2.8.0.beta5: PM Improvements, Unseen View, Allow Uploaded Avatar by Trust Level, and more

New features in 2.8.0.beta5

Personal/Group messaging improvements

We’ve added a number of improvements to the Messages interface.

  • Easily switch between personal and group inboxes.
  • all inboxes view to see messages from both the personal inbox and any group inboxes a user has access to
  • New and unread message lists - easily see what messages have come in that you haven’t seen, even if another group member read and archived it already.
  • Ability to bulk dismiss New or Unread messages

Allow admin to delete all posts by a user

By default, Discourse only allows “all posts” of a user to be deleted if there are less than 15 posts. This helps ensure a user with a large number of posts isn’t deleted without the staff being aware of the post count. Admins could always modify the site setting if a user with more posts needed to be deleted. To avoid the need for admins to frequently change settings, admins are now exempt from this limit. A warning is now shown allowing the admin to delete all posts. Moderators are still affected by the limit.


Improve “blank page syndrome”

New users, as well as those users without posts, likes, notifications, etc. frequently land on pages within Discourse that are “blank”. Instead of showing a blank page, Discourse now displays just in time info so the user can learn what will eventually be shown. Such content has been added to the notification page, bookmarks page, messages page, and within the user menu.


New “unseen” view

Discourse now supports “unseen”, in addition to latest, new, unread, top, etc. Unseen displays all topics a user has not muted, which have unread posts. This includes both new topics a user has never read, as well as topics a user has partially read.

Users can access unseen via /unseen, and admins can add unseen to the top menu via the top menu site setting.

Show draft count in user menu

The count of drafts a user has is now shown in the user menu. Draft count is also displayed on the user activity page.


Allow uploaded avatars by trust level

Previously, admins could disable support for custom, uploaded user avatars, but this would impact all users on the site. The allow uploaded avatars site setting now supports trust levels, enabling a site to prevent lower trust level users from uploading avatars while allowing high trust level users.


Adds a “Skip to main content” link for screen readers.


Even more!

But wait, there’s more! We do our best to highlight new features and changes for you, but there’s always too many changes to detail. For a full list of new features, bug fixes, UX improvements, and more, be sure to review the Additional Features and Fixes listed below.

Security Updates

This beta includes 6 security fixes for issues reported by our community and HackerOne.

  • Escape cat name
  • User’s read state for topic is leaked to unauthorized clients.
  • Sanitize d-popover attributes
  • Destroy EmailToken when EmailChangeRequest is destroyed
  • Don’t leak user of previous whisper post when deleting a topic.
  • Do not reveal post whisperer in personal messages.

Plugin improvements

Many plugins

  • Translations
    • We’ve updated the translations in many of our plugins


New Features

  • Assign to group
  • Improve blank page syndrome
  • Improves random assign automation

Bug Fixes

  • Correct group icons and notification message
  • Ensure move_to_inbox does not raise error when unassigned
  • Broken suggestions
  • Whisper small actions are blank
  • Makes dropdown use absolute positioning
  • Explicit assign on user selection
  • Hide Unassigned if user doesn’t have access


Bug Fixes

  • Discourse.User is deprecated


UX Changes

  • Add quick search suggestion


Bug Fixes

  • Deprecated use of decorators


Bug Fixes

  • Expired/non-expired events logic
  • expired option in EventFinder didn’t work
  • Firefox doesn’t allow pseudos on inputs
  • Slider input needs z-index for Chrome

Data Explorer

New Features

  • Get rid of the import a query modal

Bug Fixes

  • The back button


New Features

  • Show number of accepted answers on user card
  • Show user who posted accepted answer second

Bug Fixes

  • Stop register_topic_list_preload_user_ids from breaking old versions
  • Correctly serialize accepted_answers
  • Pin the plugin in commit for old versions of Discourse.

UX Changes

  • Do not show composer education message if the post is whisper


New Features

  • Decrypt bookmark titles

Bug Fixes

  • Anonymous users cannot encrypt PMs
  • Always decrypt topic titles
  • Search cache can contain only first posts
  • Include only results that user can read
  • Do not download and decrypt same file twice
  • Get rid of logical or assignments
  • Ensure post_search_data is present
  • Do not add result if already present
  • Show activation modal if identity is missing
  • Decrypt titles from generic elements first
  • Show image uploads in composer preview
  • Show decrypted topic title in window name

UX Changes

  • Mimic copy-button behavior


  • Fetch all mentions, hashtags and uploads


New Features

  • Update user locale based on user attributes on response.
  • Sync user fields as per saml_user_field_statements env variable.

