⚠️ Security fixes
- Set
Vary: Cookie
header when session data is present and used. This ensures that data linked to a (logged-in) session cannot leak between requests even in case of a poorly-configured caching proxy in front of Indico (#5753)
🎉 Improvements
- Use the revision's timestamp when downloading its files as a ZIP archive (#5686)
- Use more consistent colors on the editing judgment button (#5687, #5697)
- Keep history when undoing judgments on editables (#5630)
- Add search field to the abstracts list for reviewers (#5698, #5703)
- Align status box colors with judgment dropdown (#5699, #5706)
- Use a gender-neutral chairperson icon (#5710)
- Add option to set the abstracts' primary authors as the default submitters for the corresponding contributions (#5711)
- Allow commenting on accepted/rejected editables (#5712, #5722)
- Hide deleted sections and fields from registration summary (#5716)
- Add support for authorized submitters in Call for Papers (#5728)
- Display abstract submission comment in the list of abstracts (#5733)
- Allow searching for contributions by author in the management area (#5742)
- Include start/end dates of the whole booking in the timeline tooltip of recurring room bookings (#5730, #5740)
- Add day of the week to room booking details modal and timeline (#5718, #5743)
- Allow acceptance and rejection of editables in the editable list (#5721)
- Email verification attempts during signup now trigger rate limiting to prevent spamming large amounts of confirmation emails (#5727)
- Allow bulk-commenting editables in the editable list (#5747)
- Allow emailing contribution persons that have not yet made any submissions to a given editable type (#5755)
- Show only "ready to review" editables on the "get next editable" list (#5765)
- Disallow uploading empty files (#5767)
- Include non-speaker authors in the timetable export API (#5412, #5738)
- Add setting to force track selection when accepting abstracts (#5771)
- Log detailed changes when editing contributions (#5777)
- Allow managers to ignore required field restrictions in registration forms (#5644, #5682, thanks @kewisch)
- Allow selecting the global noreply address as the sender for event reminders (#5784)
🐛 Bugfixes
- Fix creating invited abstracts (#5696)
- Fix error on contribution page when there is no paper but the peer reviewing module is enabled and configured to hide accepted papers
- Clone all protection settings (in particular submitter privileges) when cloning events (#5702)
- Fix searching in single-choice dropdown fields in registration forms (#5709)
- Fix uploading files in registration forms where the user only has access through the registration's token (#5719)
- Fix being unable to set the "speakers and authors" as the default contribution submitter type (#5711)
- Check server-side if Call for Papers is open when submitting a paper (#5725)
- Fix room notification email list showing up empty when editing it (#5729, #5731)
- Fix performance issues in paper assignment list (#5736)
- Fix performance issues in event export API with large events when including contributions (#5736)
- Fix error when a search query matches content from unlisted events (#5759, #5761)
- Fix ToS and Privacy Policy links in room booking module not working when using an external URL (#5774)
- Do not apply default values to new registration form fields when editing an existing registration (#5781)
- Allow
0
for a required registration form numbe field (unless a higher minimum value is set) (#5781)