NEW FEATURES
- Make discourse remap optionally do regex_replace
- Retry processing incoming emails on rate limit
- Allow keyboard shortcuts for topic list to start from last viewed topic
- Better google docs onebox
- An option to search more recent posts for very large sites
- Missing API endpoint for topic tracking states
- Basic info route for all sites, even ones that require login
- Support subfolders in S3 bucket name
- User API key support (server side implementation)
- New site setting rebake_old_posts_count
- Digest emails will try to choose topics from your tracked and watched categories first
- Tags intersection page
- More user API flow, support key creation
- Basic UI to view user api keys
- New rake task to rebake posts using regex matching
- Support HEAD request to /user-api-key/new
- New rake task to remap posts matching a string
- Add flair to avatars using new settings in the groups admin UI
- Digests choose topics you’re watching or tracking first
- Highlight last visited topic in topic list
- Allow changing post owners without creating post revision
- New rake task to change post ownership for a specific user
- Add opengraph and twitter meta tags on every page
- Fall back to apple_touch_icon_url if default_opengraph_image_url is not present
- Ability to scrub titles when importing embeddable content
- Support for a whitelist for embeddable host paths
- Custom html and text can be added to summary emails
- Backend support for pushing notifications to clients
- Avatar flair can be font awesome icons
- New ‘categories_and_latest’ endpoint
- Support author meta tags for embedding
- Allow user api key revocation for read only keys
- Webhooks
- Support importing email from Twitter
- Allow write user api keys by default
- Clean API method for reading a single notification
- Add seen_notification_id to current user serializer
- Increase interval to 24 hours for “please refresh site”
- Webhook for user creation and approval
- Import facebook avatars when logging in via facebook
- Optionally get extra profile info from facebook
- New twitter_summary_large_image_url setting
- Add more page identifiers
- Add page identifier on user badges page
- Optionally delay the rebake_match task
- Tag filter dropdown menu is scoped to user and category
- Adds a button to print a topic
- Add min_trust_level_to_edit_post
- Support multisite configuration for search:reindex task
- Added user profile and card outlets
- Sparkpost webhook
- Add unique class to topic navigation pages
- Advanced Search UI
- Add notification level user preference when replying to a topic
- Add “Approve new topics unless user level” setting
- Remap emojis back for push notifications and desktop alerts
- Search menu options opens full page search
- Use the top period default for users who have been inactive or are new
- Allow title override for user avatars
- User API now contains scopes so permission is granular
- Add common
in:
options - Set secure flag on _t cookie if https is forced
- Show timeline component when expanding post progress
- Configure Admin Account
- Add a setting to allow url schemes other than http(s)
- ‘No Echo’ option for mailing list mode
- Change onebox whitelist to a blacklist
- New ‘max_oneboxes_per_post’ site setting
- Onebox everything by default
- Add interface in
Plugin::Instance
to register a seedfu fixture. - Added X-Discourse-TrackView header
- Include post image in OpenGraph image tag
- Per-category default topic list sort order
- Add instance id in the webhook payload
- Add a radial ping when user’s first notification has not been read.
- Add ‘emoji-custom’ class to custom emojis
- Add censored_pattern setting to censor posts using regex
- Scroll to new posts when user is near bottom of PM
- Watch first post default site setting
- Clinking on stats in user summary take you to the respective activity page
- SSO support for adding and removing a user to groups
- Split JavaScript application bundle, so plugins live in own file
- Add TOS and Privacy links to sign up
- Notify user when mention can’t see the reply they were mentioned in
- New ‘enable_forwarded_email’ site setting
- New ‘always_show_trimmed_content’ site setting
- Allow date_of_field column to be updated
- Batch select topics
- New summary/digest email design
- Allow options to be set when adding model callbacks
- Add basic support for Safe Mode
- Send digest preview to an email address
- Display text excerpts when scrolling on mobile
- Hide Profile Text from non-staff if user is suspended
- Add min_post_count search filter
- Add help text for no bookmarks in user page
- Number of new topics at the end of summary email can be controlled by a new setting, digest_other_topics
- Brotli cdn bypass for assets
- Allow group owners to edit group name and avatar flair
- Add bio to group page
- Allow posting a link with topics
- Add outlet for user stats in summary
- Allow group owners to edit title
- Allow columns on group members page to be sortable
- Show the reply title and the reply icon in the minimized editor
- Show close button instead of maximize in collapsed composer
- Pasting a link into the title of the composer can automatically onebox it and update the title
- Public groups
- Group logs
- Add request membership button for allowed groups
- Add
Group#full_name
- Add groups page
- Add
staff
class to HTML body for staff - Add membership request to groups page
- New settings to customize some colors in emails
- Setting to allow arbitrary redirects from sso origin
- Outlet prior to Reply button at the bottom of topics
- Add referrer never tag to password reset page
- Rate limit by login on password reset
- Remove email_token_grace_period_hours
- Category setting to make all topics wikis
- Add site setting to disable group directory
- New setting to validate user website
- Preserve cursor in editor upload
- Opt-in native Discourse app install banner
- Block muted users from sending you PMs
SECURITY CHANGES
- Do cookie auth rate limiting earlier
- Escape image title in lightbox
- Escape HTML in filename
- Upgrade Rails
- Don’t allow re-using the current password during password reset
- Add filename validation for backup uploads
- Escape advanced search term
- Don’t grant same privileges to user_api and api access
- Fix reflected XSS with safe_mode param
- Protect upload params, only allow very strict filenames
- Prevent reuse of password reset
- Users can only bookmark posts which they can see
PERFORMANCE
- Use simpler serializer for search, eager load post users
- For estimates, we don’t need to worry about deleted
- Improve offset discovery query
- Avoid some more count queries when fetching more results
- Stop doing work for HEAD requests on topics
- Only publish notification state if we changed it
- N+1 query on user summary page
- Don’t render advanced search options when not expanded
- Remove ordering by username
- Improve perf of mention links in preview
- Debounce the loading of oneboxes
- Don’t build wizard until we actually load the wizard
-
NOT IN
query is really inefficient for large tables - Spawn a seperate timer task to check if Redis master is up
- Add score indexes for top topics
- Don’t calculate the same query twice
- Add endpoint to check if a group can be mentioned by user
- Only show members count on group page
- Avoid query on every logged on page load
- Show excerpt on group page
- N+1 query on groups page