A validation bug in the upstream aws-sdk-sns Ruby gem can lead to Remote Code Execution (RCE) in Discourse via a maliciously crafted request, see CVE-2021-41162.
The following are the versions affected by this bug:
- stable: 2.7.8
- beta: 2.8.0.beta6
- tests-passed: 2.8.0.beta6
The Bitnami team already released a new version of Discourse for all the supported platforms: virtual machine, cloud image, container, and Helm Charts.
Update your deployments to run any of the following versions:
- stable: 2.7.9
- beta: 2.8.0.beta7
- tests-passed: 2.8.0.beta7
Please refer to the following Security Advisory to learn more.