Skip to content

@ThiefMaster ThiefMaster released this Nov 30, 2020 · 140 commits to master since this release

🎉 Improvements

  • Disable title field by default in new registration forms (#4688, #4692)
  • Add gender-neutral "Mx" title (#4688, #4692)
  • Add contributions placeholder for emails (#4716, thanks @bpedersen2)
  • Show program codes in contribution list (#4713)
  • Display the target URL of link materials if the user can access them (#2599, #4718)
  • Show the revision number for all revisions in the Editing timeline (#4708)

🐛 Bugfixes

  • Only consider actual speakers in the "has registered speakers" contribution list filter (#4712, thanks @bpedersen2)
  • Correctly filter events in "Sync with your calendar" links (this fix only applies to newly generated links) (#4717)
  • Correctly grant access to attachments inside public sessions/contribs even if the event is more restricted (#4721)
  • Fix missing filename pattern check when suggesting files from Paper Peer Reviewing to submit for Editing (#4715)
  • Fix filename pattern check in Editing when a filename contains dots (#4715)
  • Require explicit admin override (or being whitelisted) to override blockings (#4706)
  • Clone custom abstract/contribution fields when cloning abstract settings (#4724, thanks @bpedersen2)
  • Fix error when rescheduling a survey that already has submissions (#4730)
Assets 2

@ThiefMaster ThiefMaster released this Oct 27, 2020 · 174 commits to master since this release

⚠️ Security fixes

  • Fix potential data leakage between OAuth-authenticated and unauthenticated HTTP API requests for the same resource (#4663)
    Note: Due to OAuth access to the HTTP API having been broken until this version, we do not believe this was actually exploitable on any Indico instance. In addition, only Indico administrators can create OAuth applications, so regardless of the bug there is no risk for any instance which does not have OAuth applications with the read:legacy_api scope.

🎉 Improvements

  • Generate material packages in a background task to avoid timeouts or using excessive amounts of disk space in case of people submitting several times (#4630)
  • Add new EXPERIMENTAL_EDITING_SERVICE setting to enable extending an event's Editing workflow through an OpenReferee server (#4659)

🐛 Bugfixes

  • Only show the warning about draft mode in a conference if it actually has any contributions or timetable entries
  • Do not show incorrect modification deadline in abstract management area if no such deadline has been set (#4650)
  • Fix layout problem when minutes contain overly large embedded images (#4653, #4654)
  • Prevent pending registrations from being marked as checked-in (#4646, thanks @OmeGak)
  • Fix OAuth access to HTTP API (#4663)
  • Fix ICS export of events with draft timetable and contribution detail level (#4666)
  • Fix paper revision submission field being displayed for judges/reviewers (#4667)
  • Fix managers not being able to submit paper revisions on behalf of the user (#4667)

🔧 Internal Changes

  • Add registration_form_wtform_created signal and send form data in registration_created and registration_updated signals (#4642, thanks @OmeGak)
  • Add logged_in signal
Assets 2

@ThiefMaster ThiefMaster released this Sep 14, 2020 · 244 commits to master since this release

💡 Blog Post

We published a blog post summarizing the most relevant changes for end users.


🏆 Major Features

  • Add category roles, which are similar to local groups but within the scope of a category and its subcategories. They can be used for assigning permissions in any of these categories and events within such categories.
  • Events marked as "Invisible" are now hidden from the category's event list for everyone except managers (#4419, thanks @openprojects)
  • Introduce profile picture, which is for now only visible on the user dashboard (#4431, thanks @OmeGak)
  • Registrants can now be added to event ACLs. This can be used to easily restrict parts of an event to registered participants. If registration is open and a registration form is in the ACL, people will be able to access the registration form even if they would otherwise not have access to the event itself. It is also possible to restrict individual event materials and custom page/link menu items to registered participants. (#4477, #4528, #4505, #4507)
  • Add a new Editing module for papers, slides and posters which provides a workflow for having a team review the layout/formatting of such proceedings and then publish the final version on the page of the corresponding contribution. The Editing module can also be connected to an external microservice to handle more advanced workflows beyond what is supported natively by Indico.

