2.9.0.beta5: Security Fixes, Block Hotlinked Media, PM Tagging, Search Improvements and more

New features in 2.9.0.beta5

Allow hotlinked media to be blocked

block_hotlinked_media is a new site setting that, when enabled, causes all attempts to hotlink media (images, videos, and audio) to fail, and be replaced with a linked placeholder. Exceptions to the rule can be added via block_hotlinked_media_exceptions site setting. download_remote_image_to_local can be used alongside this feature. In that case, hotlinked images will be blocked immediately when the post is created, but will then be replaced with the downloaded version a few seconds later.

Allow for overlapping DiscourseConnect secrets per domain

Previously we limited DiscourseConnect provider to 1 secret per domain. This made it pretty awkward to cycle secrets in environments where config takes time to propagate.

This change allows for the same domain to have multiple secrets.

Allow category moderators to post consecutively

Category moderators now bypass the max_consecutive_replies site setting in their category, allowing for unlimited consecutive replies like first posters and staff.

Allow for non staff pm tagging

Previously. the only way to allow tagging on PMs ws to use the allow_staff_to_tag_pms site setting. We’ve replaced that site setting with pm_tags_allowed_for_groups which allows for non-staff PM tagging.

Site that previously had enabled staff tagging of PMs will automatically have the staff group added to the new setting.

Add group_messages: keyword to advanced search

This allows users to search messages in a specific group inbox. For example, inputting group_messages:support keyword will search for “keyword” in the support group PMs.

Add in:messages search modifier

Previously personal messages could be searched via the in:personal modifier. We’ve found this wasn’t very discoverable, so we’ve added support for in:messages as well.

Dark mode email support

We’ve added support for emails to be displayed in dark mode! It should be noted that as of this feature’s release, dark mode support in email clients is the best - not every email client will support this.


Even more!

But wait, there’s more! We do our best to highlight new features and changes for you, but there’s always too many changes to detail. For a full list of new features, bug fixes, UX improvements, and more, be sure to review the Additional Features and Fixes listed below.

Security Updates

This beta includes 2 security fixes for issues reported by our community and HackerOne.

  • Do not expose banner data in login_required sites
  • Remove auto approval when redeeming an invite

Plugin improvements


  • Register assigned link under sidebar topics section.
  • Promote polymorphic bookmarks
  • Shows note in moderator post
  • Show note in tooltip
  • Add assign note
Bug Fixes
  • Include users who were assigned to a post instead of topic.
  • Only assign when suggestion is clicked
  • Assigning a user without notes assigns and closes the modal
  • Polymorphic bookmarks support
  • Rename button
  • User link on post assign/unassign
  • Hide footer action button when user cannot assign
  • Broken reviewable filter
UX Changes
  • Don’t mention the group when no one is assigned.
  • Show posers on group assign list
  • Show posters on assigned topic list
  • Speed up User.assign_allowed SQL query

