The new version Comentario 3.7.0 Armagh is out.
Comentario is a fast and powerful free comment server for web pages, written in Go.
What’s new
This is the first release retouching the database layout since 3.0.0, therefore it bundles quite a few changes.
Domain-level dynamic configuration
We’ve extended the concept of a dynamic configuration, which previously applied to the whole system, to include domain-level settings. Its main feature is that it’s, well, dynamic, that is:
- It allows changing the values on-the-fly, with immediate effect.
- It’s flexible and doesn’t require any database changes when a new parameter is introduced, greatly simplifying adding new features.
- Every item has a default value, which facilitates configuration management.
The new configuration items are spread over two tabs on the Edit domain
page: General
and Authentication
:
Most of them may sound familiar, and rightly so: they originate from the same-named global (instance) settings, which serve as defaults when adding a new domain:
Items marked with an asterisk (*
) on the screenshot above are those providing defaults for new domains.
Named unregistered commenters
What was previously known as simply Anonymous is now called Commenting without registration (see the Authentication
tab pictured above). The main difference is that unregistered users, should they be allowed to write comments, don’t have to stay anonymous anymore — although they can if they choose to. There is a new field labelled Your name
in the Sign in
dialog the commenter can fill in before choosing to proceed without signing up:
Comment status notifications
Every user has got a new setting — configured independently for each domain — for enabling comment status notifications:
When it’s on, which is also the default, you’ll receive an email every time your comment gets approved or rejected by a moderator.
Comment metadata improvements
Edited and deleted comments display the metadata more clearly now, indicating who did that, and when:
Tip: hovering with your mouse over the time spec (such as just now
) will display the exact time in a tooltip.
Failed login tracking
When a user (or someone trying to impersonate them) fails to provide the correct password, this will now be recorded. And once the failed login attempt counter exceeds the configured value, that user will be locked out of Comentario.
The superuser can see the related properties:
The failed login counter will reset to zero on a first successful login.
As you can see on the screenshot above, Comentario now also registers the moment of the last password change, which will allow to enforce regular password changes in the future.
User session list
The superuser is now also able to see all sessions by a specific user, and to make them expired so that the user will have to log in again:
Blocked popup handling
When you try to login via SSO or a social provider (such as Facebook or Google), Comentario will try open a popup window allowing you to do that. As it turns out, Safari and Firefox seem to impede that by default; we’ve added an in-page popup that explains what happened and how it can be resolved:
Other changes
- Support IPv6 addresses (#69), more robust user IP handling (#76)
- Embed: add auto-non-interactive-sso attribute of
<comentario-comments>
tag (#81) - Embed: optimise Comentario startup by getting rid of separate config API call
- Fix unmasked IP registered with pageview (#77)
Live Demo
You can see the new version, as well as its Administrative UI (login with email admin@admin
and password admin
), on the demo website:
Comments Live Demo Administrative UI Demo
Installation
If you’re interested in trying out Comentario, you can start with these documentation pages:
Comments