Discourse Version 1.9

releases
6

SECURITY CHANGES

  • Don’t pass email backup token to sidekiq as a parameter.
  • Any group can be invited into a PM.
  • Prevent staged accounts from changing email
  • Signup without verified email using Google auth
  • Verify that inviter can invite new user to a topics
  • Fix XSS on unsubscribed page.
  • Update Nokogiri.
  • Prevent users from updating to blacklisted email domains
  • Only publish PM reply messagebus notifications to allowed users
  • Do not include links from whispers in topic summary map
  • Do not show latest/top topics on 404 for login_required sites
  • Remove disposable invite feature
  • Theme key should be an anon cache breaker
  • Vunerability in mail gem

PERFORMANCE

  • Cache service worker for 1 hour
  • Add option to limit how many categories are processed in one call to CategoryFeaturedTopic.feature_topics (#5446)
  • Better handling of headings in HTML inline pasting
  • Improve speed of rate limiter
  • Hijack onebox requests so they do not use up a unicorn worker
  • Stop running background work between requests
  • N+1 query when fetching search_logs
  • Exact email match bypass
  • Move oneboxing from cook method “email” to postprocessing
  • Code not correctly caching git commands
  • N+1 when generating not found page.
  • Only send down suggested payload when loading last chunk.
  • Reduce number of topics to filter while querying for unread.
  • Bypass AR and just use raw SQL.
  • Remove N+1 query when generating posters summary.
  • Avoid unnecessary expensive joins if possible.
  • Avoid NOT IN (`>`` which can get really slow.
  • Bypass AR and execute SQL directly.
  • Avoid calling expensive PostGuardian#can_see_post? multiple times.
  • Remove Object#present? check introduced in https://github.com/discourse/discourse/commit/e0d5d9670ab2d0fb923fef54e3bdcbbcfc524fb1.
  • Use pluck instead of enmurating through all the records.
  • Reduce number of Redis hits per requests.
  • Add an index on slug to make sure that slug lookups are quick
  • Reindex search data without loading large post counts
  • Update message_bus to latest
  • Allow plugins to preload custom fields for topics in CategoryList.
  • Terminate scheduled job earlier if badge is not enabled.
  • Fetch users in batches in grant anniversary badge job.
  • Speed up slow tests in our test suite.
  • Reduce allocations in Emoji.unicode_replacements.
  • Reduce memory allocation by Emoji.unicode_replacements.
10 Likes