Indico 3.3 released [v3.3.4]

:bulb: Blog Post

We published a blog post summarizing some of the most relevant changes for end users. It will be updated soon to include the features that have been added since the post has been initially published.

:warning: Linux versions & Python 3.12 :snake:

This release moves from Python 3.9 to Python 3.12. :snake:
It also drops support for legacy (and nearly end-of-life) operating systems, in particular CentOS 7.

Because of this, make sure to read the 3.x to 3.3 upgrade guide if you plan to upgrade an existing instance.

If you need any help with the upgrade after reading the docs, don’t hesitate to open a new forum thread.

:trophy: Major Features

  • A new “Document Templates” module was added which supports the generation of fully customizable PDF documents for event participants such as receipts and certificates of attendance.
  • The Room Booking module now supports recurring bookings that repeat on specific weekdays. For example, a room can be booked every Monday and Wednesday over a set period of time.
  • Badge and ticket templates can now be linked to a registration form. This makes it possible to reference custom registration fields when creating the template.
  • The existing Indico Check-in app has been completely rewritten as a PWA (Progressive Web App). Please note that the old Check-in app has been deprecated and is not compatible with the new version of Indico. The new app can be found here.
  • A new badge/ticket setting has been added which, when enabled, makes it possible to print badges and/or tickets for accompanying persons in addition to the main registrant.
  • Users can now export all their data stored in Indico. This includes personal data and any data they are linked to such as registrations, minutes and files uploaded to Indico.
  • Users can now be anonymized in Indico; this means that all personal identifiers associated with a user will be removed from Indico, whilst only keeping the data that is required for Indico to function properly, in an anonymized manner. This operation can only be performed by Indico system administrators through the indico command-line interface.
  • Administrators now have the option to require users to accept the Terms of Use during signup and after the terms have been updated.
  • Event managers can require participants to accept the event’s Privacy Policy when registering.
  • Event tickets can now be added to Google Wallet using the new experimental Google Wallet integration. You can enable this feature using the ENABLE_GOOGLE_WALLET config setting and then configure it on the category level.
  • The category calendar view has been improved with new week/day views and new filtering options for category, venue, room or keywords.
  • Managers can now change the registration fee for selected registrations in bulk.
  • Lots of new accessibility improvements, including improved keyboard navigation, better color contrast, and better screen reader support.

