2.7.0.beta7: Security Update, Improved Poll Builder, Theme QUnit Tests, and more

New features in 2.7.0.beta7

Security Fix: Improve theme git import

We received a report from Hacker One about a security flaw related to remote themes. The flaw has been patched and upgrading is strongly recommended.

Improved poll builder UI

The poll builder has been updated to be quicker and easier to use. To create a basic, single choice poll simply enter the options and click Insert Poll. For additional configuration, advanced poll options can be found by clicking on the :gear: icon.

Notify users when their post is approved

When a queue post is approved, users will now receive a notification. An email will also be sent if the user does not view the notification.

Introduce theme/component QUnit tests

Discourse themes now support testing via QUnit. Check out GitHub for full details. Theme developers should also be aware of breaking changes for themes.

Webhook improvements

  • Add user_confirmed_email to user event webhook
  • Trigger webhook when a user added/removed in a group.

Even more!

But wait, there’s more! We do our best to highlight new features and changes for you, but there’s always too many changes to detail. For a full list of new features, bug fixes, UX improvements, and more, be sure to review the Additional Features and Fixes listed below.

Security Updates

This beta includes 1 security fix for issues reported by our community and HackerOne. See details in the post above.

Plugin improvements

Many plugins

  • Bug fix
    • We’ve patched numerous bugs in many of our plugins
  • Translations
    • We’ve updated the translations in many of our plugins


  • Send email message to user if post is not spam

Data Explorer

  • Allow admins to see group reports, even if not in group


  • Add Singapore Dollar as supported currency

Additional Features and Fixes

Click to expand

New Features

  • Adds last day to about page stats
  • Make the tag_groups#search endpoint public.
  • Use SVG icons for some oneboxes
  • Category setting to allow unlimited first post edits by the owner of the topic
  • Auto-activate users invited by email

Bug Fixes

  • Allow raw-view classes to be resolved from themes/plugins
  • Only send user suspension emails if email message provided
  • Allow restoring non-subfolder backup to subfolder site
  • Automatically timeout long running image magick commands
  • Remove superfluous spaces from CJK blurbs
  • When user has already hit bookmark limit, do not error for clear_reminder! or other updates
  • Ensure group flair upload is present when deciding type
  • Dismiss new button for tags on top
  • Behaviour ->` behavior spelling in default US translation
  • Mobile topic list number alignment
  • Topic user bookmarked column is out of sync after post moves
  • Software update prompt fixes and improvements
  • Improve anchor links

UX Changes

  • Adds styling for new github PR body details/summary
  • Shows a hint when there are more tags than displayed
  • Always display remove emoji btn from emoji-value-list