discourse/lib
Alan Guo Xiang Tan ab3a032b4b
SECURITY: BCC active user emails from group SMTP (#19725)
When sending emails out via group SMTP, if we
are sending them to non-staged users we want
to mask those emails with BCC, just so we don't
expose them to anyone we shouldn't. Staged users
are ones that have likely only interacted with
support via email, and will likely include other
people who were CC'd on the original email to the
group.

Co-authored-by: Martin Brennan <martin@discourse.org>
2023-01-05 06:07:50 +08:00
..
action_dispatch/session DEV: Upgrade to Rails 7 2022-04-28 11:51:03 +02:00
auth DEV: Flip primary_email_verified? default to false (#19703) 2023-01-04 10:51:10 +03:00
autospec DEV: Remove qunit autorunner (#17430) 2022-07-11 22:29:33 +02:00
backup_restore FIX: Backup/Restore didn't use correct Redis namespace in multisite (#18060) 2022-08-24 01:43:42 +02:00
common_passwords DEV: Upgrade to Rails 7 2022-04-28 11:51:03 +02:00
compression SECURITY: Prevent arbitrary file write when decompressing files (#18421) 2022-09-29 20:00:38 +02:00
content_security_policy FEATURE: Optionally allow a separate s3_asset_cdn_url to be specified (#19284) 2022-12-08 10:36:20 +00:00
demon DEV: Route Sidekiq logs to Rails logger (#15817) 2022-02-04 16:28:20 +00:00
discourse_dev DEV: Populate first and last seen at timestamps. (#17643) 2022-07-25 11:54:43 -03:00
email SECURITY: BCC active user emails from group SMTP (#19725) 2023-01-05 06:07:50 +08:00
email_controller_helper FEATURE: Custom unsubscribe options (#17090) 2022-06-21 15:49:47 -03:00
emoji FEATURE: Add missing emojis (#15582) 2022-01-14 17:51:13 -03:00
faker DEV: Fix methods removed in Ruby 3.2 (#15459) 2022-01-05 18:45:08 +01:00
file_store FIX: Improve error handling for calculate_dominant_color! (#18503) 2022-10-06 13:44:53 +01:00
final_destination FIX: Gracefully handle DNS issued from SSRF lookup when inline oneboxing (#19631) 2022-12-28 10:30:20 +08:00
freedom_patches DEV: Cleanup legacy asset compilation gems and code (#19177) 2022-11-24 12:13:59 +00:00
generators/rails DEV: removes plugin generator (#14101) 2021-08-20 11:29:06 +02:00
guardian PERF: Memoize topic level checks in PostGuardian (#19647) 2023-01-03 09:00:42 +08:00
i18n DEV: Upgrade to Rails 7 2022-04-28 11:51:03 +02:00
imap FEATURE: Introduce site setting to allow for non staff pm tagging (#16671) 2022-05-10 10:02:28 -05:00
import
import_export DEV: Add a rake task to export/import translation overrides (#18487) 2022-10-05 15:22:16 -04:00
javascripts FIX: Use correct plural rules for Russian (#19467) 2022-12-14 18:56:46 +01:00
middleware DEV: Load SVG sprites during system spec runs (#19497) 2022-12-22 08:13:43 -05:00
migration DEV: Upgrade to Rails 7 2022-04-28 11:51:03 +02:00
onebox FEATURE: Onebox for Embed Motoko (#19293) 2022-12-16 09:59:40 -05:00
plugin DEV: Pass kwargs to defined method (#19552) 2022-12-21 19:02:40 +02:00
pretty_text FIX: Add missing user_id args for ChatMessage.cook (#19508) 2022-12-19 11:05:37 +10:00
rate_limiter FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) 2021-11-17 23:27:30 +03:00
reviewable DEV: Upgrade to Rails 7 2022-04-28 11:51:03 +02:00
scheduler
search FIX: Limits for PM and group header search (#16887) 2022-05-24 11:31:24 -04:00
