Comentario3.8.0 Belfast

By Dmitry Kann 3 min read
This post  in Russian

New version Comentario 3.8.0 Belfast is released.

Comentario is a fast and powerful free comment server for web pages, written in Go.

AI-generated image.
AI-generated image.

What’s new

More Dashboard metrics

Dashboard now also displays total number of comments you’ve written, as well as the number of pages you commented on:

New Dashboard metrics in Comentario.
New Dashboard metrics in Comentario.

Animated placeholders

If your website or network is slow, users will see animated placeholders indicating comment loading is in progress — instead of a blank page:

Animated placeholders while loading comments.
Animated placeholders while loading comments.

Hopefully you’ll never see them, anyway. Comentario is, as you surely know, blazing fast.

Transparent commenter login to Admin UI

On a page with comments, when you click on the gear (Settings) button and then on Edit Comentario profile, you don’t need to log into the Admin UI anymore. This was previously necessary because your Admin UI is always on a different domain than the comments page, and every domain maintains its own session cookies.

The 3.8.0 release solves it by requesting a special single-use authentication token, which gets subsequently passed to the Admin UI web app and used there to log in.

Edit Comentario profile button.
Edit Comentario profile button.

Version upgrade check

Superusers (instance admins) will now see a notification badge in the sidebar, as well as a link to the latest release in the Static configuration, when a newer version is available:

Config manager and the Upgrade available notification.
Config manager and the Upgrade available notification.

This way you can stay up-to-date with the latest features and security updates.

Startup error handling

When you’re trying to open a comment page in a misconfigured environment and Comentario could not load, you’ll see a clear message stating there’s a problem, instead of a piece of some obscure JSON:

Comentario failed to load.
Comentario failed to load.

Shared XSRF secret

In this version a new secret key was introduced: xsrfSecret. If it’s empty (the default), Comentario will generate a random key used to protect the Administration UI from CSRF (XSRF) attacks, like before.

When you provide a value, it will be SHA256-hashed and used as the XSRF key. Such a non-random secret value should be used in setups with multiple Comentario instances serving the same website; it would guarantee an XSRF token issued by one instance is accepted by another.

Other changes

  • Embed: disable toolbar on preview (#93)
  • Backend logging improvements:
    • log colouring and the --no-color CLI option to disable it
    • log times with millisecond precision
    • better formatting
  • Add translation to Brazilian Portuguese (thanks to Guilherme Alves)
  • Dynamic config: disable images in markdown by default to mitigate possible identity attacks
  • Fix: only support IPv4 in signup_ip/author_ip (works around #95)
  • Fix: also mask author_ip
  • Fix: reset failed login counter on unlock (#91)

Live Demo

You can see the new version, as well as its Administrative UI (login with email admin@admin and password admin), on the demo website:

Comments Live Demo Administrative UI Demo


If you’re interested in trying out Comentario, you can start with these documentation pages:

Subscribe to blog updates: