Die beliebte Forensoftware Discourse wurde aktualisiert und liegt in der Version 3.2.0 beta4 vor. Beta ist normalweise keine Version die produktiv installiert werden sollte, jedoch sind die Releaseversionen bei Discourse anders gestaltet, sodass die Beta durchaus installiert werden kann und grade im Falle von Sicherheitsfixes, installiert werden muss.
Purwin-IT bietet Discourse mit zahlreichen Modulen in übersichtlichen Hostingpaketen: https://www.purwin-it.de/webhosting/discourse
Die neue Entwickler haben viel Arbeit in die Weiterentwicklung gesteckt und umfangreiche Fehlerkorrekturen und Neuerungen in das Release von Discourse 3.2.0 beta4 gesteckt. Nachfolgend lediglich die Auflistung der Security Changes, neuen Funktionen und Bugfixes.
Discourse 3.2.0 beta4 Release Notes
Security Changes
- Prevent guest users from accessing secure uploads when login required CVE-2023-49099 2
- Store custom field values according to their registered type CVE-2024-21655 1
- Run custom field validations with save_custom_fields CVE-2024-21655 1
- Ensures mentioned_users is limited CVE-2023-48297
New Features
- Add copy quote button to post selection menu (25139 1)
- Cache embed contents in the database (25133)
- Used, unused, enabled, disabled component filter (25136)
- Filter themes and components (25105)
- Include username link in the microdata schema (25112)
- Show warning banner for critical JS deprecations to admins (25091)
- Buffer file names of failed uploads when bulk uploading (25068)
- Import Script for Fusionforge (22281)
- Topic crawler view bottom plugin outlet (25060)
- Change /invites.json api endpoint to optionally accept array of emails (24853)
- Chat header redesign on mobile (24938)
- Use native number fields for integer inputs (24984)
- Add API scope for /logs route (24956)
- Initial admin sidebar navigation (24789)
- Delete backups based on time window (24296)
- Add pagination to categories page (23976)
- My threads page (24771)
- Add copy link post menu button (24709)
- Site setting to display user avatars in user menu (24514)
- Add thumbnails for chat image uploads (24328)
- Add search menu outlet (24609)
- Increase tag description limit to 1000 (24561)
- Add threads support to chat archives (24325)
- Implements drafts for threads (24483)
- Admin plugin list redesign (24363)
- Add setting & preference for search sort default order (24428)
- Dedicated admin section for new features (24292)
- Allow users to confirm session with passkeys (24337)
- Allow
/filter
route to be accessible by anon users (24359) - Add buildQuoteMarkdown for post toolbar (24326)
- Configure poll ‘public’ default via site setting (24348)
- Remove category badge style options, set bullet style as default (24198)
- Introduces group channels (24288)
Bug Fixes
- Remove all noscript elements, not just the first one (25145)
- Sort plugins by their setting category name (25128)
- Ensure that categories array is not undefined (25141)
- Stop optimizing WEBPs into JPGs (25140)
- Customise themes/components CSS (25127)
move-topics
topic search losing focus (25116)- 500 error when reviewable has a missing message (25113)
- Drop down fix (25093)
- Do not allow setting admin and staff for TrustLevelSetting (25107)
- Include only author username in the schema (25106)
- Add required metadata schema for subsequent pages (25102)
- Syntax error (25101)
- Never skip push notifications (25099)
- Github onebox styles for commits (25098)
- Fixes for microdata schema rendering (25082)
- Allow the flags to be cleaned up (25085)
- Post copy link not working (25086)
- Allow styling of feedback on mobile (25072)
- Adding form template to category dropdown can some times be empty (25066)
- Handle deprecations correctly in server-side pretty-text (25059)
- Chat drawer routing fix for threads (25056)
- Copy link not working in non secure context (25053)
- Pass args in chat header logo plugin outlet (25050)
- Improve structured data based on recent changes (25043)
- CLS jumpiness in post-stream when ?page=N (25034)
- TL3 can convert their post to a wiki (25023)
- Scope PM background color to PMs (25020)
- Bind events properly in search-menu.js & fix focus issue (25006)
- Whitelist uploads before creating thumbnail variants (25013)
- Prevents audio container to overflow container (25012)
- Properly close search menu on click/touch outside (#25000)" (25005)
- Correct typo minmin_trust_to_edit_wiki_post (24999)
- Properly close search menu on click/touch outside (25000)