second_factor FEATURE: Add 2FA support to the Discourse Connect Provider protocol (#16386) 2022-04-13 15:04:09 +03:00
seed_data FEATURE: Default Composer Category Site Setting (#18967) 2022-11-14 11:09:57 -07:00
sidekiq
site_settings DEV: Fix YAML load in new Ruby (#19500) 2022-12-16 17:07:18 -03:00
stylesheet PERF: Make stylesheet hashes consistent between deploys (#18909) 2022-11-07 16:13:35 +00:00
tasks DEV: Skip s3 asset deletion when in readonly mode (#19611) 2022-12-30 11:35:40 +00:00
theme_store FIX: Don't update url in GitImporter (#19273) 2022-12-01 10:50:06 -06:00
topic_query DEV: Quote values when constructing SQL (#18827) 2022-11-01 14:05:13 -05:00
turbo_tests DEV: Print system test logs with other test metadata (#19637) 2022-12-28 10:47:57 +00:00
validators FEATURE: Default Composer Category Site Setting (#18967) 2022-11-14 11:09:57 -07:00
webauthn
wizard UX: Wizard Step Enhancements (#19487) 2022-12-19 17:24:09 -07:00
admin_confirmation.rb FEATURE: Centralized 2FA page (#15377) 2022-02-17 12:12:59 +03:00
admin_constraint.rb Revert "DEV: Add context in AdminConstraint (#15838)" (#15845) 2022-02-07 21:05:19 +03:00
admin_user_index_query.rb FIX: Add email to admin user list when show_emails is enabled (#16636) 2022-05-04 14:07:22 -03:00
age_words.rb
archetype.rb
auth.rb Use service account credentials for fetching google hd groups (#18329) 2022-10-13 16:04:42 +01:00
backup_restore.rb FIX: Backup/Restore didn't use correct Redis namespace in multisite (#18060) 2022-08-24 01:43:42 +02:00
badge_posts_view_manager.rb
badge_queries.rb FIX: Don't grant sharing badges to users who don't exist (#13851) 2021-07-27 16:32:59 +10:00
base62.rb DEV: Correct typos and spelling mistakes (#12812) 2021-05-21 11:43:47 +10:00
bookmark_manager.rb FIX: Remove user_option saving for bookmark auto delete pref (#19476) 2022-12-16 08:50:31 +10:00
bookmark_query.rb FIX: Return next bookmarks page only if it exists (#18139) 2022-09-01 13:04:00 +03:00
bookmark_reminder_notification_handler.rb FEATURE: Promote polymorphic bookmarks to default and migrate (#16729) 2022-05-23 10:07:15 +10:00
browser_detection.rb
cache.rb DEV: Fix rubocop issues (#14715) 2021-10-27 11:39:28 +03:00
canonical_url.rb FEATURE: Send a 'noindex' header in non-canonical responses (#15026) 2021-11-25 16:58:39 -03:00
category_badge.rb
chrome_installed_checker.rb DEV: Add chromium to ChromeInstalledChecker (#16224) 2022-03-19 11:00:06 +01:00
comment_migration.rb
common_passwords.rb DEV: Upgrade to Rails 7 2022-04-28 11:51:03 +02:00
composer_messages_finder.rb UX: Update "education.dominating_topic" and raise default percentage (#19154) 2022-11-22 21:11:53 +01:00
configurable_urls.rb Replace base_uri with base_path (#10879) 2020-10-09 12:51:24 +01:00
content_buffer.rb
content_security_policy.rb PERF: Eager load Theme associations in Stylesheet Manager. 2021-06-21 11:06:58 +08:00
cooked_post_processor.rb PERF: stop downloading images from post processor and lean on uploads 2022-11-25 12:40:31 +11:00
cooked_processor_mixin.rb FIX: Check that the node has a src attr when getting size (#19696) 2023-01-03 15:27:05 -03:00
crawler_detection.rb FEATURE: Implement browser update in crawler view (#12448) 2021-03-22 19:41:42 +02:00
csrf_token_verifier.rb
current_user.rb
custom_renderer.rb
db_helper.rb DEV: Upgrade to Rails 7 2022-04-28 11:51:03 +02:00
