A new UX addition to 2.4.0.beta5 is a multi-paneled user menu. Now users have direct access to notifications, bookmarks, and messages straight from the user menu!
By default, the allowfullscreen iframe attribute is now whitelisted. This allows videos from providers like Vimeo to use full-screen mode straight from Discourse.
But wait, thereâs more! We do our best to highlight new features and changes for you, but thereâs always too many changes to detail. For a full list of new features, bug fixes, UX improvements, and more, be sure to review the Additional Features and Fixes listed below.
Security Updates
This beta includes 4 security fixes for issues reported by our community and HackerOne.
Update rubyzip dependency
Update rack-mini-profiler to latest to correct XSS
Donât allow base_uri as embeddable host if none exist
XSS when oneboxing user profile location field
Plugin improvements
discourse-calendar
Add new EnsureConsistency scheduled job
Add combo box label when no user timezone set
discourse-akismet
Clean up posts and reviewables when deleting an Askismet-flagged user
Set button styles using new button_class API
discourse-chat-integration
Support for slack custom username
Allow slash commands to set rules in private groups
discourse-assign
Add support for unicode usernames
Quick access panel for assignments
Add endpoint to list all assignments by user
discourse-logster-transporter
Donât compare secret keys using string equality
discourse-policy
support consistent policy renewal dates
migration was not account for new has policy field
when checking policy acceptance, looking at wrong date
discourse-adplugin
AdButler support
discourse-github
Match users to commits made from noreply emails
discourse-data-explorer
Allow groups to access queries
ability to import an exported query
discourse-bbcode
limit allowed font-size values
Additional Features and Fixes
Click to expand
New Features
Add support for maskable icons in the PWA manifest
Make share button support custom javascript
Update mini_scheduler to support history filtering
Allow embedding to ignore HTTP REFERER
Bug Fixes
Reset watched site settings when default locale changes
Respect unicode whitelist when suggesting username
Correctly escape category description text
Change focus when application resumes in android
Include video tags and short urls in âhave_uploadsâ method.
Include âshort_pathâ as src in each_upload_url method.
PWA install was broken due to missing basic logo
Cleanup DiscoursePluginRegistry state after tests that use it
Fix options given to per-minute rate limiter
Properly render server side plugin outlets (#8106)
Require a min amount of reviewables before calculating thresholds
Sensitivity did not work by default
Remove versions from Active Record warm up (#8105)
Ignore min_trust_to_send_messages when messaging groups (#8104)
Proper jumpToPost with whispers/small-actions
By default, donât abort Google Groups crawling on error
Split migration into two steps in developer guide (#8103)
Only apply post hide logic to flag actions
Google Groups crawler failed to login
Preview up to âmax_oneboxes_per_postâ oneboxes
Put back the TL3 ->` TL0 spam thing
Ignored flags should not count in your accuracy score
Correct theme SCSS error handling
Live reload plugin stylesheets when editing in development
Live reload plugin stylesheets when the color scheme changes
Do not include theme variables in plugin SCSS, and fix register_css
Do not allow posting of category topic template without any changes
Escape $ in translations before interpolating (#8100)
Open drafts for PMs from Activity >` Drafts screen.
Ensure page is reloaded correctly when a hash is present (#8096)
Donât show non-members as readers when the post is a whisper
Improve protection against problematic usernames (#8097)
Load raw hbs templates correctly from theme javascripts folder
Explicitly specify the format when loading /associate/{{token}}
Add support for version query parameter in InlineUploads
Do not escape fancy_title again. (#8095)
Do not show latest count in tabs on tag lists
Rails 6 multisite migrations and plugin migrations
Support <img> in code blocks when inlining uploads
Make markdown regexp patterns case insensitive.
Do not log âpull_hotlinked_imagesâ edits in the staff action log
Change admin dashboard sort caret icon color on hover
Let mailgun_api_key also support their âHTTP webhook signing keyâ (#8091)
Cast all numerical values in reports
Clear authentication data from session after create account (#8040)
User directory should not include unapproved users
POP3 doesnât work with TLS 1.3
Missing translation
Switch to full screen external login for Safari
Inline_uploads and subfolder
Migrate_to_s3 task and subfolder
Errors in qunit tests when version check info is missing
Do not show staged users avatars when expanding the read count indicator
Display emojis in search result blurbs
Improve Onebox detection (#8019)
Broken spec
Modify frozen String and profile_db_generator uses category id (#8080)
Migrate post_edit_time_limit to tl2_post_edit_time_limit (#8082)
UX Changes
Fix topic progress placement
Fix alignment on topic progress bar and remove some magic numbers
Improve composer layout in iPads
Change composerâs edit reason link to an icon
Use Visual Viewport API for iOS composer height
Add class to distinguish specific moderator categories on about page
Use medium format for displaying time in post notices. (#8074)
Show installed version with SHA instead of number of commits
Adjusts RTL composer presence avatar alignment
Performance
Ensure we warm up schema cache in the entire multisite
Avoid spinning a thread each time we close a connection
Update readers count when a post from another user is read. Donât fetch the post data again just to update the count. (#8078)