146 行
11 KiB
JSON
146 行
11 KiB
JSON
{
|
|
"canonical_id": "discourse--c407380775",
|
|
"system_id": "discourse",
|
|
"display_name": "Discourse",
|
|
"category": "cms",
|
|
"advisory_mode": "core",
|
|
"title": "3.6.0.beta2: Built-in palette editing, live AI translation progress, and better wiki tracking",
|
|
"summary": "<h1><a name=\"p-1876662-new-features-in-360beta2-1\" class=\"anchor\" href=\"https://meta.discourse.org#p-1876662-new-features-in-360beta2-1\" aria-label=\"Heading link\"></a>New features in 3.6.0.beta2</h1>\n<h2><a name=\"p-1876662-editing-built-in-theme-colour-palettes-2\" class=\"anchor\" href=\"https://meta.discourse.org#p-1876662-editing-built-in-theme-colour-palettes-2\" aria-label=\"Heading link\"></a>Editing built-in theme colour palettes</h2>\n<p>Until recently, colour palettes that come packaged with themes have not been editable. Now, instead of duplicating those palettes to fill your admin, you can simply edit them directly. Modified colours can always be reverted to those that came with the theme if needed, allowing for more flexible colour palette management.</p>\n<p></p><div class=\"video-placeholder-container\" data-video-src=\"https://d11a6trkgmumsb.cloudfront.net/original/4X/d/9/2/d929300ea5606dd4bbb18ed6bdddb19274f1b997.mp4\" data-thumbnail-src=\"https://d11a6trkgmumsb.cloudfront.net/original/4X/a/e/5/ae524b3cff45224a44e3521690f46e479fe4d44b.jpeg\" data-video-base62-sha1=\"uZ5R24x4jbZ0BzVrIdhSgbNuu1x.mp4\">\n </div><p></p>\n<h2><a name=\"p-1876662-live-progress-data-for-your-ai-translations-3\" class=\"anchor\" href=\"https://meta.discourse.org#p-1876662-live-progress-data-for-your-ai-translations-3\" aria-label=\"Heading link\"></a>Live progress data for your AI translations</h2>\n<p>When using the <a href=\"https://meta.discourse.org/t/content-localization-manual-and-automatic-with-discourse-ai/370969#p-1797766-automatic-translations-with-discourse-ai-sparkles-5\">AI translations</a> feature that is built into Discourse, your translation progress is clearly displayed in your dashboard. You can see the number of posts translated and the completion percentage for each locale, as your translations are backfilled according to your settings. In addition to this, you can now see the estimated completion time in hours and minutes until all your posts are fully translated.</p>\n<p></p><div class=\"lightbox-wrapper\"><a class=\"lightbox\" href=\"https://d11a6trkgmumsb.cloudfront.net/original/4X/c/b/8/cb8c1e1d04919ae392cf48e2110f4bd47f722c67.jpeg\" data-download-href=\"/uploads/short-url/t2F7SIUcZrta7bn5DkPZ1dMfWbJ.jpeg?dl=1\" title=\"AI translation progress\" rel=\"noopener nofollow ugc\"><img src=\"https://d11a6trkgmumsb.cloudfront.net/optimized/4X/c/b/8/cb8c1e1d04919ae392cf48e2110f4bd47f722c67_2_542x500.jpeg\" alt=\"AI translation