directory_helper.rb
discourse_connect_base.rb FEATURE: allow for overlapping DiscourseConnect secrets per domain (#16915) 2022-05-31 15:24:04 +10:00
discourse_connect_provider.rb FEATURE: allow for overlapping DiscourseConnect secrets per domain (#16915) 2022-05-31 15:24:04 +10:00
discourse_dev.rb DEV: move discourse_dev gem to the core. (#13360) 2021-06-14 20:34:44 +05:30
discourse_diff.rb Escape values of HTML attributes 2021-08-10 10:25:15 -04:00
discourse_event.rb DEV: Remove site_setting_saved event (#15164) 2021-12-02 09:33:03 -06:00
discourse_hub.rb
discourse_ip_info.rb DEV: Typo. (#16092) 2022-03-03 09:24:58 +08:00
discourse_js_processor.rb DEV: Introduce minification and source maps for Theme JS (#18646) 2022-10-18 18:20:10 +01:00
discourse_logstash_logger.rb
discourse_plugin_registry.rb DEV: Change HashtagAutocompleteService to use DiscoursePluginRegistry (#19491) 2022-12-19 13:46:17 +10:00
discourse_redis.rb DEV: Update redis gem to 4.8.0 (#19350) 2022-12-08 06:48:44 +08:00
discourse_sourcemapping_url_processor.rb DEV: Introduce flag for compiling Plugin JS with Ember CLI (#17965) 2022-08-22 09:56:39 +01:00
discourse_tagging.rb FEATURE: Sort hashtags starting with term higher priority (#19463) 2022-12-15 13:01:44 +10:00
discourse_updates.rb DEV: Stop leaking state in dashboard controller specs (#19608) 2022-12-23 15:41:30 +03:00
discourse.rb DEV: Load SVG sprites during system spec runs (#19497) 2022-12-22 08:13:43 -05:00
disk_space.rb
distributed_cache.rb FIX: Handle nil values in DistributedCache#defer_get_set (#15978) 2022-02-17 14:52:14 +00:00
distributed_memoizer.rb DEV: Make DistributedMemoizer use DistributedMutex (#16229) 2022-04-05 19:29:58 +02:00
distributed_mutex.rb FIX: properly count DistributedMutex locking attempts 2022-12-13 17:27:13 -05:00
edit_rate_limiter.rb FEATURE: Increase daily edit limits proportionally to trust level (#13090) 2021-05-19 13:57:21 +04:00
email_backup_token.rb
email_cook.rb PERF: Avoid lookbehinds when replacing links in imported emails (#11931) 2021-02-02 17:34:00 +01:00
email_updater.rb FEATURE: Add setting to always confirm old email (#18417) 2022-09-30 00:49:17 +03:00
email.rb DEV: pull email address validation out to a new EmailAddressValidator 2022-02-17 21:49:22 -05:00
ember_cli.rb DEV: Remove support for legacy plugin JS compilation pipeline (#18293) 2022-09-21 12:38:02 +01:00
encodings.rb
enum_site_setting.rb
enum.rb
excerpt_parser.rb FIX: Handle null svg class for excerpt parsing (#19276) 2022-12-01 10:56:16 +10:00
external_upload_helpers.rb FIX: Use hidden site setting for batch presign rate limit (#16692) 2022-05-10 11:14:26 +10:00
feed_element_installer.rb
feed_item_accessor.rb FIX: Select best link from Atom feed (#15663) 2022-01-21 17:54:18 +02:00
file_helper.rb DEV: Stop logging error response body in FileHelper (#17120) 2022-06-17 11:50:30 +01:00
filter_best_posts.rb
final_destination.rb FIX: When following redirects before cloning, use the first git request (#19269) 2022-11-30 14:21:09 -06:00
flag_query.rb DEV: Remove deprecated methods (#14885) 2021-11-11 12:21:25 -06:00
flag_settings.rb DEV: Compatibility with TruffleRuby (#16864) 2022-05-19 21:56:55 +02:00
gaps.rb
git_url.rb SECURITY: Expand and improve SSRF Protections (#18815) 2022-11-01 16:33:17 +00:00
