Discourse 2.6.0.beta2 Release Notes

New features in 2.6.0.beta2

:warning: Upgrade takes longer than usual

Due to improvements made to search performance, this update will take longer than typical updates to install. This will impact both web updates via Docker Manager and rebuilds via SSH.

default_categories_regular site setting

Out of the box, Discourse shows all categories to all users (with respect for category security settings). Some sites prefer the opposite - don’t show categories to users unless they’ve opted in. To make it easier for admins using the mute all categories by default site setting, they can add categories to the new default_categories_regular setting so they’re visible to users by default.

Let experienced users skip “new to Discourse” features

Are you a Discourse power user? Do you have more “first like” badges than you know what to do with? Tired of thinking someone replied to you when all you got was yet another badge notification? Now you can disable the new user discobot tutorial, and the “new to Discourse” badges on first login.
image

Existing users can disable this via the Skip new user onboarding tips and badges user preference on the Interface page.

Improved Dark Mode support

Prefer seeing white text on a black background? Tired of having to enable a dark color scheme on every Discourse site you visit manually? Discourse now support automatic dark mode. Discourse will detect your system preference, and automatically select a light or dark color scheme as needed.

Admins can enable this feature by selecting the dark mode color scheme with the default_dark_mode_color_scheme_id site setting. Admins may also wish to add separate logos for dark color scheme users via the logo_dark, logo_small_dark, and mobile_logo_dark site settings.

If you have a custom theme, you might need to update the theme to use CSS custom properties for the colors. Without that, the theme might not be compatible with automatic dark mode switching.

IMAP support for group inboxes

Category moderator improvements

Category moderators are now even more powerful. In addition to the original support for viewing topics in the review queue for a category, category moderators can now mark topics as solved, close topics, archive topics, move posts between topics, edit the category description, and add staff notices. Category moderators also received a shield icon on posts within their categories, and they have a CSS class on their posts for sites that wish to further customize the style.

New quote sharing widget

Site admins can enable additional options when quoting for users to share the quote externally.

Limit who can send you PMs

Prefer to only receive PMs from a select few users? You can now specify which users can send you PMs via the Only allow specific users to send me personal messages user preference on the Users page. Only users on the list (admins and moderators can always send users PMs) will be able to send PMs to you.

image

If you prefer not to receive any PMs (staff exempted), disable the Allow other users to send me personal messages user preference on the Notifications page.

API Key scopes

API keys now support optional scopes, limiting use of an API key to only certain endpoints. API keys can be further restricted to specific topics or categories as well. Additional scopes are planned in the future, and plugins can also add new scopes too.

Existing API keys will automatically be converted to a global key. As global api keys can do anything on the site an admin can do, we strongly recommend creating new limited scope API keys whenever possible. Have an API key you use that doesn’t work with an existing scope? Be sure to let us know here on Meta in the #feature category.

New Translation Platform - Crowdin

We’ve made the switch from Transifex to Crowdin for our localization platform. For more details on the reasoning behind the change, see Switching from Transifex to Crowdin. For details on translating Discourse, see Contribute a translation to Discourse.

Removal of outdated, racist terms from Discourse.

To quote Mahatma Gandhi:

Your beliefs become your thoughts,
Your thoughts become your words,
Your words become your actions,
Your actions become your habits,
Your habits become your values,
Your values become your destiny

Here at Discourse we believe in creating open, inclusive software that everyone feels comfortable using. Like many others in the tech industry, we’ve been working to remove language from our product that is not open and inclusive. Even if our usage of such language is not intended to be racist, such language has negative historical context that we do not wish to maintain. Thoughts become words, words become actions. These are not the actions we want. As such, throughout Discourse we’ve removed use of the terms master & slave, whitelist & blacklist, and similar. You’ll now see primary & replica, allow list & block/deny list, etc.

Even more!

But wait, there’s more! 2.6.0.beta2 is an unusually large release, with far more changes than typical. We do our best to highlight new features and changes for you, but there’s always too many changes to detail. For a full list of new features, bug fixes, UX improvements, and more, be sure to review the Additional Features and Fixes listed below.

37 Likes

Security Updates

This beta includes 3 security fixes for issues reported by our community and HackerOne.