Discourse Chat

  • Move bookmark button to chat message quick actions
  • Implement oneboxes for chat
  • Add a button to switch back to small chat
  • Chat notification emails
  • Chat message bookmarks
  • Chat-composer-buttons API
  • Move chat messages to another channel
  • Make original message the reply excerpt if prettified excerpt is empty
Bug Fixes
  • Ensures a deleted message can be marked as read
  • Requests larger avatars for onebox
  • Tests were broken following core change
  • Prevents the jump when loading more
  • Onebox should only show active users
  • Make sure chat uploads have correct URL in template
  • Undefined uploads error when attempting to cloneJSON
  • Dev populate breaks with missing admin user
  • Refresh chat state when tab gains visibility
  • Add extra chat shortcut help text
  • Ensures we attempt to fill the current pane with messages
  • Ensures chat has correct height on composer resizing
  • Ensures staged message is not using uploads array ref
  • Ensures we unsubscribe from /chat-reply in draft mode
  • Issues with deleted messages and incorrect last read
  • Prevents destroyed/deleted chatable to crash admin page
  • Message order consistency
  • Serialize dates using ISO8601
  • Add ChatChannelFetcher specs and fix issues
  • Use message full_url in summary emails
  • Send_unread_mentions_summary is a class method
  • Make the bookmark row highlight work with sidebar
  • Fix filter in chat channel fetcher
  • Don’t hide the new messages’ separator besides the channel header.
  • Ensures composer transition is over to compute height
  • Minor fixes to msg-actions
  • Reduces margin before dots of replying indicator
  • Workaround electron quirk
  • Prevents 2 rows when only one is needed in firefox
  • Composer disabled state was incorrect
  • Update user last read endpoint.
  • Add channel ID attribute to chat quotes
  • Make get channel by name work with chatable name
  • Nicer error message when reacting without membership
  • Immediately queue notification jobs
  • Excerpts for complex messages
  • Composer uploads were appearing in the last message
  • ChatMessageClasses has too many arguments
  • Add gallery to collapser
  • Ensures mentions are correctly highlighted
  • Don’t hide the new messages indicator beside the channel header
  • Do not show Move Messages button in DM channels
  • Do not assume name exists for channel
  • Don’t hide the new messages indicator beside the channel header.
  • Loads populate only on development env
  • Ensures separator is correctly translated
  • Shows edited text if editing a collapsible into a collapsible
  • Ensures collapsing is working on legacy
  • Ensure edits are shown, with tests
  • Decorates lazyYT only once
  • Get + computed causing issues on legacy
  • Ensures widget is re-rendering when router changes
  • Fix overflowing github oneboxes
  • Scope chat image/onebox styling to .chat-message
  • Following public channel doesn’t return channel
  • Ensures channels are refreshed when creating channel
  • Resize images within oneboxes
  • Ensures we don’t double subscribe to updates
  • Correctly acknowledge for deletion in unread_counts
  • Use @service router to fix chat quoting on mobile
  • Enable quoting in all cases
  • Scope updating ChatMessageEmailStatus records to current_user
  • Default channel setting not working
  • Ensures html pasting works
  • Reset dm-creator state on channel change
  • Ensures we focus when creating from a dm
  • Improves channel switching when upserting
UX Changes
  • Ensures sticking to bottom loads from last message
  • Reduces spacing between avatars in channel onebox
  • Split each summary’s message into its row.
  • Tweak the archived channel UI
  • Changes chat composer dropdown button to use times icon
  • Raises DM limit to 20 in every cases
  • Hide msg actions on mouseleave
  • Slightly improve look of message actions on desktop
  • Vibrate on devices supporting it
  • Disable text selection on more elements
  • Make some UI elements unselectable
  • Display staged message when creating channel
  • Uses pencil icon for browse channels button
  • Uses cog icon for editing channels btn
  • Reduces replying indicator vertical padding
  • Ensures progress bar reaches done state
  • Only parse HTML once during isCollapsible
  • Update all decorators to use decorateChatMessage api
  • Only decorate messages when cooked changes


Bug Fixes

  • Logs category setting changes when voting is enabled/disabled
  • Do not recreate database record for category setting

Templates (formerly Canned Replies)

  • Includes variables %{topic_title} and %{topic_url}
  • Return 422 in /canned_replies/id/use if id does not belong to canned reply
  • Limit max replies retrieved as a safe guard
  • Added rake tasks to migrate data from v1 to v2
  • Check category permissions to see if user can use canned replies
  • Filter out topics with unwanted status from replies list
  • Unified desktop and mobile selection UI
  • Remove replies CUD code and UI elements
  • Allow user to filter canned response by tag
  • MVP - Fetch replies from category topics
Bug Fixes
  • Fixes regression in templates variables starting with reply_
  • Renamed migration to reate_discourse_templates_usage_count
  • Default usage_count to 0 while migrating from v1
  • @computed in CannedTagDrop was causing test to fail
  • Test if the filter input was found before setting focus
  • Removed unnecessary inline style in canned-replies-modal.hbs
  • Use POST to update reply usage
  • Removed unused settings
  • Fixed lint errors


New Features

  • Allow admins to view holidays by region
  • Add events calendar on the category page

Bug Fixes

  • Don’t initialize on logged-out login_required
  • Make region visible to current user too
  • Do not hide upcoming events calendar when navigating away from page

