SECURITY CHANGES
- Don’t pass email backup token to sidekiq as a parameter.
- Any group can be invited into a PM.
- Prevent staged accounts from changing email
- Signup without verified email using Google auth
- Verify that inviter can invite new user to a topics
- Fix XSS on unsubscribed page.
- Update Nokogiri.
- Prevent users from updating to blacklisted email domains
- Only publish PM reply messagebus notifications to allowed users
- Do not include links from whispers in topic summary map
- Do not show latest/top topics on 404 for login_required sites
- Remove disposable invite feature
- Theme key should be an anon cache breaker
- Vunerability in mail gem
PERFORMANCE
- Cache service worker for 1 hour
- Add option to limit how many categories are processed in one call to CategoryFeaturedTopic.feature_topics (#5446)
- Better handling of headings in HTML inline pasting
- Improve speed of rate limiter
- Hijack onebox requests so they do not use up a unicorn worker
- Stop running background work between requests
- N+1 query when fetching search_logs
- Exact email match bypass
- Move oneboxing from cook method “email” to postprocessing
- Code not correctly caching git commands
- N+1 when generating not found page.
- Only send down suggested payload when loading last chunk.
- Reduce number of topics to filter while querying for unread.
- Bypass AR and just use raw SQL.
- Remove N+1 query when generating posters summary.
- Avoid unnecessary expensive joins if possible.
- Avoid
NOT IN (
`>`` which can get really slow. - Bypass AR and execute SQL directly.
- Avoid calling expensive
PostGuardian#can_see_post?
multiple times. - Remove
Object#present?
check introduced in https://github.com/discourse/discourse/commit/e0d5d9670ab2d0fb923fef54e3bdcbbcfc524fb1. - Use
pluck
instead of enmurating through all the records. - Reduce number of Redis hits per requests.
- Add an index on slug to make sure that slug lookups are quick
- Reindex search data without loading large post counts
- Update message_bus to latest
- Allow plugins to preload custom fields for topics in
CategoryList
. - Terminate scheduled job earlier if badge is not enabled.
- Fetch users in batches in grant anniversary badge job.
- Speed up slow tests in our test suite.
- Reduce allocations in
Emoji.unicode_replacements
. - Reduce memory allocation by
Emoji.unicode_replacements
.