2.9.0.beta10: Sidebar, New notification menu, Security fixes, and more

New features in 2.9.0.beta10

Sidebar and new notification menu


Security Updates

This beta includes 4 security fixes for issues reported by our community and HackerOne.

Remember adjusted composer height

Find the composer’s default height too small? Perhaps you have a smaller screen and think it’s too big? Discourse will now remember when you adjust the composer, and re-open the composer to your selected height each time.

New personal message enabled groups site setting

The enable personal messages and min trust to send messages site settings have been replaced with personal message enabled groups. Site admins can now configure which groups are able to start personal messages.

Warn when PM’ing a user that hasn’t been on Discourse in a long time

When a user creates a PM and adds a recipient that hasn’t been seen in a long time, a warning is now shown in composer.

Additional features

  • Add site setting to disable usernames in share links
  • Navigate emoji picker using keyboard arrows
  • Add tooltips to timeline start/end dates
  • Replace the Lounge category with General on new instances
  • Add safe-mode toggle to /u/admin-login
  • Prompt PWA users earlier to enable push notifications
  • Adds full screen composer submit button and prompt

Even more!

But wait, there’s more! We do our best to highlight new features and changes for you, but there’s always too many changes to detail. For a full list of new features, bug fixes, UX improvements, and more, be sure to review the Additional Features and Fixes listed below.


Plugin improvements


Bug Fixes
  • Pin stable to working version
UX Changes
  • Show blank page placeholder instead of the blue panel that says “No Activity”


Bug Fixes
  • Prevents exception if no title has been provided


New Features
  • Add assigns tab to the experimental user menu
Bug Fixes
  • Don’t fail because flair_uploads weren’t eager loaded
  • Move types of the assign notification list to the tab class
  • Use grouped_unread_notifications
  • Count only active assignments when checking limits
  • Error bulk deleting posts when action post is already deleted
  • Find better users for automatic assignment
  • Check if assignment has same user and details
UX Changes
  • Add title for the assign tab in the user menu

OpenID Connect

Bug Fixes
  • Correctly handle sub mismatch between idtoken and userinfo


Bug Fixes
  • Moves locales to top level to support title

Chat Integration

New Features
  • Introduce Guilded as a provider


Bug Fixes
  • Promo code placeholder


New Features
  • Add new site setting to change authorization server’s url.
Bug Fixes
  • Add field to preloaded_topic_custom_fields
  • Fix references to find_id_by_email


Bug Fixes
  • Send a single notification


New Features
  • Post script
  • Clean global notices when user posts
  • Remove from group trigger
  • Allow tag filter on after post cooked
Bug Fixes
  • Escape HTML tags before rendering delete button

Upvotes (formerly Q&A)

Bug Fixes
  • Clarify error message for undo vote action window
  • Make sure QA topic class is applied in all the cases


Bug Fixes
  • Show not-allowed cursor if topic is archived


New Features
  • Adds support for unreliable network
  • Show user status on the direct message channels on the sidebar
  • Hides public channels section if unusable
  • Allow changing DM channel notification settings
  • Show user statuses in search results when sending a direct message
Bug Fixes
  • Do not desktop/mobile notify on muted channel
  • Reply-to element was making x-scroll appear
  • Dev populate still breaks with missing admin user
  • Make the scrollbar visible on iOS
  • Minot tweaks to emoji picket in chat message
  • Ensures refreshTrackingState does nothing in anonymous
  • Reverts part of 1b30db
  • Search do not filter on following
  • Move types of the chat notification list to the tab class
  • Moves emoji picker anchor inside msg-actions
  • Various emoji-picker positioning issues
  • Renders emoji-picker out of message
  • Only translate on chat-message-container
  • Moves chat-msg-actions-mobile into live-pane
  • Tweaks to live pane scroll
  • Zoom check doesn’t work with tests
  • Prevent deleting a category that has channels
  • Minor tweaks to skeleton
  • Use grouped_unread_notifications
  • DiscourseComputed acting oddly in controller native class on prod
  • /chat/chat_channels/:id is only for json
  • Only checks if user is present and has unread messages
  • Ensures uploads are not overflowing their container
  • Ensures dms are sorted on new-channel event
  • Arrow Up should edit last non staged message
  • Correctly supports unicode mentions
  • Deletes trashed messages when hitting retention limit
  • Display error when switching channels returns a 429
  • Only acting user should track channel on creation
  • Relies on core composer-height which should now be correct
  • Update class for hiding bootstrap mode notice
  • Prevents esc shortcut to remove content when in full page
  • Don’t fire multiple scroll events when scrolling to the future.
  • Correctly links to channel message
  • Don’t try to scroll to the last read message when fetching from latest.
  • Don’t show user status on direct message channels with multiple users
  • Don’t scope MB messages only to staff groups for public channels
UX Changes
  • Add title for the chat notifications tab in the user menu
  • Add lazy loading and dominant-color placeholder for uploads
  • Add help text for webhook URL and remove from index page
  • Tweak composer padding
  • Reduce padding when keyboard is visible
  • Tweak padding on mobile
  • Tweak the composer styling
  • Fix alignment of full-page-header elements
  • Positions emoji picker on top by default
  • Implements a chat skeleton loader
  • Improves retry send staged message style
  • Hide chat image overflow
  • Show status next to posts using new component with rich tooltip
  • Show status on the direct message chats list using new component with rich tooltip
  • Makes oneboxes full width to prevent different width
  • Always applies a 15px right margin to the drawer
  • Adds small margin on top of chat composer
Security Changes
  • Ensure htmlSafe content is properly escaped.


