I'm not certain if much has changed within a few years, but doing some quick Google research, it doesn't look like there were many great options for archiving a Discourse site as static-ish html, so as to avoid a situation like this where an unmaintained version lives on indefinitely. This thread offers some interesting conversation on the matter and features at least a few proposed workarounds which might make sense to further explore for this case.

The discourse-mediawiki.wmflabs.org proxy service is pointed at the discourse-mw.discourse.eqiad1.wikimedia.cloud vm in the discourse project.

Listed administrators for the project are: @Aklapper, @Andrew (as a side effect of creating the project?), @Austin, @EBernhardson, @Tgr, @Qgil, and @Samwilson.

I can update Discourse within a week or two. Not sure if we are affected - we don't use AWS at all, the aws-sdk-sns gem got installed as part of the standard Discourse bundle, though.

In T294529#7491217, @Tgr wrote:

I can update Discourse within a week or two. Not sure if we are affected - we don't use AWS at all, the aws-sdk-sns gem got installed as part of the standard Discourse bundle, though.

Thanks. I think the Security-Team would consider this low / no risk as you and @Aklapper noted we don't host Discourse at AWS, and this issue does appear to only be a vulnerability if that is case. Still, if something is basically unused at this point, it should be decommissioned. Or in this case, perhaps turned into static archives which present no risk at the application layer.

@Tgr were you able to update things here? If not, can you do that soon? We're discussing now whether or not to shut this down; would be nice to not have to decide :)

-Andrew

Thank you @Tgr