Discourse 2.4.0.beta10 Release Notes - feature / announcements - Discourse Meta

New features in 2.4.0.beta10

Bigger emoji

When 1-3 emoji exists on their own line, they’re now automatically made larger! Now you can communicate in emoji without needing to squint as much.


Award a badge to a set of users

Badges now support “bulk award”, allowing admins to upload a list of user emails which will all be granted a badge. For full details, see

Badges are an excellent way to acknowledge someone who is doing a good job. Discourse now allows awarding a badge to a set of users. If you go to the badges section in the admin panel, you’ll notice that a new button called “Bulk Award” is now available next to the “new” button: [Screen Shot 2020-01-15 at 11.34.31] After clicking it, you’ll be prompted to select a badge and get started: [Screen Shot 2020-01-15 at 11.34.43] Select the badge you want to award and upload a CSV file containing …

MaxMind DB downloads now require a license key

Discourse uses the free MaxMind GeoLite2 IP database to provide location information for users and admins. This powers features like Recently Used Devices in user preferences, and IP lookup on user admin pages. Due to changes required by the CCPA, MaxMind has changed the download process. To download the database admins must now register for an account and receive a (free) license key. More details in Upgrade / Rebuilds Fail due to MaxMind DB EOL .

Internet Explorer 11 Deprecation

Discourse will be ending support for IE11 on June 1, 2020. Users are strongly encouraged to move to a supported browser to continue using Discourse without interruption. Discourse will start showing a warning to users that IE11 support is ending at the top of the site. For full details, see Discourse is ending support for Internet Explorer 11 (IE11) on June 1, 2020

CSP enabled by default

At the start of 2019 Discourse first supported a Content Security Policy (CSP), an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. CSP has been enabled for new sites over the last year, but older sites did not have CSP enabled without explicit admin action. With beta10 CSP will be enabled for all sites, unless explicitly disabled by an admin (strongly discouraged). Sites with external scripts running, for example Google Analytics, Ads, tracking, etc. may need configuration updates to continue working. See Mitigate XSS Attacks with Content Security Policy for full details on CSP, and how to configure scripts to work.

Security Updates

This beta includes 4 security fixes for issues reported by our community and HackerOne. It is highly recommended that sites update to receive these patches.

  • 2FA with U2F / TOTP
  • Use strict JSON parsing when parsing backup metadata
  • Improve second factor auth logic
  • Privacy leak with staged user and closed category

Even more!

But wait, there’s more! We do our best to highlight new features and changes for you, but there’s always too many changes to detail. For a full list of new features, bug fixes, UX improvements, and more, be sure to review the Additional Features and Fixes listed below.
Plugin improvements

Improve Holiday Grouping
Multiple UX improvements
Add timezone picker
Add Google Calendar link
Bug fixes


Add Yandex.Translate support

OpenID Connect

Respect the email_verified boolean when supplied by IDP
Allow parameters to be passed from /auth/oidc to the IDP


Add support for GitHub issues
Bug fix

WP Discourse

Fix Open Links in New Tab setting not being applied to Join Discussion link
Use WPDISCOURSE_PATH constant when loading plugin files

Yearly Review

Exclude read_restricted categories from user stats calculations
Spanish support
UX improvements
Bug fixes

Ad Plugin

Support fluid ad size in Google Ad Manager
Bug fixes

Chat Integration

Include category title and color in Discord payload


UX improvement
Bug fix


Bug fix


Bug fixes


Bug fix


Bug fixes

RSS Polling

Bug fix


Bug fix


Bug fix


Bug fix

Code Review

Bug fix


Bug fixes


Bug fixes


Bug fixes


Bug fixes


Bug fix

Data Explorer

Bug fix

User Notes

Bug fixes

Additional Features and Fixes
Click to expand
New Features

Export all types of reports
Drop “backup” schema 7 days after restore
Secure media allowing duplicated uploads with category-level privacy and post-based access rules
Allows to define a dissmiss duration on global notices
Add hidden setting to disable configuration of inventory bucket
Pass in excluded usernames to user-selector
Use new Badging API
Add rake task to disable secure media
Topic admin menu sticks to bottom on mobile.
Allows plugins to add a global notice
Allow TL3 promotions for overturned penalties
Allow complex post params from plugin
Add mybb.ru import script
Keyboard shortcut for opening the topic admin menu

