Hello my magnificent Flarumites!
With our last release, beta 14, having been delayed quite extensively, we knew it was important to get back into our habit of regular release cycles. Well within our estimation we today are proud to ship to you Flarum 0.1.0-beta.15!

“Don’t dream of winning, train for it!” — Mo Farah

Australian Tiger Beetle

---

🔔 What’s Changed?

---

The focus of this release was extenders for extension developers and some better internationalization support. A few user-visible highlights:

• 🎨 Admin dashboard refresh (flarum/core#2409)
• 🌐 Slug driver support (flarum/core#2456)
• 📛 New nicknames extension (flarum/nicknames)
• 🧩 A ton of extenders for extension developers to use (src/Extend)

Aside from a ton of fixes, there are many other improvements and new small features in most of our bundled extensions. Let us know if you discovered one or discover them by looking through the extensions changelog.md or releases page on GitHub.

👨‍💻 For Developers

---

If you are a developer please understand there are many breaking changes in this release, make sure to read the full upgrade guide in our docs! Some key points:

• MomentJS BC layer has been removed
• Policy system has been reworked
• Composer options have been added for new Admin UI
• The Flarum\User\Event\GetDisplayName event has been removed, use the display name driver feature of the User extender instead
• The base_path, public_path, and storage_path global helpers have been removed
• Other changes are mentioned in the upgrade guide for this release.

Developers are urged to check the changelogs of relating packages when they discover issues. You can review the Beta 15 Upgrade Guide to ensure your extensions are up to date.
If you have any questions or run into any obstacles in upgrading, please open a new discussion in the Dev tag or find us in #extend on our Discord.

Please also read about our flarum/core version constraint recommendation to stable.

⤴️ Upgrading

---

Before you run the upgrade, make sure to create a backup of your public/assets directory, your composer.json and your database!

Step 1: Ensure you are on version 0.1.0-beta.14 in your Admin Dashboard or by running php flarum info (use the previous release notes for upgrading from an earlier version)
Step 2: Uninstall every 3rd party extension that isn't compatible with beta 15 yet. You can check which extensions are compatible at Extiverse (it needs up to one hour after release to display compatible extensions) or use the extiverse helper.
Step 3: Disable the remaining extensions. Re-enabling them one at a time after you update will make it easier to debug if any issues occur.
Step 4: Run the following commands:

Now run the update all versions without installing (yet):

composer update --no-install --with-all-dependencies

[optional] If you'd like to add nicknames support:

composer require --no-update flarum/nicknames

Now install everything you've updated:

composer install --prefer-dist --no-dev -a

Last step is to run the database changes and clear the cache:

php flarum migrate
php flarum cache:clear

Step 5: Use your newly-upgraded Flarum site!
If you run into any problems, please open a new discussion in the Support tag. There may be discussions of similar issues, but open a new one anyway, it helps us get your specific problem resolved faster.
If the problem persists – we're here to help! Make sure to include the output of php flarum info. Please also include the output of composer why-not flarum/core v0.1.0-beta.15.

🙇‍♀️ Acknowledgements

---

Flarum releases wouldn't be possible without a multitude of people, our thanks go out to all of them! Thank you...
To everyone who contributed code this release, especially @SychO, @ianm, nina-py, sl-kr, azibom, lhsazevedo, @w-4, @rob006, @franga2000, @Swader, @Littlegolden, qiaeru.
To our eagle-eyed bug reporters, especially @franga2000, @matteocontrini, @yulei745, @Rami-Sedhom, idk-pixel, lhsazevedo, @w-4.
To the incredible team behind Flarum, including @Franz, @luceos, @jordanjay29, @datitisev, @clarkwinkelmann, @tankerkiller125, @askvortsov, @SychO, @Liberty, @Digital, @Pollux, @katos, @Kyrne, @FrederikR, @Wadera and @Ralkage;
To every Open Collective supporter and Github Sponsor, but especially Glowing Blue AG, ecomscan, Bitfalls, KAV partners, @BartVB, Sridhar Kamma, Project Alice and Forum WirsanSoizburg.
Your continued support is extremely helpful, being fundamental to stable development for Flarum! Help us become a sustainable project by backing us on Open Collective or on GitHub
And finally, to you for your ongoing support and enthusiasm that keeps us all going!

Or should we name it cycle 16...
Anyway, beta 15 was just tagged with only three days of delay. The whole team will be taking some time off to enjoy the holidays. On behalf of all of them :
🎄Happy holidays 🎅

Yesterday we released an emergency security fix for the bundled Tags extension. Here are more details.