- Vietnamese language native name
- Update position on model when re-positioning record (24997)
- Show admin plugin route sub-links in sidebar (24982)
- Show true content of robots.txt after restoring to default (24980)
- Have file size restriction type return integers (24989)
- Remove old ‘wizard’ js script (24986)
- Add missing user search result
name
and styling (24974) - Add gallery to lightbox for images in the same chat message (24962)
- Admin problem notification minor issues (24963)
- Chat navbar followups (24953)
- Chat navbar follow-ups (24951)
- Ensure file size restriction types are ints (24947)
- Inconsistent login label (24949)
- Better infinite scrolling on categories page (24831)
- Modal flash tracking (24923)
- Correct urls to account for subfolder setup (24941)
- Sort plugin list by name properly (24839)
- When showing edit invite form, display saved invite data in fields (24907)
- Excessive video data downloading from service worker (24924)
- Do not display chat replies as threads in transcripts (24768)
- Position Float Kit elements correctly in RTL mode (24908)
- Unable to move pm to public topic (24903)
- Discourse remap: fix output to avoid UX issue (24905)
- Do not notify users for quoted mentions in chat (24902)
- Don’t use
:true
/:false
symbols (24861) - Ensures border and shadow of header is visible (24847)
- Remove duplicate spec example (24846)
- Incorrect spacing with my threads on ios (24843)
- Increase default max length of chat message excerpts (24842)
- Correct and improve autohighlight_all_code setting description (24828)
- Color of notification icons in user-notifications index (24826)
- Reload page after adding 2FA when it is enforced (24803)
- Resolve computed property override when inviting to PM (24823)
- Allow to click on thread indicator (24821)
- Ensures side panel is closed (24822)
- Allow quoting thread’s original message (24773)
- Navigating out of thread shows other unread threads (24693)
- Navigate search results using J/K keys (24787)
- Category selectors for lazy loaded categories (24533)
- Do not attempt S3 ACL call if secure status did not change (24785)
- Form template form error visiblity (24779)
- Validate each value in an array custom field separately (24659)
- Move the
search-menu-results-top
plugin outlet (24774) - Prevent error when poster isn’t present in message notification item (24776)
- Table builder spec (24775)
- Ensure bulk select toggle appears for non-admin on new/unread (24763)
- Saving tag changes without description (24753)
- Handle 404 correctly when transition has no path (24748)
- Use Guardian.basic_user instead of new (anon) (24705)
- Add checkbox-label to notification bulk actions (24734)
- Shortcut typo (24731)
- Escape category description text (24724)
- Account activation under ember-5 build (24722)
- Ensure slugless topic URLs are correctly redirected (24719)
- Correctly update replies_count on chat_threads (24711)
- Increments message version when processed (24713)
- Introduce Guardian::BasicUser for oneboxing checks (24681)
- Flaky table builder spec (24700)
- Don’t refresh on topic search result click (24697)
- Don’t apply extraClassName to all popup menus (24695)
- Multiple nested threads and duplicated messages in chat transcripts (24685)
- Ensure ‘untagged’ document title is set correctly (24689)
- Failing spec in sidebar tags (24682)
- Request html when fetching inline onebox data (24674)
- Update tag description field placeholder (24644)
- Ensure app-cdn CORS is not overridden by cors_origin setting (24661)
- Don’t error out when trying to retrieve title and URL won’t encode (24660)
- Flashing when loading glimer search results (24658)
- Disables tooltip on desktop message menu’s reaction (24650)
- Show leave channel notice only on group channels (24653)
- Correctly show “chat with” and not “chat in” for users (24651)
- Flaky spec due to incorrect Rack response body (24640)
- Further improvements for plugin list (24622)
- Allow setting an array custom field to a singleton value (24636)
- Leaving a group channel should destroy membership (24631)
- Category-selector for top level categories (24627)
- Show only top categories in first category-drop (24575)
- Word wrap for quote buttons (24620)
- Escape topic titles when
use_pg_headlines_for_excerpt
true (24608) - Use correct color for inputs (24616)
- Add setters for some group properties (24572)
- Lint unlinted file (24612)
- Add more specificity to outline (24611)
