Discourse: Backup File Disclosure Vulnerability - Proactive Insights and Support For Open-Source Applications

In Discourse instances configured to use `FileStore::LocalStore` versions stable 3.3.2 and prior; beta 3.4.0.beta3 and prior; tests-passed 3.4.0.beta3 and prior a high severity vulnerability CVE-2024-53991 was detected. This vulnerability allows attackers to access Discourse backup files if they know the file name by crafting specific requests to nginx. To address this issue, users should upgrade to the stable 3.3.3 or above; beta 3.4.0.beta4 or above, or tests-passed 3.4.0.beta4 or above versions. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-53991.