Bypass of post max_length using HTML comments
Package
Discourse
(Discourse)
Affected versions
stable <= 2.8.13; beta <= 3.0.0.beta15; tests-passed <= 3.0.0.beta15
Patched versions
stable >= 2.8.14; beta >= 3.0.0.beta16; tests-passed >= 3.0.0.beta16
Impact
Users can create posts with raw body longer than the
max_lengthsite setting by including html comments that are not counted toward the character limit.Patches
Patch has been applied.
Workarounds
Upgrading is necessary.