Even more!
But wait, there’s more! We do our best to highlight new features and changes for you, but there’s always too many changes to detail. For a full list of new features, bug fixes, UX improvements, and more, be sure to review the Additional Features and Fixes listed below.
Security Updates
This beta includes 4 security fixes for issues reported by our community and HackerOne.
- Update rubyzip dependency
- Update rack-mini-profiler to latest to correct XSS
- Don’t allow base_uri as embeddable host if none exist
- XSS when oneboxing user profile location field
Plugin improvements
discourse-calendar
- Add new EnsureConsistency scheduled job
- Add combo box label when no user timezone set
discourse-akismet
- Clean up posts and reviewables when deleting an Askismet-flagged user
- Set button styles using new button_class API
discourse-chat-integration
- Support for slack custom username
- Allow slash commands to set rules in private groups
discourse-assign
- Add support for unicode usernames
- Quick access panel for assignments
- Add endpoint to list all assignments by user
discourse-logster-transporter
- Don’t compare secret keys using string equality
discourse-policy
- support consistent policy renewal dates
- migration was not account for new has policy field
- when checking policy acceptance, looking at wrong date
discourse-adplugin
- AdButler support
discourse-github
- Match users to commits made from noreply emails
discourse-data-explorer
- Allow groups to access queries
- ability to import an exported query
discourse-bbcode
- limit allowed font-size values
Additional Features and Fixes
Click to expand
New Features
- Add support for maskable icons in the PWA manifest
- Make share button support custom javascript
- Update mini_scheduler to support history filtering
- Allow embedding to ignore HTTP REFERER
Bug Fixes
- Reset watched site settings when default locale changes
- Respect unicode whitelist when suggesting username
- Correctly escape category description text
- Change focus when application resumes in android
- Include video tags and short urls in ‘have_uploads’ method.
- Include ‘short_path’ as src in each_upload_url method.
- PWA install was broken due to missing basic logo
- Cleanup DiscoursePluginRegistry state after tests that use it
- Fix options given to per-minute rate limiter
- Properly render server side plugin outlets (#8106)
- Require a min amount of reviewables before calculating thresholds
- Sensitivity did not work by default
- Remove versions from Active Record warm up (#8105)
- Ignore min_trust_to_send_messages when messaging groups (#8104)
- Proper jumpToPost with whispers/small-actions
- By default, don’t abort Google Groups crawling on error
- Split migration into two steps in developer guide (#8103)
- Only apply post hide logic to flag actions
- Google Groups crawler failed to login
- Preview up to ‘max_oneboxes_per_post’ oneboxes
- Put back the TL3 ->` TL0 spam thing
- Ignored flags should not count in your accuracy score
- Correct theme SCSS error handling
- Live reload plugin stylesheets when editing in development
- Live reload plugin stylesheets when the color scheme changes
- Do not include theme variables in plugin SCSS, and fix register_css
- Do not allow posting of category topic template without any changes
- Escape $ in translations before interpolating (#8100)
- Open drafts for PMs from Activity >` Drafts screen.
- Ensure page is reloaded correctly when a hash is present (#8096)
- Don’t show non-members as readers when the post is a whisper
- Improve protection against problematic usernames (#8097)
- Load raw hbs templates correctly from theme javascripts folder
- Explicitly specify the format when loading
/associate/{{token}}
- Add support for version query parameter in InlineUploads
- Do not escape
fancy_title
again. (#8095) - Do not show latest count in tabs on tag lists
- Rails 6 multisite migrations and plugin migrations
- Support
<img>
in code blocks when inlining uploads - Make markdown regexp patterns case insensitive.
- Do not log ‘pull_hotlinked_images’ edits in the staff action log
- Change admin dashboard sort caret icon color on hover
- Let mailgun_api_key also support their “HTTP webhook signing key” (#8091)
- Cast all numerical values in reports
- Clear authentication data from session after create account (#8040)
- User directory should not include unapproved users
- POP3 doesn’t work with TLS 1.3
- Missing translation
- Switch to full screen external login for Safari
- Inline_uploads and subfolder
- Migrate_to_s3 task and subfolder
- Errors in qunit tests when version check info is missing
- Do not show staged users avatars when expanding the read count indicator
- Display emojis in search result blurbs
- Improve Onebox detection (#8019)
- Broken spec
- Modify frozen String and profile_db_generator uses category id (#8080)
- Migrate post_edit_time_limit to tl2_post_edit_time_limit (#8082)
UX Changes
- Fix topic progress placement
- Fix alignment on topic progress bar and remove some magic numbers
- Improve composer layout in iPads
- Change composer’s edit reason link to an icon
- Use Visual Viewport API for iOS composer height
- Add class to distinguish specific moderator categories on about page
- Use medium format for displaying time in post notices. (#8074)
- Show installed version with SHA instead of number of commits
- Adjusts RTL composer presence avatar alignment
Performance
- Ensure we warm up schema cache in the entire multisite
- Avoid spinning a thread each time we close a connection
- Update readers count when a post from another user is read. Don’t fetch the post data again just to update the count. (#8078)