UX Changes

  • Fix timezone picker and multi-person logic
  • Do not show scrollbar when there’s no scrolling required

Security Changes

  • Correctly escape event name

Group Tracker

Bug Fixes

  • Correctly handle posts of deleted users

Data Explorer

Bug Fixes

  • Edit button shouldn’t be visible for seeded queries

Perspective API

Bug Fixes

  • Prevents test failure when using set on destroyed
  • Promise finally error for perspectiveSave


New Features

  • Promote polymorphic bookmarks

Bug Fixes

  • Try to post process a post only if it exists
  • Polymorphic bookmarks support
  • Use object methods to set properties of Draft

Steam Login

New Features

  • Allow steam authenticator to be revoked


New Features

  • Promote polymorphic bookmarks
  • Add username in user alert topic’s title.

Bug Fixes

  • Add polymorphic bookmark support
  • Skip PM alert update if user not found.


New Features

  • Add support for downloading mp4 version

Bug Fixes

  • Link to the correct mp4 filename

Yearly Review

Bug Fixes

  • Add polymorphic bookmark support

Code Review

Bug Fixes

  • Make Git trailers parsing stricter
  • Wait 30 seconds before syncing commits
  • Escape Git trailers present in last paragraph

UX Changes

  • Separate profile buttons to fix hover state


Bug Fixes

  • Duplicate payments showing up in discourse UI


New Features

  • Support multi group policies

Bug Fixes

  • Ensures builder state is correctly set


Bug Fixes

  • Max reactions reached error message should be at par with core
  • Prevents a bug when clicking multiple times
  • Stores reference to expanded widget
  • If previous popper, ensures it’s hidden before destroying
  • Simplify popper lifecycle
  • Various minor fixes
  • Always uses actions as parent widget
  • Publish old and new reaction on toggle

UX Changes

  • Slightly delay picker expand to prevent fast movements
  • Minor tweaks to expanding/collapsing panels

OpenID Connect

Bug Fixes

  • Add 10s timeout to all outbound requests


New Features

  • Update supported languages for Google Translate


New Features

  • Adds a user_granted_badge trigger
  • Add close_topic script
  • Add interval option for recurrence trigger field.

Bug Fixes

  • Remove INTERVAL param from RRule in weekday calculation.

User Notes

Bug Fixes

  • Make sure the user is an EmberObject.


New Features

  • Sync Salesforce lead/contact on user account creation.

Bug Fixes

  • Use translations for login button


New Features

  • Register docs link under sidebar topics section.

Chat Integration

Bug Fixes

  • Respect core settings when rendering user names/usernames

UX Changes

  • Admin controls alignment


New Features

  • Row highlighting for currentuser + number formatting
  • Add leaderboard styling

Bug Fixes

  • Rank numbers being hidden
  • Anon users where causingexceptions
  • Fix missing avatars in leaderboard table

UX Changes

  • Admin styling
  • Add missing formatting for cheers
  • Number shorthand on mobile-only
  • Downscale podium + locale fixes

Additional Features and Fixes

Click to expand

New Features

  • Add new/unread counts to tags section links exp sidebar
  • First pass tags section for experimental sidebar.
  • Display new/unread count for tracked categories in exp sidebar
  • Add section links to categories section to exp sidebar
  • Create upload_references table
  • Propagate user status via message bus
  • Highlight None option by default for bookmarks
  • User status
  • Make S3 presigned GET URL expiry configurable
  • Pull hotlinked images immediately after posting
  • Site setting for blocking onebox of URLs that redirect
  • Promote polymorphic bookmarks to default and migrate
  • Allow locals to be passed in server_plugin_outlet
  • Add page title to 404 pages
  • Restore scroll on user activity pages
  • Promote the “delete group” staff action log.
  • Polymorphic bookmarks pt. 3 (reminders, imports, exports, refactors)
  • Validate setting combination between exif strip and img opt
  • Add fallback to suggested value when auth_overrides_username
  • Introduce a sitewide setting for disabling suggesting weekends in time pickers
  • Optionally skip using full_name when suggesting usernames
  • Scope search to PMs when in that context
  • Detect emoji from Emoji 14.0
  • Polymorphic bookmarks pt. 2 (lists, search)
  • Show prompt for required tag groups
  • Site setting to cap the recipient list in notification emails
  • Block indexing the embed topic list