New Features
  • Add Aussie national day of mourning
  • Allow for longer event title names
Bug Fixes
  • A typo in #321
  • Add translation entry for Indonesia
  • Reintroduce holiday sub-regions removed due to consolidation
  • Update regions translation to include Ghana


New Features
  • Insert templates in any textarea using keyboard shortcut

Data Explorer

Bug Fixes
  • Allow groups to access system queries
  • Fixed the blueing of the bookmark icon

Additional Features and Fixes

Click to expand

New Features

  • Optionally show user status on email group user chooser
  • Add review link to community section for logged in user
  • JS API interface for hljs plugins
  • New site setting to set locale from cookie for anonymous users.
  • Add site setting to include user associated account ids.
  • Make user status a public experimental feature
  • Overhaul email threading
  • Show user status description on the mention popup
  • Make user status on post streams live
  • Adding a simple CSV importer
  • Count views on published pages
  • Limit maximum recipients for group emails
  • Show default custom date on time-shortcut-pickers
  • Trigger backup_failed event on backup failure
  • Open create invite modal from the bootstrap notice banner
  • Allow configuration of smtp timeout settings
  • Allow wizard checkbox field to be disabled
  • Show status in search results when mentioning user in composers

Bug Fixes

  • Use Category#category_text for sidebar title
  • Migration typo for secure_uploads
  • Ensure composer grippie stays visible
  • Some composer messages were broken
  • 404 sending beacon “leave all” on subfolder install
  • Recursively tag topics with missing ancestor tags
  • Make sure featured category topics are unique
  • List_suggested_for conditional for personal_message_enabled_groups
  • Better virtual keyboard detect on Android
  • Update user results page when no users found
  • Incorrect casing for CTA
  • Query correct model in posts:inline_uploads
  • Handle failed download when calculating image dominant color
  • Sidebar categories for anonymous not being sorted by name
  • Skip uncategorized category in sidebar when disabled
  • Respect site settings for sidebar users, groups and badges link
  • Hide experimental user navigation changes when disabled
  • DB migration fails if old site setting has empty value
  • Add missing string for reviewables in user menu when reviewable post is deleted
  • Sidebar scroll fade on older iOS
  • Fix GitHub onebox syntax highlight
  • Overriding text with admin_js.* keys didn’t work
  • Empty inline BBCodes were broken
  • Header offset position was not correct in some cases
  • Do not attempt to serialize Tag objects when tagging disabled
  • In-page anchor links were broken in subfolder setups
  • Don’t delete previous messages when we’re inside the sent_recently window.
  • Correctly pass invite_to_topic param to invites
  • Ensure loading thumbnails are used in Safari
  • Ensure low-resolution placeholders are used while loading images
  • “Exit setup” link should exit the wizard and take user to homepage
  • Regression with admin user delete dialog buttons
  • Ensure <script> handlebars templates are namespaced correctly
  • Raw translation string in user status tooltip
  • Theme components should work with empty locale files
  • Use plugin’s defined name for es6 module path
  • Ensure discovery-categories always clears PreloadStore
  • Create single notification per post and user
  • Do not show “create topics” notice on wizard route
  • Keep private theme key secret from user
  • Return next bookmarks page only if it exists
  • Immediately show sql options when badge query is supplied
  • Hide welcome topic banner as soon as the welcome topic is edited
  • Transpile start-discourse.js to fix iOS12 support
  • Allow .git end to miss from Git repo URL
  • In prod builds classes may not be “instancesof” EmberObject
  • Avoid leaking TopicTrackingState listeners due to sidebar
  • Only seed general category on new sites
  • Do not save default auto_delete_preference for bookmark
  • Do not notify admins watching PM tags
  • Do not invite whisper or small action posters
  • Show tag chooser if can_tag_pms
  • Preload topic_list correctly for categories+latest
  • Skip topic allowed user for small actions
  • Restore trust level when leaving group
  • Reload styling changes for wizard styling step
  • LocalJumpError : unexpected return
  • Prevents iOS software keyboard to hide sk body
  • Remove unexpected scrollbar from the new user menu
  • Load admin-specific JS when compiling via ember-cli
  • Sidebar hamburger panel dropdown not working for anonymous
  • Avoid duplicate topic-list requests
  • Hide sidebar toggle button when no sidebar
  • Hide sidebar for anonymous when login required
  • Backup/Restore didn’t use correct Redis namespace in multisite
  • Ignore malformed HTML for title extraction
  • Move show like logic to client side
  • Track native class deps in discourseComputed
  • Remove “–composer-height” style when composer is closed
  • Improvements to like button for archived topics
  • Allow match_all_tags to be passed as a URL param
  • Remove last_unread_post excerpt logic for bookmarks
  • Allow extra whitespace when asking discobot to perform a bot command
  • Limit new and existent staged users for email topics
  • Show hide bootstrap mode notice in real time
  • Disable Twitter onebox without API support
  • Set --composer-height when the composer is in collapsed state
  • Welcome topic title was not editable
  • Recover from guardian check when deleting reviewable users.
  • Ensure topic-list adapter never serializes undefined
  • Don’t raise on deleted topic in UpdateHotlinkedRaw
  • Markdown-it parse fn requires an env arg with {} as default
  • Regression with Categories nav item
  • Reset flair group if user is removed from group
  • Remove dead and large images from oneboxes
  • Don’t preview color scheme if it’s not current user’s profile.
  • Don’t notify editor when category or tag change