  • 413 for GET, HEAD or DELETE requests with payload.
  • Bound the amount of work that embed#topics can do
  • Add content-disposition: attachment for SVG uploads

Plugin improvements

Many plugins

  • Bug fix
    • We’ve patched numerous bugs in many of our plugins

Code Review

  • Custom theme for code review categories

Graphviz

  • Upgrade to version 2.44 from 2.40

Knowledge Explorer

  • Add keyboard shortcut
  • Move route to /docs

Akismet

  • Add a task to cleanup the database before uninstalling

Checklist

  • Remove support for checkboxes other than [ ], [x], and [X]

Docker Manager

  • Add plugin compatibility check support

Encrypt

  • Add setting to auto-enable encryption
  • Decrypt notification titles before rendering

Translator

  • Security Fix

Data Explorer

  • Add support for soft deleting (hiding) queries

Chat Integration

  • Add Microsoft Teams support

Subscriptions

  • Plugin made official
  • Allow one-time purchases of products
  • Support 3D Secure payments
  • New UX style
  • Cancel payments at the end of subscription, not immediately
  • Show renewal date on active subscriptions

Assign

  • New Assignment Summary page for groups

Calender

  • Additional events functionality and improvements

Additional Features and Fixes

Click to expand

New Features

  • Ensure posts are rebaked when missing is fixed
  • Autoplay oneboxed twitter GIF media
  • Allow group membership to unmute categories and tags
  • Don’t notify about changed tags for a private message
  • Introduce tasks for dealing with legacy broken uploads
  • Group category permissions tab
  • Block vibration in Firefox Android
  • Use PG ts_headline for highlighting topic title in search.
  • Add advanced order to search
  • Notification for vote plugin
  • Set notification levels when added to a group
  • Poll breakdown 2.0
  • Add category_id to TopicViewWordpressSerializer
  • New plugin outlet for category-heading
  • Invite emails to groups from add member modal
  • Add expandable muted categories ui to /categories page.
  • Show login button on error page if user is not logged in
  • G,j and g,k to navigate to next and prev topic
  • Allow picture HTML element in posts
  • Allows to display charts by day/week/month
  • Allow the specification of an arbitrary unicorn listen address
  • Support converting HEIF images to JPEG
  • Add tracked filter to topic lists
  • Submit post from mobile composer preview
  • Add query params to staff action logs
  • Add support for top filter in tag page.
  • Add “delete on owner reply” bookmark functionality
  • Trigger user_updated event if email changed.
  • Improve header meta alignment and truncation with css grid
  • Load hidden posts in segments
  • Allow video tag attributes for video gifs
  • Add search to user bookmark list
  • Add global rate limit for anon searches
  • Parse images in email signatures
  • Add “smallest” option to user text size preferences
  • Add reply_as_new_group_message composer action
  • Create SQL-only backup if there are no uploads
  • Optionally skip the create account popup for external auth
  • Sso_overrides_(email|username|name) for all auth methods
  • Trigger user_updated event if username is changed.
  • Site setting to always show category definitions
  • Allow disabling of extra term injection in search

