Discourse strongly recommends that all sites follow the default tests-passed branch of Discourse. The “stable” branch is more focused on lack of change than lack of bugs - all releases, including those on tests-passed and beta are production ready.
This release includes fixes for these security issues reported by our community and HackerOne .
9 Likes
Lilly
March 15, 2024, 12:06pm
3
But wait, there’s more! We do our best to highlight new features and changes for you, but there’s always too many changes to detail. For a full list of new features, bug fixes, UX improvements, and more, be sure to review the Additional Features and Fixes listed below.
Ensure topic collections exists for full_topic activities (67 )
Use full slugPath to reload categories with permissions (65 )
Delivery job failure log (64 )
Improve DFP / Ad-manager Content-Security-Policy compat (201 )
Calculate no ads for groups server side (200 )
Add exclude groups for each ad platforms (197 )
Share conversations with AI via a URL (521 )
AI Quick Semantic Search (501 )
Add GitHub Helper AI Bot persona and tools (513 )
Support for claude opus and sonnet (508 )
Option for AI triage to send a post to the review queue (498 )
AI helper support in non English languages (489 )
Handle secure uploads in image caption (476 )
AI image caption (470 )
New Discourse Helper persona (473 )
Mentionable personas and random picker tool, context limits (466 )
Allow personas to supply top_p and temperature params (459 )
Fine tune llm report to follow instructions more closely (451 )
Syntax highlighting for shared-ai conversions with CSP enabled (532 )
Handle unicode on tokenizer (515 )
Expire assets when CSS changes
Missing translation on share page (528 )
Don’t show share conversation incorrectly (526 )
Filter soft-deleted topics when backfilling sentiment (527 )
Ai-image-caption should not crash on checking currentUser can_use_assistant (523 )
Image caption feature should respect composer AI helper groups (522 )
Tune function calling (519 )
Improve AI persona editor inputs and optional GitHub auth (518 )
Prevent AI chat thread titles from being created before replies are posted (517 )
Avoid all bot feedback loops (507 )
Backspace in composer custom prompt closes menu (505 )
System persona non English save, missing bot pms
Support multiple tool calls (502 )
Stream messages when directly PMing a persona (500 )
Support spaces within arguments for Open AI (499 )
Composer service call breaking shared edits (494 )
Lower truncation size for Gemini Embeddings (493 )
Image generation in gemini was broken (490 )
Caption was broken with multiple subsequent calls (481 )
Unable to share conversations with persona user (479 )
Cleanup AI search results when a subsequent search happens (469 )
Better AI chat thread titles (467 )
Use a dedicated prompt for thread titles (464 )
Explicit check for empty string in compat migration (463 )
Hide related topics when module is disabled (461 )
Typo causing text_embedding_3_large to fail (460 )
Improve embedding generation (452 )
Add table name to remove ambiguous column reference in SQL (449 )
Add title suffix to shared AI pages (531 )
Add support for dark mode (529 )
Update styles and markup for share feature (525 )
AI Helper positioning (506 )
Minor adjustments for image caption size, behavior (484 )
Minor image caption style adjustments (482 )
Add missing settings descriptions (465 )
Re-introduce embedding settings validations (457 )
Validate embeddings settings (455 )
Place a SSRF protection when calling services from the plugin. (485 )
500 Error when editing a PostVotingComment (127 )
Missing translation for review_tl1_users_first_post_voting_comment (128 )
Allow either custom_fields or user_fields in trigger (253 )
Automated Post creation on user updated (249 )
Update how we pass values to ModalJsonSchemaEditor (257 )
Correctly format placeholders (255 )
Computes next daily recurring from now (248 )
Fix page layout, clean up (123 )
Use new options from downloadCalendar (549 )
Editing custom field of event didn’t work (550 )
Update test for holiday adjustments (541 )
Hide invitees from users who are not allowed to see the event post (544 )
Disallow self invite to private events (543 )
Use the proper plugin name in PLUGIN_NAME
Add group_list parameter type (283 )
Empty category matrix by converting it to glimmer (133 )
Don’t expose custom fields from other plugins (13 )
Update jira field to Component API. (61 )
Typo (58 )
New checkbox to mark a device as mobile in onboarding (89 )
Hide mathjax loading toast (78 )
Emails from microsoft are not verified (72 )
Failing tests due to i18n.default (3 )
Add max length to content_languages custom field
Allow specifiying required paths when retrieving userinfo (96 )
Next Page issues with crawlers (193 )
Count all reactions as likes with exceptions controlled by a site setting (267 )
Stop requesting more reactions when none exist (282 )
Do not show Likes on reactions-received endpoint (279 )
View activity reactions for other users (278 )
_allowHover() function call (277 )
Hovering reaction icon causing error would flood AJAX requests (274 )
Do not show users who Reacted under post … menu (275 )
Do not show likes with reactions on likes-received list (273 )
Handle null post.user_id for UserAction sync (270 )
Require missing scheduled job in plugin.rb (269 )
Nest combobox within LI element (280 )
Button styling and label (79 )
Ensure deletion of product upon confirmation (195 )
Add a link to template source topic (70 )
Slowness when listing templates and the templates category (67 )
Improve button design to match other logins (29 )
Auto generate and display video preview image (25633 )
Site setting to include post in penalty messages (26026 )
Set the video background to be black (25744 )
Add a boarder around the video placeholder play button (25727 )
Video playback on iOS (25513 )
Webauthn origin was incorrect for subfolder setups (#25651 ) (25654 )
Correctly save group invites (stable) (25567 )
Update themes javascript cache after running themes migrations (25564 )
Site-setting integer input type (25488 )
Fix the video spinner css (25770 )
Tweak play button css (25754 )
Limit invites params length
Add rate limits for uploads
Generate more category CSS on client
Prevent large staff actions causing DoS
Don’t disclose the existence of secret subcategories
4 Likes