UX Changes

  • Fix composer position on Firefox for Android
  • Add flag icon for review section link in sidebar
  • Correct padding and height for sidebar section message
  • Add icons to all section links in Sidebar
  • Restore full sized composer on mobile
  • Style changes to match updates
  • Restrict width of “reply where” modal
  • Fix cut-off accents in sidebar headings
  • Fix topic stream placeholders
  • Truncate site text titles in a cleaner way
  • Add short site description for anonymous user in sidebar
  • Clicking on a button in sidebar on mobile should collapse it
  • Add ability to scroll when height is limited
  • Use dominant color as image loading placeholder
  • Add icons to all navigation link on user page
  • Welcome topic CTA adjustments
  • Use the same text for linking to more categories and tags in sidebar
  • Avoid showing text cursor on unselectables
  • Remove height CSS preventing sidebar touch scrolling on mobile
  • Improve styling of sidebar on mobile
  • Do not mark activity table heading as a cursor
  • Retry “left-align title with content for sidebar (#18202)”
  • Improve composer toolbar flexibility
  • Left-align title with content for sidebar
  • Sidebar more link for categories & tags
  • Switch wizard SVG colors for dark mode
  • Trigger tooltips on click for touch devices
  • Change posted notification icon to discourse-bell-exclamation
  • Make user status emoji on post stream smaller
  • Fix width of preview pane to fix scroll
  • Close the revamped user menu when opening modals
  • Show information about badge errors when saving
  • Improve max-height value on toolbar popup menu
  • Increase sidebar fontsize on mobile
  • Remove focus on hamburger icon after toggle
  • Fix styles for the wizard congrats step
  • Remove confusing fallback locale warning
  • More apparent focus styles for sidebar headers
  • Revert sidebar scrollbar repositioning
  • Sidebar styling, spacing consistency, etc
  • Hide background image in crawler view
  • Add badges section link to community section.
  • Remove sidebar section header background highlight on focus
  • Do not show site header on wizard pages
  • Fix topic admin menu hidden on narrow screens
  • Adjust scrollbar behaviour in sidebar
  • Hide chat image overflow
  • Correctly center the reply-where modal
  • Fix typo in a blank page copy
  • Improve empty state copy on the activity/replies page
  • Show blank page placeholder instead of the blue panel that says “No Activity”
  • Don’t shrink avatar/number box
  • Revamp styling of sidebar
  • Make popup menu options scroll on limited screen height
  • Sort tags alphabetically in sidebar
  • Sort categories alphabetically in Sidebar
  • Make category section link icons consistent with Sidebar’s interface
  • Make Sidebar more consistent with user menu on mobile
  • Add flat text button styles and use in date/time cancel modal
  • Improve safe-mode usability
  • Reduce font-size of sidebar section link suffix icon
  • Improve styles of the user status message component
  • Remove extraneous margins in profile pic modal


  • Do not double bundle common langs in hljs bundle
  • Skip image placeholders when secure_media is enabled
  • Rely on preload for first_post for TopicBookmarkable
  • Minify admin and wizard JS bundles to match app
  • Only load the current user’s topic_user for bookmarks list
  • Add exponential backoff for DistributedMutex


  • Improve user card accessibility
  • Multiple fixes to user stream items
  • Associate label with input in bookmark modal
  • Add aria label to composer messages Esc button
  • Accessible full-screen and minimize composer buttons
  • Use button in d-modal-cancel component
  • Don’t include aria on reply count span element
  • Add clearer focus states for date picker elements
  • Keep composer as focused element when dismissing Link modal via keyboard
  • Add focus state for advanced search toggles
  • Improve group box hover highlight on dark schemes
  • Ensures featured topic btn is focused when modal closes
  • Makes toolbar tabindex independent from its context
  • Moves anchor rendering out of conditional to prevent losing focus