3.5.0.beta4 Security fix release

Security Fixes

This release includes a security fix for a data leak affecting login-required sites deployed in the timeframe between April 30 2025 noon EDT and May 2 2025, noon EDT. Private content on an instance’s homepage could become visible to unauthenticated users.

7 Likes

But wait, there’s more!

We do our best to highlight new features and changes for you, but there’s always too many changes to detail. For a full list of new features, bug fixes, UX improvements, and more, be sure to review the Additional Features and Fixes listed below.

Plugin improvements

discourse-ai

New Features

  • Enforce jpg/png for all images (1309)
  • Add support for uploads when starting a convo (1301)
  • Correctly decorate AI bots (1300)

Bug Fixes

  • Resource_url replacemente in Persona’s system prompt (1310)
  • Clear uploads after successfully posting new PM (1307)
  • Better LLM feedback for image generation failures (1306)
  • System persona state leaking between sites (1304)
  • Invalid access error should be populated to user (1303)
  • Llm selector memory broken (1299)
  • S3 was missing a const (1298)

UX Changes

  • Update conversation input styles (1308)
  • Empty state for AI conversations sidebar & btn changes (1297)
  • Put full page search discoveries in sidebar (1289)
  • Adjust bot conversation header and sidebar on hamburger mode (1295)

discourse-calendar

Bug Fixes

  • Allow create events for everyone group (726)

All Features and Fixes

New Features

  • Add color palette list selection to new UI (32379)
  • Add routeHistory service, SessionStore service and make back to forum button go back to previous page (32260)

Bug Fixes

  • Wizard logo preview (32543)
  • Shorten search everything to search (32544)
  • Background body regressed in #32517 (32527)
  • Don’t error when no filter is set in discovery heading (32516)
  • Staff action log logs in default locale when a user deletes themselves (32503)

UX Changes

  • Rich editor footnotes position (32566)
  • Add more info to theme cards (32334)
  • Apply signup page styles to invite page (32563)
  • Fix long category name overflow in category boxes (32560)
  • Display search input and open modal on click (32508)
  • Append ‘+’ to link count if above threshold in topic map (32093)
  • Fix post stream setting description mentions post menu (32250)
  • Fix topic statuses on category list (32528)
4 Likes