Highjomax

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to 3.1.1 stable and 3.2.0.beta2 **Description** Discourse is an open source platform for community discussion. The issue allows new chat messages to be read by making an unauthenticated POST request to `MessageBus`. There are no known workarounds for this issue. Users are advised to upgrade to a patched version. **Recommendations** For versions prior to 3.1.1 stable, upgrade to version 3.1.1 stable or later. For versions prior to 3.2.0.beta2, upgrade to version 3.2.0.beta2 or later. As a temporary workaround, consider restricting access to the `MessageBus` until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to 2.8.9 Discourse versions prior to 2.9.0.beta10 **Description** The issue allows a moderator to create new and edit existing themes using the API when they should not have this capability. **Recommendations** For versions prior to 2.8.9, update to version 2.8.9 or later. For versions prior to 2.9.0.beta10, update to version 2.9.0.beta10 or later.