Impact

This vulnerability allowed any registered user to edit the tags of any discussion for which they have READ access using the REST API.
Users were able to remove any existing tag, and add any tag in which they are allowed to create discussions. The chosen tags still had to match the configured Tags minimums and maximums.
By moving the discussion to new tags, users were able to go around permissions applied to restricted tags. Depending on the setup, this can include publicly exposing content that was only visible to certain groups, or gain the ability to interact with content where such interaction was limited.
The full impact varies depending on the configuration of permissions and restricted tags, and which community extensions are being used. All tag-scoped permissions offered by extensions are impacted by this ability to go around them.
Forums that don't use restricted tags and don't use any extension that relies on tags for access control should not see any security impact. An update is still required to stop users from being able to change any discussion's tags.
Forums that don't use the Tags extension are unaffected.

Patches

The fix will be available in version v0.1.0-beta.14 with Flarum beta 14. The fix has already been back-ported to Flarum beta 13 as version v0.1.0-beta.13.2 of the Tags extension.

References

flarum/core#2355

Credit

Thank you to @LianSheng for finding it and to @SychO for the quick fix!

How to update

If you are using Flarum beta 13:
In your Flarum folder (containing composer.json and config.php), run:

composer update flarum/tags --prefer-dist --no-dev -a

You can then confirm the update worked by checking Composer output (should say "updating to v0.1.0-beta.13.2"), or by checking the version number in the admin panel in the extension list.
If you are using beta 12 or older:
You should update to Flarum beta 13 as soon as possible. We unfortunately can't support older Flarum releases with security fixes. Follow the instructions to update. The security fix will automatically be applied when you perform the update to beta 13.

Followup

The original fix released as v0.1.0-beta.13.1 contained an error. We have released an updated fix as v0.1.0-beta.13.2. If you already installed the 13.1 fix, repeat the steps above to install 13.2.
In our haste to get the fix out we missed an important quality check. We will review our process so this doesn't happen again. We apologize for the inconvenience.

This is a placeholder, usually we'd have some information from our kick off meeting. That meeting is planned for Next Monday, so there's nothing to say right now other than Beta 14 just got released 😃

Hello my magnificent Flarumites!
We have taxed your patience in bringing the newest beta installment of Flarum. Yet this release marks closure on the most impactful change in preparation for stable since beta 8, the frontend framework upgrade. With 80+ issues closed in addition to that upgrade, Beta 14 is the largest release Flarum has seen so far. Moreover, this release only took 5 months, in comparison to Beta 8 which had comparable scope but took 17 months.
It wasn't always easy, especially with all that happened in the world around us, but our team persevered in shipping a release we can be proud of.

It does not matter how slowly you go so long as you do not stop. --Confucius

Cairns Birdwing

---

🔔 What’s Changed?

---

The focus of this release was a long overdue upgrade of Flarum's frontend framework from Mithril v0.2 to Mithril v2.0. This also included refactors of many major frontend components like the discussion list, notifications dropdown, and post stream. We also started using TypeScript in core's frontend, upgraded the Laravel packages we used from v5 to v6, and fixed a lot of bugs. Most changes are more applicable to extension developers, but they go a long way towards increasing stability of our frontend. A few user-visible highlights:

• 📦️ When enabling and disabling extensions we will now check their dependencies on other extensions to prevent bricking your forum. For instance , since askvortsov/categories relies on flarum/tags, you can't enable it unless flarum/tags is enabled. (flarum/core#2188)
• 🗨️ Fixed a bunch of bugs with the post stream
• 🏷️ Improved tag discussion count and last posted discussion calculations
• ⬅️ Added a "view post" popup when having edited a post similar to when you create a post. (flarum/core#2108)
• ✉️ Email configuration can now be tested from within the admin area. (flarum/core#2023)
• 🔍 Searching for users based on groups is now also possible using the group ID. (flarum/core#2192)
• 🕛️ Relative times are now updated without reloading. (flarum/core#2208)
• ⚠️ Improved request error handling with modals. (flarum/core#1929)
• 😁 Font Awesome was updated. (flarum/core#2274)
• 📛 User display names are now implemented as drivers, and have extenders (flarum/core#2174)
• 🔒️ The bundled Facebook, GitHub and Twitter authentication extensions have moved to Friends of Flarum. flarum/core#2006

There are a bunch more! If you're into this, feel free to scour our changelogs and releases on GitHub.

