Headline
CVE-2022-31182: SECURITY: Do not cache error responses for static assets (stable) · discourse/discourse@7af2554
Discourse is the an open source discussion platform. In affected versions a maliciously crafted request for static assets could cause error responses to be cached by Discourse’s default NGINX proxy configuration. A corrected NGINX configuration is included in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Permalink
Browse files
SECURITY: Do not cache error responses for static assets (stable)
- Loading branch information
1 parent f0ef186 commit 7af25544c3940c4d046c51f4cfac9c72a06d4f50
Showing 1 changed file with 0 additions and 1 deletion.
@@ -247,7 +247,6 @@ server {
proxy_cache one;
proxy_cache_key "$scheme,$host,$request_uri";
proxy_cache_valid 200 301 302 7d;
proxy_cache_valid any 1m;
proxy_cache_bypass $bypass_cache;
proxy_pass http://discourse;
break;
0 comments on commit 7af2554
Please sign in to comment.