Bug Fixes

  • user_option option can be nil for new users.
  • User titles from translated badge names were automatically revoked
  • SiteSettings::LocalProcessProvider didn’t work on multisite
  • Default_tags_muted setting should work for anonymous users too.
  • Sending a PM through a flag on a deleted post
  • Error message when setting enforce 2fa with social logins
  • Delete unused tags shouldn’t delete tags belonging to tag groups
  • Unlike own posts on ownership transfer
  • Polls can be quoted and loaded
  • Do not cancel search early in tests
  • Display label when theme uses default color scheme
  • Do not override logo markup when loading page in dark mode
  • Fix css var issues
  • Makes group_show_serializer#is_group_owner follow standards
  • Always wait for promise when loading a topic
  • More efficient and resilient widget-dropdown body
  • Add bookmark-list component
  • Composer upload icon regression because of HEIC
  • When destroying uploads clear card and profile background
  • Add playsinline to twitter GIFs
  • Allow safari to load and autoplay videos in posts
  • Refactor broke wizard
  • Skip rendering twitter video if matching format not found
  • Broken when iconList missing
  • Replace iframe with <video> for twitter videos
  • Clicking on category autocomplete row
  • Prevents errors on /tags when a tag constructor exists
  • This leaves an empty example group in TRAVIS mode
  • Ensure auto close notice is posted with system locale
  • Mobile group add dropdown was broken
  • Defer topic was broken
  • application controller is not used by the card
  • DEV: Introduce @bind decorator
  • A paste event listener was re-added instead of being removed
  • Add script asset locations to worker-src CSP directives
  • Generate_topic_thumbnails job infinitely running for corrupted images
  • Update preview when autocomplete is clicked
  • Prevent LockOn conflicts
  • Move queryParams to each discovery controller rather than shared
  • Refreshing was not working
  • Preserve anchors in permalink transitions
  • Remove other category which is not used
  • Improved specs to ensure that revise was succesful
  • Generate topic excerpt when moving posts to new topic.
  • Make sure user preference to open external links in new tab works for bookmark list excerpts
  • Do not require tagging to be enabled for IMAP archive and delete
  • Allow plugin pinning to fetch missing commits
  • AWS S3 errors don’t necessarily include a message
  • Change the controller method name to match its new name.
  • Heisentest with topic timings
  • Allow mods to choose restricted categories as parent category.
  • Color scheme selection with non-default theme
  • Expose PG headline highlighting for all search results.
  • Limit PG headline based search blurb generation to 200 characters.
  • Try to make topic_tracking_state_spec stable
  • IOS/iPadOS freezing when changing notification level in topic footer
  • Use correct site setting when uploading images
  • Invalidate cache when updating color scheme colors
  • Ensure load more directory items has a .json url
  • Return 422 when creating topics with tags w/out permission
  • Include secure media URLs when linking post uploads
  • Update colors for presence plugin
  • Smaller header font size for published page
  • Include both name and id in color scheme stylesheet filename slugs
  • Sync reviewable count when opening the hamburger menu
  • Removes persistedQueryParams as it should work out of the box
  • Specify config when generating tsquery using ts_headline.
  • PM participants list refreshing after inviting
  • Missing bottom border in select-kit color list settings
  • User preferences tests didn’t always have pretender called
  • Stop sync of tracking state when list is filtered
  • Only raise proper "error" messages
  • Pretender errors were being swallowed
  • Raise errors for broken pretender responses in test mode
  • Replace fullPath while rewriting the /my/ URLs.
  • Ensures shadow has last_posted_at before comparing to site setting
  • Attempt to output a useful error message
  • Shows all_results if current settings category has no results
  • Disable concurrent migration for multisite:migrate.
  • Don’t run seeds if multisite migration fails.
  • Excerpts larger than 999 are not supported
  • Topic map was incorrectly counting assign actions
  • Show “group members forbidden” message on mobile
  • Rewrite of /my/URL should work on sub directory site too.
  • Allows to change a user group notification level
  • Previous fix comitted the wrong thing and was broken :frowning:
  • Exclude shared drafts from digests
  • Current value of flair icon missing in group manage UI
  • Load base color scheme when default theme is not set
  • Check if selectable avatar with SHA1
  • IMAP archive fix and group list mailbox code unification
  • Discobot inappropriate flag section
  • Bug with sharing when used outside a topic
  • Get correct selectable avatar from URL
  • Exclude DELETE methods from invalid request with payload.
  • Reset max_posts query parameter
  • Respect query params for latest.rss
  • Set mailing_list_mode to false when unsubscribing from all
  • IMAP sync email update uniqueness across groups and minor improvements
  • Removes an error in the console in test mode
  • Should allow non-ASCII slugs for category pages.
  • Reset ‘filter’ query parameter when clicking on a nav-item
