v9.0.0

v9.0.0

🚨 This version updates a major dependency and action is required to maintain developer workflows. This is not a breaking change for app functionality, builds, or deploys.

v9.0.0 replaces npm with pnpm to speed up CI and resolve some long-standing issues with package installation. Developers need to follow these steps to update local workflows:

• Run npm install -g pnpm@8.14.3
• Clear node_modules by running sh scripts/clear-node_modules.sh
• Run sh scripts/pnpm-ci.sh to install from the new pnpm-lock.yaml. (This is equivalent to package-lock.json)

Updated commands

• Package installation is now run with sh pnpm-i.sh
• All commands previously using npm now use pnpm. Ex npm run watch is now pnpm run watch

Breaking changes

• Update to pnpm #4548

New functionality

• 🌱 New commenter badge #4571

Bug fixes and improvements

• Email domain ban confirmation #4560
• Make protected email domain bans customizable #4550
• Increase rate limit for flagging comments in API #4552
• Allow utilities/download to work with archive databases #4549
• Update email domain table in admin #4543
• Update sso.md description #4539
• Update installation instructions #4557
• fix missing css in user drawer tabs #4581
• copy and style updates for new user badge #4580

v8.8.0

In-page notifications

We’ve added an optional new in-page notifications feature. The new in-page notifications feature is enabled by default and can be controlled by admins inside the Configure menu. 



It includes these features:

• A new Notifications tab at the top of the comment stream that will show users new notifications on their comments. As users scroll through comments, a floating notification button will remain on the page so they can see and easily access new notifications.

• The ability to receive in-page notifications on comment replies, featured comments, and pending comment reviews.

• The ability for users to set their in-page notifications preferences in their Preferences tab.

The branch for this work is #4492

v8.7.4

• Increase unarchiving time out limit for very large archived databases #4544

v8.7.3

New features and fixes

• Protected email domains can now be set to 'always pre-moderate' #4531
• Anonymous DSA reports now show on comment moderation cards in the Coral admin #4530
• Added a script to help admins backup all data for tenants on a MongoDB instance #4528
• Support x.com links as media embeds when they are included in a comment #4521
• Users pending deletion can now view their profile without being logged out #4520
• Fixed padding on user drawer badges in the admin #4519
• Enabled external moderation phases to run when DSA is enabled and include rejection reasons #4516
• Added secretBadges to the user model to be configurable in Mongo, for optional user badges not associated with roles or SSO claims #4506
• Fixed bug where multiple moderators featuring comments incorrectly incremented the featured count #4502
• Added SECURITY.md file to Coral #4501
• Added more Swedish translations #4529 – thanks @antonborgstrom!
• Fixed Finnish translations for email notification footer #4524 – thanks @juhog!
• Fixed typo in stream.ftl translations #4511 – thanks @oliver-dvorski!

v8.7.2

New features and improvements

• Allow admins to initiate a 24-hour deletion of a user account via the User Drawer>Account History in the Moderation interface. This makes it easier for sites that don't use our GDPR features or the API endpoint to be compliant with any data deletion laws #4481
• Update references in embeds from Twitter to X #4482
• Add international Outlook accounts to protected email domains #4484
• Update banned word rejection messaging to be DSA compliant #4490
• Add NL translations for DSA strings #4496 thanks @rmens
• Update license to current year #4495 thanks @immber
• Update client handler to add a port to the root URL for local development #4489
• Create a docker-compose and README for setting up a Wordpress environment to work with Coral local development #4491

v8.7.1

• Add optional Top Commenter badge feature for commenters who've had a comment featured by a staff member #4462
• Add requirement to select a rejection reason when rejecting all comments with DSA enabled #4455
• Add max length validations for DSA input fields #4466
• Allow anonymous DSA reporting #4469
• A user's auth token is cleared and the stream reloaded when the token is invalid or expired #4472

v8.7.0

• Upgrade Coral's codebase to Node.js 18 in order to improve its security and performance (#4451)

v8.6.5

New features

• For orgs using multi-site instances, site filters on moderation queues now include a text search #4313, #4468
• Add utilities for adding tenants to existing deployments #4428

Adds the following indexes:

db.sites.createIndex({ tenantID: 1, "$**": "text", createdAt: -1 });

v8.6.4

• Add optional new feature to pre-moderate email addresses based on certain spam-like qualities. Findable under Admin > Config > Moderation (#4458)

v8.6.3

Bug fixes and improvements

• Fix permissions bug so that admin users can archive stories #4357
• Update Dutch translations #4369
• Add COMMENT_LEFT_MODERATION_QUEUE to webhook configuration options #4380
• Add rr.com to the protected email domains list #4383
• Fix bug of some error translations not working by using locale to translate GraphQL errors if available #4385
• Fix share comment interaction event to only fire once and add event for report comment interaction #4387
• Update styles for the Community table of users in the admin #4388
• Truncate comment body sent to Slack to stay under character limits #4392
• Update link to docs in the moderation phases admin configuration #4397
• Update broken links in docs #4390
• Fix broken link in css.md #4401
• Fix broken link to CSS variables doc #4429