Discourse 2.4.0.beta6 Release Notes

New features in 2.4.0.beta6

Redesigned GitHub Oneboxes

GitHub onebox links have now been redesigned to feature the appropriate glyph indicating a PR, commit, issue, etc.

See the below links for examples:

Security Key/Webauthn Support

You can now use your Yubikey (or any other Webauthn supported security for that matter) to secure your Discourse accounts.

To configure, head on over to User Preferences, click on Manage Two Factor Authentication, enter your password, and click Register Security Key.

For more context on the spec of this feature, check out the topic below:


Even more!

But wait, there’s more! We do our best to highlight new features and changes for you, but there’s always too many changes to detail. For a full list of new features, bug fixes, UX improvements, and more, be sure to review the Additional Features and Fixes listed below.

Security Updates

This beta includes 3 security fixes for issues reported by our community and HackerOne.

  • Safely decompress backups when restoring.
  • Mini profiler enabled incorrectly for admins
  • Safely decompress files. (#8124)

Plugin improvements


  • Correctly toggle checkboxes when used with text modifiers or code blocks
  • Fix checkboxes before italic/bold sequences


  • Rename house ad routes so ad blockers don’t detect them


  • Improve performance of queries to Patreon API


  • Update user vote count when topics are trashed or restored
  • Let user know how many votes were moved


  • Fix combo box issue when searching for date in birthday selector


  • Retry later if API is not creating a new ticket

Additional Features and Fixes

Click to expand

New Features

  • Support for --fast-fail in bin/turbo_rspec
  • Load pretenders in plugins too. (#8173)
  • Display created and last_used dates for API keys
  • Add site setting to show more detailed 404 errors. (#8014)
  • Use full page redirection for all external auth methods (#8092)
  • Weighted reviewable user accuracy (#8156)
  • Inaccurate users have negative review accuracy
  • Adds an extra protection layer when decompressing files.
  • Allow UploadRecovery to be run on a single post (#8094)
  • Add topic and category context to post webhook payload (#8110)

Bug Fixes

  • Downsize_uploads script
  • Don’t fail when there’s no directory to strip
  • During concurrent emails generation renderer should not be reused
  • Order UserFields by position, by default (#8176)
  • Site user_fields sorted by position
  • Sort UserField by position for Site
  • Don’t swallow the original error when moving posts
  • Narrative Bot certificates are ERB templates (#8174)
  • Topic timeline placement on iPad
  • Existing post timings could prevent moving posts
  • Bump Compiler Version
  • Decrement posts read count when destroying post timings (#8172)
  • Remove site setting ‘shadowed-by-global’ option (#8061)
  • Do not reset original scroll position in iOS to zero
  • Downsize_uploads script to support external storage
  • Store user_accuracy_bonus to clarify explanations
  • Fix rake db:create after zeitwerk changes
  • Solution for pending migrations for bin/turbo_rspec
  • Updates discourse-ember-source gem (#8167)
  • Add mobile padding to bottom of user preferences screen
  • Check for category conflicts in SiteSetting validations (#8137)
  • Disallow negative reviewable score even if the accuracy would make it negative
  • Ensure push_url exists before making push notification API call
  • Properly downsize image on upload
  • Maxminddb:get task no longer working
  • Errors due to confusion between trustLevel and trust_level (#8149)
  • Update user vote count on topic trash/recover (#8144)
  • Correct position of topic progress in iOS when composer is visible
  • Broken rubocop by empty line in application.rb (#8148)
  • Autoload lib/ path for Sidekiq (#8147)
  • Ensures chart parent element is still present before render (#8145)
  • EmojiOne is now JoyPixels (#8142)
  • First post true if user creates topic first (#8139)
  • Show composer above DiscourseHub app nav on iPad
  • Apply Visual Viewport composer height calc in iOS only
  • Harden DistributedMutex
  • Exception with triggerRefresh and subcat listing (#8131)
  • Use migrations path for post_migrate (#8133)
  • Revert Demon::DemonBase back to Demon::Base (#8132)
  • Try to match advanced tutorial reset first (#8048)
  • Prevents trigger post read count update on non existing post (#8128)

UX Changes

  • Add glyph to “Help” button on Password Reset modal
  • Trigger primary action in modals using Enter
  • Use theme colors for GitHub issue labels
  • Better composer hyperlink modal (#8160)
  • Refactor iOS composer layout
  • Stop using fixed-width font to render github issue description
  • Reduce size of github onebox icons
  • Remove iPad keyboard user setting from iOS 13
  • Fix topic progress placement in iOS app
  • Input for name when creating a new authenticator (#8153)
  • Add “Drafts” to quick access profile tab. (#8155)
  • Restrict tall modal height to viewport %
  • Fix composer layout in Android
  • Trigger composer resize when dismissing keyboard in iPad
  • Bypass chrome autocomplete when editing admin text fields
  • Displays reads/likes in the same order that post menu buttons (#8140)
  • Full viewport composer layout on iPad


  • Avoid regex for hot path
  • Reuse renderer when rendering email templates
  • Speed up about page render time and limit category mods