progress\" data-base62-sha1=\"t2F7SIUcZrta7bn5DkPZ1dMfWbJ\" width=\"542\" height=\"500\" srcset=\"https://d11a6trkgmumsb.cloudfront.net/optimized/4X/c/b/8/cb8c1e1d04919ae392cf48e2110f4bd47f722c67_2_542x500.jpeg, https://d11a6trkgmumsb.cloudfront.net/optimized/4X/c/b/8/cb8c1e1d04919ae392cf48e2110f4bd47f722c67_2_813x750.jpeg 1.5x, https://d11a6trkgmumsb.cloudfront.net/optimized/4X/c/b/8/cb8c1e1d04919ae392cf48e2110f4bd47f722c67_2_1084x1000.jpeg 2x\" data-dominant-color=\"E5E6EF\"></a></div><p></p>\n<h2><a name=\"p-1876662-stay-on-top-of-wiki-updates-4\" class=\"anchor\" href=\"https://meta.discourse.org#p-1876662-stay-on-top-of-wiki-updates-4\" aria-label=\"Heading link\"></a>Stay on top of wiki updates</h2>\n<p>To help you stay apprised of wiki topics, they are now \u201cbumped\u201d when an edit is made to the original topic. This helps to ensure that your community is aware of important updates to these topics, and you have can easily review them as edits are made. This is especially helpful for documentation topics, which are a common use case for the wiki feature.</p>\n<h2><a name=\"p-1876662-security-updates-5\" class=\"anchor\" href=\"https://meta.discourse.org#p-1876662-security-updates-5\" aria-label=\"Heading link\"></a>Security Updates</h2>\n<p>This release includes fixes for these security issues reported by our community and <a href=\"https://hackerone.com/discourse\" rel=\"noopener nofollow ugc\">HackerOne</a>.</p>\n<ul>\n<li><a href=\"https://github.com/discourse/discourse/security/advisories/GHSA-jp9x-wwv6-cv3j\" class=\"inline-onebox\" rel=\"noopener nofollow ugc\">Missing Cache-Control response header on error responses \u00b7 Advisory \u00b7 discourse/discourse \u00b7 GitHub</a></li>\n</ul>\n <p><small>2 posts - 2 participants</small></p>\n <p><a href=\"https://meta.discourse.org/t/3-6-0-beta2-built-in-palette-editing-live-ai-translation-progress-and-better-wiki-tracking/386389\">Read full topic</a></p>",
|
|
"published_at": "Tue, 28 Oct 2025 07:33:37 +0000",
|
|
"updated_at": "Tue, 28 Oct 2025 07:33:37 +0000",
|
|
"severity": "unknown",
|
|
"cvss_score": null,
|
|
"exploit_status": "unknown",
|
|
"source_confidence": "official",
|
|
"official_source_url": "https://meta.discourse.org/t/3-6-0-beta2-built-in-palette-editing-live-ai-translation-progress-and-better-wiki-tracking/386389",
|
|
"secondary_source_urls": [],
|
|
"aliases": [],
|
|
"cve_ids": [],
|
|
"ghsa_ids": [],
|
|
"osv_ids": [],
|
|
"affected_versions": [],
|
|
"fixed_versions": [],
|
|
"package_name": null,
|
|
"render_markdown": false,
|
|
"case_path": null,
|
|
"secure_code_topics": [
|
|
"authz-server-side-recheck",
|
|
"xss-output-encoding",
|
|
"plugin-extension-trust-policy",
|
|
"file-upload-validation",
|
|
"dependency-upgrade-policy"
|
|
],
|
|
"status": "triage",
|
|
"triage_reasons": [
|
|
"missing affected/fixed version details"
|
|
],
|
|
"entity_refs": [
|
|
{
|
|
"entity_id": "discourse",
|
|
"entity_type": "system",
|
|
"relation": "root-system",
|
|
"root_system_id": "discourse",
|
|