global_path.rb FEATURE: Centralized 2FA page (#15377) 2022-02-17 12:12:59 +03:00
group_email_credentials_check.rb FEATURE: Scheduled group email credential problem check (#15396) 2022-01-04 10:14:33 +10:00
guardian.rb FIX: TL0 could not message group with everyone messageable_level (#19525) 2022-12-20 13:11:14 +10:00
has_errors.rb
highlight_js.rb PERF: Do not double bundle common langs in hljs bundle (#18321) 2022-09-21 19:08:21 -03:00
hijack.rb DEV: Add more debugging context to onebox generation 2020-10-22 12:50:22 +08:00
homepage_constraint.rb FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) 2021-11-17 23:27:30 +03:00
html_prettify.rb
html_to_markdown.rb DEV: remove deprecation warnings related to Nokogiri 2022-10-25 10:57:03 +02:00
http_language_parser.rb FIX: Include resolved locale in anonymous cache key (#10289) 2020-07-22 18:00:07 +01:00
image_sizer.rb
import_export.rb DEV: Add a rake task to export/import translation overrides (#18487) 2022-10-05 15:22:16 -04:00
inline_oneboxer.rb FIX: InlineOneboxer watched word censor error (#16921) 2022-05-26 14:01:44 +10:00
js_locale_helper.rb FIX: Extra-locale merging didn't account for fallbacks (#17128) 2022-06-17 19:34:08 +02:00
json_error.rb
letter_avatar.rb DEV: Fix methods removed in Ruby 3.2 (#15459) 2022-01-05 18:45:08 +01:00
markdown_linker.rb
mem_info.rb
message_bus_diags.rb
method_profiler.rb DEV: Add output_sql_to_stderr! to MethodProfiler (#12445) 2021-03-19 17:48:30 +10:00
mini_sql_multisite_connection.rb DEV: Use MiniSql ActiveRecordPostgres adapter (#15767) 2022-02-03 10:00:28 +00:00
mobile_detection.rb FIX: include crawler content on old mobile browsers (#16387) 2022-04-06 11:09:12 +01:00
new_post_manager.rb SECURITY: Escape watched word in error message (#14434) 2021-09-24 11:55:15 +03:00
new_post_result.rb DEV: Let's always give a drop_from param to deprecate (#14901) 2021-11-12 08:52:59 -06:00
notification_levels.rb DEV: Add normal as an alias for regular in NotificationLevels.topic_levels (#17466) 2022-07-13 06:37:38 +03:00
onebox.rb DEV: Don’t patch Sanitize::Config 2022-04-06 17:10:51 +02:00
oneboxer.rb FIX: Allow svg in oneboxer in certain cases (#19253) 2022-11-30 12:42:15 +10:00
onpdiff.rb
pbkdf2.rb Use Xorcist.xor! instead of refinements since Ruby 3.2+ removes Refinment-include (#15694) 2022-02-03 16:19:30 +11:00
permalink_constraint.rb
pinned_check.rb
plain_text_to_markdown.rb
plugin_gem.rb DEV: Don't load bundler when installing plugin gem. (#16117) 2022-03-07 13:20:43 +08:00
plugin.rb DEV: Upgrade to Rails 7 2022-04-28 11:51:03 +02:00
post_action_creator.rb DEV: Use AR enums in reviewables related code 2022-09-22 14:44:27 +02:00
post_action_destroyer.rb FIX: Background like count update didn't account for own user actions (#16688) 2022-05-09 17:23:39 -03:00
post_action_result.rb DEV: Upgrade to Rails 7 2022-04-28 11:51:03 +02:00
post_creator.rb PERF: Perform only one category update when creating a new topic (#19361) 2022-12-07 14:35:13 -05:00
post_destroyer.rb FIX: Don't notify of post deletion when agreeing with automatic flags. (#19241) 2022-11-29 14:18:07 -03:00
post_jobs_enqueuer.rb FIX: Do not send emails to mailing_list_mode subscribers for PMs (#14159) 2021-08-26 15:16:35 +10:00
post_locker.rb
post_merger.rb FEATURE: TL4 & category moderators can merge posts (#12843) 2021-04-27 18:24:27 +02:00