- Make category-drop work with lazy_load_categories (24187)
- Use subfolder-safe url for category in html view (24595)
- Add higher read & open timeouts for group SMTP emails (24593)
- With_secure_uploads? could return nil in some cases (24592)
- Remove trailing slashes and query params on meta-tag-updater’s canonical url (24445)
- Handle failing to update parent category (24401)
- Ensure topic route does not replaceState after navigation (24563)
- Video placeholders not auto-linking post uploads (24559)
- Improve group mention copy for small groups (24558)
- A typo bug in an import script (24553)
- Disable browser
history.scrollRestoration
feature (24550) - Use same names for category CSS variables (24527)
- Nullifies target message id when not readable (24540)
- Handle missing git repo details in plugin list (24539)
- Prevents input to reset at wrong moment (24536)
- Serialize parent categories first (24530)
- Correctly uses private_email site setting in chat (24528)
plugin:install_all_gems
Rake task not installing plugin gem (24522)- Remove multiple consecutive dashes from tag names (24520)
- Use plugin category name for plugin list (24477)
- Run bundle install before migration in
d/boot_dev
(24509) - Wrong argument error being thrown in UrlHelper (24506)
docker:test
Rake task did not run system tests in parallel (24507)- Relies on mention mixin for size (24503)
- Fix custom login input label animations (24497)
- Preserve custom field array order (24491)
- Make fullscreen code modal occupy as much of the screen as needed (24403)
- Render page title on tag routes (24474)
- Only labels for bold & italic in composer when language doesn’t match icon
- Use history-store service to check
isPoppedState()
- Sorting toggles on topic list (24465)
- Modals on Android when keyboard is visible (24442)
- Rendering a single item in a grid (24464)
- Navigating to home via route name (24460)
- Invalid date when sending chat message in thread (24455)
- Include missing search service on login modal (24432)
- Correctly highlights message on reply click (24431)
- Regression when enforced 2FA is enabled (24415)
- Navigate to search result url on click (24414)
- Add desktop notification translation for watching_category_or_tag (24276)
- Min/max not passed to NumberField for site settings (24402)
- Preload the right fields on categories (24396)
- Redirect to highlighted search result on 'Enter` (24393)
- Recompile theme translations when fallback data changes (24371)
- Correct online indicator for non interactive (24364)
- BuildQuoteMarkdown fn was not passed down properly (24360)
- Only show passkeys button in login modal (24351)
- Hide chat message header with new argument (24346)
- EmberCli cache clearance issue in production (24343)
- Post moved small action links should respect subfolder installs (24336)
- Add a missing service injection (24341)
- Hide old min_trust_level_for_here_mention setting (24342)
- Load highlightjs bundle via CDN (24335)
- Updating presence status in readonly mode should fail gracefully (24333)
- Update tag-chooser & category-selector action (24318)
UX Changes
- Add missing button class to bulk-select (24758)
- Improve border-radius stuff in chat-message actions (25129)
- Update post background highlight (25094)
- Add gap between category and tags in suggested topics (25097)
- Add ‘edit’ link to theme colour palette selector (25073)
- Chat header style improvements (25057)
- Make sidebar title static (25040)
- Header avatar >` change to aria-label (25038)
- Resize pm composer inputs for narrow screens (25019)
- Adjust pm styles to enbubble controls (24996)
- Disable dropdown when filtering in edit nav menu tags modal (25010)
- File types site setting (24976)
- Adjust bootstrap mode tooltip color (25002)
- Add class to text select menu when fast-editing (24991)
- Chat navbar >` alignments part 2 (24985)
- Chat navbar header specific case (24972)
- Chat info area back button + styling tweaks (24966)
- Typo (24971)
- Align navbar and composer uploads (24970)
- Use same colour for thread icon as for indicator when unread (24967)
- Chat channel info area >` classname changes (24954)
- Align topic notification button + text vertically (24948)
- Fullscreen modal >` add missing modifier + sticky header (24920)
- Fix overlap obstructed anon topic reply (24927)
- Fix overlap obstructed anon topic reply (#24921)" (24925)
- Fix overlap obstructed anon topic reply (24921)
- Revert icon colour change in alerts (24916)
