Daily Summary (5am UTC)

Today on meta.discourse.org…

Key Stats

• New posts: 120
• New topics: 21
• Top users (posts / likes):
  • Moin: 10 / 13
  • pfaffman: 4 / 8
  • merefield: 5 / 7
  • supermathie: 7 / 6
  • Lhc_fl: 1 / 5
  • Scott-CC: 8 / 4
  • featheredtoast: 3 / 4
  • renato: 2 / 4
  • JammyDodger: 4 / 4
  • jimkleiber: 4 / 3

Interesting Topics

Installation

• An upgrade knocked my site offline; how long until it’s restored?
  Scott-CC’s upgrade attempt showed the “Oops” error page, JammyDodger and Lhc_fl suggested safe-mode and log checks, supermathie walked through docker exec and log-tailing, and pfaffman resolved it with a rebuild and PostgreSQL 15 update.
  read more solution

Dev

• Can Discourse ship frequent Docker images that do not need to be bootstrapped?
  elmuerte explored blue/green deploy constraints on plugin and theme builds, while featheredtoast shared a proof-of-concept Docker Compose setup and explained why custom images must bake in extra gems and system packages.
  read more experiment

Bug

• New Composer Issue: Linked Images
  The new markdown composer’s link button doesn’t support external images; supermathie flagged the gap in the markdown UI, and renato proposed an inline input rule for ![alt](url) handling.
  discussion proposal

• New composer inserts double line breaks when pressing return key
  Users noted that pressing ⏎ creates a new paragraph instead of a line break; sam asked whether we should enforce tidy paragraphs and awesomerobot pointed out that Notion and Medium share this behavior.
  issue comparison

• Discourse AI spam detection “Scan log” is frequently truncated
  Admins testing the AI spam scan see valuable reasoning cut off in the logs; the thread calls for ensuring the full output is visible to refine custom instructions.
  bug report plugin

Support

• See the failed jobs in Sidekiq. (MailGun) failing to send emails
  Aaron_Walsh saw 42 queued email retries after a Mailgun port change; pfaffman walked through rebuilding vs. destroying the container to unblock port 2525.
  report resolution

• Sensitive information disclosure: OAuth2 client secret exposed in admin settings
  Evie_Tao warned that OAuth2 secrets show in plain text; supermathie linked to a simple plugin fix to mark them as sensitive=true and discussed environment-based secrets.

  details fix PR

• Potential Directory Traversal: /uploads/ allows cross-directory file access*
  A security assessment found that ../../ in /uploads/default/original can fetch unintended files; the thread suggests enabling the secure-uploads feature for enforced access controls.
  report secure-uploads

• Personal Message attachments accessible to unauthenticated users (missing auth check)
  Evie_Tao discovered that private message images are publicly retrievable; the community again pointed at secure-uploads for locking down PM assets.
  report secure-uploads

• A file does not exist error occurred during database backup
  Manual backups fail with rb_io_flush_raw - <STDOUT> errors when dumping the public schema; admins seek guidance on backuper configuration.
  error log

• Potential resource exhaustion: No rate limiting on /uploads.json allows mass file uploads
  Security reviews flagged the lack of rate limits on the upload API, risking storage DoS; suggestions include custom throttle plugins or proxy-level limits.
  report

UX

• Launch Composer from Topic Reply at foot of Topic: Draft missing on re-initiate
  merefield found that saved drafts don’t reappear when reopening the composer via the bottom reply button, though they do after page refresh.
  issue

• Reviewable UI refresh site setting
  Admins enabled the experimental review queue UI but saw no change; Moin demonstrated that individual review items show the new design while the list view remains unchanged.
  question demo

wordpress

• Attempting to work around the 10 minute delay
  Lee_Ars struggled with WP Discourse comment sync delays; angus walked through webhook setup, cache toggles, and header fixes for instant comment updates.
  thread webhook guide

Feature

• Feature request: share to discourse (via iOS)
  Building on the desktop bookmarklet and extension, jimkleiber asked if iOS’s Apple App Site Association can deep-link into the Discourse PWA for quick topic creation.
  iOS request desktop extension

Activity by the @team Group

• supermathie guided Scott-CC through log inspection in the offline-upgrade thread, flagged composer link gaps in Linked Images, assisted multisite favicon setup in ICO favicons, and proposed an OAuth2 secret masking fix in Sensitive Disclosure.

• featheredtoast experimented with Discourse Docker Compose in the Docker images discussion and elaborated on custom image dependencies in the same thread.

• renato enhanced the new composer with an inline image input rule in the Linked Images issue.

• zogstrip resolved admin lockouts by fixing the read-only/SSO escape hatch in the admin login recovery topic.

• sam questioned tidy-paragraph conventions in the line-break feature thread and shared BBCode plugin context in the new composer announcement.

• awesomerobot highlighted alternative editor chords in the line-break discussion and clarified image UI behavior in the composer rollout thread.

• HAWK offered troubleshooting for ad-laden summary emails in the daily summary support topic.

• david identified the missing <template> wrapper in the DidInsert modifier bug.

• joffreyjaffeux merged a fix for persistent optional fields in the AI Persona Editor in that bug report.

• nat suggested a Sidekiq restart to clear mail-retry storms in the post-upgrade retry issue.

After yesterday’s marathon of upgrades, PRs, and composer quibbles, treat yourself to a well-earned break—and maybe a puppy cuddle (no puppies were harmed in the making of this summary )!