New Features

• Add Noindex to robots.txt for disallowed routes
• Show added date when looking at group members
• New ‘simultaneous_uploads’ site setting
• Add download script for Google Groups
• Special offline support restricted to Android only
• Push related PMs to take first 3 slots
• Allow admins to control PWA display mode per user agent
• Hide muted categories from /categories list
• Warn users via email about suspicious logins.
• Add server:before-head-close-crawler outlet for plugins
• [Experimental] Content Security Policy
• Adds latest to user-api-key session scope
• New plugin outlets for user card customization
• Allow plugins to whitelist user custom fields for public display
• Adds list#(unread|new) to user api key routes
• New rake task to anonymize all users
• Upload tags from CSV
• Allow multiple secrets for Discourse SSO provider
• Support backup uploads/downloads directly to/from S3.

Bug Fixes

• don’t allow adding a value containing vertical bar char to the secret list
• topic-map spec with VDOM and i18n plural
• don’t strip eml attachments from received emails
• Disables dates filtering on most_disagreed_flags report
• Uses more semantically correct spans in post map
• Use ‘require’ for dependencies.
• Translation error
• Only extract script tags with certain types
• We shouldn’t include topics when mobile view is enabled
• Do not create superflous sessions when logged on
• Do not leak information about post revisions.
• Correct bookmark button class
• Return 400 for missing required params
• Improve error handling for missing maxmind dbs
• Add ‘log in via link’ to email templates.
• Fix ‘New Login Alert’ message.
• Uploads didn’t work for subfolder anymore
• Sso provider copyedit
• Prevents y-axis labels to show useless/wrong values
• Flash authentication data not rendered in latest iOS safari browser
• Add String.includes polyfill for IE11
• Remove orientation from the webmanifest
• Add polyfill so that Array.includes works in IE11
• Ensures reports links are correct on subfolder installs
• Don’t seed flags if ids don’t exist
• Don’t use srcset on cropped thumbnails
• Do not update last_seen for API access
• Do not track right clicks.
• Support comma in ‘sso_provider_secrets’ site setting
• Ensure the like button always has a title, for accessibility
• GlobalPath#upload_cdn_path when S3 bucket has a folder
• If poll has not options do not break serializer
• Remove duplicate referrer policy
• Strip accents from search query
• Validates import theme form
• Stop logging every 404 error when searching for gravatars
• Fix order of recently connected devices.
• Proper naming for the GNU/Linux OS
• Fix browser detection for Microsoft Edge.
• Clean tag before searching for matches
• Sanitize tags before creation
• Count emoji shortcuts in topic title
• Prevent duplicate tags in tag-choosers
• Strip @ when searching for users and groups.
• User AvatarLookup for looking up avatar details
• Lowercase username for add/rem group members
• Always update ‘last_gravatar_download_attempt’ when updating gravatar
• Properly import vBulletin’s hashed password
• Extracted theme JavaScripts for multisite
• Extracted theme javascripts for multisite
• Wrap custom fields database statements in a transaction.
• Don’t rescue PG::UniqueViolation within a transaction.
• Discourse script didn’t allow backups with paths anymore
• Mbox importer and rake task were broken
• Use topic summary for meta description if topic excerpt is blank
• Closing an empty fullscreen composer with toggler prevents scrolling
• Support for local-date email preview without time attribute
• Do not set null value to remove cookie
• Clear color scheme cache when clearing theme cache
• Force enable a user’s email_private_messages option when user replies via email
• Do not award badges for links in restricted categories.
• Reduce amount of work onceoff does
• SSO provider secrets - check wildcard domains last, toggle secrets visibility
• Can’t clean a tag if the given string is frozen.
• Remove code that restricted “header” theme field from admin
• Keep emoji syntax for custom emojis in quotes
• Don’t show empty user stats in the card when profile is hidden

UX Changes

• uses presentation role for accessibility in topic map
• Don’t show crawler navigation in print view
• Adds CSS classes to crawler navigation links
• Hide crawler navigation in print view
• Include subcategories in search result of all categories drop down
• Updates category muting instructions
• Remove “at” word from relative dates in local dates
• Use latitude and longitude for more precision.
• Use user locale for locations.
• Bumps the user-api-key version to 3
• Make title on Instagram less redundant
• Adding Google-compliant logo
• Increase size of topic title tap target on mobile
• Improve spacing on composer controls
• Allow vertical timeline to fit on narrower screens
• Show error when hitting the rate limit on password reset
• Warn users if the post that’s currently edited has changed.
• Header items wrap on small screens for anon
• Presence-users overlaps with composer toggles
• Images should be responsive in embedded comments

Performance

• Avoid DNS lookups when getting IP info
• Remove total unread notifications from message bus
• Limit unread count to 99 in the blue circle
• User imports would slow down the more users were imported