🎏 Internationalization

  • New translation: Chinese (Simplified) 🇨🇳

🎉 Improvements

  • Sort survey list by title (#3802)
  • Hide "External IDs" field if none are defined (#3857)
  • Add LaTeX source export for book of abstracts (#4035, thanks @bpedersen2)
  • Tracks can now be categorized in track groups (#4052)
  • Program codes for sessions, session blocks, contributions and subcontributions can now be auto-generated (#4026)
  • Add draft mode for the contribution list of conference events which hides pages like the contribution list and timetable until the event organizers publish the contribution list. (#4095)
  • Add ICS export for information in the user dashboard (#4057)
  • Allow data syncing with multipass providers which do not support refreshing identity information
  • Show more verbose error when email validation fails during event registration (#4177)
  • Add link to external map in room details view (#4146)
  • Allow up to 9 digits (instead of 6) before the decimal point in registration fees
  • Add button to booking details modal to copy direct link (#4230)
  • Do not require new room manager approval when simply shortening a booking (#4214)
  • Make root category description/title customizable using the normal category settings form (#4231)
  • Added new LOCAL_GROUPS setting that can be used to fully disable local groups (#4260)
  • Log bulk event category changes in the event log (#4241)
  • Add CLI commands to block and unblock users (#3845)
  • Show warning when trying to merge a blocked user (#3845)
  • Allow importing event role members from a CSV file (#4301)
  • Allow optional comment when accepting a pre-booking (#4086)
  • Log event restores in event log (#4309)
  • Warn about cancelling/rejecting whole recurring bookings instead of just specific occurrences (#4092)
  • Add "quick cancel" link to room booking reminder emails (#4324)
  • Add visual information and filtering options for participants' registration status to the contribution list (#4318)
  • Add warning when accepting a pre-booking in case there are concurrent bookings (#4129)
  • Add event logging to opening/closing registration forms, approval/rejection of registrations, and updates to event layout (#4360, thanks @giusedb & @OmeGak)
  • Add category navigation dialog on category display page (#4282, thanks @OmeGak)
  • Add UI for admins to block/unblock users (#3243)
  • Show labels indicating whether a user is an admin, blocked or soft-deleted (#4363)
  • Add map URL to events, allowing also to override room map URL (#4402, thanks @OmeGak)
  • Use custom time picker for time input fields taking into account the 12h/24h format of the user's locale (#4399)
  • Refactor the room edit modal to a tabbed layout and improve error handling (#4408)
  • Preserve non-ascii characters in file names (#4465)
  • Allow resetting moderation state from registration management view (#4498, thanks @OmeGak)
  • Allow filtering event log by related entries (#4503, thanks @OmeGak)
  • Do not automatically show the browser's print dialog in a meeting's print view (#4513)
  • Add "Add myself" button to person list fields (e.g. for abstract authors) (#4411, thanks @jgrigera)
  • Subcontributions can now be managed from the meeting display view (#2679, #4520)
  • Add CfA setting to control whether authors can edit abstracts (#3431)
  • Add CfA setting to control whether only speakers or also authors should get submission rights once the abstract gets accepted (#3431)
  • Show the Indico version in the footer again (#4558)
  • Event managers can upload a custom Book of Abstract PDF (#3039, #4577)
  • Display each news item on a separate page instead of together with all the other news items (#4587)
  • Allow registrants to withdraw their application (#2715, #4585, thanks @brabemi & @OmeGak)
  • Allow choosing a default badge in categories (#4574, thanks @OmeGak)
  • Display event labels on the user's dashboard as well (#4592)
  • Event modules can now be imported from another event (#4518, thanks @meluru)
  • Event modules can now be imported from another event (#4518, #4533, thanks @meluru)
  • Include the event keywords in the event API data (#4598, #4599, thanks @chernals)
  • Allow registrants to check details for non-active registrations and prevent them from registering twice with the same registration form (#4594, #4595, thanks @OmeGak)
  • Add a new CUSTOM_LANGUAGES setting to indico.conf to override the name/territory of a language or disable it altogether (#4620)

🐛 Bugfixes

  • Hide Book of Abstracts menu item if LaTeX is disabled and no custom Book of Abstracts has been uploaded
  • Use a more consistent order when cloning the timetable (#4227)
  • Do not show unrelated rooms with similar names when booking room from an event (#4089)
  • Stop icons from overlapping in the datetime widget (#4342)
  • Fix alignment of materials in events (#4344)
  • Fix misleading wording in protection info message (#4410)
  • Allow guests to access public notes (#4436)
  • Allow width of weekly event overview table to adjust to window size (#4429)
  • Fix whitespace before punctuation in Book of Abstracts (#4604)
  • Fix empty entries in corresponding authors (#4604)
  • Actually prevent users from editing registrations if modification is disabled
  • Handle LaTeX images with broken redirects (#4623, thanks @bcc)

