Completely overhauled flag and review system
Arguably the the biggest change in this release is that we've completely overhauled and centralized our system for reviewing flags, posts, users, or anything else that needs to be reviewed or approved.
In older versions of Discourse there were multiple places you'd need to go to approve posts, topics, users, or flags. We've unified that into one simple queue for all so-called "reviewable" items.
Not only does this hopefully make life generally easier for Discourse moderators, it also opens the door to category specific moderators, who can now dip into the review queue for just the categories they're in charge of.
Unicode usernames and translated Emoji names
Early in the life of Discourse we decided to copy the Twitter rules for usernames -- which are rather short, strict and ASCII-centric. We've increased maximum username length already, and now we've introduced a site setting that allows the ultimate in flexibility: full unicode usernames.
(Please note that you'll very likely want to whitelist just the allowable unicode ranges for your desired target language(s), as "full unicode" can be overwhelming and also exploitable.)
We've also added translation support for the long form text version of emoji codes, such as
Staff Annotations / Notices
Sometimes you want to offer a bit of contextual staff commentary on a post, right there on the post, right as it happens. You can now do that with staff notices via the staff wrench on a post.
Additionally, new users and long absent users will have automatic, short staff notices on their initial posts that are only visible to trust level 2 and higher users.
The hope is that these reminders will encourage your most engaged community members to give new and long absent returning users a special welcome.
Group Membership Requests
We continue to improve and refine our group support in Discourse. In this release, we've added a self-service hub for people to request membership to a group (if the group allows it), and group owners can approve or deny those requests.
We've had a "mute" feature for a long time, which suppresses notifications and PMs from a target user. This has worked well enough, but in large communities sometimes certain users just can't quite get along no matter what they try. In this release we've added an "ignore" feature which goes one step further than mute, and actively suppresses that user's posts (and topics) from your display.
If you are trust level 2, Ignore can be enabled via your user preferences, or via a drop-down selector on the target user's profile page. We hope this reduces the need for moderator intervention in these rare cases, as users can now self medicate and take breaks from each other as needed.
Discourse isn't just a place for discussion; it's also a tool for getting things done! We've enhanced the Assign plugin to make it easier to manage your assigned topics, across both private PMs and public topics.
We've also added configurable assignment limits and reminder PMs that go out periodically to let you know how many assignments you have on your list and how to manage them.
Require 2FA for Staff
We believe deeply in being secure and safe by default with Discourse. You may remember in the past two or three releases we added the following security improvements:
- Two factor authentication is supported, with printable backup codes.
- Automatic invalidation of staff accounts that are dormant for more than six months.
- CSP is on for all new installs.
In this release, we've made further strides toward Discourse being even more safe and secure out of the box:
- You can now make two factor authentication mandatory for all staff.
- Abandoned user accounts with no read time or posts for two years are automatically removed.
These are just the highlights of 2.3 — we didn't even mention our search refinements (including search weights by category), wiki posts now notifying watchers of edits, handy composer image resizing, or friendlier indication of subcategory permission errors. View the release-notes tag to get a detailed account of changes in every beta leading up to this release, or see the full release notes.
Easy One Click Upgrade
If you are on our hosting, you're already upgraded. Otherwise, upgrading is as easy as clicking the Update button linked from your Discourse dashboard.
We have a public exploit bounty program at Hacker One as a part of our security policy. Being secure by default is a core value at Discourse, and we always follow up on any security concerns brought to us. There are several important security fixes in 2.3, so we urge everyone to upgrade to it as soon as possible.
If you don't have a Discourse to upgrade, why not? Install it yourself in under 30 minutes, or start an absolutely free, no strings attached 14 day hosting trial!
First, thanks to our customers. We're able to build a better Discourse every single day with your direct financial support.
Second, it's not open source without code contributions! Thanks for the pull request contributions in this release from:
Many thanks to the translators who generously contributed their time and effort translating Discourse into dozens of languages for this release. We make sure the top 10 most popular translations of Discourse get financial support direct from us to ensure excellent and timely translation of updated copy in each release.
As always, thanks to the greater Discourse community for posting support / bug request / feedback topics on meta.discourse and helping us improve Discourse. If you operate or support a Discourse community, come hang out with us!
We hope you find this release full of useful and interesting improvements. But we're not done yet -- not by a long shot! Visit the releases category to see what's coming up for Discourse 2.4 and beyond.