Discourse 2.4 released!

Today we release Discourse 2.4, building on Discourse 2.3 from last year. For post 2.0 releases we've chosen a new set of codenames based on the history of human communication; this release is Cuneiform.

Hardware Security Keys

We shipped support for authentication apps in prior releases of Discourse, but nothing defeats hacking and phishing as definitively as hardware security keys.

Now that browser support is finally mature we're proud to ship full support for the U2F / Fido security key standard in Discourse.

Register (and give cute pet names to) as many security keys as you want for your account. You can also make second factor authentication required for staff only or all users via the enforce second factor site setting.

Strict CSP On By Default

We started down the CSP road with Discourse 2.2, making CSP standard for all new Discourse installs, but not enforcing it on existing older installs. As of this release, we've forced the strictest CSP mode for all Discourse installations -- so your site, and your users, will enjoy the absolute highest level of protection from hacking and exploits.

See Mitigate XSS Attacks with Content Security Policy for full details on CSP.

Revamped User Menu

The user menu is now tabbed. Enjoy direct access to notifications, bookmarks, and messages right from your user menu.

Clicking or tapping your username lets you jump into your summary, activity, messages, preferences -- or log yourself out.

Bigger, Badder Emojis

One of the general principles in Discourse is that posting a link on a line by itself causes magic to happen ... in the form of oneboxing. We've decided to emulate common chat applications and extend that concept to the glorious world of Emoji!

When 1-3 emoji are typed on their own line, they’re now automatically made LARGER.

When inserting a hyperlink from the composer, all you could do is paste in an URL. How dull! Now you can dynamically search for existing topics directly from that very same field. Just start typing to begin your search!

Tag Enhancements

Tags, the more flexible, lightweight cousins of categories, gained a bunch of new functionality in this release:

Set default tracking, watching, muted, and watching first post state for tags across all your users.

Require that a topic contain at least one tag from a tag group.

Synonym support: similar tags, common tag mis-spellings, colloquialisms, and more will now be automatically combined.

Tags can be easily merged at will.

Search now returns tags, if a tag matches your search term -- and you can search within a tag group by typing #tag-group in search. It's also possible to search for tagged or untagged topics using in:tagged or in:untagged.

Improved API Key Security

The Discourse API is a powerful tool for interacting with a Discourse site. We’ve made major improvements to security and functionality for API keys in this release:

  • Users can now create more than 1 API key, so individual keys can be revoked if compromised.
  • API keys can now include a description, letting you keep track of what each key is for.
  • Keys can be revoked, preventing them from being used, without fully deleting them.
  • Unused API keys will be deleted after 6 months without use. This is configurable via the revoke_api_keys_days site setting.

Poll improvements

Polls can now be presented as pie graphs, and restricted to voting by specific groups.

Polls can be set to close at a certain date and time, and Staff can also export poll data with a single click for further analysis if needed.

Award a badge to a set of users

People kept asking us if there was a way to award an arbitrary badge to an arbitrary set of users. Indeed, there wasn't an easy way to do this.. until now!

Press the "Bulk Award" button to trigger a badge award to a simple CSV list of usernames or email addresses. See this topic for more details.

And So Much More!

We work hard to make every release amazing, and there's just too much to cover in one blog post! View the release-notes tag to get a detailed account of changes in every beta leading up to this release, or see the full release notes.

Easy One Click Upgrade

If you are on our hosting, you're already upgraded. Otherwise, upgrading is as easy as clicking the Update button linked from your Discourse dashboard.

Discourse Admin Dashboard, version upgrade notice

We have a public exploit bounty program at Hacker One as a part of our security policy. Being secure by default is a core value at Discourse, and we always follow up on any security concerns brought to us. There are several important security fixes in 2.4, so we urge everyone to upgrade to it as soon as possible.

If you don't have a Discourse to upgrade, why not? Install it yourself in under 30 minutes, or start an absolutely free, no strings attached 14 day hosting trial!

Thank You

First, thanks to our customers. We're able to build a better Discourse every single day with your direct financial support.

Second, it's not open source without code contributions! Thanks for the pull request contributions in this release from:

xrav3nz
angusmcleod
kimardenmiller
LeoMcA
pfaffman
hooopo
localjo
schungx
sbernhard
adamcapriola
fzngagan
rimian
majakomel
mrfinch
AhmadFCheema
mjrbrennan
ermolaev
jasquat
LS80
and0x000
rolabrie
SidVal
danielhollas
nylen
Arkshine
muhlisbc
jcalvento
rrooding
cryzone
ryan-boder
nachocab
hectorbus
dandv
JuanitoFatas
yosiat
xronos-i-am
Stanzilla
benny-burkhart
FunnyHector
sgerrand
vijayanandnandam
rajkumarkandasami
rafaeldriutti
kirylpl
merefield
kairyou
rjherrera
nepeat
Manningham
samamorgan
janko
discourse-plugins
YesThatAllen
aakarsh12345
yarons
barreeeiroo
fushnisoft
discoursehosting
chrispanag
RubenHoms
recursivecodes
ranjan-purbey
eshpakovsky
anle1337
AndrewSverdrup
dickmao
dominic-berta
anythingagency
jesus2099
ranss
joshmoore
Arkweid
SantosGuillamot
julienma
nedbat
eduardopoleo
mabras
jacobherrington
qrush
curiousdannii
xfix
jelly
owalk
bhipple
jwjwyoung
AlexP11223
rizka10
mintsaxon
adqm
brechtm
mdoggydog
artemv

Many thanks to the translators who generously contributed their time and effort translating Discourse into dozens of languages for this release.

As always, thanks to the greater Discourse community for posting support / bug request / feedback topics on meta.discourse and helping us improve Discourse. If you operate or support a Discourse community, we would love to hear from you!

Wondering what's coming up next for Discourse in version 2.5 and beyond? Visit the releases category to get a sneak preview of what we'll be working on next.