2_328x500.png, https://d11a6trkgmumsb.cloudfront.net/optimized/4X/f/5/1/f519b3fbe08ebc8b35ad500d036f23723e5cfe8f_2_492x750.png 1.5x, https://d11a6trkgmumsb.cloudfront.net/optimized/4X/f/5/1/f519b3fbe08ebc8b35ad500d036f23723e5cfe8f_2_656x1000.png 2x\" data-dominant-color=\"FBFCFC\"></a></div><p></p>\n<p>The composer now includes clearer buttons for closing the window, while offering options for saving a draft or automatically saving your work as you close it. This provides greater assurance that your active drafts remain safely stored as you navigate around the site.</p>\n<h2><a name=\"p-1859296-security-updates-7\" class=\"anchor\" href=\"https://meta.discourse.org#p-1859296-security-updates-7\" aria-label=\"Heading link\"></a>Security Updates</h2>\n<p>This release includes fixes for these security issues reported by our community and <a href=\"https://hackerone.com/discourse\" rel=\"noopener nofollow ugc\">HackerOne</a>.</p>\n<ul>\n<li><a href=\"https://github.com/discourse/discourse/security/advisories/GHSA-7p47-8m82-m2vf\" class=\"inline-onebox\" rel=\"noopener nofollow ugc\">XSS when quoting chat messages via channel title and thread title in RTE \u00b7 Advisory \u00b7 discourse/discourse \u00b7 GitHub</a></li>\n<li><a href=\"https://github.com/discourse/discourse/security/advisories/GHSA-32v2-x274-vfhr\" class=\"inline-onebox\" rel=\"noopener nofollow ugc\">Insecure Direct Object Reference via AI Suggestions \u00b7 Advisory \u00b7 discourse/discourse \u00b7 GitHub</a></li>\n<li><a href=\"https://github.com/discourse/discourse/security/advisories/GHSA-7xjr-4f4g-9887\" class=\"inline-onebox\" rel=\"noopener nofollow ugc\">Backup restore meta-command injection leading to cross-site data access in multisite environments \u00b7 Advisory \u00b7 discourse/discourse \u00b7 GitHub</a></li>\n</ul>\n <p><small>2 posts - 2 participants</small></p>\n <p><a href=\"https://meta.discourse.org/t/3-6-0-beta1-color-palette-editing-user-fields-on-sign-up-themeable-site-setting-discovery-images-with-google-ai-and-reliable-drafts/383509\">Read full topic</a></p>",
"published_at": "Tue, 30 Sep 2025 02:59:19 +0000",
"updated_at": "Tue, 30 Sep 2025 02:59:19 +0000",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://meta.discourse.org/t/3-6-0-beta1-color-palette-editing-user-fields-on-sign-up-themeable-site-setting-discovery-images-with-google-ai-and-reliable-drafts/383509",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"xss-output-encoding",
"plugin-extension-trust-policy",
"file-upload-validation",
"dependency-upgrade-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"entity_refs": [
{
