Today we release Discourse 2.4, building on Discourse 2.3 from last year. For post 2.0 releases we’ve chosen a new set of codenames based on the history of human communication; this release is Cuneiform.
Hardware Security Keys
We shipped support for authentication apps in prior releases of Discourse, but nothing defeats hacking and phishing as definitively as hardware security keys.
Now that browser support is finally mature we’re proud to ship full support for the U2F / Fido security key standard in Discourse.
Register (and give cute pet names to) as many security keys as you want for your account. You can also make second factor authentication required for staff only or all users via the
enforce second factor site setting.
Strict CSP On By Default
We started down the CSP road with Discourse 2.2, making CSP standard for all new Discourse installs, but not enforcing it on existing older installs. As of this release, we’ve forced the strictest CSP mode for all Discourse installations — so your site, and your users, will enjoy the absolute highest level of protection from hacking and exploits.
See Mitigate XSS Attacks with Content Security Policy for full details on CSP.
Revamped User Menu
The user menu is now tabbed. Enjoy direct access to notifications, bookmarks, and messages right from your user menu.
Clicking or tapping your username lets you jump into your summary, activity, messages, preferences — or log yourself out.
Bigger, Badder Emojis
One of the general principles in Discourse is that posting a link on a line by itself causes magic to happen … in the form of oneboxing. We’ve decided to emulate common chat applications and extend that concept to the glorious world of Emoji!
When 1-3 emoji are typed on their own line, they’re now automatically made LARGER.
Better Insert Hyperlink
When inserting a hyperlink from the composer, all you could do is paste in an URL. How dull! Now you can dynamically search for existing topics directly from that very same field. Just start typing to begin your search!
Tags, the more flexible, lightweight cousins of categories, gained a bunch of new functionality in this release:
- Set default tracking, watching, muted, and watching first post state for tags across all your users.
Require that a topic contain at least one tag from a tag group.
Synonym support: similar tags, common tag mis-spellings, colloquialisms, and more will now be automatically combined.
Tags can be easily merged at will.
Search now returns tags, if a tag matches your search term — and you can search within a tag group by typing
#tag-group in search. It’s also possible to search for tagged or untagged topics using
Improved API Key Security
The Discourse API is a powerful tool for interacting with a Discourse site. We’ve made major improvements to security and functionality for API keys in this release:
- Users can now create more than 1 API key, so individual keys can be revoked if compromised.
- API keys can now include a description, letting you keep track of what each key is for.
- Keys can be revoked, preventing them from being used, without fully deleting them.
- Unused API keys will be deleted after 6 months without use. This is configurable via the
revoke_api_keys_days site setting.
Polls can now be presented as pie graphs, and restricted to voting by specific groups.
Polls can be set to close at a certain date and time, and Staff can also export poll data with a single click for further analysis if needed.
Award a badge to a set of users
People kept asking us if there was a way to award an arbitrary badge to an arbitrary set of users. Indeed, there wasn’t an easy way to do this.. until now!
Press the “Bulk Award” button to trigger a badge award to a simple CSV list of usernames or email addresses. See this topic for more details.
And So Much More!
We work hard to make every release amazing, and there’s just too much to cover in one blog post! View the release-notes tag to get a detailed account of changes in every beta leading up to this release, or see the full release notes.
Easy One Click Upgrade
If you are on our hosting, you’re already upgraded. Otherwise, upgrading is as easy as clicking the Update button linked from your Discourse dashboard.
We have a public exploit bounty program at Hacker One as a part of our security policy. Being secure by default is a core value at Discourse, and we always follow up on any security concerns brought to us. There are several important security fixes in 2.4, so we urge everyone to upgrade to it as soon as possible.
If you don’t have a Discourse to upgrade, why not? Install it yourself in under 30 minutes, or start an absolutely free, no strings attached 14 day hosting trial!
First, thanks to our customers. We’re able to build a better Discourse every single day with your direct financial support.
Second, it’s not open source without code contributions! Thanks for the pull request contributions in this release from:
Many thanks to the translators who generously contributed their time and effort translating Discourse into dozens of languages for this release.
As always, thanks to the greater Discourse community for posting support / bug request / feedback topics on meta.discourse and helping us improve Discourse. If you operate or support a Discourse community, we would love to hear from you!
Wondering what’s coming up next for Discourse in version 2.5 and beyond? Visit the releases category to get a sneak preview of what we’ll be working on next.