Forum² Admin AWS Posted February 5 Forum² Admin Posted February 5 New features in 3.4.0.beta4 Redesigned emojis The emoji picker now uses icon within the composer. When typing out an emoji, selecting one will replace any partially written text. Additionally, there were several fixes to emoji menu positioning, sizing, and general behavior. Exporting user data Discourse continues to be GDPR compliant by allowing admins to export individual user data through the User exports section, which is available when selecting a specific user from admin settings. Flagging illegal content Trust level 0 (TL0) and anonymous users can now flag and report illegal content. Consistent admin settings Admin settings now only show relevant site settings in dedicated pages when you click on any item that contains settings from the sidebar, i.e., Spam, Experimental, Rate limits, etc. Security Updates This release includes fixes for these security issues reported by our community and HackerOne. XSS via topic titles when CSP disabled (CVE-2024-53266) Partial DoS via inline oneboxes (CVE-2024-53851) Potential bypass of chat permissions (CVE-2024-53994) Users can see other user’s tagged PMs (CVE-2024-56197) HTMLi(XSS without CSP) via Onebox URLs (CVE-2024-56328) Stored DOM-based XSS (without CSP) via video placeholders (CVE-2025-22602) Client Side Path Traversal using activate account route (CVE-2025-22601) Anonymous cache poisoning via XHR requests (CVE-2024-55948) Anonymous cache poisoning via request headers (CVE-2025-23023) 2 posts - 2 participants Read full topic Quote General Forums - Where People Converse
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.