"entity_id": "discourse",
"entity_type": "system",
"relation": "root-system",
"root_system_id": "discourse",
"official": true
}
],
"affected_components": [
{
"name": "Discourse",
"entity_id": "discourse",
"scope": "core",
"package_name": null,
"official": true
}
],
"affected_version_ranges": [],
"fixed_version_ranges": [],
"introduced_version": null,
"patched_version": null,
"version_evidence_sources": [
"https://meta.discourse.org/t/3-6-0-beta1-color-palette-editing-user-fields-on-sign-up-themeable-site-setting-discovery-images-with-google-ai-and-reliable-drafts/383509"
],
"advisory_scope": "core",
"version_confidence": "low",
"version_gap_reason": "official bulletin or aggregated source did not expose explicit affected/fixed versions",
"version_resolution_needed": true,
"workflow": {
"workflow_id": "discourse--9052caf22d--workflow",
"vuln_family": "xss",
"entry_surface": "web-ui-render-path",
"preconditions": [
"\u4ec5\u5728 lab-local\u3001lab-public \u6216\u660e\u786e\u6388\u6743\u76ee\u6807\u4e2d\u6267\u884c\u3002",
"\u786e\u8ba4\u76ee\u6807\u547d\u4e2d\u7248\u672c\u65ad\u8a00: \u9700\u8981\u4ece\u516c\u544a\u3001\u9501\u6587\u4ef6\u3001\u7248\u672c\u9875\u6216\u5173\u4e8e\u9875\u9762\u4eba\u5de5\u786e\u8ba4\u7248\u672c\u547d\u4e2d",
"\u82e5\u5bf9\u8c61\u5c5e\u4e8e `core`\uff0c\u5148\u786e\u8ba4\u6269\u5c55/\u4ed3\u5e93/\u5305\u5df2\u542f\u7528\u5e76\u5904\u4e8e\u53d7\u5f71\u54cd\u7248\u672c\u3002"
],
"required_role": "editor-or-admin",
"affected_version_assertion": [
"\u9700\u8981\u4ece\u516c\u544a\u3001\u9501\u6587\u4ef6\u3001\u7248\u672c\u9875\u6216\u5173\u4e8e\u9875\u9762\u4eba\u5de5\u786e\u8ba4\u7248\u672c\u547d\u4e2d"
],
"trigger_vector": "\u5bf9 `xss` \u5bb6\u65cf\u5165\u53e3\u6295\u9012\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\uff0c\u6bd4\u8f83\u4fee\u590d\u524d\u540e\u5dee\u5f02\u3002",
"request_or_ui_path": [
"/admin/editor",
"/preview",
"/rendered-content"
],
"input_shape": "\u53d7\u63a7 HTML/Markdown/\u5bcc\u6587\u672c\u8f93\u5165\uff0c\u89c2\u5bdf\u6e32\u67d3\u4e0a\u4e0b\u6587\u662f\u5426\u5931\u53bb\u7f16\u7801\u6216\u51c0\u5316\u3002",
"expected_unsafe_behavior": "\u8f93\u5165\u5728\u76ee\u6807\u4e0a\u4e0b\u6587\u6267\u884c\u6216\u88ab\u6d4f\u89c8\u5668\u89e3\u91ca\u4e3a\u4e3b\u52a8\u5185\u5bb9\u3002",
"server_evidence_points": [
"\u5e94\u7528\u65e5\u5fd7\u4e2d\u7684\u547d\u4e2d\u8def\u5f84\u3001\u9274\u6743\u51b3\u7b56\u548c\u5f02\u5e38\u6808",
"\u53cd\u5411\u4ee3\u7406\u6216\u8fb9\u754c\u5c42\u65e5\u5fd7\u4e2d\u7684\u8bf7\u6c42\u5934\u3001\u6765\u6e90 IP \u4e0e\u8def\u7531\u51b3\u7b56"
],
"browser_evidence_points": [
"\u57fa\u7ebf\u622a\u56fe\u4e0e\u653b\u51fb\u540e\u622a\u56fe\u7684 DOM/\u89c6\u89c9\u5dee\u5f02",
