We’ve finally adopted the Checklist plugin by @cpradio! Make your lists much more interactive with this plugin.
Automatically expire unused API keys
For enhanced security, Discourse will automatically expire API keys that have not been used for long periods of time. Search for expire_user_api_keys_days in your admin console.
Links are searchable
Thanks to @nbianca links inserted in posts are now indexed for searching. See how it works with this example search.
Emoji 11.0 added
We’ve added support for the new Unicode 11.0 emojis.
But wait, there’s more! We do our best to highlight new features and changes for you, but there’s always too many changes to detail. For a full list of new features, bug fixes, UX improvements, and more, be sure to review the Additional Features and Fixes listed below.
Security Updates
This beta includes 1 security fix for issues reported by our community and [HackerOne]
(HackerOne).
Prevent use of X-Forwarded-Host to perform XSS
Plugin improvements
Data Explorer Plugin
List all previous queries on Data Explorer homepage
Added clickable rows, default query sorting by id and clickable usernames
Added User.find() & fixed scroll history bug
Do not save username since we are already saving user_id
Added button to go back to query list after visiting a query
FIX: Ensure that back button always redirects to index page
FIX: Remove bad default query description and add placeholder instead
Hide controls on query page
FIX: Use predefined SCSS colors instead of hardcoded colors
UX: Improve text when no query selected
Checklist plugin
fix spec
Invite Tokens
Add translation for accept_invite
Oauth2 Basic
FIX: callback url on subfolder installs
Chat Integration Plugin
FEATURE: Improve channel error visibility in the admin panel, stop adding chat integration errors to logs
Sitemap
Raise 404 for incorrect route
Staff Notes
FIX: uses user type for reports
WordPress Plugin
Bump Tested up to version
Hide pin-until date input unless pin-topic is selected
Add hidden class to pin-until input
Stype publish-info text
Left align all inputs
Bump version to 1.7.0
Changes for WordPress coding standards
Fix typo in CSS selector name
Only add hidden class to new-topic div if ‘link’ is explicity selected
Bump version to 1.7.1
Added avatar template size filter
Avatar template size filter
Update html-templates.php
Escape HTML
Move discourse_topic_link into a separate function
Bump version to 1.7.2
Remove unnecessary unary operator
Check for error before returning the force-publish message
Bump version to 1.7.3
Spoiler Alert
Make it compatible with stable branch
Maths Plugin
SECURITY: do not allow tags in math wrapper
Discourse Voting
FIX: only count votes when we have an array of votes
FIX: release/reclaim votes on moving topics to different category
Discourse Assign
Slight margin reduction
FIX: properly unassign topics if there are no more flags to handle
Discourse Translator
Fix incorrect variable scope
Prometheus
Fix typo
Push Notification
Fix the link to discourse. The topic url/id seems to have changed
Styleguide
Adding type scale, more colors, prettier
Additional Features and Fixes
Click to expand
New Features
Improve API error reporting for invalid records
Automatically correct extension for bad uploads
More context for error reporting on jobs fails
Use display: browser in webmanifest for iOS devices
Silenced users should not be allowed to edit posts
Do encodeURI on share links
Group error message regarding image optimization failures
Group warnings about IP level rate limiting
Ability for plugins to whitelist custom fields for flags
Backend support for user-selectable components
Include excerpt in HTML view for pinned topics
Bug Fixes
Doesn’t translate group permission keys
Disable_2fa fix method selection
Do not hide YouTube embeds inside details tag
If user is logged off return 404 instead of 500
Handle concurrently creating post reply keys
User profiles didn’t work when API keys exist
Do not show an empty modal when an IP address is allowed or blocked. (#6265)
Subfolder support for S3 CDN
SpamRulesEnforcer should use default locale
HTML lang attribute expects hyphen instead of underscore
Load more on groups page does not account for params.
Search does not retrigger when context has changed. Take 2.
Incorrect title on new user narrative cert.
Make Discobot certificate route require login.
If we have not target available do not redirect
Avoid lograge error when controller doesn’t respond to current_user.
User can’t save gravatar as profile picture after refresh.
Always test and coerce to image on upload
Smiling face with three hearts emoji typo (#6286)
Allow silenced users to like / bookmark, just not flag.
Quality/bugfix dashboard/reports pass (#6283)
FileHelper#download should return nil if max size is exceeded.
Guardian#post_can_act? shouldn’t raise an error if user of post has been deleted.
Converting PNG to JPEG does not set the correct extension.
Raise an exception when 'downsize’git st fails
Don’t trigger ‘flag_reviewed’ when no flags were reviewed
Simplify so we ban all auth paths
Validation of min_posts and max_posts didn’t work
Automatically correct bad avatars on access
Z-index fix for tag input on mobile
Don’t throw exception if welcome topic cannot be found
Refreshing auto groups when min_username_length is long
Add gif to list of allowed decoders
Update application_controller_spec.rb.
Going from /categories to /latest on mobile might break infinite scrolling
Validation of topic params broke discourse-assign
Silenced users shouldn’t be able to act on posts
Bulk deleting topics should ignore already deleted topics
Bulk updating category failed when topic title was too short
Uses touchstart/mousedown for selected tags (#6268)
Store the topic links using the cooked upload url
Add a basic validator for topic params
Use BasicUserSerializer for user_badge.granted_by (#6266)