Bug Fixes

  • Ensure that extract_upload_ids works with all short URLs
  • Skip CSRF token check on webhook routes
  • Display translated fallback as the group name for custom emoji groups
  • Allows image to be displayed at the right size
  • Twitter onebox keeps whitespace for expanded links
  • Send quote notifications to correct users when prioritizing full names
  • Cleanup invalid historic site setting data
  • Handle empty string in theme_settings for upload_references
  • Make disabling TLS in mail possible again
  • Escape youtube title when constructing onebox preview html
  • Missing tracked sub category topics from tracked topic list
  • Correctly handle invalid auth cookies
  • Seed multisite dbs after migrating in development
  • Email Send post has already been taken error
  • Restore automatic style preview in wizard
  • DiscourseConnect login did not auto approve based on email domain
  • Ensures composer is not pre-filled with none/all tags
  • Don’t throw errors on wizard dropdowns
  • Approves user when redeeming an invite for invites only sites
  • Do not use SVGs for twitter:image metadata
  • Keep composer draft when go back and forth between PM and New Topic.
  • Harmonise category body class generation on server/client
  • Show suspended by user
  • Make f query param sticky when navigating between nav items
  • Topic list nav items count not respecting tracked filter.
  • Change event target on select kit row
  • Tracked filter did not account for max_category_nesting of 3
  • Fallback to default push notification icon if none exists
  • Do not looks for plugin test js in production
  • Add bookmark quick access tests and fix username
  • Correctly handle nested quotes in to-markdown
  • Respect user timezone in emails about silencing and suspending
  • Changing date should recompute input
  • Incorrect URL for bookmark quick action menu
  • Further refine duplicate bookmark delete query
  • Delete extraneous topic bookmarks
  • InlineOneboxer watched word censor error
  • Apply censored words to inline onebox
  • Improve bookmark-icon title
  • Limits for PM and group header search
  • Skip pulling hotlinked images for nil user bio
  • Applying default user options didn’t work for boolean flags
  • Site setting changes for boolean should be logged as true/false
  • Refactor placement of plugin outlet & index use
  • Clear inline onebox cache when a post is rebaked
  • Pass empty hash for view locals by default
  • Apply ‘allowed_href_schemes’ to all src/srcset attributes
  • Allow users to select “regular” categories
  • Use CSS transition to make room for composer
  • acted state in post action like could desync with multiple likes
  • Apply ‘hide email account’ for invites
  • Prevent all kinds of login in readonly mode
  • Add safari 12 to ember-cli build targets in production
  • Make read only errors respect the request format
  • Handle quote rendering for external Discourse instance
  • Checked allowed tag when editing Reviewables
  • Auto margins cause too-narrow content
  • Show error message if extensions cannot be created
  • Do not log category custom fields changes if the value is unchanged
  • Create PostgreSQL extensions before migrating
  • Use our header value instead of custom header on duplicates
  • Use registered bookmarkables for BookmarkManager
  • Allow .ics for polymorphic bookmarks
  • Store scroll position when using Back button
  • Apply watched words to user fields
  • Polymorphic bookmarks for bookmark report
  • Use hidden site setting for batch presign rate limit
  • Use polymorphic bookmarks for in:bookmarks search
  • Add support for pipelined and multi redis commands
  • Background like count update didn’t account for own user actions
  • Prioritize names and usernames consistently
  • Limit pan event handler to fix scrolling in TOC
  • Use proper ActiveRecord method in import scripts
  • Ensures d-popover closes when clicking on popper
  • Polymorphic bookmarks for new user narrative bot
  • Prevents double user_badge_granted event
  • Prevent admin theme settings from blowing up
  • Validate post’s polls as acting user
  • Topic view breaks with topic timer to publish to restricted category.
  • Users with unicode usernames unable to load more topics in activity
  • Add email to admin user list when show_emails is enabled
  • Missing translation when translation override contained a %{key}
  • Skip invalid custom_field json in hotlinked_media migration
  • Validate permalink_normalizations setting
  • Handle enum types during database restore
  • Destroys instance when hiding date popover
  • Handle invalid JSON from downloaded_images custom fields
  • Handle duplicates in hotlinked_media migration
  • Updated filtered replies when replies exist
  • Ensure post_hotlinked_media index does not exceed size limit
  • Avoid concurrent usage of AR models
  • Closes popover when downloading calendar
  • Uses tippy for popover
  • Show group in filter only if user can see the members list.
  • Ensure values are escaped in select-kit dropdowns
  • Prepare data before creating chart to avoid side effect
  • Remove refresh seconds override on cache_critical_dns
  • Cache_critical_dns - add TLS support for Redis healthcheck
  • Prefers computed over discourseComputed
  • Correctly handle the print param on topics#show.
  • Check 2FA is disabled before enabling DiscourseConnect.
  • Properly clean Thunderbird emails, don’t remove links
  • Ensure lazy-load-images does not remove entire img.style
  • Use username for nested quotes
  • Show footer on the categories page
  • Replaces discourseComputed by computed
  • Showing icons on future-date-input options
  • Do not error when json-serialized cookies are used
  • Show footer at the end of topic list
  • Add missing translations for medium format
  • Skip upload extension validation when changing security
  • Don’t allow DiscourseConnect logins in readonly mode
  • Return a 404 when a sitemap request doesn’t have a format
  • Ensure ‘crop’ always returns requested dimensions
  • Check if bookmarkable column exists before adding
  • Issues with incorrect unread and private message topic tracking state
  • Warn_exception expect hash as second arg
  • Show dismiss all modal in user-notifications page
  • Do not show visibility topic if visible
  • Don’t validate and render the polls inside a quoted post.
  • Email styles for Gmail app dark mode

