NodeBB v1.1.0 Release

Hello all,

Last week, we released v1.1.0 of NodeBB, containing a number of new features, bug fixes, and some security fixes. As always, it is advised to update your NodeBB to the latest version via the standard upgrade method:

  1. Stop NodeBB and make a backup of your database and public/uploads/ folder
  2. git pull the latest code
  3. ./nodebb upgrade to update the database schema and any relevant plugins

As with any typical release, there are always some breaking changes for plugin authors and theme developers. A listing of those changes can be found here:

Additionally, one change is required for any sites using Nginx as a reverse proxy with SSL configured. Due to improper detection in NodeBB, cookies were not automatically requiring strict HTTPS access if the server supported SSL, the latest release of NodeBB fixes this and requires that the proper protocol be passed through to NodeBB, otherwise an "invalid session" error will occur.

In your Nginx configuration, please alter the relevant server or location block and add the following directive to pass the required data to NodeBB:

proxy_set_header X-Forwarded-Proto $scheme;

For more information and to see how the full configuration for nginx is maintained, please consult the Nginx article in our documentation portal.

What's New in v1.1.0?

In no particular order...

  • /api/me can be used as a shortcut for accessing your user data
  • Some work has been done to allow NodeBB to be hosted on environments without direct disk access (e.g. some AWS environments). Among the changes:
    • NodeBB can be run without a config.json file, if the config values are passed in as environment variables
    • --no-local-assets when passed, will not write js/css/template/sound files to disk, and instead, serve them from NodeBB itself
    • --no-dep-check when passed, will skip dependency checking
  • There is now an "Account Info" page in user profiles that will allow admins/global moderators to view flagging and ban history for any given user
  • Bans can now be temporary (hourly/daily), whereas before they were always permanent
  • Better handling for local mail sending via sendmail
  • For security, the Admin Control Panel will require you to re-authenticate if you have been idle for an hour
  • For the full list of changes, click here

Julian Lam

Read more posts by this author.

Toronto, Ontario