2.9.0.beta2: Security Fix and more

Announcements
1

New features in 2.9.0.beta1

Security Updates

This beta includes 1 security fix for issues reported by our community and HackerOne.

  • Onebox response timeout and size limit

New Features

This release includes a number of additional smaller features, including:

  • Ability for existing users to redeem invites
  • Add support for external_id to be used when creating and fetching topics. This is an API-only change
  • Support additional Web Authentication API devices
  • Allow sending group SMTP emails with from alias.
  • Split text segmentation site settings for Chinese and Japanese
  • Select range in topic list with Shift and click
  • Ability to re-order value lists
18 Likes
2

Even more!

But wait, thereā€™s more! We do our best to highlight new features and changes for you, but thereā€™s always too many changes to detail. For a full list of new features, bug fixes, UX improvements, and more, be sure to review the Additional Features and Fixes listed below.

Plugin improvements

Many plugins

  • Translations
    • Weā€™ve updated the translations in many of our plugins

Assign

Bug Fixes

  • Exclude inactive assigns from assigned_total count
  • Better group assign message
  • Count and show only active assignments

Accessibility

  • Use autocomplete=off for search inputs

Discourse Chat

New Features

  • Chat message flagging
  • Collapse non-oneboxed gifs and images in general
  • Add multiquote and chained attrs for chat-transcript
  • Chat transcripts using [chat] custom markdown BBCode
  • Allow image markdown markup
  • Server-side filter and new DM creation from ctrl+k

Bug Fixes

  • Simple fix for blank state when quickly switching channel
  • Prevent update read timer from stalling
  • Height of emojis
  • Donā€™t collapse emoji images
  • Prevent youtube from being gigantic
  • User could not re-enable chat after disabling it
  • Contain images on message to availiable space while keeping aspect ratio
  • Use Site.markdown_additional_options
  • A visual regression introduced in #585

UX Changes

  • Change font-size & style for channel titles
  • Make edited indicator subtler
  • Slightly tighter headers
  • Sidebar rows ā€˜activeā€™ when float is open
  • Hide scroll to bottom button until scrolled up 2/3 height

Calendar

Bug Fixes

  • The styling regressed in #220
  • .calendar selector was too broad

UX Changes

  • Make the event text colors more readable

Encrypt

Bug Fixes

  • Ensure encrypted file name is updated
  • Remove move to button for encrypted messages

SAML

New Features

  • Donā€™t use email for username and name suggestions until enabled in settings

Docker Manager

Bug Fixes

  • Run yarn install during updates

Code Review

New Features

  • Escape Git trailers in commit messages
  • Add code_review_allowed_groups site setting

Bug Fixes

  • Be more strict when matching Git trailers

Reactions

Bug Fixes

  • Remove thumbsup reactions when thereā€™s also a +1 reaction.
  • Rename thumbsup emoji to +1

Automation

Bug Fixes

  • Auto responder should be case insensitive by default

Docs

New Features

  • Improve blank page syndrome

Bug Fixes

  • TopicViewItem and TopicUser for doc topics

Additional Features and Fixes

Click to expand

New Features

  • Cache last post number
  • In result.rb donā€™t use email for username suggestions until enabled in settings
  • Add requestCustomMarkdownCookFunction API
  • Onebox for news.ycombinator.com
  • Validate domain settings for blocked_onebox_domain only
  • New plugin outlets for categories-boxes template
  • Partial match aliases in emoji filter
  • Use native color-picker
  • Show the this weekend option on the bookmark modal
  • Make the use_email_for_username_and_name_suggestions setting visible and on by default on existing sites
  • Update cppjieba_rb to latest

Bug Fixes

  • Cooking custom emojis should not use a secure URL
  • Default settings for phpBB3 import were broken
  • Update user stat counts when post/topic visibility changes.
  • Subcategory filter limits results
  • Defer upload extension check for iOS
  • Inline onebox for github
  • Topic tracking state for tags
  • Use prev_period data if prev30Days value is not available.
  • Avoid errors when updating post and topic count user stats.
  • Replace Twitter handles one at a time
  • Sort group owners and members together
  • Clear drafts only when post is created by real user
  • Avoid raising error when updating post and topic count user stats.
  • Explicitly set allowfullscreen on Wistia Oneboxes
  • Overridden MessageFormat fallbacks
  • Align progress text
  • Further reduce the input of to_tsvector
  • Do not override mobile scroll on docked progress element
  • User option fields definition was being mutated on save
  • Handle addressable error when parsing an invalid URL.
  • Add DB constraints for post & topic counter cache for UserStat
  • Allow native lazy loading attribute for quoted avatar image
  • Better param guards for wiki and post_type posts controller.
  • Caret moves to a wrong position when uploading an image via toolbar
  • Table pasting issues with uppy
  • Liking whispers should not contribute to Topic#like_count.
  • Canonical Message-ID was incorrect for some cases
  • Regression in timezone name localizations
  • Qunit tests were failing if your node was defaulting to IPV6
  • Aria label for popup-input-tip
  • Post mover validation color and message
  • Image sizes were slightly off in some cases
  • Composer fields on small desktop sizes
  • Remove svg icons from webmanifest shortcuts
  • Some options on the topic timer modal werenā€™t timezone aware
  • Show the Next Monday label instead of Monday on Sundays
  • Remove duplicated word from client strings

UX Changes

  • Crawler view always shows 0 votes, hide count
  • Add whos-online to official plugin list
  • Search spacing & position changes
  • Fix login header z-index
  • Support type=search inputs in inline forms
  • Highlight ā€œUsersā€ link when on adminUser path
  • Slightly tweak admin/customize/themes CSS
  • Add hover style to refresh-page dismiss button
  • Add text-decoration to <ins> and <del>
  • Try select-kit autocomplete Chrome fix

Performance

  • Update ember-auto-import
  • Attempts to resort to compute markdown in less cases
  • Prevents any fast edit work if you canā€™t edit

Accessibility

  • Use autocomplete=off more widely
  • Use autocomplete="off" for composer title
11 Likes