2.9.0.beta12: Security fix, bug fixes and more

New features in 2.9.0.beta12

Security Updates

This beta includes two security fixes for issues reported by our community and HackerOne.

  • Prevent email from being nil in InviteRedeemer CVE-2022-39385
  • Correctly render link title in draft preview (CVE pending)

New Features

This release includes a number of additional smaller features, including:

  • Replyable chat push notifications
  • Add cooked post to user archive exports
  • Rename onboarding popups to user tips
  • New site setting to hide user profiles by default.
11 Likes

Even more!

But wait, there’s more! We do our best to highlight new features and changes for you, but there’s always too many changes to detail. For a full list of new features, bug fixes, UX improvements, and more, be sure to review the Additional Features and Fixes listed below.

Plugin improvements

Chat

Bug Fixes
  • Overflow issues and content shift
  • User status was not positioning correctly
UX Changes
  • Reduces sizes to make it more consistent

Encrypt

New Features
  • New user option to configure if PMs are default encrypted.

Kolide

UX Changes
  • Remove alert notification if issues are resolved in all devices.

Code Review

Bug Fixes
  • Recreate repo category if it was deleted

Theme Creator

Bug Fixes
  • Update following core changes

OpenID Connect

New Features
  • Allow match_by_email to be configured by a site setting

Salesforce

New Features
  • Auto case sync for topics under a set of tags

Gamification

Bug Fixes
  • Focus bug
UX Changes
  • Show default leaderboard period

Additional Features and Fixes

Click to expand

Bug Fixes

  • Correctly highlights active channel
  • Allow attr updates of over-size-limit uploads
  • Adds back recurring to send_message automation
  • Reimplements chat audio into a service
  • Ensure moderators_manage_categories_and_groups is respected
  • Do not lock account if backup codes are available
  • Shrinking images where smaller image upload exists
  • Permalinks issues
  • Do not preload topic list for new topic/message routes
  • Deliver chat summaries when allowed groups include “everyone”
  • Use cached RegEx instead of recreating RegEx on every usage
  • Automatically generate category channel slugs
  • Watched words submit button should be disabled by default
  • Uses i18n for saved text
  • Handles starting draft dm from sidebar
  • Migrate values before adding a not null constraint.
  • Makes sidebar links respect drawer mode
  • Allow deletion of categories when chat channel is not present
  • Update sidebar links when promoted to admin
  • Topic tracking stage error when no tags
  • Make chat editor IDs not null
  • Make ChatMessageUpdater check editing access for guardian
  • Follow up to #7fca078
  • Retention reminder is absolute and needs relative parent
  • Welcome topic should be hidden on the /categories page as well
  • Increase NGINX request header buffer
  • Correctly render link title in draft preview
  • Simplfies previous route handling
  • Make can_send_private_messages not reliant on system user
  • Add editing user ids to ChatMessage and ChatMessageRevision
  • Bug with permanent delete modal
  • Restore mention tab for experimental user nav
  • When cloning themes via HTTP, try the original URI too
  • Theme import error handling needs to happen inside the hijack block
  • Prevents chat to enter in endless loop when getting 404
  • Do not limit scope to direct messages
  • The notification data on the client expects an identifier
  • Minor alignment fix for mobile small-actions
  • Write to group logs when a user is added to group by invite
  • Fix circle indicator on “my posts”, color
  • New Topic button is now correctly disabled in a category where they have no permissions, even when filtered by tag
  • Correct the post numbers in lastUnreadUrl

UX Changes

  • Adds chat section in settings and hide it in plugins
  • More contrast for sidebar counts
  • Better password reset error page
  • Tweaks to msg actions menu
  • Replace concatenated translation
  • Fix spelling of “Sidekiq”
  • Chat index tweaks
  • Fix spelling and capitalization
  • Change ordering of categories shown in sidebar
  • Less link-like unread/new color in sidebar
  • Add back button in chat browse screen on mobile
  • Scope chat-channel-title hover effect
  • Muted style for entire chat section link when muted
  • Increase padding of back button in chat draft screen
  • Hide new/unread counts in sidebar, use dot by default
  • Hide welcome topic from admins as well if not edited
  • Change placement of welcome cta
  • Update and consolodate published page styles

Performance

  • Disable auto-import sourcemaps in production
  • Make stylesheet hashes consistent between deploys
  • Update s3:expire_missing_assets to delete in batches
  • Ensure JS chunk content and filenames are deterministic
  • Correct should_skip? logic in s3:upload

Accessibility

  • Improve accessibility for saved status message
7 Likes