👨‍💻 For Developers

---

If you are a developer please understand there are many breaking changes in this release, make sure to read the full upgrade guide in our docs! Some key points:

• We are now using Mithril 2, which means a lot of changes to components will be needed. (flarum/core#2255)
• You MUST use the new View extender for registering Laravel View namespaces instead of resolving the View factory directly in extend.php (flarum/core#2134)
• The Laravel packages Flarum uses have been upgraded to v6 from v5. This means that some helpers, like array_get, are no longer available. Also, theApplication has been decoupled from the IoC container and Laravel's Application contract flarum/core#2243
• Application paths have been moved to the resolvable Paths class. (flarum/core#2142)
• Config (config.php contents) has been moved to the resolvable Config class. (flarum/core#2271)
• Subjects and bodies for notification emails can (and should!!!) now be translated. (flarum/core#2244)
• A user extender for display name drivers and user group pre-processing has been added. (flarum/core#2110)
• Other changes are mentioned in the upgrade guide for this release.

Developers are urged to check the changelogs of relating packages when they discover issues. You can review the Beta 14 Upgrade Guide to ensure your extensions are up to date.
If you have any questions or run into any obstacles in upgrading, please open a new discussion in the Dev tag or find us in #extend on our Discord.

Please also read about our flarum/core version constraint recommendation to stable.

⤴️ Upgrading

---

Please note that Beta 14 comes with a lot of changes, and extension developers will need some time to catch up. Please ensure that all extensions you need have been updated for beta 14 before upgrading your forum.

Before you run the upgrade, make sure to create a backup of your public/assets directory, your composer.json and your database!

Step 1: Ensure you are on version 0.1.0-beta.13 in your Admin Dashboard or by running php flarum info (use the previous release notes for upgrading from an earlier version)
Step 2: Uninstall every 3rd party extension that isn't compatible with beta 14 yet. Most extensions are no longer compatible! You can check which extensions are compatible at Extiverse (it needs up to one hour after release to display compatible extensions).
Step 3: Disable the remaining extensions. Re-enabling them one at a time after you update will make it easier to debug if any issues occur.
Step 4: Run the following commands:

composer remove --no-update flarum/auth-facebook flarum/auth-github flarum/auth-twitter

Now run the update all versions without installing (yet):

composer update --no-install --with-all-dependencies

[optional] In case you used the facebook, github or twitter log in extensions:

composer require --no-update fof/oauth

Now install everything you've updated:

composer install --prefer-dist --no-dev -a

Last step is to run the database changes and clear the cache:

php flarum migrate
php flarum cache:clear

Step 5: Use your newly-upgraded Flarum site!
If you run into any problems, please open a new discussion in the Support tag. There may be discussions of similar issues, but open a new one anyway, it helps us get your specific problem resolved faster.
If the problem persists – we're here to help! Make sure to include the output of php flarum info. Please also include the output of composer why-not flarum/core v0.1.0-beta.14

🙇‍♀️ Acknowledgements

---

Flarum releases wouldn't be possible without a multitude of people, our thanks go out to all of them! Thank you...
To everyone who contributed code this release, especially @w-4, @matteocontrini, @SychO, @Kylo, @Littlegolden, @iPurpl3x, @fengkx, @corvofeng, @Qiaeru, @davwheat, @gruentee, @tariqthedev, @eddiewebb, @angus, @alphaman, x7airworker, w3Abhishek, phanlyhuynh, nlssn, lhsazevedo, julakali, Heniisbaba, timas130, spekulatius, razonyang, jxsl13, and anyone else we've missed;
To our eagle-eyed bug reporters, especially @w-4, @matteocontrini, @SychO, @LianSheng, @peopleinside, @iPurpl3x and anyone else we've missed;
To the incredible team behind Flarum, including @Franz, @luceos, @jordanjay29, @datitisev, @clarkwinkelmann, @tankerkiller125, @askvortsov, @Liberty, @Digital, @Pollux, @katos, @Kyrne and @Ralkage;
To every Open Collective supporter and Github Sponsor, but especially Glowing Blue AG and KAV Partners. And also @rehrar, @BartVB, Christoph Schneegans, Dan Rezykowski, Sridhar Kamma, Donald Broussard, GuitarTalk, Hari, @ianm, Jian Gong, @phenomlab, @Edmilerad, Daniel Alter, espectrunk, FibraClick, HostBend LLC, Ken Lam, Lay Dominicans of bl. Michał Czartoryski, odyssea-ogc, Open Collective Inc, Timotheus Pokorra, malago86, yannisme, @askvortsov, zgq354, AndreiTelteu, @tankerkiller125, @angus, Wadera, @pkernstock, demianh, @hrvoje_hr;
Your continued support is extremely helpful, being fundamental to stable development for Flarum! Help us become a sustainable project by backing us on Open Collective or on GitHub
And finally, to you for your ongoing support and enthusiasm that keeps us all going!