I think it’s About time to Update the Forum Software

This forum is missing out on some of the latest Discourse features.


I agree, but I think it could be confusing for some members.

1 Like

I’ll point this out to Dave when he’s back from holiday. We can see when updates are available in the admin interface, but it means outages and at one point there was a serious problem, so he doesn’t just update as a matter of course as soon as updates become available.


Do it at night.

Create a backup before doing the updates.

Hasn’t it been over half a year since the forum was updated?

1 Like

Only problem with doing it at night is the forum is an international one.

You have people in North America, in Oceania, in Europe, in the Middle-East, in China, in Singapore, and in many more. At that scale the time of night is rather subjective.


I’d rather Dave do something more worthy of his time, like work on Sapiens. The forums work, and think it’s fine how it is now.


The last update the forums had included crucial security updates.

1 Like

You know what, for once I agree with Porky. We don’t need to upgrade the forums. It would be a usesess desision. Nothing good will come out of it, and it will be a huge waste of time.

1 Like

Have someone else do it?

I’d like to assume that most users come from the United States and around that area.

It also included a couple new features and some bug fixes.

Useless? Useless in what way? There are tons of new features. I can’t imagine that it’d be a huge waste of time. Updating the forum would bring a lot of benefits.


He always does it off-peak, which varies in time of day, due to geography. We don’t even consider day or night, as we are on a spheroid planet :slight_smile:

He always has redundancy, which is why the whole board wasn’t a fresh start after the last update problem.

If you are so bent on getting a board updated instantly go and set one up, and you can update on day one every time a patch comes out. That’s not how we roll.

I will point out the update notice in the admin interface to Dave, and he can do as he wishes.


New features, bug fixes, and security updates came out yesterday.

Security Updates

This beta includes 4 security fixes for issues reported by our community and HackerOne. It is highly recommended that sites update to receive these patches.

  • 2FA with U2F / TOTP
  • Use strict JSON parsing when parsing backup metadata
  • Improve second factor auth logic
  • Privacy leak with staged user and closed category

2.4.0 beta. Do not use beta versions on production if you don’t have to.

Why not? There are so many Discourse forums on beta versions.

Just look at all the people on Discourse Meta who have forums that are on beta versions.

Because this is a production forum, not a small test forum.

1 Like

If it ain’t broke, don’t fix it.


Well, it does have some security fixes, so it should probably be installed when it’s out of beta.

1 Like

Yes, and every update Invariably introduces more bugs that need security fixes. It’s a never-ending vicious circle.

I agree with “if it ain’t broke don’t fix it” for many things, but it isn’t a good reason to not patch security issues. While feature additions are not always necessary, since they don’t really fix anything, a security issue is a broken piece of technology, and therefore should be fixed promptly before someone decides to exploit it. That is why it is good to stay on top of the circle if you are able to.



My wife’s coffee mug. She does verification for Intel. Something like this is only humorous because it has a basis in reality. That’s what I’m saying…


Unfortunately, that is true a lot of the time. However, the most dangerous and likely to be exploited security issues are the ones that people know about, since those are the ones that will be exploited. If we have 1 vulnerability the entire world knows about, it’s a whole lot worse than 5 vulnerabilities that haven’t been discovered yet (assuming they haven’t been discovered by anyone).

1 Like