CVE-2026-47263 Discourse: Prevent webhook payload disclosure on event redelivery

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, the MessageBus.publish call for /webhookevents/ in Jobs::RedeliverWebHookEvents did not pass groupids, leaving the channel...

CVE-2026-47263

Summary: Discourse platforms affected by CVE-2026-47263 expose a channel via Webhook events due to a missing group_ids parameter in MessageBus.publish for /web_hook_events/, making the channel readable by any authenticated user (or anonymous users when login is disabled). Impact (as stated): Webh...