Discourse 2.2.0.beta4 Release Notes

Even more!

But wait, there’s more! We do our best to highlight new features and changes for you, but there’s always too many changes to detail. For a full list of new features, bug fixes, UX improvements, and more, be sure to review the Additional Features and Fixes listed below.

Security Updates

This beta includes 2 security fix for issues reported by our community and HackerOne.

  • Update loofah for CVE-2018-16468
  • Add CSRF protections to OpenID callback

Plugin improvements

Data Explorer

  • Correct “quality users” preseeded query
  • Allow clickable post titles in results view
  • Replace combo-box with search filter



  • Force Policy renewal every N days


  • Bug fixes
  • Translation fixes


  • Option to require SAML usage for specific email domains


  • Improved button label for anonymous users

Zendesk Plugin

  • Bug fix
  • Translation improvements

Backup Uploads to s3

  • Bug fixes


  • Initial release


  • Bug fixes

Additional Features and Fixes

Click to expand

New Features

  • Add Noindex to robots.txt for disallowed routes
  • Show added date when looking at group members
  • New ‘simultaneous_uploads’ site setting
  • Add download script for Google Groups
  • Special offline support restricted to Android only
  • Push related PMs to take first 3 slots
  • Allow admins to control PWA display mode per user agent
  • Hide muted categories from /categories list
  • Warn users via email about suspicious logins.
  • Add server:before-head-close-crawler outlet for plugins
  • [Experimental] Content Security Policy
  • Adds latest to user-api-key session scope
  • New plugin outlets for user card customization
  • Allow plugins to whitelist user custom fields for public display
  • Adds list#(unread|new) to user api key routes
  • New rake task to anonymize all users
  • Upload tags from CSV
  • Allow multiple secrets for Discourse SSO provider
  • Support backup uploads/downloads directly to/from S3.

Bug Fixes

  • don’t allow adding a value containing vertical bar char to the secret list
  • topic-map spec with VDOM and i18n plural
  • don’t strip eml attachments from received emails
  • Disables dates filtering on most_disagreed_flags report
  • Uses more semantically correct spans in post map
  • Use ‘require’ for dependencies.
  • Translation error
  • Only extract script tags with certain types
  • We shouldn’t include topics when mobile view is enabled
  • Do not create superflous sessions when logged on
  • Do not leak information about post revisions.
  • Correct bookmark button class
  • Return 400 for missing required params
  • Improve error handling for missing maxmind dbs
  • Add ‘log in via link’ to email templates.
  • Fix ‘New Login Alert’ message.
  • Uploads didn’t work for subfolder anymore
  • Sso provider copyedit
  • Prevents y-axis labels to show useless/wrong values
  • Flash authentication data not rendered in latest iOS safari browser
  • Add String.includes polyfill for IE11
  • Remove orientation from the webmanifest
  • Add polyfill so that Array.includes works in IE11
  • Ensures reports links are correct on subfolder installs
  • Don’t seed flags if ids don’t exist
  • Don’t use srcset on cropped thumbnails
  • Do not update last_seen for API access
  • Do not track right clicks.
  • Support comma in ‘sso_provider_secrets’ site setting
  • Ensure the like button always has a title, for accessibility
  • GlobalPath#upload_cdn_path when S3 bucket has a folder
  • If poll has not options do not break serializer
  • Remove duplicate referrer policy
  • Strip accents from search query
  • Validates import theme form
  • Stop logging every 404 error when searching for gravatars
  • Fix order of recently connected devices.
  • Proper naming for the GNU/Linux OS
  • Fix browser detection for Microsoft Edge.
  • Clean tag before searching for matches
  • Sanitize tags before creation
  • Count emoji shortcuts in topic title
  • Prevent duplicate tags in tag-choosers
  • Strip @ when searching for users and groups.
  • User AvatarLookup for looking up avatar details
  • Lowercase username for add/rem group members
  • Always update ‘last_gravatar_download_attempt’ when updating gravatar
  • Properly import vBulletin’s hashed password
  • Extracted theme JavaScripts for multisite
  • Extracted theme javascripts for multisite
  • Wrap custom fields database statements in a transaction.
  • Don’t rescue PG::UniqueViolation within a transaction.
  • Discourse script didn’t allow backups with paths anymore
  • Mbox importer and rake task were broken
  • Use topic summary for meta description if topic excerpt is blank
  • Closing an empty fullscreen composer with toggler prevents scrolling
  • Support for local-date email preview without time attribute
  • Do not set null value to remove cookie
  • Clear color scheme cache when clearing theme cache
  • Force enable a user’s email_private_messages option when user replies via email
  • Do not award badges for links in restricted categories.
  • Reduce amount of work onceoff does
  • SSO provider secrets - check wildcard domains last, toggle secrets visibility
  • Can’t clean a tag if the given string is frozen.
  • Remove code that restricted “header” theme field from admin
  • Keep emoji syntax for custom emojis in quotes
  • Don’t show empty user stats in the card when profile is hidden

UX Changes

  • uses presentation role for accessibility in topic map
  • Don’t show crawler navigation in print view
  • Adds CSS classes to crawler navigation links
  • Hide crawler navigation in print view
  • Include subcategories in search result of all categories drop down
  • Updates category muting instructions
  • Remove “at” word from relative dates in local dates
  • Use latitude and longitude for more precision.
  • Use user locale for locations.
  • Bumps the user-api-key version to 3
  • Make title on Instagram less redundant
  • Adding Google-compliant logo
  • Increase size of topic title tap target on mobile
  • Improve spacing on composer controls
  • Allow vertical timeline to fit on narrower screens
  • Show error when hitting the rate limit on password reset
  • Warn users if the post that’s currently edited has changed.
  • Header items wrap on small screens for anon
  • Presence-users overlaps with composer toggles
  • Images should be responsive in embedded comments


  • Avoid DNS lookups when getting IP info
  • Remove total unread notifications from message bus
  • Limit unread count to 99 in the blue circle
  • User imports would slow down the more users were imported