UX Changes

  • Remove limit for emoji search in composer
  • Larger images in mobile emoji picker
  • Hide select-kits when the parent element is outside the viewport
  • Don’t tether popper to the viewport if reference is out of the viewport
  • Update chat menu popover styling
  • Show message if rebake fails
  • Make YouTube playlist onebox full width to match video onebox
  • Reordered topics in INSTALL-cloud.md to add a ‘Before you start’ section
  • Align the trash button on the bookmark modal
  • Update hljs-builtin-name colour
  • Update hljs-builtin-name highlight
  • Consistent spacing on group interaction form
  • Fix status icon size in suggested topics
  • Add back link on taggroup page
  • Fix various login modal issues on mobile
  • Allows to close popover on escape
  • Prevent user grid blowout on full page search
  • Remove horizontal scoll from narrow screens
  • Ensure #main-outlet-wrapper takes full width.
  • Fix hover state for flat buttons in WCAG schemes
  • Add a brief accessibility summary to the README
  • Display user.username on user cards
  • Reset mark element highlight for WCAG schemes
  • Add time_shortcut.now translation
  • Improve the list of options on the slow mode modal
  • Move post date under title in share-modal
  • Larger clickable area for mobile topic list
  • Fix topic admin menu layout for short screens
  • Tweak topic-admin-menu alignment/size
  • Prevent group mention from wrapping
  • Ask for confirmation when deleting a post using shortcut
  • Fix a few WCAG color scheme contrast issues
  • Organize topic admin menu into groups
  • Show all pie legend options for long polls
  • Add title to read time stats from user page
  • More descriptive moderator manage setting
  • Improves select-kit body placement when vertical space is short
  • Add more detail to remove full quote site setting description
  • Minor email group chooser alignment fix
  • Minor adjustment to login/signup close position
  • Improve small action button alignment


  • Improve to-markdown speed, update the code
  • Lazily lookup emoji-picker selected-diversity
  • Speed up secure media and ACL sync rake tasks
  • Update all user_histories with one query in UserDestroyer


  • Add keyboard support for do-not-disturb modal
  • Keyboard access for /u table headings
  • Fix WCAG contrast for notification header