Lowjomaxro

**Name of the Vulnerable Software and Affected Versions** Discourse versions 2.9.0.beta5 through 2.9.0.beta9 **Description** The issue arises when an incomplete quote generates a JavaScript error, potentially crashing the current page in the browser. This occurs in certain cases and is related to how the platform handles quotes. The problem is resolved in version 2.9.0.beta10, which includes a fix and additional tests to prevent incomplete quotes from causing issues. **Recommendations** For versions 2.9.0.beta5 through 2.9.0.beta9, update to version 2.9.0.beta10 to resolve the issue. As a temporary workaround for affected versions, the quote can be fixed via the rails console.

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to 2.8.4 on the stable branch Discourse versions prior to 2.9.0beta5 on the beta and tests-passed branches **Description** The issue affects Discourse, an open source platform for community discussion. Inviting users on sites that use single sign-on could bypass the `must approve users` check, and invites by staff are always approved automatically. **Recommendations** For versions prior to 2.8.4 on the stable branch, update to version 2.8.4 or later. For versions prior to 2.9.0beta5 on the beta and tests-passed branches, update to version 2.9.0beta5 or later. As a temporary workaround, consider disabling invites or increase `min trust level to allow invite` to reduce the attack surface to more trusted users.