2.9.0.beta9: Security fix, bug fixes and more

Announcements
1

Security Update

This beta includes a security fix: ‘Email invitations to topics are not rate limited in some cases’

New Features

This release includes a number of additional smaller features, including:

  • Add image delete button in preview.
  • Add support for case-sensitive Watched Words
  • Add welcome topic cta banner
18 Likes
2

Even more!

But wait, there’s more! We do our best to highlight new features and changes for you, but there’s always too many changes to detail. For a full list of new features, bug fixes, UX improvements, and more, be sure to review the Additional Features and Fixes listed below.

Security Updates

This beta includes a security fix for issues reported by our community and HackerOne.

  • Limit email invitations to topic

Plugin improvements

discourse-encrypt

New Features

  • Allow tagging & quick edit in encrypted PMs.

discourse-github

New Features

  • Add setting to limit number of linkbacks per post

discourse-assign

New Features

  • Assign Status
  • Allow submitting the assign modal with ctrl+enter

discourse-prometheus

New Features

  • Add the job_failures metric

discourse-automation

New Features

  • Create new trigger pm_created for auto_responder script. (sponsored by Elastic) :tada:

discourse-code-review

Bug Fixes

  • Rename can_review to can_review_code

docker_manager

New Features

  • Force a rebuild when behind a specific discourse commit.

discourse-reactions

Bug Fixes

  • CSV report was missing dates

discourse-restricted-replies

Bug Fixes

  • No longer need to override category params since the issue fixed in core.

discourse-chat

New Features

  • Keyboard shortcut to toggle open/close of chat drawer
  • Respect ignoring / muting / blocking DM user preferences
  • Show status on the direct message users list
  • Show status next to avatar on chat messages

Bug Fixes

  • Restore/fix quote-in-topic and copy-quote features
  • Implements DeletedChatUser as a placeholder to deleted users
  • Staff can participate in private categories’ chat presence channels.
  • Fixes ios white screen without causing scroll jump
  • Don’t stage sent message if there are more to load.
  • Memberships order are username dependent
  • Prevents test failure in message mover spec
  • Enforces focus of composer after send
  • Removes ideal first channel logic from unfollowChatChannel
  • Moving memberships out of channel decorator
  • Allows messages’s owner to restore deleted message
  • Removes -webkit-overflow-scrolling
  • Calls vibrate only once when reacting
  • Various optimisations on mobile for live pane
  • Ensures even message with no avatar are tracked
  • Do not call throttled fn immediately to avoid missing update on fast resizing
  • Doesn’t include status when loading channels if user status is disabled in settings
  • Mark message as visible as soon as the first line appears in the viewport
  • Do not allow chat uploads if secure_media is enabled
  • Checks if notification has a title or lets router handle it
  • Mark message as visible when 60% is inside the viewport
  • Prevents crash when joining channel
  • Don’t corrupt users’ last read IDs.
  • Ensures chat notifications have a URL
  • Restores presence and displays it on sidebar
  • Ensures badge is showing uncategorized category
  • Fixes height regression on browse page
  • Prevents mutation of dm creator selected users
  • Sidebar direct messages are limited to 20
  • Adjust reply indicator spacing on iOS
  • Ensures membership query is not returning duplicates

UX Changes

  • Alignment member tab
  • Ensures drawer position is correct with small/closed topic composer
  • Increases max count of fetched public channels from 20 to 50
  • Matches scrollbar background with channels-list background
  • Adjust fullscreen height for the iPad iOS app
  • Skip sidebar additions if user has disabled chat
  • Avatar border chat
  • Prevents presence ring to move avatar
  • Adjust to fit composer on desktop, fix iPad layout
  • Slightly increases margin over tabs list
  • Tweaks info page
  • Tweaks to browse and members page
  • Chat-draft-channel-screen is already in a container with correct height

Performance

  • Prevents N+1 on public channels due to topic url

Additional Features and Fixes

Click to expand

New Features

  • Update bootstrap mode notice to add invite and wizard links
  • Add welcome topic cta banner
  • Show status on post streams
  • Add image delete button in preview.
  • Track stats around failing scheduled jobs
  • Show SMTP response on admin email sent list and rearrange columns
  • Add support for case-sensitive Watched Words
  • Show user status on the user profile page

Bug Fixes

  • Destroy all posts when hard deleting topic
  • Swallow SSL errors when generating oneboxes
  • Broken onebox images due to url normalization bugs
  • Don’t raise an error if file not found in S3.
  • Make word watcher work with nil strings
  • The phpbbb import script was not parsing youtube tags
  • Prevents android keyboard to be hidden instantly on sk focus
  • Allow to add the same watched word with a different case
  • Properly log all internal job failures
  • Do not redeem expired invites on new user signup
  • Secondary more section links not marked as active
  • Handle actor not having preferences in UserCommScreener
  • Don’t memoize site setting in guardian
  • Scope memoization of category moderation per category
  • Show update banner only once on categories with subcategory lists
  • Unsubscribe from the /reviewable_counts channel when leaving the review-index route
  • Links incorrectly marked as active in Sidebar::MoreSectionLinks
  • Avoid usage of dig when looking for job class
  • Inject appEvents in ScreenTrack
  • Use default locale for footer of embedded topics
  • Do not overwrite top_menu site setting in wizard styling step
  • Bugs with year selector and erase button
  • Update word_watcher cache key following schema change
  • Wizard last step “corporate” was not saving changes
  • Bots could generate errors when slug generation method is encoded
  • Accept HEAD requests for mandrill webhook
  • Show bookmarks loading spinner correctly
  • Ensure all public topic-query options can be used via Ember
  • Ensure theme_uploads_local only has one / at beginning
  • Show button bar overflow on iPad & mobile
  • UserCommScreener filter acting user ID from target user IDs
  • Allow array values for custom fields in category params.
  • Ensure error handlers render correctly without preload_json

UX Changes

  • Add left sidebar toggle when sidebar enabled
  • Improve empty state copy on the activity/topics page
  • Display gap between tag sort options on PMs
  • Move About and FAQ links into secondary section in More… dropdown
  • Update register admin wizard page styles
  • Fix chat lock icon position and background
  • Account for iPad hub nav when calculating top
  • Move links in Sidebar footer under community section
  • Add ellipsis for long category names in category chooser dropdown
  • Change unrelated icon in the CTA Signup prompt
  • Remove count from more section links
  • Adjust sidebar margin to avoid composer height
  • Fix extra spacing for group metadata in user profile
  • Updated account activation page design
  • Add the TOS disclaimer to the invite signup
  • Only set user bookmarks loading state when loading
  • Sidebar appearance shouldn’t shrink fonts
  • Sidebar focus styles, remove hover for touch
  • Reduce number of links displayed in Community by default
14 Likes