2.9.0.beta7: Security fix, bug fixes and more

Announcements
1

Security Updates

This beta includes 1 security fix following an advisory on an upstream dependency. For more information, check the security advisory at Possible RCE escalation bug with Serialized Columns in Active Record · Advisory · discourse/discourse · GitHub

New Features

This release includes a number of additional smaller features, including:

  • Allow iframe allow attribute in posts
  • Use full post width for Vimeo embeds
17 Likes
2

Even more!

But wait, there’s more! We do our best to highlight new features and changes for you, but there’s always too many changes to detail. For a full list of new features, bug fixes, UX improvements, and more, be sure to review the Additional Features and Fixes listed below.

Plugin improvements

discourse-data-explorer

UX Changes

  • Making the headers of the query results table sticky

discourse-theme-creator

Bug Fixes

  • Correctly defer loading of admin locale

discourse-adplugin

New Features

  • Support placing ads between topic list for house ads

Bug Fixes

  • Don’t render the connector when we shouldn’t display an ad in the topic list item.

discourse-assign

UX Changes

  • Don’t display assign user menu glyph when sidebar is enabled

discourse-calendar

New Features

  • Add Matariki holidays for nz

Bug Fixes

  • Generate definitions for indonesian holidays
  • Delete event posts not automatic holidays

discourse-saved-searches

Bug Fixes

  • Don’t create posts for trashed topics

discourse-subscriptions

Bug Fixes

  • Allow user to update card details for recurring subscriptions

discourse-reactions

UX Changes

  • Hints the reason you can’t remove a like/reaction

discourse-checklist

Bug Fixes

  • Make other checkboxes read-only while updating the one.

discourse-translator

Bug Fixes

  • :globe_with_meridians: Add lang mapping for Thai

discourse-chat

New Features

  • Chat channel preview card
  • Chat-sidebar in core sidebar

Bug Fixes

  • Correctly opens channel from user card
  • Makes drawer not expanded on full page
  • Move CSS to sidebar-extensions
  • Marks drawer as not expanded when full screen
  • Selector modal was not correctly filtering channels
  • After create channel respects current mode
  • Do not fetch messages for draft channel with no ID
  • Create channel modal error with type param required
  • Prevents loading more to reset list
  • Correctly handles chat-channel-row active state
  • Use as_json instead of to_json for chat DM message bus
  • Allow user to direct message themself again and fix DM inconsistencies
  • Ensures no members found is displayed when filtering
  • Prevents destroyed emojis to break the UI
  • Tracking state is an ember object and should use set
  • Correctly make browse page scrollable
  • Shows only one sidebar on mobile
  • Notification shape
  • Various fixes to chat pages height/scroll
  • Prevents nil name/desc to nullify the other

UX Changes

  • Is focused background was not visible in dm creator
  • Fix width of full page chat when paired with experimental sidebar
  • Remove gap on sidebar with full page chat
  • Hides useless notices for chat
  • Fix channel msg indicator
  • Improve category hints when creating a channel.
  • Displays delete btn using red icon
  • Hide desc when empty and not editable
  • Do not focus composer on ipad
  • Moves join/leave button to about tab
  • Supports emoji in title of about view
  • Prevents ipad to autofocus filter input

Additional Features and Fixes

Click to expand

New Features

  • Publish everyone’s status to everyone
  • Plugin outlet for sidebar
  • Allow iframe allow attribute in posts
  • Auto remove user status after predefined period
  • Use full post width for Vimeo embeds

Bug Fixes

  • Mobile usability issues in crawler view
  • Fixes few regressions in select-kit
  • Detect firefox `< 89 as an unsupported browser
  • Set resolver options on the legacy resolver
  • Update flaky bulk invite spec
  • Just inline the QUnit CSS in theme-test html
  • Ensure category-tag filter routes are functioning
  • Apply all watched words rules to user fields
  • Ensure splash screen <noscript> is loaded for legacy browsers
  • Ensure splash screen logic is iOS12 compatible
  • Add ember redirect for tags/:tag_id ->` tag/:tag_id
  • Min/max username length limits weren’t validated
  • Inputs using focusout regressed in #17345
  • Allow connector template names to be camelCase
  • Should be UploadReference instead of UploadReferences
  • Ensure there is no limit on tag list settings
  • Ensure pull-hotlinked can rewrite lone oneboxes
  • Correct error in ip-lookup component definition
  • Posts can belong to hard-deleted topics
  • Replace onebox markdown when pulling hotlinked image
  • Logout could fail due to cached user
  • Correctly display /admin/emails errors
  • Experimental sidebar preferences link not shown for users
  • Move ember-cli-deprecation-workflow to runtime deps
  • Incorrect currentUser could be cached for requests with API key
  • Vimeo regex pattern

UX Changes

  • Fixes navigation 1px jitter
  • Add classes to create-account modal for easier customization
  • Fix exp sidebar toggle alignment, add hovers
  • Skip length check on reply drafts
  • Less janky animation for experimental sidebar
  • Add border-box to stop padding from overflow
  • Makes splash dots use theme colors
  • A save should always have a cancel action
  • Don’t animate experimental sidebar on reload
  • Improve experimental sidebar transitions
  • Switch highlight/select colours in select-kit
  • Prevent experimental sidebar scroll jumps
  • Splash should always stick to top left corner of the viewport
  • Staff notice should utilize full post width
  • Prevent overlap between splash loader and splash text on some browsers take 2
  • Prevent overlap between splash loader and splash text on some browsers
  • Hide user menu bookmark link when experimental sidebar is enabled
  • Update categories/tags in sidebar only after saving.
  • Enforce bullet category style in sidebar
  • Mobile experimental sidebar improvement
  • Remove hardcoded colour value
  • Missing specificity
  • Retain category badge style on categories select kit.
  • Makes splash screen setting enabled by default
  • Use discourse-ready as a baseline for removing the splash
  • Made “Dismiss New” button clickable by replacing float method.
  • Hide sidebar li overflow, remove title margin
  • Improve experimental sidebar scrollbar
  • Minor experimental sidebar alignment changes
  • Remove experimental sidebar notification text
13 Likes