Bug Fixes

Use new tag routes
Workaround limitation in jquery.autoellipsis
Higher z-index for usercards in the header
Do not extract dates from quotes and Oneboxes
Allow the app to generate and accept longer backup codes
Incorrect locale in badge granter
When tag or category is added notify users that topic was modified
Do not error in excerpts when aside tag has no class attribute
Make topic query include topics from sub-sub-categories
Make category-chooser show all parent categories
Users should be able to remove their primary group
Don’t override timezone on every visit of profile preferences
Don’t cause exceptions due to rename of reply_id column
Show PM icon in docked header
Applies correct styles to icon and attempts to dry code
Do not increase size of emojis in markdown tables
Reload the ReviewableScore types when extending flags
Include sub-sub-categories in new/unread counts
Change additional public uploads to not be secure
Groups pagination was broken
Change rootNone behavior in category-chooser
Add missing translation key for narrative bot Italian locale.
Styling for feature topic on profile modal
Show error message if the topic deletion fails
Correctly wrap image and resize controls inside paragraph
Better error message when topic deletion fails
Create post notices only for public posts
Group membership leak
Raised a proper NotFound exception when filtering groups by username with invalid username.
Properly filter the groups based on current user visibility when viewing another user’s groups.
Spec for groups_controller#index when group directory is disabled for logged in user.
Groups_controller.sortable specs to actually test all sorting combinations.
Rewrote the “view another user’s groups” specs to test all group_visibility and members_group_visibility combinations.
Ensures group-navigation states changes when route changes
Ensures secondary menu of user notifications mobile nav reloads
Update user-selector excluded usernames after insert
Update featured badge ranking when mass-awarding badges
Moves back padStart/padEnd to core polyfills
Specs with old filename
Use CDN for the discourse-internet-explorer
Remove padding while composer is saving
Ran prettier on user-selector-test
Make ‘findBySlugPathWithID’ when URL ends with a slash
Prevents url of file from being pasted when pasting file on iOS
Don’t log a claimed topic database error during tests
Stop logging errors in postgres on reviewable conflict
Decompressing lots of small files triggered error
Allow users to change title in locales other than English
Do not redirect to /auth/* urls after authentication
If the admin sso sync has no external ID, don’t throw an error
Don’t leak event listeners in user-activity-drafts
Allow omniauth confirmation page to pass through GET parameters
Add noindex header to user profile pages.
Make scrolling to bottom post in topic more consistent
Ensure we consistently pick the same topic for bench
OnScroll method was not defined on mobile discovery
Topic_tracking_state when mute_all_categories_by_default is enabled
Only agree with the first post when using the ‘Delete post + replies and agree’ option
Cached new topic data should not be deleted after dismiss new
New/unread count after dismissing new topics in a regular category
Allows scroll on load for discovery topic list
Bulk insert to create application requests
Bulk insert to create topics
No need to create separate user for each topic, post etc.
Another bulk_insert of ApplicationRequests
Dont create user and topic instances when not neccessary
Merge examples with expensive setup into one example
MaxMind DB file not downloading correctly
Keep ‘rb’ & ‘rp’ tags in html to markdown conversion.
Ensure CSP is off for qunit
Show uncategorized description on categories page
Descriptions were blank for uncategorized in hamburger menu
Add a blank poll options validation
Don’t give error 500 when invalid date param is given to admin reports
Allow underscore in file extension while downloading the uploads.
Correctly account for onebox height when lazy loading images
Any global notice text can contain HTML
Bots accuracy should be zero
Allow any protocol in wildcard url checker
Avoid superflous logging when mime type is bad
Under rare conditions saving a new draft could error temporarily
Catch error when unknown COSE algorithm is supplied for Security Key
Trigger commands are different for each locale, account for that.
Only show admin wrench when there are actions on mobile
Don’t display cloak on admin tool when the right wrench is clicked
Visual improvements to admin topic menu
Use cached MaxMind DB for longer
Open a card on click even if the mention has extra elements
The ‘reviewed’ status filter should include deleted elements
Update topic/post counter correctly when category has zero topics
Makes highlighting last viewed topic more resilient
Correctly styles pwa consent banner
Allows global_notice site setting to contain html
Cache_critical_dns was erroring without IPAddr
Correctlt styles notification-consent-banner
Track correct site setting
English and US date/time formats
Better error message when forum is in read-only mode
Update normalize css from 3.0.1 to 8.0.1
Correct description for out of love badge
Everyone can see poll results when on_vote and closed
Bug when revoking badge as title
Category routes model params should decode their URL parts
Ensure that we encode a slug only once if slug generation method is encoded
Give expanded CSS/HTML editor >`0 height
Label helpers on sign up form are not hidden
Remove rerenderTriggers
Remove full nested quotes on direct reply
Show signup input tips and improve spacing
Limit requests and include data when reporting deprecated icons

UX Changes

Users must confirm when leaving a private group
Minor adjustments to choose topic modal
Improve appearance of pm title editing
Improve appearance of lists and user fields in mobile bios
Ensure all generated backup codes are displayed on the screen
Return a friendlier error when the CSV is invalid. Added a cancel button to return to the /badges view
Update IE11 deprecation warning, and enable by default
Communicate the result to the user
Center featured topic on mobile profiles
Remove reliance on JS for category box links
Sub-sub categories in “Boxes with subcategories” + consistency
Correct validation message for category search priority
TMP fix (CSS revert) until translations are ready for flex
Some category page style adjustments for sub-sub categories
Do not use avatars as fallback opengraph images for replies
Invites#show can’t be requested with json and is not configured properly
New bell icons for notification/tracking statuses


Cache ranks for featured badges, to simplify user serialization
Reduce DB queries when serializing ignore/mute information
Cache ignored and muted user ids in the current_user object
Avoid DB queries when checking ignore/mute permission in guardian
Cache user badge count in user_stats table

I’m in crunch mode at the moment, but I’ve set a task to process this more. :slight_smile: