Development Log: 2022-11-09

johnwalker · 9 November 2022 14:14

2022 November 9

Discourse has confirmed that current Discourse Docker images, as used
by SCANALYST, are not vulnerable to the OpenSSL vulnerabilities
recently discovered and widely reported.
    https://meta.discourse.org/t/statement-regarding-openssl-vulnerabilities-2022-11-01/244230
    https://www.openssl.org/news/secadv/20221101.txt
The vulnerability exists in OpenSSL versions between 3.0.0 and 3.0.6.
Discourse is bundled with Debian OpenSSL 1.1.1n-0+deb11u3, a
still-supported version which is not vulnerable.

eggspurt · 9 November 2022 14:41

Just to note that the quality of experience with this Discourse is bringing back the joys of forums unseen since before the AOL barbarians ruined USENET. Thanks for the work maintaining this system.