Nixpkgs security tracker
NIXPKGS-2026-0705
GitHub issue
published on
by @LeSuisse Activity log
- Created suggestion
-
@LeSuisse
ignored
5 packages
- discourse-mail-receiver
- python312Packages.pydiscourse
- python313Packages.pydiscourse
- python314Packages.pydiscourse
- grafanaPlugins.grafana-discourse-datasource
- @LeSuisse accepted
- @LeSuisse published on GitHub
Discourse staff can modify any user's group notification level
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, staff can modify any user's group notification level. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available.
References
-
https://github.com/discourse/discourse/security/advisories/GHSA-qggq-wr6h-vhrg x_refsource_CONFIRM
Affected products
discourse
- ==>= 2026.1.0-latest, < 2026.1.2
- === 2026.3.0-latest
- ==>= 2026.2.0-latest, < 2026.2.1
Matching in nixpkgs
pkgs.discourse
Discourse is an open source discussion platform
Ignored packages (5)
pkgs.discourse-mail-receiver
Helper program which receives incoming mail for Discourse
pkgs.python312Packages.pydiscourse
Python library for working with Discourse
pkgs.python313Packages.pydiscourse
Python library for working with Discourse
pkgs.python314Packages.pydiscourse
Python library for working with Discourse
pkgs.grafanaPlugins.grafana-discourse-datasource
Allows users to search and view topics, posts, users, tags, categories, and reports on a given Discourse forum through Grafana
Package maintainers
-
@talyz Kim Lindberger <kim.lindberger@gmail.com>