  • Keep category name in URL when filtering
  • Allow ‘c’ as a tag
  • Define s3_helper in EnsureS3UploadsExistence job
  • Rename delete_when_reminder_sent? bookmark method to avoid conflict with AR
  • Add protection when removing auto delete on post bookmarks
  • Ensure topic user bookmarked synced on bookmark auto-delete
  • Allow playsinline for videos in posts
  • Ensure correct locale is set during RenderEmpty responses
  • Reduces charts height
  • Prevents group show serializer to override basic group serializer
  • Computed property deprecation
  • Page:changed was sometimes reporting the wrong URL
  • Add back group redirects
  • Bump onebox to 2.0.1 for engine priority fix
  • Cooked snippet of raw in Topic.similar_to.
  • Handle case where Post#raw is blank in Topic.similar_to.
  • Improve Topic.similar_to with better Topic#title matches.
  • Improve allowed_path column migration
  • Resolve issue where deleted spam topics marked as Not Spam were not being recovered
  • Avoid validation error when deleting users with locked trust level
  • Uses topic title for published page head title
  • Reduce number of terms injected for host lexeme.
  • Improve regexp for matching version lexeme.
  • Don’t inject extra terms for version lexeme.
  • Add a translation for reaction notification
  • Reserve id for reaction notifications
  • Use allowlist and blocklist terminology
  • Tests that used the olds paths
  • Uploads was not testing properly
  • Pass siteSettings through in more places
  • Add enable_email_sync_demon global variable and disable EmailSync demon by default
  • Add strip_secure_urls method to GroupSmtpMailer
  • Do not show Email tab for group settings unless IMAP + SMTP enabled
  • Tests for reindex_search_spec pass regardless of seed
  • Display correct status on unsubscribe page
  • Move consts and translations for bookmark auto delete prefs
  • Restore navigation-bar on tag topic list
  • Include resolved locale in anonymous cache key
  • Make set_locale an around_action to avoid leaking between requests
  • Improve email styling of code blocks
  • Remove iOS trick to prevent scrolling when focusing on input
  • Reviews that are auto-hidden by a trusted spam flagger should always have enough weight.
  • Remove the border from YT thumbnail placeholder
  • Apply video preview trick for Safari to stream only
  • Add system fonts to wizard
  • Allow user to recover/delete post if they can review the topic
  • Typo in NotificationsController#index not caught by tests.
  • Ignore removed delete_when_reminder_sent bookmarks column
  • Stop double prepending of window.location.origin on media URLs
  • Test for fillGapBefore
  • Remove username_lower from admin serializer
  • Keep by_users check in S3 inventory
  • Delete synonyms in topics if target tag is already added.
  • Improve S3 inventory logic
  • Undefined method on nil class error in forking servers.
  • Gives emojis a width/height to prevent lazy loading warning
  • Handle PG readonly mode in Auth::DefaultCurrentUserProvider.
  • Don’t raise error when adding to cache fails in readonly mode.
  • Trigger before upload event after saving and before uploading it, so we are sure that the upload is valid.
  • Users should be able to delete their own queued posts
  • Focus tests are unreliable in qunit
  • Our test build of highlight.js was broken
  • Raw jQuery usage in tests
  • deleted is a computed property of Topic
  • Report was overwriting a CP
  • category-drop tests were broken and overwriting CPs
  • Overwritten computed properties
  • Missing favicon in test
  • Listing topics with muted mixed-case tags
  • Missing application backtrace in chained loggers."
  • Incorrectly rescuing from PG::ServerError.
  • Correct stream counter when load more posts
  • Fewer broken image paths in tests
  • Don’t use prototype extensions like .observes
  • Tests involving dates were logging warnings
  • passwordRequired is a computed property
  • Poll tests were overwriting a couple of computed properties
  • More 404 image requests in test
  • Error in test mode with missing topic
  • Don’t load images that don’t exist in test
  • Tooltip is no longer used
  • Discourse.Site is deprecated
  • Show background images for both slug formats
  • Missing title when inserting hyperlinks
  • Bookmark search fixes
  • Reindex posts when Topic#title or Category#name changes.
  • Add topic title back to choose-topic
  • Update meh-o icon to far-meh
  • Be sure to use same units when comparing thumbnail size
  • Fewer 404s in JS tests
  • More errors being logged in tests
  • Deprecation usernames is now recipients
  • Remove more computed properties being set
  • Deprecation - usernames is now recipients
  • Overwriting more computed properties
  • Remove computed property setting from hamburger test
  • Don’t use jQuery directly in a test
  • Setting computed properties in tests
  • Removal of i18nPrefix deprecations
  • Remove user_deleted when staff recovers post
  • : trigger user_updated event only if email changed after user creation.
  • in:title search should only search through topic first posts.
  • Search page bulk-select button position
  • Count new and unread respects muted categories
  • Prevent thumbnail gen if image too large
  • Apply video preview workaround to iOS
  • Regression in secure URL generation, followup to 36bad0c