"official": true
|
|
}
|
|
],
|
|
"affected_components": [
|
|
{
|
|
"name": "Discourse",
|
|
"entity_id": "discourse",
|
|
"scope": "core",
|
|
"package_name": null,
|
|
"official": true
|
|
}
|
|
],
|
|
"affected_version_ranges": [],
|
|
"fixed_version_ranges": [],
|
|
"introduced_version": null,
|
|
"patched_version": null,
|
|
"version_evidence_sources": [
|
|
"https://meta.discourse.org/t/3-6-0-beta2-built-in-palette-editing-live-ai-translation-progress-and-better-wiki-tracking/386389"
|
|
],
|
|
"advisory_scope": "core",
|
|
"version_confidence": "low",
|
|
"version_gap_reason": "official bulletin or aggregated source did not expose explicit affected/fixed versions",
|
|
"version_resolution_needed": true,
|
|
"workflow": {
|
|
"workflow_id": "discourse--c407380775--workflow",
|
|
"vuln_family": "xss",
|
|
"entry_surface": "web-ui-render-path",
|
|
"preconditions": [
|
|
"\u4ec5\u5728 lab-local\u3001lab-public \u6216\u660e\u786e\u6388\u6743\u76ee\u6807\u4e2d\u6267\u884c\u3002",
|
|
"\u786e\u8ba4\u76ee\u6807\u547d\u4e2d\u7248\u672c\u65ad\u8a00: \u9700\u8981\u4ece\u516c\u544a\u3001\u9501\u6587\u4ef6\u3001\u7248\u672c\u9875\u6216\u5173\u4e8e\u9875\u9762\u4eba\u5de5\u786e\u8ba4\u7248\u672c\u547d\u4e2d",
|
|
"\u82e5\u5bf9\u8c61\u5c5e\u4e8e `core`\uff0c\u5148\u786e\u8ba4\u6269\u5c55/\u4ed3\u5e93/\u5305\u5df2\u542f\u7528\u5e76\u5904\u4e8e\u53d7\u5f71\u54cd\u7248\u672c\u3002"
|
|
],
|
|
"required_role": "editor-or-admin",
|
|
"affected_version_assertion": [
|
|
"\u9700\u8981\u4ece\u516c\u544a\u3001\u9501\u6587\u4ef6\u3001\u7248\u672c\u9875\u6216\u5173\u4e8e\u9875\u9762\u4eba\u5de5\u786e\u8ba4\u7248\u672c\u547d\u4e2d"
|
|
],
|
|
"trigger_vector": "\u5bf9 `xss` \u5bb6\u65cf\u5165\u53e3\u6295\u9012\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\uff0c\u6bd4\u8f83\u4fee\u590d\u524d\u540e\u5dee\u5f02\u3002",
|
|
"request_or_ui_path": [
|
|
"/admin/editor",
|
|
"/preview",
|
|
"/rendered-content"
|
|
],
|
|
"input_shape": "\u53d7\u63a7 HTML/Markdown/\u5bcc\u6587\u672c\u8f93\u5165\uff0c\u89c2\u5bdf\u6e32\u67d3\u4e0a\u4e0b\u6587\u662f\u5426\u5931\u53bb\u7f16\u7801\u6216\u51c0\u5316\u3002",
|
|
"expected_unsafe_behavior": "\u8f93\u5165\u5728\u76ee\u6807\u4e0a\u4e0b\u6587\u6267\u884c\u6216\u88ab\u6d4f\u89c8\u5668\u89e3\u91ca\u4e3a\u4e3b\u52a8\u5185\u5bb9\u3002",
|
|
"server_evidence_points": [
|
|
"\u5e94\u7528\u65e5\u5fd7\u4e2d\u7684\u547d\u4e2d\u8def\u5f84\u3001\u9274\u6743\u51b3\u7b56\u548c\u5f02\u5e38\u6808",
|
|
"\u53cd\u5411\u4ee3\u7406\u6216\u8fb9\u754c\u5c42\u65e5\u5fd7\u4e2d\u7684\u8bf7\u6c42\u5934\u3001\u6765\u6e90 IP \u4e0e\u8def\u7531\u51b3\u7b56"
|
|
],
|
|
"browser_evidence_points": [
|
|
"\u57fa\u7ebf\u622a\u56fe\u4e0e\u653b\u51fb\u540e\u622a\u56fe\u7684 DOM/\u89c6\u89c9\u5dee\u5f02",
|
|
"console\u3001network \u4e0e response metadata \u4e2d\u7684\u5f02\u5e38\u4fe1\u53f7"
|
|
],
|
|
"db_or_fs_evidence_points": [
|
|
"\u6570\u636e\u5e93\u4e2d\u65b0\u589e/\u8d8a\u6743\u8bfb\u53d6\u7684\u6d4b\u8bd5\u6570\u636e",
