Misago

Misago 0.29 is **security** release which resolves an issue where previously escaped potentially dangerous HTML in parsed post is "unescaped" by Beautiful Soup 4 trying to "prettier" the HTML code.

Implementation changes

- 1453: Replace Beautiful Soup with custom HTML parser based on html5lib. Pass custom HTML representation to `clean_parsed` and `parsing_result_processors` extension hooks.

Theme changes

- 1444: Align thread's flags and categories to left on small displays.

Implementation changes

- 1441: Normalize `user_data` dict before passing it to filters and validators. Copy it before passing to filter function to prevent mutation.

Misago 0.28.1 is a bugfix release addressing issues in the UI.

Theme changes

- 1436: Fixed zeros displaying in place of unavailable UI on user profile header for clients with permission to follow or send private messages.
- 1435, 1437: Fixed broken posts layout on search results and user profiles.
- 1434: Fixed whole threads list having 0.8 opacity instead of just threads flags.

Misago 0.28 is a feature release that addresses some long-standing issues in the UX, removes build-in SSO clients and adds OAuth 2 client in its place. It also fixes few bugs and updates dependencies.

New features

- 1422: Added OAuth 2 client.
- 1399: Categories can have colors and short names.
- 1403: Made links in posts open in new tab by default.
- 1412: Page header on forum index is now optional.

Removed features

- 1388: Removed SSO using Django Simple SSO.

Theme changes

- 1398: Changed build system used for client assets from Gulp.js to Webpack.
- 1399: Categories now can have color and short name set on them thats used to conserve space in the UI.
- 1399: Redesigned threads list.
- 1412: Redesigned page headers.
- 1417: Redesigned navigation on user profile, account options and users lists pages.
- 1406: Redesigned toolbars.
- 1418: Moved posts away from Bootstrap grid too flexbox.

Bugs fixed

- 1346: Fixed default subscriptions options not setting on new user accounts.
- 1427: Locked locale in testrunner to `en-us`.
- 1416: Success message displayed in admin panel when theme was created or updated contained empty quotation marks, missing theme's name.

Implementation changes

- 1421: Updated Python version used to 3.11.
- 1388: Updated Django dependency to 3.2 LTS. Updated remaining dependencies.

Misago 0.27 is a maintenance release focused on updating dependencies.

**Bugs fixed**

* 1334 - Updated social-auth to latest version, resolving warning from GitHub about used oauth implementation being deprecated.
* 1336 - Added space between user status and posts count in long mobile postbit.

**Implementation changes**

* 1336 - Removed polyfill for browsers without `Object.keys` and `Object.assign`.

Misago 0.19.4 is a security release that updates Python requests to 2.20, resolving potential vulnerability in HTTP connections handling.

Updating instructions

To update Misago from 0.19.3 to 0.19.4 use PIP to uninstall old Misago and install new one:


pip uninstall misago
pip install misago