Indico 2.3 released [v2.3.2]

We just released Indico 2.3; to get an overview about what’s new, check out blog post about the release.

For a detailed list of improvements, head over to the changelog .

When upgrading, make sure to take the additional steps into account which are recommended during the upgrade from 2.2 to 2.3! This is especially important if you are using OAuth for SSO


Version 2.3.x will be the last Indico versions to support Python 2.7; the next major release will be 3.0 which will require Python 3 - but more on that topic in the future.

4 Likes

We have released v2.3.1 which contains some bugfixes and improvements. It also contains a security fix, but thanks to the feature in question being broken, the security issue was not exploitable (see note below).

:warning: Security fixes

  • Fix potential data leakage between OAuth-authenticated and unauthenticated HTTP API requests for the same resource (#4663)
    Note: Due to OAuth access to the HTTP API having been broken until this version, we do not believe this was actually exploitable on any Indico instance. In addition, only Indico administrators can create OAuth applications, so regardless of the bug there is no risk for any instance which does not have OAuth applications with the read:legacy_api scope.

:tada: Improvements

  • Generate material packages in a background task to avoid timeouts or using excessive amounts of disk space in case of people submitting several times (#4630)
  • Add new EXPERIMENTAL_EDITING_SERVICE setting to enable extending an event’s Editing workflow through an OpenReferee server (#4659)

:bug: Bugfixes

  • Only show the warning about draft mode in a conference if it actually has any contributions or timetable entries
  • Do not show incorrect modification deadline in abstract management area if no such deadline has been set (#4650)
  • Fix layout problem when minutes contain overly large embedded images (#4653, #4654)
  • Prevent pending registrations from being marked as checked-in (#4646, thanks @OmeGak)
  • Fix OAuth access to HTTP API (#4663)
  • Fix ICS export of events with draft timetable and contribution detail level (#4666)
  • Fix paper revision submission field being displayed for judges/reviewers (#4667)
  • Fix managers not being able to submit paper revisions on behalf of the user (#4667)

:wrench: Internal Changes

  • Add registration_form_wtform_created signal and send form data in registration_created and registration_updated signals (#4642, thanks @OmeGak)
  • Add logged_in signal

We have released v2.3.2 which contains some bugfixes and improvements.

:tada: Improvements

  • Disable title field by default in new registration forms (#4688, #4692)
  • Add gender-neutral “Mx” title (#4688, #4692)
  • Add contributions placeholder for emails (#4716, thanks @bpedersen2)
  • Show program codes in contribution list (#4713)
  • Display the target URL of link materials if the user can access them (#2599, #4718)
  • Show the revision number for all revisions in the Editing timeline (#4708)

:bug: Bugfixes

  • Only consider actual speakers in the “has registered speakers” contribution list filter (#4712, thanks @bpedersen2)
  • Correctly filter events in “Sync with your calendar” links (this fix only applies to newly generated links) (#4717)
  • Correctly grant access to attachments inside public sessions/contribs even if the event is more restricted (#4721)
  • Fix missing filename pattern check when suggesting files from Paper Peer Reviewing to submit for Editing (#4715)
  • Fix filename pattern check in Editing when a filename contains dots (#4715)
  • Require explicit admin override (or being whitelisted) to override blockings (#4706)
  • Clone custom abstract/contribution fields when cloning abstract settings (#4724, thanks @bpedersen2)
  • Fix error when rescheduling a survey that already has submissions (#4730)