Indico 2.3 released [v2.3.3]

We just released Indico 2.3; to get an overview about what’s new, check out blog post about the release.

For a detailed list of improvements, head over to the changelog .

When upgrading, make sure to take the additional steps into account which are recommended during the upgrade from 2.2 to 2.3! This is especially important if you are using OAuth for SSO


Version 2.3.x will be the last Indico versions to support Python 2.7; the next major release will be 3.0 which will require Python 3 - but more on that topic in the future.

4 Likes

We have released v2.3.1 which contains some bugfixes and improvements. It also contains a security fix, but thanks to the feature in question being broken, the security issue was not exploitable (see note below).

:warning: Security fixes

  • Fix potential data leakage between OAuth-authenticated and unauthenticated HTTP API requests for the same resource (#4663)
    Note: Due to OAuth access to the HTTP API having been broken until this version, we do not believe this was actually exploitable on any Indico instance. In addition, only Indico administrators can create OAuth applications, so regardless of the bug there is no risk for any instance which does not have OAuth applications with the read:legacy_api scope.

:tada: Improvements

  • Generate material packages in a background task to avoid timeouts or using excessive amounts of disk space in case of people submitting several times (#4630)
  • Add new EXPERIMENTAL_EDITING_SERVICE setting to enable extending an event’s Editing workflow through an OpenReferee server (#4659)

:bug: Bugfixes

  • Only show the warning about draft mode in a conference if it actually has any contributions or timetable entries
  • Do not show incorrect modification deadline in abstract management area if no such deadline has been set (#4650)
  • Fix layout problem when minutes contain overly large embedded images (#4653, #4654)
  • Prevent pending registrations from being marked as checked-in (#4646, thanks @OmeGak)
  • Fix OAuth access to HTTP API (#4663)
  • Fix ICS export of events with draft timetable and contribution detail level (#4666)
  • Fix paper revision submission field being displayed for judges/reviewers (#4667)
  • Fix managers not being able to submit paper revisions on behalf of the user (#4667)

:wrench: Internal Changes

  • Add registration_form_wtform_created signal and send form data in registration_created and registration_updated signals (#4642, thanks @OmeGak)
  • Add logged_in signal

We have released v2.3.2 which contains some bugfixes and improvements.

:tada: Improvements

  • Disable title field by default in new registration forms (#4688, #4692)
  • Add gender-neutral “Mx” title (#4688, #4692)
  • Add contributions placeholder for emails (#4716, thanks @bpedersen2)
  • Show program codes in contribution list (#4713)
  • Display the target URL of link materials if the user can access them (#2599, #4718)
  • Show the revision number for all revisions in the Editing timeline (#4708)

:bug: Bugfixes

  • Only consider actual speakers in the “has registered speakers” contribution list filter (#4712, thanks @bpedersen2)
  • Correctly filter events in “Sync with your calendar” links (this fix only applies to newly generated links) (#4717)
  • Correctly grant access to attachments inside public sessions/contribs even if the event is more restricted (#4721)
  • Fix missing filename pattern check when suggesting files from Paper Peer Reviewing to submit for Editing (#4715)
  • Fix filename pattern check in Editing when a filename contains dots (#4715)
  • Require explicit admin override (or being whitelisted) to override blockings (#4706)
  • Clone custom abstract/contribution fields when cloning abstract settings (#4724, thanks @bpedersen2)
  • Fix error when rescheduling a survey that already has submissions (#4730)

We have released v2.3.3 which contains a low-severity security fix, some bugfixes and improvements. It also added a new Ukrainian translation

:warning: Security fixes

  • JSON locale data for invalid locales is no longer cached on disk; instead a 404 error is triggered. This avoids creating small files in the cache folder for each invalid locale that is requested. (#4766)

:flags: Internationalization

  • New translation: Ukrainian :ukraine:

:tada: Improvements

  • Add a new “Until approved” option for a registration form’s “Modification allowed” setting (#4740, thanks @vasantvohra)
  • Show last login time in dashboard (#4735, thanks @vasantvohra)
  • Allow Markdown in the “Message for complete registrations” option of a registration form (#4741)
  • Improve video conference linking dropdown for contributions/sessions (hide unscheduled, show start time) (#4753)
  • Show timetable filter button in conferences with a meeting-like timetable

:bug: Bugfixes

  • Fix error when converting malformed HTML links to LaTeX
  • Hide inactive contribution/abstract fields in submit/edit forms (#4755)
  • Fix adding registrants to a session ACL

:wrench: Internal Changes

  • Videoconference plugins may now display a custom message for the prompt when deleting a videoconference room (#4733)
  • Videoconference plugins may now override the behavior when cloning an event with attached videoconference rooms (#4732)