Discourse “lightboxes” uploaded images into a nice overlay that contains the full-size image and in this version, we begin to transition from the old Magnific popup library to an implementation based on Glimmer. To try out the improved system, check the
enable experimental lightbox setting,
To help admins import / export / edit settings easily, we now offer a native JSON editor. For themes and components that allow further configuration, click the button to open the editor.
enable_public_channels site setting allows site admins to decide if public channels are available or not. If disabled, users will only be able to use Personal Chats but not channels.
This release includes fixes for these security issues reported by our community and HackerOne.
- Don’t allow a particular site to monopolize the defer queue CVE-2023-38498
- Hide restricted tags in noscript view CVE-2023-386
- Limit length of edit reason column CVE-2023-37906
- Handle concurrent invite accepts CVE-2023-37904
- Impose a upper bound on limit params in various controllers CVE-2023-38684
- Don’t reuse CSP nonce between anonymous requests CVE-2023-37467