Discourse 2.4.0.beta7 Release Notes

New features in 2.4.0.beta7

Admin API key improvements

The Discourse API is a powerful tool for interacting with a Discourse site. In the latest beta we’ve made a number of improvements to the API key system, improving both security and functionality.

  • Users can now create more than 1 API key, so individual keys can be revoked if compromised.
  • API keys can now include a description, letting you keep track of what each key is for.
  • Keys can be revoked, preventing them from being used, without fully deleting them.
  • Unused API keys will be deleted after 6-months without use. This is configurable via the revoke_api_keys_days site setting.

Staff welcome message

Like new users, and users that reach TL1, staff now receive a welcome message when they are granted moderator or admin access. This message welcomes the user to the staff team, tells them how to access the admin interface, and links to the Discourse Moderation Guide, a great resource for new staff members.

New site settings for default tag notification status

Admins have long been able to control which categories new users watch, track, and mute when they join the forum. Users have also been able to control which tags they watch/track/mute, but this could not be configured prior to sign up by the site. Now admins can determine which tags users track prior to signup via the new site settings:

  • default_tags_watching
  • default_tags_tracking
  • default_tags_muted
  • default_tags_watching_first_post

Update user preferences of all users when default site setting changed

Previously, when a default_ site setting was modified, it only applied to new users. Existing users were not affected by the change. Now, admins will have the option to apply the change historically, or just for new users.

New category tag setting: Require new topics to have tags from a tag group

For sites that make use of tag groups, staff can now require that all new topics within a category have at least x tags from a tag group before the topic can be created. This is a great way to keep topics organized.

An example. Say you have a category about car mods, where users share all the amazing things they do. You may create a tag group for vehicle area, which includes tags like tires, wheels, exterior, interior, and lighting. By adding this tag group to the new setting, users will be required to add at least one of these tags to the topic, helping other users see at a glance what the mod is for.


User Selectable Primary Group

We’ve added a new site setting, user selected primary groups, which when enabled allows users to select which group they’d like to be their primary group. This can be useful on sites where primary groups provide avatar flair, and users want the ability to switch which flair they display. When the site setting is enabled, users who are members of groups will see the new primary group user preferences dropdown on the account tab.


Configurable email style

Site can now customize the look and feel of their notification emails, with customer HTML and CSS. The new email customization options can be found at /admin/customize/email_style

Search for topics when inserting a hyperlink

When inserting a link in the topic composer, you can now search for existing topics directly from the hyperlink modal.



Even more!

But wait, there’s more! We do our best to highlight new features and changes for you, but there’s always too many changes to detail. For a full list of new features, bug fixes, UX improvements, and more, be sure to review the Additional Features and Fixes listed below.

Security Updates

This beta includes 1 security fix for issues reported by our community and HackerOne.

  • Check permissions when autocompleting mentions

Plugin improvements

User Notes

  • Bug fix


  • Bug fixes


  • Bug fixes


  • Add optional donation prompt
  • Bug fixes

OAuth2 Basic

  • Copy improvement

Data Explorer

  • Shareable links to reports
  • Bug fixes


  • New category setting to add “unassigned” navigation menu
  • Order assign list by reverse bump date (previous random)
  • Bug fixes


  • Bug fixes
  • Code refactor

Docker Manager

  • Dependency updates to resolve reported vulnerabilities
  • Always show link to /admin/upgrade from dashboard


  • Bug fix

RSS Polling

  • Rename from wellfed
  • Bug fixes


  • Bug fixes

No Bump

  • Bug fix

Restricted replies

  • Initial release

WP Discourse

  • Use unique transient key for DiscourseUtilities::get_discourse_categories. This function returns more data than is stored in the transient that is set for internal use by the plugin.
  • Fix incorrectly formatted header keys


