3.5.0.beta6 Security fixes release

Announcements
2

Even more!

But wait, there’s more! We do our best to highlight new features and changes for you, but there’s always too many changes to detail. For a full list of new features, bug fixes, UX improvements, and more, be sure to review the Additional Features and Fixes listed below.

Plugin improvements

discourse-activity-pub

New Features

  • Allow everyone to see both followers and follows of Category and Tag Actors (223)
  • Add actor deletion (215)

UX Changes

  • Improve ActivityPub topic and post modals (224)

discourse-ai

New Features

  • Allow access to assigns from forum researcher (1412)
  • Use different personas to power AI helper features.
  • Add context and llm controls to researcher, fix username filter (1401)
  • Add inferred concepts system (1330)
  • Support upload.getUrl in custom tools (1384)
  • Simplify streaming implementation - rush last update (1380)
  • Automatic translation and localization of posts, topics, categories (1376)

Bug Fixes

  • Update topic summarization prompt to work better when using full names (1409)
  • When tool options are added they should be available (1406)
  • Always render “today” on top of conversation sidebar (1400)
  • Edit-topic is not invisible on desktop (1394)
  • Unable to scroll on mobile AI post helper results (1396)
  • Proper default LLM detection for inferred concepts (1392)
  • Exporting overall sentiment fails (1388)
  • Enum handling needs to be done on save as well (1386)
  • Custom tools incorrectly setting all fields to blank enum (1385)
  • Full page search broken (1383)
  • Bump persona’s examples length (1377)

UX Changes

  • Style tweaks for RAG uploader and form width (1407)
  • AI composer helper refinements (1387)

Performance

  • Optimize .ai-debug-modal__tokens selector (1390)

discourse-calendar

New Features

  • Show local timezone (735)
  • Support for recurrence_until (730)
  • Optional attached chat channel for event (728)

Bug Fixes

  • Nbsp handling in group-timezones (739)
  • Prevents double event and uses correct starts_at (736)
  • Remove hard dependency on Chat plugin (732)

UX Changes

  • Better copy (737)

discourse-data-explorer

UX Changes

  • Category-id-input: allows no-category selection (377)

discourse-oauth2-basic

UX Changes

  • Update admin settings plugin name (130)

discourse-policy

Security Changes

  • Policy group members (165)

discourse-saml

New Features

  • Allow multiple attributes for group sync and also using group full_name (127)

All Features and Fixes

New Features

  • Theme-owned color palettes (32795)
  • Add option to make <AceEditor /> resizable (33044)
  • Allow customizing default timezone for email. (32964)
  • Show language switcher for anons (32965)

Bug Fixes

  • Wrong link to groups in post-small-action widget (33099)
  • Do not show header search icon if welcome banner search shown (33098)
  • Wrap theme translations in IIFE (33108)
  • Disallow encoded words in e-mail addresses (33083)
  • Ensures post toolbar text can’t be selected (33075)
  • Respect category/tag filtering for reviewable webhooks (33051)
  • Exclude reviewable_notes from intermediate DB schema (33068)
  • Latest duplicated groups to about components (33003)
  • Back to themes page not working when theme has enabled components (33048)
  • Uses text selection when using hide details (33049)
  • When new new is enabled, filter dismiss modal to correct type (33037)
  • Handle redirect issue with categoryId rewriting page number (33009)
  • Ensure copy_data callbacks run even when all rows are skipped (33002)
  • Correctly unescape title for amazon oneboxes (33010)
  • Restore category text color field (32915)
  • Improvements for admin search (33006)
  • Topic timeline in mobile is not usable due to full height (32986)
  • Removes shift which is not necessary anymore (32979)
  • Composite primary key output (32972)

UX Changes

  • Add * mention to site setting description
  • Only show single composer tip at a time (33050)
  • Add z-index to the admin save all banner (33093)
  • Fix admin reports breadcrumb link (33085)
  • Keep marks when using emoji input rules on rich editor (33058)
  • Add subheader to admin themes page (32987)
  • Rich editor [details] caret hover and padding (33057)
  • Update theme cards min width (33045)
  • Margin top to first onebox in topic (33054)
  • Fast topic edit (32941)
  • More consistent search menu spacing (33036)
  • Onebox changes (33038)
  • Make sure search context is kept when navigating (33016)
  • Update some delete confirmation dialogs (33018)
  • Avoid presence layout shift (33022)
  • Scale down the theme title edit size (33021)
  • Merge onebox experiment into core (33015)
  • Fix active menu item bottom border (33013)
  • Move to regular border radius variable (33011)
  • Polishing borders, border-radius, input, and spacing (32995)
  • Fix mobile positioning for content editable (rich editor) (32993)
  • Add hover state to theme cards (32980)
  • Add gap to sidebar items (32981)
  • Decrease spacing between content sections in theme-card UI (32977)
  • Fix padding (32973)
  • Improve color descriptions (32930)
  • Fix border-radius on image upload inputs (32935)

Security Changes

  • Respect max length in bot-human PMs
  • Escape topic title for mailers

Performance

  • Remove <details> polyfill (33020)

Accessibility

  • SVG icons should be hidden unless a label is provided (33059)
4 Likes