"console\u3001network \u4e0e response metadata \u4e2d\u7684\u5f02\u5e38\u4fe1\u53f7"
],
"db_or_fs_evidence_points": [
"\u6570\u636e\u5e93\u4e2d\u65b0\u589e/\u8d8a\u6743\u8bfb\u53d6\u7684\u6d4b\u8bd5\u6570\u636e",
"\u6587\u4ef6\u7cfb\u7edf\u4e2d\u65b0\u589e\u4e0a\u4f20\u6837\u672c\u3001\u7f13\u5b58\u6761\u76ee\u6216\u8d8a\u6743\u8bfb\u53d6\u75d5\u8ff9"
],
"detection_signals": [
"WAF / reverse proxy \u5f02\u5e38\u65e5\u5fd7\u3001\u8bbf\u95ee\u65e5\u5fd7\u548c\u544a\u8b66",
"\u5e94\u7528\u5ba1\u8ba1\u65e5\u5fd7\u4e2d\u7684\u6743\u9650\u9519\u8bef\u3001\u91cd\u5b9a\u5411\u5f02\u5e38\u3001\u6a21\u677f\u6e32\u67d3\u6216\u4e0a\u4f20\u843d\u76d8\u4e8b\u4ef6"
],
"mitigation_summary": "\u4f18\u5148\u5347\u7ea7\u5230\u4fee\u590d\u7248\u672c\uff0c\u5e76\u540c\u65f6\u6536\u7d27\u8f93\u5165\u6821\u9a8c\u3001\u670d\u52a1\u7aef\u9274\u6743\u3001\u4ee3\u7406\u4fe1\u4efb\u8fb9\u754c\u3001\u6269\u5c55\u5b89\u88c5\u4fe1\u4efb\u548c\u5ba1\u8ba1\u65e5\u5fd7\u3002",
"patch_validation_steps": [
"\u786e\u8ba4\u76ee\u6807\u7248\u672c\u4ece `\u53d7\u5f71\u54cd\u7248\u672c\u533a\u95f4` \u5347\u7ea7\u6216\u56de\u79fb\u5230 `\u4fee\u590d\u7248\u672c`\u3002",
"\u4fdd\u7559\u540c\u4e00\u7ec4\u53d7\u63a7\u8f93\u5165\uff0c\u5728\u4fee\u590d\u524d\u540e\u5206\u522b\u6267\u884c\u5e76\u6bd4\u5bf9\u54cd\u5e94\u3001\u65e5\u5fd7\u4e0e\u6d4f\u89c8\u5668\u8bc1\u636e\u3002",
"\u786e\u8ba4\u4fee\u590d\u540e\u4ec5\u4fdd\u7559\u9884\u671f\u4e1a\u52a1\u884c\u4e3a\uff0c\u4e0d\u518d\u89e6\u53d1\u8d8a\u6743\u3001\u56de\u663e\u3001\u5f02\u5e38\u6e32\u67d3\u6216\u9519\u8bef\u8bf7\u6c42\u3002",
"\u8865\u5145 `xss` \u65cf\u81ea\u52a8\u5316\u56de\u5f52\uff0c\u907f\u514d\u540c\u7c7b\u8def\u5f84\u5728\u63d2\u4ef6\u3001\u4e3b\u9898\u6216\u4ee3\u7406\u94fe\u4e2d\u56de\u5f52\u3002"
],
"lab_safety_notes": [
"\u53ea\u4f7f\u7528\u56de\u73af\u5730\u5740\u3001\u54e8\u5175\u76ee\u6807\u3001\u65e0\u5bb3\u6837\u672c\u6216\u53ef\u56de\u6eda\u6d4b\u8bd5\u6570\u636e\u3002",
"\u7981\u6b62\u9020\u6210\u6301\u4e45\u7834\u574f\u3001\u8d8a\u6743\u4e0b\u8f7d\u771f\u5b9e\u6570\u636e\u6216\u4e0d\u53ef\u56de\u6eda side effect\u3002",
"\u5982\u9700\u6d4f\u89c8\u5668\u8bc1\u636e\uff0c\u4fdd\u7559 baseline / proof \u4e24\u4efd\u5feb\u7167\u4ee5\u53ca console / network \u8bb0\u5f55\u3002"
],
"review_state": "needs-version-gap-review"
},
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"Discourse Release Notes RSS"
],
"source_kinds": [
"rss-feed"
],
"candidate_count": 1,
"entity_ref_count": 1,
"advisory_scope": "core",
"version_confidence": "low",
"workflow_id": "discourse--9052caf22d--workflow"
}
}
在新工单中引用 查看 Git Blame 复制永久链接