  • Bug fix


  • Add support for new date-time-inputs


  • Keep history of policy acceptance
  • Bug fix

Additional Features and Fixes

Click to expand

New Features

  • Load translation overrides without JS eval
  • Add an “init” method for extra nav items
  • Allow publishing docker dev either locally or net wide
  • Fallback to image alt before filename if there’s no title in lightboxes
  • Create New Topic button on embed with params
  • Stop updating last_posted_at on users for messages and whispers
  • Allow sending bulk invites to staged users
  • Remove attachments and truncate raw field for incoming emails
  • Add SES spam header to recognised spam headers
  • Add remembering topic list for group pms
  • Wiki editors are allowed edit tags for wiki topics.
  • Include image url in topic serializer
  • Remember scroll position in private message lists
  • Remember position in private message lists
  • Experimental hidden setting for draft backups
  • Allow staff to use topic_url for customizing email template
  • Improve honeypot and challenge logic
  • Use the ‘ugc’ rel attribute alongside ‘nofollow’
  • Add short site description on login page title

Bug Fixes

  • Skip invalid URLs when checking for audio/video in search blurbs
  • Add <img> alt attribute for Summary emails
  • Tweak restorer spec to make it stableish
  • Display tags topic list correctly when none is selected for subcategories
  • Build with prettier for imports
  • Allow theme translations to be accessed in initializers
  • FilterQueryParams mutates state that is essentially global
  • Improve regex used for image sizing controls
  • On mobile setting active on navItem would not work
  • Skip composer blur event when switching apps in iOS
  • Do not update created_at date when resending invites
  • Do not consider mobile app traffic as crawler visits
  • No need to pass cache option in onebox
  • Dropbox videos were not loading
  • Ensure menu not too tall on desktop only
  • Prevents whitelisted_generic_onebox_spec to fail with zeitwerk
  • Update action should be in setting-component mixin
  • Ensures menu panel is not too tall for screen
  • TopicQuery doesn’t react well to subcategories without definitions
  • Do not add personal message link in user menu if they are disabled
  • Linting
  • Move makeArray to discourse-common
  • Missing run import
  • Do not load plugin CSS/JS assets when disabled
  • Unread topics not clearing when whisper is last post
  • Hide muted subcategories for mobile
  • Enter key on forms submits rather than refresh
  • Make notification consent banner usable via keyboard and screenreader
  • Move attachment_css_class constant out of upload-short-url for discourse-markdown-it
  • Cache Discourse.system_user separately for each multisite tenant
  • Under some conditions draft would say it was saving when not
  • Tags can be filtered on categoryId without a q param
  • Default user preferenced categories are not updating in admin site setting UI.
  • Prettier on importing mixin
  • Ensure there’s an excerpt before showing the bio
  • Correct slug validation
  • Account for empty uploads directory upon backup restore
  • Generate category url correctly when slugs are empty
  • Require q param in /tags/filter/search route
  • Don’t use ember imports in pretty text
  • Use modules for Ember.run.debounce hack in testing
  • Yet more linting fixes
  • Upserting custom fields using keywords converts the array key to a string
  • More flaky jobs_base_spec.rb
  • Flaky jobs_base_spec.rb
  • Place image scale buttons unconditionally
  • Close modals on ESC key and clicking outside
  • Correct error when sending PM to email address
  • Prefer Category.find_by_slug over Category.find_by(slug: …)
  • TopicQuery category lookup by slug
  • Respond to user search correctly when category_id is blank
  • Theme component setting was not getting updated in the UI
  • Reload plugin translations in development
  • When running the wizard and using a custom theme, fallback to the color_scheme name if the base_scheme_id is nil
  • Allow storage of non unique rows in oauth2_user_infos
  • Update rack-mini-profiler
  • Hide muted subcategories
  • Handle nil case for avatar, just in case
  • Allow avatar downloads to follow redirects
  • Broken certificates
  • Failing build with prettier
  • Show poll voters in Oneboxed posts.
  • Check for presence of liked post before creating notification
  • Rubocop rule on restorer spec
  • Restore for non-multisite is not raising an error on reconnect step
  • Backwards compatibility for uncompiled email style css
  • Do not load group members when user can’t see it.
  • Should not disable topic inputs while creating new topic.
  • Wizard tests were broken with new loader
  • Sortable controller var conflict
  • Fixed testsuite
