Discourse 2.0.0.beta7 Release Notes

New features in 2.0.0.beta7

Moderation Improvements

We believe that moderating your Discourse community should be simple and easy to do. As such we’re always looking for ways to improve our moderation tools. In beta5 we added the following improvements to our moderation tooling:

  • Add option to delete all replies of flagged post
  • Add staff action log for post approvals
  • Staff can see the delete button on a post that was marked for deletion by the author

Tag visibility and usage

Tags are a great way to help organize topics on your Discourse site. By default tags can be applied by any user, and are visible to all. Now, using tag groups you can configure tags to be visible only to staff, and/or used only by staff.

It should be noted that if you previously used the “staff tags” site setting it has been migrated to the “staff_tags” tag group automatically. The “staff tags” site setting has been removed. See How to use staff tags properly? for more details.

Better handling of load spikes

Out of the box Discourse can handle significant traffic without major tweaks. However, say you’re a company that runs an online server, your server goes down, and all your users flood a single topic on your Discourse site. This sudden flood of traffic can overwhelm your Discourse server with requests, slowing down the site for all. To help combat this we added an “anon view” trigger. If more than 3 requests within 10 seconds to a single topic queue for longer than 1 second, users will see the topic as if they were not logged in (anonymous). Anonymous views of a topic take significantly less resources, allowing Discourse to better handle the load spike without affecting the rest of your site.

Group Cards

Discourse has supported user cards since nearly the beginning. Now we also support group cards, allowing you to see the Group name, it’s users, as well as to join, request to join, or leave the group (as applicable).

Suppressing the word “likes”

In beta6 we we suppressed the word “likes” from posts. We’ve continued to tweak how likes look, and now display empty hearts for posts you haven’t liked. Posts you have liked will be pink, and your own posts will be grey.

Own post:

Security Updates

This beta includes 5 security fix for issues reported by our community and HackerOne.

  • Prevent XSS when showing diffs
  • Do not show private topic title on /unsubscribed page
  • Escape HTML entities from topic title
  • Do not disclose topic titles on /unsubscribed page to unauthorized users
  • Santize tags when creating new topic via URL

Even more!

But wait, there’s more! We do our best to highlight new features and changes for you, but there’s always too many changes to detail. For a full list of new features, bug fixes, UX improvements, and more, be sure to review the Additional Features and Fixes listed below.

Plugin improvements


  • Alignment fixes

OAuth2 Basic

  • Allow both GET and POST fetch methods


  • Default date format to auto-localized
  • Only show help text in advanced mode
  • Multiple bug fixes


  • Improve Github commit onebox
  • Bug fix

Additional Features and Fixes

Click to expand

New Features

  • Allow safe mode to be disabled
  • Enable the Web Share Target API
  • Ctrl click on links allowed in preview
  • Track request queueing as early as possible
  • An API to help sites build robots.txt files programatically

Bug Fixes

  • Merging users failed when PM was sent to source and target user
  • Specify path for dosp cookie
  • Exclude topics from latest in /categories on refresh
  • Remove check for deprecated site setting
  • Deadlock when topic with auto close topic timers exceeds auto_close_topics_post_count.
  • Only show offline page when user is offline.
  • Calculate z-index for fixed usercard on preview
  • Message bus now properly detects log off
  • Better error message in GroupsController#add_members.
  • Remove auth cookie if we see InvalidAccess
  • Export download link was broken
  • Create upload record for exported csv files
  • Don’t break when posting invalid URIs
  • Localize everyone group name in default category permissions
  • Error when non-staff user edits their topic after a hidden tag is added to it
  • Strip emoji string from slug
  • Trigger group card on a post’s primary group click
  • Blacklisted crawlers could get through by omitting the accept header
  • Don’t allow spaces in ‘reply_by_email_address’ site setting
  • Missing Group#bio_raw attribute for group owners.
  • Sanitize click track links
  • Incorrect formatter used when logstash formatter is enabled.
  • Display user card background image
  • Don’t add diff classes more than once
  • Set notification level when changing post owner (#5616)
  • Do not notify last post editor if they mention themself
  • Missing action to trigger add group members modal for group owners.
  • Verify filtered tags when checking for category minimum required tags
  • Parameterize tag_id
  • Use new-password instead
  • Header nav should be tabbable and have focus state

UX Changes

  • Tag each autocomplete dialog so they can be hidden
  • Better github commit onebox
  • Display staged status on user summary page
  • Ensure topic progress indicator isn’t floating in very short topics
  • Don’t match emails in user selector in group add members modal.
  • Update placeholder for full page search
  • Require an extra click to open topic draft
  • Moved posts message links to the first post at the destination topic


  • Disables composer transitions in tests
  • Improve performance once logged in rate limiter hits
  • Only save site setting if values have been changed.