RSS Polling

New Features

  • Allow setting discourse category for each feed
  • Handle Youtube RSS feeds
  • Allow filtering a feed on the category property of items

Theme Creator

Bug Fixes

  • Ensure themes can still be serialized if users are missing
  • Don’t use Discourse.User anymore


Bug Fixes

  • Call the parent implementation of ContentSecurityPolicy::Extension.path_specific_extension


Bug Fixes

  • Do not return deleted posts in my-reactions

Saved Searches

Bug Fixes

  • Allow empty saved searches set
  • Don’t rely on Discourse global

OpenID Connect

Bug Fixes

  • Ensure nonce mismatch causes auth to fail correctly

Category Experts

Bug Fixes

  • Don’t run event hooks when plugin is disabled


New Features

  • Allow ‘reconnect’ for LTI logins


New Features

  • Export health metrics to Prometheus.

Additional Features and Fixes

Click to expand

New Features

  • Option to update default notification level of existing users.
  • Create notification for redeemed invite
  • Uppy direct S3 multipart uploads in composer
  • Allow adding small action codes dedicated to groups
  • Order pinned topics by their pinned_at column
  • Rate limit exceptions via ENV
  • First pass of using uppy in the composer
  • Allow linking an existing account from invite acceptance
  • Allow linking an existing account during external-auth signup
  • Revert disallowing putting URLs in titles for TL0 users
  • Disallow putting urls in the title for TL-0 users
  • Send user-card:show event
  • Attach backup log as upload
  • Add post edits count to user activity
  • Onebox can match engines based on the content_type
  • Initial implementation of direct S3 uploads with uppy and stubs

