Discourse 2.6.0.beta3 Release Notes

New features in 2.6.0.beta3

Review posts with media

Discourse provides many options for site staff to review content posted. Out of the box, users can post without going through any pre-review by staff. Options exist to require approval for a user’s first X posts, all content by users who have not reached a defined trust level, new topics by users who have not reached a defined trust level, new topics and/or posts within specific categories, and more.

New in beta3 is the review media unless trust level site setting. Sites can now be configured such that all topics/posts containing embedded media must be reviewed by staff prior to being posted.

Differentiate between group and individual mentions

Previously, individual mentions and group mentions did not have a visual distinction. Both used the @ symbol. The mention type could be seen on mouseover, but this doesn’t work on touch devices, and is not readily apparent.

To help visually differentiate the two notifications, we now use a different icon for group notifications.

It now looks like this:


We use the Users icon, the name of the user who created the mention, as well the group that was mentioned.

For comparison, a regular mention looks like this.


Allow secure media images in emails by default

For sites with Secure Media Uploads, uploads are redacted from emails.

Discourse now supports, by default, allowing images to be included in emails if they don’t exceed a defined size. Admins can control this via the secure media allow embed images in emails and secure media max email embed image size kb site setting.

Allow admins to delete SSO records in the UI

Sometimes SSO records on Discourse become out of sync with the authentication provider. Most commonly, this is due to users changing emails in one system but not the other. To provide sites with better tooling for resolving SSO conflicts, admins can now delete a user’s SSO record, which causes the user to be matched via email on the next login, instead of on the SSO external_id.

User topic timers replaced with bookmark reminders

User topic timers allowed staff users to set timers to remind them to go back to a topic. With the introduction of bookmark reminders back in 2.5.0.beta3, all users can now set reminders.

As such, user topic timers have been removed, as their functionality is fully superseded by bookmarks. Any existing user topic timers have been automatically converted to bookmark reminders on the first post of the topic, with the following rules:

  • If there is no bookmark for the first post of the topic, create a bookmark with a reminder
  • If there is a bookmark for the first post of the topic and it does not have a reminder set, then
    update it with the topic timer reminder
  • If there is a bookmark for the OP of the topic with a reminder then discard the topic timer

User selectable color palettes

Following up the improved dark mode support in beta2, sites can now set color palettes to be user selectable, just like themes. This means sites no longer need to configure 2 themes to offer 2 colors - they can instead install 1 theme and add user selectable color palettes.

More data in the user export

Users have long been able to download all the topics and posts they’ve created on the site via their preferences. This download now includes additional user data, including badges, visits, bookmarks, and more.

Easier font control

Sites can now customize the base font via the wizard and site settings.


Even more!

But wait, there’s more! We do our best to highlight new features and changes for you, but there’s always too many changes to detail. For a full list of new features, bug fixes, UX improvements, and more, be sure to review the Additional Features and Fixes listed below.

Security Updates

This beta includes 6 security fixes for issues reported by our community and HackerOne.

  • __ws shouldn’t be able to override every domain in multisite
  • Return error on oversized images
  • Mod should not see group_users and second_factor_enabled.
  • Remove indication that a group exists if user can’t see it.
  • Don’t allow moderators to list PMs of all groups.
  • Don’t allow moderators to view the admins inbox

Plugin improvements

Many plugins

  • Bug fix
    • We’ve patched numerous bugs in many of our plugins
  • Update coding standards
    • Changes to improve code style consistency across our plugins

Omniauth JWT

  • Allow passing jwks_loader parameter to jwt library


  • Major frontend refactoring
  • Improve positioning of large images
  • Styling improvements


  • Performance improvement: generate and store sitemaps in the database


  • Allow suspending of users when reviewing Akismet flagged posts
  • Display a banner on the topic page if it was deleted by Akismet


  • Ticket requested should be the user who submitted the ticket

WP Discourse

  • Only support the force publish option for posts published with the Block Editor
  • Update for WordPress 5.5


  • Better search input alignment
  • Add translation support

Azure AD

  • Add support for reading full name and using a specific tenant


  • Autogenerate background colors if not set


  • Add policy builder


  • Additional events functionality and improvements


  • Advanced search filters for assigned topics
  • Assign bulk actions for topic lists
  • Allow filtering topic in the user assigned list

Code Review

  • Add skip commit feature
  • Allow opting out of “commit approved” notifications
  • Continue reviewing in the same category, even if muted