🔧 Internal Changes

  • Make React and SemanticUI usable everywhere (#3955)
  • Add before-regform template hook (#4171, thanks @giusedb)
  • Add registrations kwarg to the event.designer.print_badge_template signal (#4297, thanks @giusedb)
  • Add registration_form_edited signal (#4421, thanks @OmeGak)
  • Make PyIntEnum freeze enums in Alembic revisions (#4425, thanks @OmeGak)
  • Add before-registration-summary template hook (#4495, thanks @OmeGak)
  • Add extra-registration-actions template hook (#4500, thanks @OmeGak)
  • Add event-management-after-title template hook (#4504, thanks @meluru)
  • Save registration id in related event log entries (#4503, thanks @OmeGak)
  • Add before-registration-actions template hook (#4524, thanks @OmeGak)
  • Add LinkedDate and DateRange form field validators (#4535, thanks @OmeGak)
  • Add extra-regform-settings template hook (#4553, thanks @meluru)
  • Add filter_selectable_badges signal (#4557, thanks @OmeGak)
  • Add user ID in every log record logged in a request context (#4570, thanks @OmeGak)
  • Add extra-registration-settings template hook (#4596, thanks @meluru)
  • Allow extending polymorphic models in plugins (#4608, thanks @OmeGak)
  • Wrap registration form AngularJS directive in jinja block for more easily overriding arguments passed to the app in plugins (#4624, thanks @OmeGak)
Assets 2
May 20, 2020
Not a release, just a fix in the docs.

@ThiefMaster ThiefMaster released this Apr 8, 2020 · 1384 commits to master since this release

⚠️ Security fixes

  • Update bleach to fix a regular expression denial of service vulnerability
  • Update Pillow to fix a buffer overflow vulnerability
Assets 2

@ThiefMaster ThiefMaster released this Mar 23, 2020 · 1388 commits to master since this release

🎉 Improvements

  • Add support for event labels to indicate e.g. postponed or cancelled events (#3199)

🐛 Bugfixes

  • Allow slashes in roomName export API
  • Show names instead of IDs of local groups in ACLs (#3700)
Assets 2

@ThiefMaster ThiefMaster released this Feb 27, 2020 · 1399 commits to master since this release

🐛 Bugfixes

  • Fix some email fields (error report contact, agreement cc address) being required even though they should be optional
  • Avoid browsers prefilling stored passwords in togglable password fields such as the event access key
  • Make sure that tickets are not attached to emails sent to registrants for whom tickets are blocked (#4242)
  • Fix event access key prompt not showing when accessing an attachment link (#4255)
  • Include event title in OpenGraph metadata (#4288)
  • Fix error when viewing abstract with reviews that have no scores
  • Update requests and pin idna to avoid installing incompatible dependency versions (#4327)
Assets 2

@ThiefMaster ThiefMaster released this Dec 6, 2019 · 1412 commits to master since this release

🎉 Improvements

  • Sort posters in timetable PDF export by board number (#4147, thanks @bpedersen2)
  • Use lat/lng field order instead of lng/lat when editing rooms (#4150, thanks @bpedersen2)
  • Add additional fields to the contribution csv/xlsx export (authors and board number) (#4148, thanks @bpedersen2)

🐛 Bugfixes

  • Update the Pillow library to 6.2.1. This fixes an issue where some malformed images could result in high memory usage or slow processing.
  • Truncate long speaker names in the timetable instead of hiding them (#4110)
  • Fix an issue causing errors when using translations for languages with no plural forms (like Chinese).
  • Fix creating rooms without touching the longitude/latitude fields (#4115)
  • Fix error in HTTP API when Basic auth headers are present (#4123, thanks @uxmaster)
  • Fix incorrect font size in some room booking dropdowns (#4156)
  • Add missing email validation in some places (#4158)
  • Reject requests containing NUL bytes in the POST data (#4159)
  • Fix truncated timetable PDF when using "Print each session on a separate page" in an event where the last timetable entry of the day is a top-level contribution or break (#4134, thanks @bpedersen2)
  • Only show public contribution fields in PDF exports (#4165)
  • Allow single arrival/departure date in accommodation field (#4164, thanks @bpedersen2)
Assets 2

@ThiefMaster ThiefMaster released this Oct 16, 2019 · 1438 commits to master since this release

⚠️ Security fixes

  • Fix more places where LaTeX input was not correctly sanitized.

While the biggest security impact (reading local files) has already been mitigated when fixing the initial vulnerability in the previous release, it is still strongly recommended to update.

Assets 2

@ThiefMaster ThiefMaster released this Oct 16, 2019 · 3974 commits to master since this release

⚠️ Security fixes

  • Fix more places where LaTeX input was not correctly sanitized.

While the biggest security impact (reading local files) has already been mitigated when fixing the initial vulnerability in the previous release, it is still strongly recommended to update.

Assets 2
You can’t perform that action at this time.