  • Preload metadata for audio/video when secure media enabled
  • Trick Safari into loading video previews
  • Off-by-one-slash error in topic.notifications.reasons
  • Add noindex header to user summary page.
  • Don’t overwrite maxlength computed property
  • loaded is a CP and can’t be overwritten
  • Silence route-recognizer source map errors in development mode
  • Silence ember-qunit source map warning
  • Add popper sourcemap
  • Properly load ember source map in development mode
  • Can’t set url on topics, it is calculated from slugs
  • Error with currentCategory
  • FilterPlaceholder is a computed property
  • topic.details is not a plain JS Object
  • Allow highlightjs-worker to be compiled successfully
  • Ignore document length in search when ranking by relevance.
  • Prevent redirect when image scale btn is inside a link.
  • Search by relevance may return incorrect post number.
  • Add protection just in case topic is not set
  • Correct user profile URLs in /about crawler view
  • Strip query from URLs when indexing for search.
  • Inject extra lexemes for host lexeme.
  • Search for whole URLs wasn’t working.
  • Improvements for vanilla bulk import
  • Ensure that aggregating search shows the post with the higest rank.
  • Various improvements to bookmark modal UI
  • Incorrect search blurb when advanced search filters are used take2
  • Get only the correct collapse title in emails
  • Don’t strip noopener from oneboxes
  • Don’t award new user of the month in the wrong month
  • Remove social sharing icons from private contexts
  • Check if last poster exists before using it
  • Set the lang/xml:lang html attrs in emails
  • Skip whisper posts when updating topic like count
  • Slightly reduce fake delay of discobot user.
  • Last visit bar regression
  • Allow signup when auth provider supplies no email
  • Replace links to removed uploads from reviewables with a placeholder
  • Do not display enabled inputs when username/name are locked
  • Sync client and server side behavior for category hashtag lookup
  • Post menu bookmark icon and attributes not refreshing on notification click
  • Migrate topic_users.bookmarked to false when it is incorrectly true
  • Test output related to Discourse::VERSION
  • Flaky test
  • Flaky tests
  • Incorrect fix for invites breaking when no group is selected
  • Invites when no group is selected
  • Catch all kinds of exceptions when processing email
  • Short URL resolution in cook-text
  • Force ActiveRecord reading role if Redis is down take 2.
  • Force ActiveRecord reading role if Redis is down.
  • Do not send system emails to suspended users
  • getURL deprecation
  • ‘resend all invite’ button was not working as expected
  • Cap bookmark name at 100 chars and truncate existing names
  • Stop updating bookmarked column from TopicUser.update_post_action_cache
  • Incorrect search blurb when advanced search filters are used.
  • Disable security keys at same time as TOTP 2FA
  • Only offer disabling 2FA to admins
  • Bookmarks shortcut goes to new bookmarks with reminders
  • Do not highlight large code blocks
  • Set default value for poll result field
  • Redirect user to the URL with the correct category slug
  • Ensures category order keeps consistent
  • Add table CSS rules to normalize
  • Fix race condition when resolving tag and category hashtags
  • Improve category hashtag lookup
  • Improve category hashtag lookup
  • Sub-sub-categories can be mentioned using only two levels
  • Remove support for three-level hashtags
  • Set default value for poll result field
  • Generate Topic Thumbnails nil to Array error
  • Handle the case where upload goes missing during downsizing
  • Do not rerender widget-dropdown on all clicks
  • CookText may be gone before promise resolves
  • OptimizedImage#filesize
  • Make Email::Styles operate on html documents instead of fragments
  • Ensures seconds are displayed when used with dates
  • Update normalize css from 3.0.1 to 8.0.1
  • Skip hidden posts while generating canonical url.
  • Uploading an existing image as a site setting
  • Uploading an image as a site setting
  • Emoji autocomplete not triggering correctly
  • Increase time of DOWNLOAD_URL_EXPIRES_AFTER_SECONDS to 5 minutes
  • Negative limit values shouldn’t cause error 500
  • Filter read/unread notifications on the server side
  • Delete related search data when record has been deleted.
  • Return cdn url for uploads if available.
  • Support root paths that omit the trailing slash and have QPs
  • Search was not multisite aware
  • Hide publish_read_state option from non-admin users
  • Sometimes not all output of psql was logged during restores
  • Emoji_autocomplete_min_chars failing when not 0
  • Update theme fields when updating from ThemesInstallTask
  • Uploads cannot be mapped due to the cook-text’s element attr being null
  • Identify slug-less topic urls everywhere
  • Correct version comparison logic when comparing stable to beta
  • Serialize an empty array if no suggested topics exist
  • Seed needs to run before optimizing site icons.
  • Published-page-header should be a sibling to published-page-body not a parent
  • Broken specs
  • Remove paths from robots.txt in favor of noindex header
  • Match discobot triggers on cooked version
  • Invalid urls should not break store.has_been_uploaded?
  • Avoid marking notifications as seen in readonly mode.

