Indico 2.2 released [v2.2.8]

We just released Indico 2.2, which includes, among others, the following major changes:

  • A full revamp of the Room Booking system, detailed information here;
  • We have a new policy on browser support:
    • Internet Explorer 11 is no longer supported.
    • The last two versions of major browsers are fully supported. Check here for the lowest supported versions.
    • When using an unsupported browser a message will be displayed on top of the page warning users that their browser is outdated. Updating is also in their own interest since using outdated browsers exposes you to the security issues old browser versions usually have.
  • Indico 2.2+ can only be run in the URL root as, e.g. https://indico.example.com. Running Indico from a subdirectory like https://example.com/indico is no longer supported unless you build your own packages.
  • Indico is now using the more permissive MIT license (instead of GPL).

For a detailed list of improvements, please check the changelog.

When upgrading, make sure to take the additional steps into account which are required during the upgrade from 2.x to 2.2!

4 Likes

After upgrading I noticed that 2.2’s plugin API is not backwards compatible with 2.1. I think I fixed some obvious cases of incompatibility, but still am getting a strange:

OSError: [Errno 2] No such file or directory: plugin_path/static/dist/manifest.json'

error. I can’t figure out how to work around it.

Having a section of breaking plugin API changes in the release notes would be nice.

True, we didn’t document that :confused:

Anyway, to avoid that error you need to run python bin/maintenance/build-assets.py plugin ../plugins/yourplugin (with the correct path to your plugin of course).

When you use build-wheel.py this will be done automatically.

1 Like

We just released v2.2.1 containing some small improvements and bug fixes:

Improvements

  • Make list of event room bookings sortable
  • Log when a booking is split during editing
  • Improve “Book” button in multi-day events

Bugfixes

  • Add missing slash to the template_prefix of the designer module
  • Always use HH:MM time format in book-from-event link
  • Fix timetable theme when set to “indico weeks view” before 2.2
  • Avoid flickering of booking edit details tooltip
  • Fix outdated browser check on iOS

We’ve just released v2.2.2 which fixes an installation error caused by a missing pyatom library.

Update: we backported those changes to 2.1 and released 2.1.9 to save those still on 2.1.x from possible pip troubles.

We have released v2.2.3 which contains important security fixes - you need to update as soon as possible if you haven’t done so yet.

:warning: Security fixes

  • Strip @, +, - and = from the beginning of strings when exporting CSV files to avoid security issues when opening the CSV file in Excel
  • Use 027 instead of 000 umask when temporarily changing it to get the current umask
  • Fix LaTeX sanitization to prevent malicious users from running unsafe LaTeX commands through specially crafted abstracts or contribution descriptions, which could lead to the disclosure of local file contents

:tada: Improvements

  • Improve room booking interface on small-screen devices
  • Add user preference for room owners/manager to select if they want to receive notification emails for their rooms
  • Show family name field first in user search dialog
  • Make date headers clickable in room booking calendar
  • Show times in room booking log entries
  • Support disabling server-side LaTeX altogether and hide anything that requires it (such as contribution PDF export or the Book of Abstracts). LaTeX is now disabled by default, unless the XELATEX_PATH is explicitly set in indico.conf.

:bug: Bugfixes

  • Remove 30s timeout from dropzone file uploads
  • Fix bug affecting room booking from an event in another timezone
  • Fix error when commenting on papers
  • Fix performance issue in conferences with public registration count and a high amount of registrations
  • Fix confirmation prompt when disabling conference menu customizations
  • Fix incorrect days shown as weekend in room booking for some locales
  • Fix ACL entries referencing event roles from the old event when cloning an event with event roles in the ACL. Run indico maint fix-event-role-acls after updating to fix any affected ACLs
  • Fix validation issues in coordinates fields when editing rooms

We have released v2.2.5 which contains mostly bugfixes and some small improvements.

:tada: Improvements

  • Sort posters in timetable PDF export by board number (#4147, thanks @bpedersen2)
  • Use lat/lng field order instead of lng/lat when editing rooms (#4150, thanks @bpedersen2)
  • Add additional fields to the contribution csv/xlsx export (authors and board number) (#4148, thanks @bpedersen2)

:bug: Bugfixes

  • Update the Pillow library to 6.2.1. This fixes an issue where some malformed images could result in high memory usage or slow processing.
  • Truncate long speaker names in the timetable instead of hiding them (#4110)
  • Fix an issue causing errors when using translations for languages with no plural forms (like Chinese).
  • Fix creating rooms without touching the longitude/latitude fields (#4115)
  • Fix error in HTTP API when Basic auth headers are present (#4123, thanks @uxmaster)
  • Fix incorrect font size in some room booking dropdowns (#4156)
  • Add missing email validation in some places (#4158)
  • Reject requests containing NUL bytes in the POST data (#4159)
  • Fix truncated timetable PDF when using “Print each session on a separate page” in an event where the last timetable entry of the day is a top-level contribution or break (#4134, thanks @bpedersen2)
  • Only show public contribution fields in PDF exports (#4165)
  • Allow single arrival/departure date in accommodation field (#4164, thanks @bpedersen2)

We have released v2.2.6 which contains some bugfixes and fixed a dependency issue for new installs.

:bug: Bugfixes

  • Fix some email fields (error report contact, agreement cc address) being required even though they should be optional
  • Avoid browsers prefilling stored passwords in togglable password fields such as the event access key
  • Make sure that tickets are not attached to emails sent to registrants for whom tickets are blocked (#4242)
  • Fix event access key prompt not showing when accessing an attachment link (#4255)
  • Include event title in OpenGraph metadata (#4288)
  • Fix error when viewing abstract with reviews that have no scores
  • Update requests and pin idna to avoid installing incompatible dependency versions (#4327)
2 Likes

We have released v2.2.7 which contains some bugfixes and a new feature which may come in handy during the current time :biohazard: where events may need to be cancelled or postponed.

:tada: Improvements

  • Add support for event labels to indicate e.g. postponed or cancelled events (#3199)

:bug: Bugfixes

  • Allow slashes in roomName export API
  • Show names instead of IDs of local groups in ACLs (#3700)
1 Like

We have released v2.2.8 which contains security fixes for some of our dependencies.

:warning: Security fixes

  • Update bleach to fix a regular expression denial of service vulnerability
  • Update Pillow to fix a buffer overflow vulnerability