post_revisor.rb FEATURE: API to customize server side composer errors handling in the client side (#19107) 2022-11-21 13:11:29 -03:00
presence_channel.rb DEV: Fix random typos (#16066) 2022-02-28 10:20:58 +08:00
pretty_text.rb FIX: Server-side hashtag lookups of secure categories for a user (#19377) 2022-12-09 10:34:25 +10:00
promotion.rb FIX: Restore trust level when leaving group (#17954) 2022-08-29 13:00:48 +03:00
quote_comparer.rb FIX: handle quote rendering for external Discourse instance (#16722) 2022-05-12 10:07:43 -05:00
rake_helpers.rb
rate_limiter.rb DEV: Improve/Fix script/bench.rb (#19646) 2022-12-30 07:25:11 +08:00
read_only_mixin.rb DEV: New readonly mode. Only applies to non-staff (#16243) 2022-05-17 13:06:08 -05:00
redis_snapshot.rb FIX: add support for pipelined and multi redis commands (#16682) 2022-05-10 08:19:02 +10:00
require_dependency_backward_compatibility.rb DEV: Upgrade to Rails 7 2022-04-28 11:51:03 +02:00
retrieve_title.rb FIX: Gracefully handle DNS issued from SSRF lookup when inline oneboxing (#19631) 2022-12-28 10:30:20 +08:00
route_format.rb
route_matcher.rb FIX: Incorrect currentUser could be cached for requests with API key (#17279) 2022-07-01 10:18:24 +02:00
rtl.rb
s3_cors_rulesets.rb DEV: Upgrade to Rails 7 2022-04-28 11:51:03 +02:00
s3_helper.rb PERF: Update s3:expire_missing_assets to delete in batches (#18908) 2022-11-07 12:53:14 +00:00
s3_inventory.rb FIX: Filtering rows of S3 inventory files was too strict (#19153) 2022-11-22 21:41:22 +01:00
score_calculator.rb
screening_model.rb
search.rb FIX: Make sure generated tsqueries are valid (#19368) 2022-12-12 17:57:20 +02:00
secure_session.rb
shrink_uploaded_image.rb FIX: Shrinking images where smaller image upload exists (#18965) 2022-11-10 12:43:56 +01:00
sidekiq_logster_reporter.rb DEV: Upgrade Sidekiq to 6.5 (#17142) 2022-06-21 09:23:36 +08:00
site_icon_manager.rb PERF: Defer setting of distributed cache in more spots. 2021-06-04 09:13:18 +08:00
site_setting_extension.rb DEV: Migrate sidebar site settings (#19336) 2022-12-08 09:44:29 +08:00
slug.rb FIX: Make category slugs lowercase (#11277) 2021-01-12 17:28:33 +02:00
socket_server.rb
spam_handler.rb FIX: use allowlist and blocklist terminology (#10209) 2020-07-27 10:23:54 +10:00
staff_constraint.rb FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) 2021-11-17 23:27:30 +03:00
staff_message_format.rb
suggested_topics_builder.rb
svg_sprite.rb FEATURE: Send notifications to admins when new features are released (#19460) 2022-12-15 20:12:53 +03:00
system_message.rb DEV: Add event for plugins to customize system messages (#16953) 2022-05-30 14:01:21 +01:00
temporary_db.rb Revert "DEV: Improve multisite db scripts in dev (#17337)" (#17801) 2022-08-04 16:15:06 -05:00
temporary_redis.rb DEV: Introduce TemporaryRedis and unset DISCOURSE_* env vars in the themes:isolated_test rake task (#13401) 2021-06-23 07:38:43 +03:00
text_cleaner.rb FIX: Use correct Regexp flag to ignore case (#19184) 2022-11-25 10:56:59 -03:00
text_sentinel.rb DEV: Correct typos and spelling mistakes (#12812) 2021-05-21 11:43:47 +10:00
theme_javascript_compiler.rb DEV: Support colocation under /admin namespace in themes/plugins (#19353) 2022-12-07 14:24:03 +00:00
theme_modifier_helper.rb Code review comments. 2021-06-21 11:06:58 +08:00
