github indico/indico v3.2.4

13 days ago

⚠️ Security fixes

  • Set Vary: Cookie header when session data is present and used. This ensures that data linked to a (logged-in) session cannot leak between requests even in case of a poorly-configured caching proxy in front of Indico (#5753)

🎉 Improvements

  • Use the revision's timestamp when downloading its files as a ZIP archive (#5686)
  • Use more consistent colors on the editing judgment button (#5687, #5697)
  • Keep history when undoing judgments on editables (#5630)
  • Add search field to the abstracts list for reviewers (#5698, #5703)
  • Align status box colors with judgment dropdown (#5699, #5706)
  • Use a gender-neutral chairperson icon (#5710)
  • Add option to set the abstracts' primary authors as the default submitters for the corresponding contributions (#5711)
  • Allow commenting on accepted/rejected editables (#5712, #5722)
  • Hide deleted sections and fields from registration summary (#5716)
  • Add support for authorized submitters in Call for Papers (#5728)
  • Display abstract submission comment in the list of abstracts (#5733)
  • Allow searching for contributions by author in the management area (#5742)
  • Include start/end dates of the whole booking in the timeline tooltip of recurring room bookings (#5730, #5740)
  • Add day of the week to room booking details modal and timeline (#5718, #5743)
  • Allow acceptance and rejection of editables in the editable list (#5721)
  • Email verification attempts during signup now trigger rate limiting to prevent spamming large amounts of confirmation emails (#5727)
  • Allow bulk-commenting editables in the editable list (#5747)
  • Allow emailing contribution persons that have not yet made any submissions to a given editable type (#5755)
  • Show only "ready to review" editables on the "get next editable" list (#5765)
  • Disallow uploading empty files (#5767)
  • Include non-speaker authors in the timetable export API (#5412, #5738)
  • Add setting to force track selection when accepting abstracts (#5771)
  • Log detailed changes when editing contributions (#5777)
  • Allow managers to ignore required field restrictions in registration forms (#5644, #5682, thanks @kewisch)
  • Allow selecting the global noreply address as the sender for event reminders (#5784)

🐛 Bugfixes

  • Fix creating invited abstracts (#5696)
  • Fix error on contribution page when there is no paper but the peer reviewing module is enabled and configured to hide accepted papers
  • Clone all protection settings (in particular submitter privileges) when cloning events (#5702)
  • Fix searching in single-choice dropdown fields in registration forms (#5709)
  • Fix uploading files in registration forms where the user only has access through the registration's token (#5719)
  • Fix being unable to set the "speakers and authors" as the default contribution submitter type (#5711)
  • Check server-side if Call for Papers is open when submitting a paper (#5725)
  • Fix room notification email list showing up empty when editing it (#5729, #5731)
  • Fix performance issues in paper assignment list (#5736)
  • Fix performance issues in event export API with large events when including contributions (#5736)
  • Fix error when a search query matches content from unlisted events (#5759, #5761)
  • Fix ToS and Privacy Policy links in room booking module not working when using an external URL (#5774)
  • Do not apply default values to new registration form fields when editing an existing registration (#5781)
  • Allow 0 for a required registration form numbe field (unless a higher minimum value is set) (#5781)

🔧 Internal Changes

  • Update Python & JavaScript dependencies (#5726, #5752)
  • Add support for the watchfiles live reloader (#5732)
  • Add an endpoint to allow resetting the state of an accepted editable to "ready to review" (#5758)
  • Add RESTful endpoints for custom contribution fields (#5768)

Don't miss a new indico release

NewReleases is sending notifications on new releases.