NIXPKGS-2026-0433

GitHub issue published on

Permalink CVE-2026-26979

updated 2 months, 3 weeks ago by @LeSuisse Activity log

Created suggestion 2 months, 4 weeks ago
@LeSuisse ignored
5 packages
- discourse-mail-receiver
- python312Packages.pydiscourse
- python313Packages.pydiscourse
- python314Packages.pydiscourse
- grafanaPlugins.grafana-discourse-datasource
2 months, 4 weeks ago
@LeSuisse accepted 2 months, 4 weeks ago
@LeSuisse published on GitHub 2 months, 3 weeks ago

Discourse: TL4 users are able to change status of restricted topics

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, TL4 users are able to close, archive and pin topics in private categories they don't have access to. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known workarounds are available.

References

https://github.com/discourse/discourse/security/advisories/GHSA-9c7p-fqc5-c24f x_refsource_CONFIRM

Affected products

discourse

==< 2025.12.2
==>= 2026.2.0-latest, < 2026.2.0
==>= 2026.1.0-latest, < 2026.1.1

Matching in nixpkgs

pkgs.discourse

Discourse is an open source discussion platform

nixos-unstable 2025.12.1
- nixpkgs-unstable 2025.12.1
- nixos-unstable-small 2025.12.1
nixos-25.11 2025.12.1
- nixos-25.11-small 2025.12.1
- nixpkgs-25.11-darwin 2025.12.1

pkgs.discourseAllPlugins

Discourse is an open source discussion platform

nixos-unstable 2025.12.1
- nixpkgs-unstable 2025.12.1
- nixos-unstable-small 2025.12.1
nixos-25.11 2025.12.1
- nixos-25.11-small 2025.12.1
- nixpkgs-25.11-darwin 2025.12.1

Ignored packages (5)

pkgs.discourse-mail-receiver

Helper program which receives incoming mail for Discourse

nixos-unstable 4.1.0
- nixpkgs-unstable 4.1.0
- nixos-unstable-small 4.1.0
nixos-25.11 4.1.0
- nixos-25.11-small 4.1.0
- nixpkgs-25.11-darwin 4.1.0

pkgs.python312Packages.pydiscourse

Python library for working with Discourse

nixos-25.11 1.7.0
- nixos-25.11-small 1.7.0
- nixpkgs-25.11-darwin 1.7.0

pkgs.python313Packages.pydiscourse

Python library for working with Discourse

nixos-unstable 1.7.0
- nixpkgs-unstable 1.7.0
- nixos-unstable-small 1.7.0
nixos-25.11 1.7.0
- nixos-25.11-small 1.7.0
- nixpkgs-25.11-darwin 1.7.0

pkgs.python314Packages.pydiscourse

Python library for working with Discourse

nixos-unstable 1.7.0
- nixpkgs-unstable 1.7.0
- nixos-unstable-small 1.7.0

pkgs.grafanaPlugins.grafana-discourse-datasource

Allows users to search and view topics, posts, users, tags, categories, and reports on a given Discourse forum through Grafana

nixos-unstable 2.0.2
- nixpkgs-unstable 2.0.2
- nixos-unstable-small 2.0.2
nixos-25.11 2.0.2
- nixos-25.11-small 2.0.2
- nixpkgs-25.11-darwin 2.0.2

Package maintainers

@talyz Kim Lindberger <kim.lindberger@gmail.com>

Upstream advisory: https://github.com/discourse/discourse/security/advisories/GHSA-9c7p-fqc5-c24f

Nixpkgs security tracker

Details of issue NIXPKGS-2026-0433

References

Affected products

Matching in nixpkgs

pkgs.discourse

pkgs.discourseAllPlugins

pkgs.discourse-mail-receiver

pkgs.python312Packages.pydiscourse

pkgs.python313Packages.pydiscourse

pkgs.python314Packages.pydiscourse

pkgs.grafanaPlugins.grafana-discourse-datasource

Package maintainers