  • Correct path to ImportExport module
  • Reconnect in restore process connects to correct DB
  • Notifications are missing under certain conditions
  • Respect tl3 links no follow setting
  • Return blank avatar when downloading an avatar is not possible due to file size
  • Exclude image_url from web_hook_topic_view_serializer
  • Prevent null-byte searches causing 500 error
  • Follow redirect returns url if response code is 200
  • Do not resize xkcd image
  • Include user id in notification webhook
  • Load user model when some attributes are missing.
  • Make category updates slug validation idempotent
  • Reload only notifications when refreshing notification count
  • Zeitwerk-related fixes for jobs.
  • Rate limit and hijack certificate generation.
  • Add common HTML5 media extensions to onebox audio and video tags
  • Correct mention autocomplete in new topics in unsecured categories
  • ‘only_hidden_tags_changed?’ method returned ‘true’ even when tags are not changed.
  • Id is always true since it’s been to_i’d
  • D-button should default type to button
  • Fixes plugin generator with zeitwerk
  • Various fixes to draft system
  • Update Redis gem to version 4.1.3
  • Polyfills forEach support on NodeList for IE11
  • Handle encoded slugs for subcategories
  • Do not truncate encoded slugs
  • Display site text overrides for non ‘_MF’ keys
  • Transform pluralized keys to .other, to check valid interpolation
  • Update Redis gem to version 4.1.3
  • Get rid of redis freedom patch
  • More encoded slug fixes
  • Do not encode the URL twice
  • More places do deal with encoded slugs
  • Handle the nil slug on /categories
  • Account for nil when looking up subcategories
  • Correct topic timeline position calculation
  • Tag cannot be used if it belongs to two tag groups with parent tag
  • Use the quote generator in the example text
  • Do not send notification to empty push_url
  • Do not make notification API call if push_url is blank
  • Add migrations to fix index on category slugs
  • Prevents trash button to get focus when submiting input on profile
  • Respect private_email setting for user invited notification email
  • Include topic link when inviting existing users to a topic/PM
  • Correct line count link in GitHub commit onebox
  • Public_file_server.enabled is false in test
  • Add unique index to prevent duplicate slugs for categories
  • Category.find_by_slug
  • Do not unpin reply box in iOS when selecting Emoji
  • Remove hiredis gem which is no longer needed
  • Subcategory permissions validation
  • Validation of category tree depth
  • Move notification level only when user posted
  • Zeitwerk-related fixes for jobs.
  • Ensure that scheduled jobs are loaded.
  • ‘local_cdn_url’ method should work for local relative urls too.
  • Allow themes to upload and serve js files
  • Use upload’s cdn url in composer preview if available.
  • Allow change password with TOTP
  • Allows scrolling of search menu panel when showing more results
  • Remove another broken test
  • This emoji test was broken too
  • Flaky tests
  • Accurate sub_total calculation for reviewable_scores
  • Properly encoded slugs when configured to
  • Ensure we remove tempfiles from disk when creating an upload
  • Show a correct diff when editing consecutive paragraphs
  • Prevent from creation of duplicated TopicAllowedUsers
  • Minor Github onebox layout issues
  • Mobile adjustments for reviewable list

UX Changes

  • Tag input suggests required tags if none have been selected
  • Show user email address on “grant admin access” email and UI
  • Widen tag group name input field and add placeholder text
  • Convert alert & modal close to buttons for improved accessibility
  • Applies correct background to <select> on dark themes
  • Improve quoting on iOS
  • Fixes regression with iOS composer
  • Update disabled dropdowns style w/ color variables
  • Standardize tag display in search menu results
  • Dashboard links to git commits list instead of git comparison
  • Make group membership UI clearer
  • Emphasizes on local-dates being UTC in excerpts
  • Ensure GitHub onebox info does not wrap unnecessarily
  • Improve new GitHub onebox rendering in emails
  • Add newline after closing poll tag for poll builder
  • Wrap digest email footer in a table for better alignment options
  • Include metadata in composer link modal search results
  • Add CSS classes to digest email template to allow for easier styling


  • Add a filtered index for banners
  • Add index to notifications to speed up moving of posts
  • Stop destroying drafts on client when posting replies
  • Run expensive clean up uploads less frequently
  • Cache new users counts in summary emails
  • Add index on group to category_groups
  • Add unique index oauth2_user_infos(user_id, provider)
  • Faster moving of read state