Talkyard tyse-v0.2024.009

Changes since v0.2024.008.

Security

• Fixed anonymous comments bug: Real user ids were included in WebSocket messages (that's no good).
  Fortunately, there's a popup about maybe-bugs and not writing sensitive things just yet, if starting to write anonymous comments.
• Don't look at who the true author is, when deciding if an anonymous comment should be queued for moderator review or not. Otherwise, moderators can in some cases better guess who is who (if they know that "oh, this must be by a new user, since it's in the review queue").

Fixed

• In some cases, people could get two emails about the same comment. For example, if a new member replied to a moderator, then, the moderator first got a new-comment-to-review email, and then, once they had approved the comment, a you-have-a-reply email. And another case related to anonymous comments.

Internal

• More automated tests. (That's how the bugs above got discovered.)

Talkyard tyse-v0.2024.008

Here are changes since v0.2024.006. Full Changelog: tyse-v0.2024.006-07ac81a05-regular...tyse-v0.2024.008-327b77491-regular

New features

• Private support categories, thanks to a new permission setting, May-see-own: If you grant All Members the May-see-own permission on a category, but not May-see (all topics), they can see their own topics, but not others' topics. Now, if you grant May-see (all topics) to a Support group, you have created a private support category.
• Customizable login dialog: Add custom header, a bit text, image. Especially useful for private communities, where just "Log in" doesn't really tell anyone what they can do there. (You can edit it here, as admin: /-/admin/customize/login.)
• New site settings:
  • Show presence. Enabled by default. If disabled, everyone's online status gets hidden, and info like "Last visited at" is not shown.
  • Sensitive anonymous discussions. Enables the sensitive discussions anonymous comments purpose (where anonymous comments stay anonymous, permanently). If enabled, the show-presence feature mentioned above, gets disabled. (Otherwise it can sometimes be possible to guess who the author of an anonymous comment is — if it gets posted when just one other person is online, for example.)
• Better blog comments Single Sign-On: A new setting, talkyardSsoHow = 'RedirPage', which makes Talkyard redirect the whole embedding page to your own SSO page. (Maybe this should always have been the default, for embedded comments — better than opening a popup window for SSO login.)

Other changes

• Removed some unimplemented admin settings.
• When creating a category, Full Members are now granted the May-edit-wiki permission only. They inherit all Everyone's permissions anyway, so nothing more is needed. (And, if they were to be granted May-see, there would be a tiny risk that this was overlooked / forgotten, if trying to enable only May-see-own, to create a private support category.)
• Feature flag for disabling the "That's a short comment" tips. (Later, could be a user group setting instead.)

Internal

• Silence warnings about Ty's own deprecations. Now it'll be simpler to upgrade to Scala 2.13.

Talkyard tyse-v0.2024.006

(Maybe it'd be good with release notes? I keep forgetting what's changed. Ok, so this is the first release notes)

Not yet

Bookmarks works, but I haven't had time to code review and merge the branch. Finishing anonymous comments & Persona Mode took 5 times (?) longer than what I had guessed.

What's Changed

Changes since v0.2024.004 (tyse-v0.2024.004-678d1190f-regular) (not v0.2024.005, that became a -dev only release):

• Database migration to structure v426.
• OpenAPI spec for /-/v0/search, so you can integrate Talkyard with your AI, using RAG (Retrieval Augmented Generation).
• Persona mode: Switch to Yourself Mode, or Anonymous Mode. Or, later (> year) , pseudonyms.
• Anonymous comments for sensitive discussions. But not enough automated tests! Therefore:
• A popup about maybe-bugs and not writing sensitive things just yet.

Minor changes

• Feature flag ffImp to disable impersonation
• An annoying num-links spam check is gone.
• Don't incl TLD when generating embedded comments local hostnames (Chrome thinks addresses like comments-for-your-domain-com... then is too similar to your real (your.domain.com), and shows a phishing warning).