UX Changes

  • Better wording when there are no unused tags to delete
  • Help users understand the meaning of each scope.
  • Use the same formatting for both user and group card bios
  • Preload muted categories list to prevent rendering delay.
  • Ensures search results wrap on mobile
  • Set silence_reason using the system locale
  • Update header background color in mobile app webview
  • Ensure CSS vars are loaded in the Wizard stylesheet
  • Refactor pikaday month prev/next button styling
  • Refactor lightbox hover drop shadow
  • Uniform focus styles for composer inputs/textarea
  • Allows to navigate widget dropdown with tab and enter
  • Fix spacing of composer preview on mobile
  • Shrink composer consistently when pressing Done in iOS
  • Improve alignment and consistency on full page search
  • Fix quote sharing button spacing
  • Better error message if moderator is not allowed to invite to group
  • Do not show invite to group option if mod is not owner of any group
  • Fix missing icon when merging selected posts
  • Use group-chooser in invite modal
  • Fix layout for long bookmark notes
  • Simplifies editing email templates by always having a default
  • Add link to user email preferences in admin view
  • Remove extra space added by img resize controls in composer preview
  • Restore table borders
  • Hide login button during externally authenticated account creation
  • Suppress “in reply to” section in emails by default
  • Truncate long badge names in the mobile usercard
  • Add Login button on 403 error page if user is not logged in

Performance

  • Drop index idx_regular_post_search_data concurrently
  • Drop idx_regular_post_search_data during migration
  • Improve performance of post_search_data migration
  • Ensure transaction is of minimal size
  • Add partial index for non-pm search.
  • Prefer joins over subquery for User#private_posts_for_user.
  • Remove extra subquery in search.
  • Switch to ActiveRecord’s upsert in SearchIndexer.
  • Faster TL3 promotion replies needed calculation
  • I improved the performance of the ‘notify_reviewable’ job by doing only 1 query
  • Limit characters used to generate headline for search blurb.
  • Use PG headlines for blurb generation and highlighting for search.
  • Replace video and audio links in search blurb while indexing.
  • Optimize ActionView::Helpers::TextHelper#excerpt.
  • Release post_upload records when downloaded image is removed
  • Move URI regexp in GroupSearchResults.blurb_for into constant
  • Remove one extra call to Redis when searching.
  • Preload S3 inventory data for multisite clusters
  • Avoid parsing Post#cooked with Nokogiri for every search.
  • Combine avatar_lookup and primary_group_lookup into user_lookup
  • Reduce size of search payload by removing unused topic attributes.
  • Move highlightjs to a background worker, and add result cache
  • Topic_view participant post count: don’t send back ID list
  • Cache user summary data
  • Add user_id condition so we can use another index in the query
  • Load topic bookmarks for the user in user_post_bookmarks
  • Remove post_upload recovery in daily EnsureS3UploadsExistence job
  • Do not include thumbnail information in default topic list payload
  • Use post number to create canoncial path in mega topics.
  • Only update etag when it changes
  • Refactor lightbox decorator to use querySelectorAll
  • Check for modal visibility in a more efficient way
  • Exclude image_url and thumbnails from SearchTopicListItemSerializer.
  • Cache all metadata for 60 seconds
  • Memoize cooked triggers
  • Stop adding more topics to search when not needed
25 Likes