theme_settings_manager.rb FEATURE: Allow theme settings to request refresh (#15037) 2021-11-22 13:16:56 +01:00
theme_settings_parser.rb FEATURE: Allow theme settings to request refresh (#15037) 2021-11-22 13:16:56 +01:00
theme_translation_manager.rb
theme_translation_parser.rb FIX: Theme components should work with empty locale files (#18167) 2022-09-02 18:28:18 +02:00
timeline_lookup.rb FIX: ensures timeline_lookup includes last tuple (#11829) 2021-01-25 11:30:59 +01:00
tiny_japanese_segmenter.rb FEATURE: Split up text segmentation for Chinese and Japanese. 2022-02-07 09:21:14 +08:00
topic_creator.rb SECURITY: Restrict unlisted topic creation (#19259) 2022-12-01 10:26:35 +00:00
topic_list_responder.rb DEV: Refactor draft attributes for CategoryList and TopicList. 2020-07-24 10:11:30 +08:00
topic_publisher.rb FIX: Notify tag watchers when publishing topic (#17576) 2022-07-20 19:07:18 +03:00
topic_query_params.rb UX: Hide welcome topic from admins as well if not edited (#18807) 2022-11-01 16:17:17 -06:00
topic_query.rb DEV: Update group moderator behavior to better mimic staff (#19618) 2022-12-29 10:07:03 -06:00
topic_retriever.rb FEATURE: Fallback to system users when creating new TopicEmbed (#12386) 2021-03-15 11:58:53 -03:00
topic_subtype.rb
topic_upload_security_manager.rb DEV: Rename secure_media to secure_uploads (#18376) 2022-09-29 09:24:33 +10:00
topic_view.rb PERF: Avoid running redundant bookmarks query for anon viewing topic (#19659) 2023-01-03 10:00:36 +08:00
topics_bulk_action.rb FEATURE: whispers available for groups (#17170) 2022-06-30 10:18:12 +10:00
trust_level.rb FIX: Restore trust level when leaving group (#17954) 2022-08-29 13:00:48 +03:00
turbo_tests.rb FIX: Make thumbnail tests start with a clean slate (#15216) 2021-12-07 13:07:45 -06:00
twitter_api.rb DEV: Clean up twitter onebox code (#18012) 2022-08-21 19:26:24 +02:00
unicorn_logstash_patch.rb DEV: Fix lint. 2020-07-21 15:55:03 +08:00
unread.rb FEATURE: whispers available for groups (#17170) 2022-06-30 10:18:12 +10:00
upload_creator.rb DEV: Rename secure_media to secure_uploads (#18376) 2022-09-29 09:24:33 +10:00
upload_fixer.rb
upload_markdown.rb DEV: Expand UploadMarkdown generation capabilities (#15930) 2022-02-14 15:48:27 +10:00
upload_recovery.rb FIX: Support Ruby 3 keyword arguments 2021-10-05 11:25:00 -04:00
upload_security.rb FEATURE: Add dark mode option for category logos (#18460) 2022-10-07 11:00:44 -04:00
url_helper.rb DEV: Rename secure_media to secure_uploads (#18376) 2022-09-29 09:24:33 +10:00
user_comm_screener.rb FIX: Handle actor not having preferences in UserCommScreener (#17790) 2022-08-04 10:16:54 +10:00
user_lookup.rb PERF: Fix N+1 queries when serializing topic posters (#19545) 2022-12-22 05:30:29 +08:00
user_name_suggester.rb FEATURE: when suggesting usernames skip input that consist entirely of disallowed characters (#15368) 2021-12-21 21:13:05 +04:00
vary_header.rb FIX: Include the Vary:Accept header on all Accept-based responses (#14647) 2021-10-25 12:53:50 +01:00
version.rb Version bump to v3.0.0.beta15 (#19685) 2023-01-03 14:29:26 +08:00
webauthn.rb FEATURE: RS512, RS384 and RS256 COSE algorithms (#15804) 2022-02-08 14:07:47 +02:00
wizard.rb FEATURE: add welcome topic cta banner (#17821) 2022-08-09 21:52:39 +05:30