2.9.0.beta8: Security fixes, revamped wizard, bug fixes, and more

New features in 2.9.0.beta8

:warning: Rebuild required. The rebuild will update package versions to latest, and must be completed to apply the security updates.

Revamped wizard

We’ve revamped the wizard to make it even quicker for new admins to get started on their new site. 3 steps, with an optional 3 more if one wants to continue.

2022-07-27_13-02-36

Security Updates

This beta includes 2 security fixes for issues reported by our community and HackerOne.

12 Likes

Even more!

But wait, there’s more! We do our best to highlight new features and changes for you, but there’s always too many changes to detail. For a full list of new features, bug fixes, UX improvements, and more, be sure to review the Additional Features and Fixes listed below.

Plugin improvements

Chat

New Features

  • Show status on the direct message users list
  • Show status next to avatar on chat messages
  • Holiday flair in sidebar
  • Integrate chat-sidebar to core-sidebar
  • Statistics for chat messages, users, and channels

Bug Fixes

  • Ensures membership query is not returning duplicates
  • Use new enable_sidebar setting
  • Reorder private messages in sidebar
  • Don’t add users when chatable isn’t present
  • Hook to user_seen event to auto-join users on their first visit.
  • Unescape emoji in channel title when displaying in core sidebar
  • Add a scheduled job to auto-join users when their state changes.
  • Ensures user can see channel even with membership
  • Ensures we wait for runloop after pasting event
  • Another possible failure du to white space
  • Possible test failure due to white space
  • Transitions to previous route on leaving full page
  • For non-open channels do not show Join on preview card
  • Ensures deleting a channel redirects to chat home
  • Various issues in selector modal
  • Changes scrollbar broder based on background
  • Hook to event instead of model callback to make sure we auto-join users
  • Makes structured return followed channels only
  • Track when a user is activated and trigger the auto-join process
  • Sets default to open for structured method
  • Prevents an error due to closeModal not present
  • Slugified title is lowercased
  • Ensures chat channel has a title
  • Slugify channel name when opening from float
  • Improves slugify channel
  • Allow overflow for pop-up visibility

UX Changes

  • More composer fixes
  • Improves state of the composer on mobile
  • Surfaces chatable color and read restricted
  • Clickable target for setting icon
  • Rename default site feedback channel to general
  • Tweaks to chat browse stylings
  • Fully reimplements browse page
  • Stop displaying member count, clean up minimized chat view
  • Improve copy for on/off auto join

Templates (formerly Canned Replies)

New Features

  • Private templates
  • Ability to fetch templates from multiple parent categories

Calendar

New Features

  • Allow post events to be edited based on post guardian

Bug Fixes

  • Ensure date/time pickers behave correctly in all timezones
  • Consistent desert island icon for holidays
  • Use moment timestamp when transforming for timezone change
  • Handle non-UTC events correctly

Encrypt

Bug Fixes

  • Update deleted topic

Ad Plugin

Bug Fixes

  • Ensure we won’t render the connector if there are no ads

Video

Bug Fixes

  • Switch to unminified hls.js script

Automation

New Features

  • New script to append last checked by detail in post content.

Bug Fixes

  • Triggers on first badge
  • Automation was checking grant_count incorrectly

User Notes

UX Changes

  • Add btn-default class

Chat Integration

Bug Fixes

  • Don’t process commands when ‘text’ is missing

Gamification

New Features

  • Time period filter on leaderboard view

Bug Fixes

  • Do not score deleted users
  • Leaderboard name wasn’t displayed

UX Changes

  • Better copy on group restrictions settings
  • Disallow selecting everyone group in leaderboard settings
  • Make you-rank no longer clickable

Additional Features and Fixes

Click to expand

New Features

  • Add categories page style to order topics by created date
  • My_bb import supports avatars
  • Add users and groups links to community section in sidebar
  • Replace hamburger dropdown with Sidebar when undock
  • Users with no posts shouldn’t able to edit username after the allowed period.
  • API for sidebar
  • Add plugin API to register About stat group
  • Show status in the tooltip on the status bubble on the user menu

Bug Fixes

  • Publish membership update events when refreshing automatic groups.
  • Support for group everyone in tag setting
  • Sidebar is always disabled on wizard route
  • Rejected emails should not be cleaned up before their logs
  • Ensure uploads work when the user’s browser rewrites ellipsis
  • Allow users to quote in closed topics
  • Ensure admin templates are not used for non-admin controllers
  • Don’t cook user fields to apply watched words
  • Make sure user list is complete and sorted
  • Make sure every user instance has correct status tracking counter
  • Handle correctly the case when several subscribers call trackStatus() on the user model
  • Correct mention paths in fixtures
  • Linear gradient with stops makes R2 confused
  • Improves handling of filter with invalid tag chars
  • Don’t raise an error on onebox timeouts
  • Title for keyboard shortcuts button in sidebar
  • Notify tag watchers when publishing topic
  • Make group members bulk operations consistent
  • Pass sidebar custom link willDestroy
  • Badge backfilling triggers :user_badge_granted DiscourseEvent
  • Ensure injections are skipped when rehydrating stale models
  • Do not redeem invites if user resets password
  • When a user status update received other users statuses were getting cleared
  • Correctly pluralize sidebar strings
  • isExistingIconId() regressed in #17553
  • Correctly invoke dynamic components by name
  • Can’t hide overflow of d-editor-button-bar on mobile
  • Use padding, not margin
  • Use URI#merge to merge base and relative URLs
  • Prevents multi-select to use noneItem for its list
  • Restrict sidebar specific select kit CSS to sidebar
  • Pass custom section willDestroy
  • Skip job if tag edit notification is disabled
  • Allow Symbol objects to be deserialized in PostRevision
  • Check if tags edit notifications are disabled
  • Unread count badge shown for topics that user is not tracking
  • Support systems without SSE 4.2
  • Allow Time objects to be deserialized in PostRevision
  • Bug with multiselect user field validation
  • CSS tweak and production position fix for miniprofiler
  • Improve reliability of topic tracking state
  • Change UserCommScreener to use user_ids
  • Adjust topic avatar height to fix stickiness

UX Changes

  • copy change
  • Sidebar transition and styling adjustments
  • Add bulk-select to mobile topic lists
  • Replace site-settings link with “Admin” link in sidebar
  • Make sidebar hamburger menu occupy full width
  • Only transition header on sidebar toggle
  • Prevent color flicker on dark themes
  • Docking/undocking sidebar toggles sidebar hamburger dropdown
  • Set theme color on splash a bit earlier
  • Let hamburger-sidebar restrict child width
  • Updates sign up CTA copy
  • Prevent jitter in some onebox images
  • Properly size emoji in sidebar section link text
  • Remove bookmarks link from community section
  • Rename Sidebar ‘Topics’ section to ‘Community’
  • Set width on hamburger menu drop down to prevent overflow
  • Only hide section header icons when sidebar is pinned on Desktop
  • Option to account for the sidebar in the breakpoint mixin
  • Plus icon for sidebar messages section header
  • Prevent sidebar count from wrapping
  • Prevent long toolbars from resizing the column
  • Make space for scrollbar in mini-profiler
  • Increase text size for mobile exp sidebar
  • Remove .btn-default from admin btn
  • Prevent pre tag from making posts too wide
  • Better account-created page

Performance

  • Add index for TopicTimer#topic_id
  • Avoid extra object created on each User#validatable_user_fields call
12 Likes