DawPi

My 3.x mod:

 
😉
 
God Job anyway. I like it.

Fun fact - back then we used SVN for our source control, and the files had "tags" assigned to them (Revision, Author, and Date). In SVN, the Author tag isn't necessarily the initial committer, but rather the last one to make changes to that file.

Cosmetic stuff isn't more important than the functionality itself. Everyone has their own important things to request and wait.

Totally waste of time creating this feature. IPS time could've been spent creating more useful features than this👎

Thanks for the welcomes! Can't wait to start implementing some nice updates into Invision Community for everyone in future versions. Stay tuned! 🙂 

Welcome new IPS Team Member 😉

Welcome new IPS Team Member 😉

Welcome new IPS Team Member 😉

Welcome new IPS Team Member 😉

All I read are some misplaced emotes which are overused. Less is more.

If you have commerce, your contact form requests can go directly into a ticketing system. I have two sites set up like that and the rest just to email. 
I also use this plugin by @evandixon which has been very helpful clearly describing what the contact form should and should not be used for.
 

Strict Transport Security should be set up at the server level, and only if you are using SSL (https).
You can enable a Content Security Policy right from the AdminCP should you wish, but it's not something we can automate. You may have needs that the software can't know about (such as showing a Pages widget on an external domain), which is why you should configure it yourself if you wish to use it.
We do output the Content Type Options header when sending a file to the browser. There's little to no benefit using it just on every single page, but we do see value in attachment and file handlers to prevent browsers trying to guess what the file is even after we've supplied a mime type.
We enable a Referrer Policy when visiting external links.
I'm not really sure I'd group a Feature Policy in with security related headers...it's intended to indicate to the user agent which features (like location) the site may need. Trying to do this automatically also means third parties in the future may run into trouble if they try to leverage a new feature that we didn't outright allow initially. Either way, I'd say it's at least debatable if this should be lumped in as a security concern (Google's writeup even says "It's like CSP, except it controls features instead of security").

The same as you to be honest. 😉

Why do you think IPS decided to post a blog post about security today? 👀
 

Yeah, I saw that yesterday. Pretty bad vulnerability for their customers to deal with.

Nice. Thanks. 🙂
btw. 0day exploit in vb: 
 

There are at least 2 resources available in our marketplace 🙂
 

From now on exactly 5 days, 12 hours, 23 minutes. 
 
 
 
Or until most of all bugs are fixed....

When you announce a new minor feature in an upcoming software version and people just post the other stuff they'd like.

 
1) Nope, you can't take my animated GIFs from me! (But you do not need to enable GIFs, that's up to you)
2) You'll like a blog entry we have coming up soon.

 

Pages by far. Activity streams is in a very distant second.
Maybe it is an interesting side discussion about how 'we', the admins, use the software compared to the users. I, for example, never use the "next unread topic" link. I check my unread activity streams and open all unread topics in new tabs.
I also avoid checking my community logged in from mobile - chances are I will just read a topic that I will have to attend to (moderate, reply, split, move, etc) and I hate doing that from mobile. The problem is, once I open it, it is already marked as read, so if I don't manipulate it immediately I won't do it ever. 

Only correct answer is obviously to buy 1600 self hosted Invision Community Licences with all the applications.