Prevent unauthorized access to summary details
Package
discourse
(Discourse)
Affected versions
stable < 3.1.1; beta/tests-passed < 3.2.0.beta2
Patched versions
stable >= 3.1.2; beta/tests-passed >= 3.2.0.beta2
Impact
User summaries are accessible for anonymous users even when
hide_user_profiles_from_public
is enabled.Patches
The problem has been patched in the latest version of Discourse.
Workarounds
None.