2.9.0.beta2: Security Fix and more

New features in 2.9.0.beta1

Security Updates

This beta includes 1 security fix for issues reported by our community and HackerOne.

  • Onebox response timeout and size limit

New Features

This release includes a number of additional smaller features, including:

  • Ability for existing users to redeem invites
  • Add support for external_id to be used when creating and fetching topics. This is an API-only change
  • Support additional Web Authentication API devices
  • Allow sending group SMTP emails with from alias.
  • Split text segmentation site settings for Chinese and Japanese
  • Select range in topic list with Shift and click
  • Ability to re-order value lists
17 Likes

Even more!

But wait, there’s more! We do our best to highlight new features and changes for you, but there’s always too many changes to detail. For a full list of new features, bug fixes, UX improvements, and more, be sure to review the Additional Features and Fixes listed below.

Plugin improvements

Many plugins

  • Translations
    • We’ve updated the translations in many of our plugins

Assign

Bug Fixes

  • Exclude inactive assigns from assigned_total count
  • Better group assign message
  • Count and show only active assignments

Accessibility

  • Use autocomplete=off for search inputs

Discourse Chat

New Features

  • Chat message flagging
  • Collapse non-oneboxed gifs and images in general
  • Add multiquote and chained attrs for chat-transcript
  • Chat transcripts using [chat] custom markdown BBCode
  • Allow image markdown markup
  • Server-side filter and new DM creation from ctrl+k

Bug Fixes

  • Simple fix for blank state when quickly switching channel
  • Prevent update read timer from stalling
  • Height of emojis
  • Don’t collapse emoji images
  • Prevent youtube from being gigantic
  • User could not re-enable chat after disabling it
  • Contain images on message to availiable space while keeping aspect ratio
  • Use Site.markdown_additional_options
  • A visual regression introduced in #585

UX Changes

  • Change font-size & style for channel titles
  • Make edited indicator subtler
  • Slightly tighter headers
  • Sidebar rows ‘active’ when float is open
  • Hide scroll to bottom button until scrolled up 2/3 height

Calendar

Bug Fixes

  • The styling regressed in #220
  • .calendar selector was too broad

UX Changes

  • Make the event text colors more readable

Encrypt

Bug Fixes

  • Ensure encrypted file name is updated
  • Remove move to button for encrypted messages

SAML

New Features

  • Don’t use email for username and name suggestions until enabled in settings

Docker Manager

Bug Fixes

  • Run yarn install during updates

Code Review

New Features

  • Escape Git trailers in commit messages
  • Add code_review_allowed_groups site setting

Bug Fixes

  • Be more strict when matching Git trailers

Reactions

Bug Fixes

  • Remove thumbsup reactions when there’s also a +1 reaction.
  • Rename thumbsup emoji to +1

Automation

Bug Fixes

  • Auto responder should be case insensitive by default

Docs

New Features

  • Improve blank page syndrome

Bug Fixes

  • TopicViewItem and TopicUser for doc topics

Additional Features and Fixes

Click to expand

New Features

  • Cache last post number
  • In result.rb don’t use email for username suggestions until enabled in settings
  • Add requestCustomMarkdownCookFunction API
  • Onebox for news.ycombinator.com
  • Validate domain settings for blocked_onebox_domain only
  • New plugin outlets for categories-boxes template
  • Partial match aliases in emoji filter
  • Use native color-picker
  • Show the this weekend option on the bookmark modal
  • Make the use_email_for_username_and_name_suggestions setting visible and on by default on existing sites
  • Update cppjieba_rb to latest

Bug Fixes

  • Cooking custom emojis should not use a secure URL
  • Default settings for phpBB3 import were broken
  • Update user stat counts when post/topic visibility changes.
  • Subcategory filter limits results
  • Defer upload extension check for iOS
  • Inline onebox for github
  • Topic tracking state for tags
  • Use prev_period data if prev30Days value is not available.
  • Avoid errors when updating post and topic count user stats.
  • Replace Twitter handles one at a time
  • Sort group owners and members together
  • Clear drafts only when post is created by real user
  • Avoid raising error when updating post and topic count user stats.
  • Explicitly set allowfullscreen on Wistia Oneboxes
  • Overridden MessageFormat fallbacks
  • Align progress text
  • Further reduce the input of to_tsvector
  • Do not override mobile scroll on docked progress element
  • User option fields definition was being mutated on save
  • Handle addressable error when parsing an invalid URL.
  • Add DB constraints for post & topic counter cache for UserStat
  • Allow native lazy loading attribute for quoted avatar image
  • Better param guards for wiki and post_type posts controller.
  • Caret moves to a wrong position when uploading an image via toolbar
  • Table pasting issues with uppy
  • Liking whispers should not contribute to Topic#like_count.
  • Canonical Message-ID was incorrect for some cases
  • Regression in timezone name localizations
  • Qunit tests were failing if your node was defaulting to IPV6
  • Aria label for popup-input-tip
  • Post mover validation color and message
  • Image sizes were slightly off in some cases
  • Composer fields on small desktop sizes
  • Remove svg icons from webmanifest shortcuts
  • Some options on the topic timer modal weren’t timezone aware
  • Show the Next Monday label instead of Monday on Sundays
  • Remove duplicated word from client strings

UX Changes

  • Crawler view always shows 0 votes, hide count
  • Add whos-online to official plugin list
  • Search spacing & position changes
  • Fix login header z-index
  • Support type=search inputs in inline forms
  • Highlight “Users” link when on adminUser path
  • Slightly tweak admin/customize/themes CSS
  • Add hover style to refresh-page dismiss button
  • Add text-decoration to <ins> and <del>
  • Try select-kit autocomplete Chrome fix

Performance

  • Update ember-auto-import
  • Attempts to resort to compute markdown in less cases
  • Prevents any fast edit work if you can’t edit

Accessibility

  • Use autocomplete=off more widely
  • Use autocomplete="off" for composer title
10 Likes