|
|
"\u6587\u4ef6\u7cfb\u7edf\u4e2d\u65b0\u589e\u4e0a\u4f20\u6837\u672c\u3001\u7f13\u5b58\u6761\u76ee\u6216\u8d8a\u6743\u8bfb\u53d6\u75d5\u8ff9"
|
|
],
|
|
"detection_signals": [
|
|
"WAF / reverse proxy \u5f02\u5e38\u65e5\u5fd7\u3001\u8bbf\u95ee\u65e5\u5fd7\u548c\u544a\u8b66",
|
|
"\u5e94\u7528\u5ba1\u8ba1\u65e5\u5fd7\u4e2d\u7684\u6743\u9650\u9519\u8bef\u3001\u91cd\u5b9a\u5411\u5f02\u5e38\u3001\u6a21\u677f\u6e32\u67d3\u6216\u4e0a\u4f20\u843d\u76d8\u4e8b\u4ef6"
|
|
],
|
|
"mitigation_summary": "\u4f18\u5148\u5347\u7ea7\u5230\u4fee\u590d\u7248\u672c\uff0c\u5e76\u540c\u65f6\u6536\u7d27\u8f93\u5165\u6821\u9a8c\u3001\u670d\u52a1\u7aef\u9274\u6743\u3001\u4ee3\u7406\u4fe1\u4efb\u8fb9\u754c\u3001\u6269\u5c55\u5b89\u88c5\u4fe1\u4efb\u548c\u5ba1\u8ba1\u65e5\u5fd7\u3002",
|
|
"patch_validation_steps": [
|
|
"\u786e\u8ba4\u76ee\u6807\u7248\u672c\u4ece `\u53d7\u5f71\u54cd\u7248\u672c\u533a\u95f4` \u5347\u7ea7\u6216\u56de\u79fb\u5230 `\u4fee\u590d\u7248\u672c`\u3002",
|
|
"\u4fdd\u7559\u540c\u4e00\u7ec4\u53d7\u63a7\u8f93\u5165\uff0c\u5728\u4fee\u590d\u524d\u540e\u5206\u522b\u6267\u884c\u5e76\u6bd4\u5bf9\u54cd\u5e94\u3001\u65e5\u5fd7\u4e0e\u6d4f\u89c8\u5668\u8bc1\u636e\u3002",
|
|
"\u786e\u8ba4\u4fee\u590d\u540e\u4ec5\u4fdd\u7559\u9884\u671f\u4e1a\u52a1\u884c\u4e3a\uff0c\u4e0d\u518d\u89e6\u53d1\u8d8a\u6743\u3001\u56de\u663e\u3001\u5f02\u5e38\u6e32\u67d3\u6216\u9519\u8bef\u8bf7\u6c42\u3002",
|
|
"\u8865\u5145 `xss` \u65cf\u81ea\u52a8\u5316\u56de\u5f52\uff0c\u907f\u514d\u540c\u7c7b\u8def\u5f84\u5728\u63d2\u4ef6\u3001\u4e3b\u9898\u6216\u4ee3\u7406\u94fe\u4e2d\u56de\u5f52\u3002"
|
|
],
|
|
"lab_safety_notes": [
|
|
"\u53ea\u4f7f\u7528\u56de\u73af\u5730\u5740\u3001\u54e8\u5175\u76ee\u6807\u3001\u65e0\u5bb3\u6837\u672c\u6216\u53ef\u56de\u6eda\u6d4b\u8bd5\u6570\u636e\u3002",
|
|
"\u7981\u6b62\u9020\u6210\u6301\u4e45\u7834\u574f\u3001\u8d8a\u6743\u4e0b\u8f7d\u771f\u5b9e\u6570\u636e\u6216\u4e0d\u53ef\u56de\u6eda side effect\u3002",
|
|
"\u5982\u9700\u6d4f\u89c8\u5668\u8bc1\u636e\uff0c\u4fdd\u7559 baseline / proof \u4e24\u4efd\u5feb\u7167\u4ee5\u53ca console / network \u8bb0\u5f55\u3002"
|
|
],
|
|
"review_state": "needs-version-gap-review"
|
|
},
|
|
"verification_status": "triage-manual",
|
|
"verification_mode": "synthetic",
|
|
"last_verified_at": null,
|
|
"last_run_id": null,
|
|
"evidence_bundle": null,
|
|
"historical_status": null,
|
|
"latest_status": null,
|
|
"browser_evidence": {
|
|
"required": false,
|
|
"present": false,
|
|
"refs": []
|
|
},
|
|
"repro_profile_id": "xss-generic",
|
|
"artifact_mode": "synthetic",
|
|
"blocked_reason": null,
|
|
"metadata": {
|
|
"source_names": [
|
|
"Discourse Release Notes RSS"
|
|
],
|
|
"source_kinds": [
|
|
"rss-feed"
|
|
],
|
|
"candidate_count": 1,
|
|
"entity_ref_count": 1,
|
|
"advisory_scope": "core",
|
|
"version_confidence": "low",
|
|
"workflow_id": "discourse--c407380775--workflow"
|
|
}
|
|
}
|