Bug Fixes

  • Use named params correctly with dir-span
  • Jump to reply button in post stream was not working
  • Ensure id sequences are not reset during db:migrate
  • Update PresenceChannel#present to work for redis 6.0
  • Allow PresenceChannel to work on Redis 6.0
  • Correctly apply unusual padding to profile dropdowns
  • Capture S3 metadata when calling create_multipart
  • Correctly display GitHub code oneboxes
  • Do not send emails to mailing_list_mode subscribers for PMs
  • Topic reset_new unscoped causing huge queries
  • Do not prefix temp/ S3 keys with s3_bucket_folder_path in S3Helper
  • The LogsNotice service was never unsubscribing from the mbus
  • Remove spacing from GitHub oneboxes
  • Add plugin event to topic list user lookup
  • Make user-card-metadata plugin outlet tagless
  • Order outputted theme stylesheets
  • Restructure temp/ folders for direct S3 uploads
  • The empty state message was appearing in wrong moments on the user bookmarks stage
  • Do not allow negative values for LIMIT
  • Use original from address when forwarding to group inbox
  • Minor SK3 styling issues in Safari
  • Discard old search results if search term changes when moving posts to a different topic
  • Sk3 wizard regressions
  • Do not focus after search if dropdown is collapsed
  • Close emoji autocomplete when the opening colon : is removed
  • Reset preProcessorStatus state correctly for composer-upload-uppy
  • Use file.id instead of file.name for media-optimization resolvers
  • Adding debugging and fixing media-optimization-worker issues
  • Always reload post’s raw when editing a post
  • Pick-files-button component
  • Make themes:update work with multisites
  • Deprecated method should still behave the same.
  • Revoking admin or moderator status doesn’t require refresh to delete/anonymize/merge user
  • Do not show default locale option on site text customization
  • Bookmark delete button alignment in modal-footer
  • Include tags in quick search suggestions
  • Add a string for the Unseen view tab tooltip
  • Remove markers from all translated languages
  • Log proper error message when SSO nonce verification fails
  • Make site tasks work with duplicated uploads
  • Unread group PMs should use GroupUser#first_unread_pm_at.
  • If the category slug is not present then search via ID
  • Move bookmark modal buttons into modal-footer
  • Uses keyUp as widgets dont handle bubbling
  • Do not display the color scheme ID in interface dropdown
  • Allows paste from context menu to work
  • Pass fileName to error handler for media optimization
  • Clean up upload events properly in composer
  • Composer Processing/Uploading status not clearing on cancel and trash
  • Paste event not propagating from composer using Uppy
  • Button alignment on messages
  • Query the items in the queue to calculate a user’s flagged post count.
  • Unescapes hash section with present to account for url-encoded chars
  • TopicTrackingState.report not including unread for staff posts.
  • Notification menu broken on older browsers
  • Category group moderators can read flagged post meta_topics
  • Check if BasicBadge is enabled for TL1 welcome message
  • Fix rtl style for pull right
  • Prevents exception on malformatted messages
  • Do not show private group flair on user avatars"
  • Reuse avatar-flair component in group preview
  • Errno::EXDEV when across filesystem boundaries
  • Prevents s shortcut to generate an error
  • Don’t swallow an error if we can’t run yarn ember build
  • Do not show flair bg color if flair is not visible
  • Update iframe url for simplecast onebox
  • Update oEmbed URL for simplecast onebox
  • Group inbox new filter not accounting for dismissed topics.
  • Remove limit on dismissing unread and new messages.
  • Restore server side route for tag messages filter.
  • Wrong default notification level shown for group
  • Remove Nokogumbo references
  • Update draft count when sequence is increased
  • Make rake site:export_structure export uploads
  • Use search message context on group message page
  • Use update_attribute method to trigger callbacks.
  • Remove ‘reply above line’ marker
  • Consistently show history modal when clicking edit notifications
  • Inline secure images with duplicated names
  • Adjust poll buttons
  • Use reply-to address for incoming emails if present
  • Upload placeholder was missing line break
  • Make search work with sub-sub-categories
  • Do not show private group flair on user avatars
  • Better composer placeholder handling during media optimization
  • Validate value of custom dropdown user fields - dropdowns and multiple selects
  • Remapping of uploads could fail during restore of backup
  • Do not offer to save draft if invalid
  • Typu in intercept-click
  • Update draft count after creating a post
  • Add users-directory-controls outlet to mobile template
  • Allows authentication data to be present in bootstrap
  • Avoid creating a post revision when topic tags have not changed.
  • PM tags route should work for usernames with a period.
  • Reduce input of to_tsvector to follow limits
  • User can change name when auth_overrides_name is enabled.
  • Remove additional setting check for uppy-upload
  • Changing the post owner didn’t update the reply_to_user_id of replies
  • Don’t grant sharing badges to users who don’t exist
  • Use correct URL in schema markup for post images.
  • Do not raise exception when svg path is nil
  • Show Uncategorized when unsubscribing
  • Clear Site#categories cache when git sha changes.
  • Don’t show the Tis Weekend option in date pickers on Sundays
  • Don’t show the Later This Week option in date pickers on Sundays
  • Better and more secure validation of periods for TopicQuery
  • Show bulk button on PMs for all users
  • Long poll if window becomes active

UX Changes

  • Comma separate public custom field lists
  • Select-kit update alignment fixes
  • Better login/signup styling for small desktop windows
  • Use existing guardian method to check messageable group.
  • Display correct replies count in embedded comments view.
  • Improve blank page syndrome on the user messages page
  • Add Styling step to wizard
  • Update “get a room” composer message
  • Do not show selected composer education messages on whisper post
  • Add a title to the user filter input
  • README logo SVG that supports dark mode
  • Add margin to share input
  • Add data-topic-id to featured topic items
  • Fix mobile PM nav for regular users
  • Show flair help text for private member visibility only
  • Indicate capped history revisions only when they’re actually capped
  • Update member visibility help text to include flair information
  • Fixes sidebar settings border and active styles
  • Missing translation for title attribute for PM tag route.
  • Disable “Queue For Review” button if user can’t perform action.
  • Append ellipsis to actions that have follow-up screen
  • Ensure external login icons are visible on hover
  • UX Fixes
  • Adds hover title with full date to admin users columns
  • History controls should use nav-pill styles
  • Improve copy when a group member search returns no results
  • Use share modal in dominating topic msg
  • User bookmark page style adjustments
  • Update styling of readonly values in signup form
  • Remove theme-specific css, fix space
  • Prioritize moderator bg color in PMs


  • Make TopicViewSerializer#requested_group_name more efficient.
  • Remove redundant post_timings_summary index
  • Generates dates tooltip on demand
  • Reduces rendering time of local-dates