Additional Features and Fixes

Click to expand

New Features

  • Add a site setting to control automatic auth redirect
  • Advanced search filters for view count
  • Change default size for search recent posts
  • Make search filters case insensitive
  • Hidden SiteSetting.keep_old_ip_address_count to track IP history.
  • Allow to extend topic_eager_loads in Search
  • Adds support for mobile view on page publishing
  • Add support for not persistent sessions
  • Moderators allowed to view groups which members can see.
  • Show existing tag name on rename modal
  • Add user opt to select bookmarks as home
  • Allow email image embed with secure media
  • Add css classes to stylesheet link elements
  • Add stylesheets to bootstrap.json endpoint
  • Add below-static plugin outlet
  • Deprecate lodash so we can remove it.
  • Allow specifying platform name for platform specific gems
  • Additional control of iframes in oneboxes
  • Add dismiss unread topics button when filtered by tag.
  • Added sort by username for directory items
  • More API scopes
  • Allow plugins to register parameter-based API routes

Bug Fixes

  • Don’t skip the new user badge
  • mouseEnter is deprecated in newer Ember releases
  • Email always settings were not being respected
  • Remove category id from category class name
  • Only staff can edit topic details when first post is locked
  • Allow editing in composer before a category is selected
  • Use scrollY for current scroll position
  • Unexpected return during system_message_sent event
  • Prettier popular-themes.js
  • Replace broken Material Design preview link
  • TL2 promotion message and advance training
  • Don’t error Topic#similar_to when prepared raw is blank
  • Do not downcase group name in notification payload
  • Respect moderator group permissions in guardian
  • Error “unknown attribute verified” in uploads rake tasks
  • Use normal logo in published pages if small not available.
  • If no group is found, raise correct error
  • Compensate for typographer
  • Nested quotes in BBCode
  • NotificationLevels import was incorrect
  • Missing / after basePath was causing the URL to be relative
  • Ensure multisite DB is set correctly when spawning backup process
  • Whitelist marker elements when uploading SVGs
  • Forking prevented notifications from being sent after backup
  • Hidden was defined as static instead of relying on attribute
  • Provide better API for registering custom upload public types
  • Do not downcase group name in current user serializer
  • Use asset_hostnames in rails_multisite
  • Fix verification_status migration for uploads
  • Group tag notifications included for all users
  • Don’t show Tags tab in group management if tags are disabled
  • N+1 for admins viewing groups page
  • Uses get() on properties of groups/badges which could be POJOs
  • Attempts to make autofocus more resilient in modals
  • Category slug route was not working for subfolder setup
  • Clear stylesheet cache on base font change
  • Missing files from previous commit
  • Topic progress wrapper positioning regression
  • Img width and height should be in quotes
  • Simplifies updating searchedTerms from connectors
  • TopicQuery.list_private_messages_unread ignore notification level
  • Improvements after code review
  • Spec for oversized images security fix
  • Wizard does not include discourse-shims
  • Adds shims for popper in wizard
  • Mark only uploads as verified/unverified in S3 inventory
  • Upload errors were sometimes not displayed properly
  • Make form use /u/admin-login instead of /users/admin-login
  • Selected diversity was off by one
  • isVisible is no longer allowed even if used properly
  • Was using a global Popper variable
  • Ember has deprecated isVisible in newer versions
  • Ensures focus is dropped before focus hyperlink input
  • Wrap modal onShow inside next
  • Ensure uploads are linked to post when revising a post
  • Prevent “uploads are missing in S3” alerts after restoring a backup
  • Prevents eslint failure on unmatched patterns in plugins
  • Tags_filter_regexp was not being applied on tag rename
  • Make sure rel attributes are correctly set.
  • Adds important declaration to .hidden utility/helper class
  • Ignore empty search terms in topic queries
  • Account for different composer ‘edit’ states in discourse-presence
  • Update first_pm_unread_at of user’s groups without unread.
  • Search checkboxes incorrectly being checked on similar prefix.
  • Admin search for PMs should only search own PMs.
  • Topic_creator accepts participant_count in import mode
  • We should check for watched words first even if the user is a fast typer.
  • approve post count did not take new topics into account
  • Admin should always be able to view group messages.
  • We have changed the way __widget_helpers are resolved
  • Handles different cases of canInvite/canRemove states in PM
  • Workaround constructor name not available after transpilation
  • Wraps popper call in afterRender and uses createPopper
  • Make deleted topic post bookmarks more resilient
  • Allow us to call script_asset_url in controllers
  • Ensures we don’t attempt to concat an empty list
  • Preload bold fonts in wizard
  • Prevents error when opening a composer from a tag page
  • Make crawler linkback list compatible with google schema guidelines.
  • Convert jQuery array to JS array
  • Whoops, linting
  • Gravatar download attempt if user is missing their email
  • Don’t send mailing list for post with empty content
  • Highlightjs 10 requires some languages to be loaded before others
  • Remove font-famly property in .font- classes
  • System message wasn’t fully translatable
  • Updates highlightjs to latest version to avoid a freeze
  • Check if invite has expired before showing it
  • Add to tags result set only visible tags
  • Don’t raise error in update username job if user has been deleted.
  • Wait for groups before showing empty message
  • Add cache breaker for fonts
  • Allow fonts to be delivered via CDN
  • Skip pm view action log while generating webhook payload.
  • User export category preferences on a deleted category.
  • Emails.rake use authentication
  • Modify notification after remove auto_watch_category
  • Handle deleted categories in post export
  • Focus first button in topic admin menu
  • Ensure disabling 2FA works as expected
  • Disable insert link button when editing a category
  • Flaky JS test due to not waiting for promises
  • Dont error when bookmark topic is nil
  • Do not set color_scheme_id in user options when no schemes are marked as selectable
  • Pluralized translation overrides didn’t work for en_US
  • UserAction did not have a types enum
  • Bump onebox to fix soundcloud oneboxes
  • Suspend API to require suspend_until and reason params
  • Remove additional paths from robots.txt
  • default_tags_muted site setting won’t have tag ids.
  • Ensures period-chooser is not losing query params
  • Correctly redirect after external login on subfolder sites
  • Ensure that topic timers belonging to trashed topics are destroyed.
  • Clean up toggle closed topic timer when user is not authorized.
  • Clean up topic_timers when no longer valid.
  • Ensure autoclose based on last post is executed by system user.
  • Topic Timer auto opening closed topics
  • Symbols and strings should be treated similarly while saving custom fields
  • QUnit site has to be set before reset()
  • Server side rendering was broken with new helperContext()
  • Remove container from utilities
  • DEV: Lock-on improvements
  • Use requestAnimationFrame
  • :bug: category & tag search regex to support thai character
  • Limit number of users addable to group at once
  • Duplicate categories and tags allowed in inputs where they shouldn’t be allowed
  • Group categories inputs not filled sometimes
  • Improve Vanilla importing
  • Current title wasn’t visible when assigning badge title
  • Ensures diversity code is not applied multiple times
  • Close picker on emoji selection when on mobile device
  • Add cache-busting parameter to ace-editor javascript
  • Removes us_pacific-new from the list of available timezones
  • Stop category logo + background being marked secure
  • Restrict personal_messages: advanced search filter to admin.
  • Correct personal_messages:`` advanced search filter.
  • Remove unnecessary audio/video parent element load
  • Prefer timezones over timezone for previews
  • Backups should use relative paths for local uploads
  • Display warning only if all users already added to the group
  • Topic.similar_to results in error if cooked raw is blank.
  • Bookmark list showing wrong no content message
  • Wizard could not send custom color schemes to the client correctly

