Unlimited mentioned users in message serializer
Package
Discourse
(Discourse)
Affected versions
stable <= 3.1.3; beta <= 3.2.0.beta3; tests-passed <= 3.2.0.beta3
Patched versions
stable >= 3.1.4; beta >= 3.2.0.beta4; tests-passed >= 3.2.0.beta4
Impact
Message serializer uses the full list of expanded chat mentions (@ALL and @here) which can lead to a very long array of users.
Patches
The issue is patched in the latest stable, beta and tests-passed version of Discourse.
Workarounds
The issue can be mitigate by using using watched words and preventing the usage of @ALL and
@here. However, it's still recommended to upgrade as soon as possible.