New version Comentario 3.8.0 Belfast is released.
Comentario is a fast and powerful free comment server for web pages, written in Go.
![AI-generated image.](https://res.cloudinary.com/yktoo/image/upload/v1716551682/blog/nglvr7hasxqcky6ydixu.jpg)
What’s new
More Dashboard metrics
Dashboard now also displays total number of comments you’ve written, as well as the number of pages you commented on:
![New Dashboard metrics in Comentario.](https://res.cloudinary.com/yktoo/image/upload/v1716552541/blog/j6g0brxiachzz0gfpdaq.png)
Animated placeholders
If your website or network is slow, users will see animated placeholders indicating comment loading is in progress — instead of a blank page:
![Animated placeholders while loading comments.](https://res.cloudinary.com/yktoo/image/upload/v1716555645/blog/i6y2yg9smrihziwblyza.gif)
Hopefully you’ll never see them, anyway. Comentario is, as you surely know, blazing fast.
Transparent commenter login to Admin UI
On a page with comments, when you click on the gear (Settings) button and then on Edit Comentario profile
, you don’t need to log into the Admin UI anymore. This was previously necessary because your Admin UI is always on a different domain than the comments page, and every domain maintains its own session cookies.
The 3.8.0 release solves it by requesting a special single-use authentication token, which gets subsequently passed to the Admin UI web app and used there to log in.
![Edit Comentario profile button.](https://res.cloudinary.com/yktoo/image/upload/v1716554338/blog/ym91p7ibhbemwyemoyag.png)
Version upgrade check
Superusers (instance admins) will now see a notification badge in the sidebar, as well as a link to the latest release in the Static configuration, when a newer version is available:
![Config manager and the Upgrade available notification.](https://res.cloudinary.com/yktoo/image/upload/v1716554851/blog/nivou4ypbo5eppg9ogxk.png)
This way you can stay up-to-date with the latest features and security updates.
Startup error handling
When you’re trying to open a comment page in a misconfigured environment and Comentario could not load, you’ll see a clear message stating there’s a problem, instead of a piece of some obscure JSON:
![Comentario failed to load.](https://res.cloudinary.com/yktoo/image/upload/v1716555148/blog/jgb5cvliwy5qlyyq3nd2.png)
Shared XSRF secret
In this version a new secret key was introduced: xsrfSecret
. If it’s empty (the default), Comentario will generate a random key used to protect the Administration UI from CSRF (XSRF) attacks, like before.
When you provide a value, it will be SHA256-hashed and used as the XSRF key. Such a non-random secret value should be used in setups with multiple Comentario instances serving the same website; it would guarantee an XSRF token issued by one instance is accepted by another.
Other changes
- Embed: disable toolbar on preview (#93)
- Backend logging improvements:
- log colouring and the
--no-color
CLI option to disable it - log times with millisecond precision
- better formatting
- log colouring and the
- Add translation to Brazilian Portuguese (thanks to Guilherme Alves)
- Dynamic config: disable images in markdown by default to mitigate possible identity attacks
- Fix: only support IPv4 in
signup_ip
/author_ip
(works around #95) - Fix: also mask
author_ip
- Fix: reset failed login counter on unlock (#91)
Live Demo
You can see the new version, as well as its Administrative UI (login with email admin@admin
and password admin
), on the demo website:
Comments Live Demo Administrative UI Demo
Installation
If you’re interested in trying out Comentario, you can start with these documentation pages:
- Getting started.
- Installation.
- Migration (from Commento, Disqus, Wordpress).
Comments