- Have svg icons inherit colour (24871)
- User threads styling tweaks
- Update “discourse-sparkles” icon (24863)
- Align icon with username in menu panel (24854)
- Improve layout of avatar+icon notifications (24851)
- Prevent header buttons from wrapping text (24845)
- Adjust notification items when avatar is shown (24832)
- Add some missing hljs classes
- Fix highlighting regressions (24825)
- Ensures emojis are correctly aligned in reactions (24814)
- Allow users to click thread title to open it (24816)
- Fix icon colour on signup CTA (24818)
- Prevent chat channel avatar from getting squished (24815)
- Ensure wizard previews display at correct width (24801)
- Login modal sizing fixes (24794)
- If no login options are configured, show a message (24777)
- Move monospace font to variable (24762)
- Minor fixes in topic action modal (24772)
- Fix edit navigation tags modal height too long on desktop (24765)
- Make github onebox styles more responsive (24761)
- Restore category badge colours on 404 page (24754)
- Fix double-scrollbar in keyboard-shortcuts-modal (24751)
- Improve poll text wrap (24732)
- Add a link from admin reports page to meta a topic (24707)
- More adjustments (24726)
- Fix alignment (24718)
- ; scope details change (24715)
- Details tag background colour (24710)
- Fix sidebar modal (24646)
- Improve btn-transparent styling (24666)
- Fix info text color on custom field for login (24665)
- Make summary 100% height (24649)
- Chat leave info (24645)
- Properly align close button icon on composer messages (24632)
- Various improvements to JSON Schema editor (24543)
- Create category doesn’t always need a dropdown (24610)
- Place login button text in span tag (24613)
- Fix disabled input styles (24603)
- Change direction of focus outline (24605)
- Submit security key edit form on Enter (24532)
- Add gift emoji styling for new features (24523)
- Fix new group chat cancel i18n label (24554)
- Fix date time modal on mobile (24531)
- Show on IP lookup if MaxMind key is missing (18993)
- Fix icon-lock size on email-login page (24529)
- Add category & section for syntax & BEM (24516)
- Add BEM documentation to styleguide (24512)
- Add height to non-highlighted mention (24490)
- Properly alight close button icon on topic navigation popup (24487)
- Adapt modal to new changes (24488)
- Adjust topic progress wrapper border radius (24470)
- Select kit name >` flex (24479)
- Set badge color for new category preview (24473)
- Vertically align the svg in checkbox slider component (24478)
- Ensure loading slider does not ‘reset’ halfway through a transition (24446)
- Ensure tag-info does not persist onto non-tag routes (24462)
- Revert grey search inputs (24459)
- Fixes login/create modal (24457)
- Smaller new feature emoji (24454)
- Normal cursor on custom sidebar link icon (24427)
- Improve json_schema setting styles (24424)
- Composer category dropdown height, truncation (24420)
- Small alignment tweaks for chat thread list header (24410)
- Expand enforce_second_factor setting description (24413)
- Apply decorators to small action posts (24397)
- Fix reply-where category display (24389)
- Html-safe dialog.message, clarify poll error (24388)
- Fix cmd-k position (24385)
- Full width table modal override (24382)
- Modal >` remove obsolete wrapper class (24381)
- Shorter copy link confirmation (24380)
- Refactor .d-modal to use BEM and improve styling (23967)
- Improve mobile user card button display (24311)
- Use mention mixin for chat mentions (24319)
- Shows editing title only on settings page (24330)
- Improves search of message creator
- Create polls with public=true by default (24332)
- Number site setting validation message (24303)
Performance
- Update node_options during ember build for low end servers (24850)
- Only apply terser to production assets (24699)
- Avoid table scan while performing a very large update (24525)
- Switch
plugins:update_all
to git pull concurrently (24513) - Switch
plugin:install_all_official
to clone plugins concurrently (24511) - Cache results of Category.asyncSearch (23975)
- Only invalidate other translations when en changes (24443)
Accessibility
- Improve setting focus to a post (24786)
- Fix setting focus to a post (23367)
- Allow tab titles to use default translation (24727)
Alle Änderungen finden Sie in den Notes unter: https://meta.discourse.org/t/3-2-0-beta4-easier-access-to-chat-threads-chat-mobile-redesign-experimental-admin-sidebar-and-more/290632/3