UX Changes

  • Use simple list for settings without choice options
  • Ensures new-topic badge renders consistently
  • Remove the post number from a composer label
  • Replace “Loading…” in quotes with a spinner
  • Add width and height to GitHub onebox inline avatar in emails.
  • Update dark mode styling of new user overlay
  • Landscape spacing in iOS devices with a notch
  • Remove extraneous ellipsis after “loading”
  • Makes emoji picker case insensitive
  • Make the api-keys new and show page a little more responsive
  • Display moderators group name in the group dropdown menu.
  • Prevents auto capitalize/correct in the emoji picker
  • Add missing labels to mobile composer buttons
  • Hide category settings badges checkbox when enable_badges is off
  • Wrap extra long links in GitHub oneboxes instead of overflowing
  • Don’t wrap topic status icons in the header if there’s more than one
  • Restyle user menu so user links are findable
  • Make category topic counts clickable on mobile
  • Better handling of long category names and button bar in composer
  • Clarify timezone formatting
  • Show a generic error on upload for XHR status 0
  • Add category-title-before to categories-boxes layout
  • Timeline should jump to the bottom of the post in single-post topics
  • Minor layout fixes and improved consistency on theme admin
  • Improves picker on automatic dark themes
  • Lowercase tag name before checking it with topic title.
  • Tweaks to admin color palette dropdown


  • Remove category_user lookup when loading private messages.
  • Fix N+1 queries on private messages route.
  • Fix broken memoization in GroupShowSerializer.
  • Use 1 query to load group and tag notification default.
  • Remove an unncessary query when check for dark mode.
  • Memoize calls to ApplicationHelper#scheme_id.
  • Keep track of first unread PM and first unread group PM for user.
  • Don’t load all poll_votes for a poll
  • Add partial index on reviewables for topic view
  • Create a partial regular post_search_data index on large sites.
  • Avoid extra subquery when searching within PMs for normal user.
  • Defer indexing post for search when saving a post.