Discourse 2.4.0.beta5 Release Notes

Announcements
2

Even more!

But wait, there’s more! We do our best to highlight new features and changes for you, but there’s always too many changes to detail. For a full list of new features, bug fixes, UX improvements, and more, be sure to review the Additional Features and Fixes listed below.

Security Updates

This beta includes 4 security fixes for issues reported by our community and HackerOne.

  • Update rubyzip dependency
  • Update rack-mini-profiler to latest to correct XSS
  • Don’t allow base_uri as embeddable host if none exist
  • XSS when oneboxing user profile location field

Plugin improvements

discourse-calendar

  • Add new EnsureConsistency scheduled job
  • Add combo box label when no user timezone set

discourse-akismet

  • Clean up posts and reviewables when deleting an Askismet-flagged user
  • Set button styles using new button_class API

discourse-chat-integration

  • Support for slack custom username
  • Allow slash commands to set rules in private groups

discourse-assign

  • Add support for unicode usernames
  • Quick access panel for assignments
  • Add endpoint to list all assignments by user

discourse-logster-transporter

  • Don’t compare secret keys using string equality

discourse-policy

  • support consistent policy renewal dates
  • migration was not account for new has policy field
  • when checking policy acceptance, looking at wrong date

discourse-adplugin

  • AdButler support

discourse-github

  • Match users to commits made from noreply emails

discourse-data-explorer

  • Allow groups to access queries
  • ability to import an exported query

discourse-bbcode

  • limit allowed font-size values

Additional Features and Fixes

Click to expand

New Features

  • Add support for maskable icons in the PWA manifest
  • Make share button support custom javascript
  • Update mini_scheduler to support history filtering
  • Allow embedding to ignore HTTP REFERER

Bug Fixes

  • Reset watched site settings when default locale changes
  • Respect unicode whitelist when suggesting username
  • Correctly escape category description text
  • Change focus when application resumes in android
  • Include video tags and short urls in ‘have_uploads’ method.
  • Include ‘short_path’ as src in each_upload_url method.
  • PWA install was broken due to missing basic logo
  • Cleanup DiscoursePluginRegistry state after tests that use it
  • Fix options given to per-minute rate limiter
  • Properly render server side plugin outlets (#8106)
  • Require a min amount of reviewables before calculating thresholds
  • Sensitivity did not work by default
  • Remove versions from Active Record warm up (#8105)
  • Ignore min_trust_to_send_messages when messaging groups (#8104)
  • Proper jumpToPost with whispers/small-actions
  • By default, don’t abort Google Groups crawling on error
  • Split migration into two steps in developer guide (#8103)
  • Only apply post hide logic to flag actions
  • Google Groups crawler failed to login
  • Preview up to ‘max_oneboxes_per_post’ oneboxes
  • Put back the TL3 ->` TL0 spam thing
  • Ignored flags should not count in your accuracy score
  • Correct theme SCSS error handling
  • Live reload plugin stylesheets when editing in development
  • Live reload plugin stylesheets when the color scheme changes
  • Do not include theme variables in plugin SCSS, and fix register_css
  • Do not allow posting of category topic template without any changes
  • Escape $ in translations before interpolating (#8100)
  • Open drafts for PMs from Activity >` Drafts screen.
  • Ensure page is reloaded correctly when a hash is present (#8096)
  • Don’t show non-members as readers when the post is a whisper
  • Improve protection against problematic usernames (#8097)
  • Load raw hbs templates correctly from theme javascripts folder
  • Explicitly specify the format when loading /associate/{{token}}
  • Add support for version query parameter in InlineUploads
  • Do not escape fancy_title again. (#8095)
  • Do not show latest count in tabs on tag lists
  • Rails 6 multisite migrations and plugin migrations
  • Support <img> in code blocks when inlining uploads
  • Make markdown regexp patterns case insensitive.
  • Do not log ‘pull_hotlinked_images’ edits in the staff action log
  • Change admin dashboard sort caret icon color on hover
  • Let mailgun_api_key also support their “HTTP webhook signing key” (#8091)
  • Cast all numerical values in reports
  • Clear authentication data from session after create account (#8040)
  • User directory should not include unapproved users
  • POP3 doesn’t work with TLS 1.3
  • Missing translation
  • Switch to full screen external login for Safari
  • Inline_uploads and subfolder
  • Migrate_to_s3 task and subfolder
  • Errors in qunit tests when version check info is missing
  • Do not show staged users avatars when expanding the read count indicator
  • Display emojis in search result blurbs
  • Improve Onebox detection (#8019)
  • Broken spec
  • Modify frozen String and profile_db_generator uses category id (#8080)
  • Migrate post_edit_time_limit to tl2_post_edit_time_limit (#8082)

UX Changes

  • Fix topic progress placement
  • Fix alignment on topic progress bar and remove some magic numbers
  • Improve composer layout in iPads
  • Change composer’s edit reason link to an icon
  • Use Visual Viewport API for iOS composer height
  • Add class to distinguish specific moderator categories on about page
  • Use medium format for displaying time in post notices. (#8074)
  • Show installed version with SHA instead of number of commits
  • Adjusts RTL composer presence avatar alignment

Performance

  • Ensure we warm up schema cache in the entire multisite
  • Avoid spinning a thread each time we close a connection
  • Update readers count when a post from another user is read. Don’t fetch the post data again just to update the count. (#8078)
24 Likes