:flags: Internationalization

:tada: Improvements

  • Invalidate password reset links once the password has been changed (#5878)
  • Add full ACLs for custom conference menu items, instead of just being able to restrict them to speakers or registrants (#5670, thanks @kewisch)
  • Make editing timeline display much more straightforward (#5674)
  • Allow event managers to delete editables from contributions (#5778, #5892)
  • Allow room managers to add internal notes to bookings (#5746, #5791)
  • Support generating tickets and badges for each of the registrant’s accompanying persons (#5424)
  • Add keyboard shortcut (CTRL-SHIFT-A) to toggle room booking admin override (#5909)
  • Improve login page UI, allow overriding the logo URL (LOGIN_LOGO_URL config option) and using custom logos for auth providers (logo_url in the auth provider settings) (#5936, thanks @openprojects)
  • Show only active registration counts on the registration form management dashboard, and add an inactive registration count to the registration list (#5990)
  • Store creation date of users and show it to admins (#5957, thanks @vasantvohra)
  • Add option to hide links to Room Booking system for users who lack access (#5981, thanks @SegiNyn)
  • Support weekly room bookings that take place on multiple weekdays (#5829, #6000, #5806)
  • Hide events marked as invisible from builtin search results unless the user is a manager (#5947, thanks @openprojects)
  • Support sessions that expire at a certain date (specified by the used flask-multipass provider) regardless of activity when using an external login method (#5907, thanks @cbartz)
  • Allow configuring future months threshold for categories (#2984, #5928, thanks @kewisch)
  • Allow editors to edit their review comments on editables (#6008)
  • Auto-linking of patterns in minutes (e.g. issue trackers, Github repos…) (#5998)
  • Log editor actions in the Editing module (#6015)
  • Grant subcontribution speakers submission privileges by default in newly created events (#5905, #6025)
  • Stop overwhelmingly showing past events in the ‘Events at hand’ section in the user dashboard (#6049)
  • Add document templates to generate PDF receipts, certificates, and similar documents for event participants (#751, #5060, #6246, #5123, #6078, #6250)
  • Show which persons are external in the user search dialog (#6074)
  • Add feature for users to export all data linked to them (#5757)
  • Add Outlook online calendar button to share widget (#6075, #6077)
  • Remove Facebook and Google+ share widgets and make Twitter share button privacy-friendly (#6077)
  • Do not bother people registering using an invitation link with a CAPTCHA (#6095)
  • Add option to allow people to register using an invitation link even if the event is restricted (#6094)
  • Improve editing notifications emails (#6027, #6042, #6154)
  • Add a picture field for registration forms which can use the local webcam to take a picture in addition to uploading one, and also supports cropping/rotating the picture (#5922, thanks @SegiNyn)
  • Use a more compact registration ticket QR code format which is faster to scan and less likely to fail in poor lighting conditions (#6123)
  • Add a legend to the category calendar, allowing to filter events either by category, venue, room or keywords (#6105, #6106, #6128, #6148, #6149, #6127, #6110, #6158, #6183, thanks @Moliholy, @unconventionaldotdev)
  • Allow to configure a restrictive set of allowed keywords (#6127, #6183, thanks @Moliholy, @unconventionaldotdev).
  • Add week and day views in the category calendar and improve navigation controls (#6108, #6129, #6107, #6110, thanks @Moliholy, @unconventionaldotdev).
  • Add the ability to clone privacy settings (#6156, thanks @SegiNyn)
  • Add option for managers to change the registration fee of a set of registrations (#6132, #6138)
  • Add setting to configure whether room bookings require a reason (#6150, #6155, thanks @Moliholy, @unconventionaldotdev)
  • Add a “Picture” personal data field to registrations. When used, it allows including the picture provided by the user on badges/tickets (#6160, thanks @vtran99)
  • Support ~~text~~ to strike-out text in markdown (#6166)
  • Add experimental support for creating Google Wallet tickets (opt-in via ENABLE_GOOGLE_WALLET indico.conf setting) (#6028, thanks @openprojects)
  • Add option to exceptionally grant registration modification privileges to some registrants (#5264, #6152, thanks @Thanhphan1147)
  • Add option to require users to agree to terms during signup or after they have been updated (#5923, #5925, thanks @kewisch)
  • Add indico user delete CLI to attempt to permanently delete a user (#5838)
  • Add indico user anonymize CLI to permanently anonymize a user (#5838)
  • Add possibility to link room reservations to multiple events, session blocks and contributions (#6113, #6114, thanks @OmeGak, @unconventionaldotdev)
  • Store editable list filters in the browser’s local storage (#6192)
  • Take visibility restrictions into account in the atom feed (#5472, thanks @bpedersen2)
  • Allow linking badge templates to registration forms in order to use custom fields in them (#6088)
  • Allow filtering the list of editables by tags (#6195, #6197)
  • Warn users with a dialog before their session expires and let them extend it (#6026, thanks @SegiNyn)

:bug: Bugfixes

  • Prevent room booking sidebar menu from overlapping with the user dropdown menu (#5910)
  • Allow cancelling pending bookings even if they have already “started” (#5995)
  • Disallow switching the repeat frequency of an existing room booking from weekly to monthly or vice versa (#5999)
  • Ignore deleted fields when computing the number of occupied slots for a registration (#6035)
  • Show the description of a subcontribution in conference events (#5946, #6056)
  • Only block templates containing a QR code via is_ticket_blocked (#6062)
  • Use custom map URL in event API if one is set (#6111, thanks @stine-fohrmann)
  • Use the event timezone when scheduling call for abstracts/papers (#6139)
  • Allow setting registration fees larger than 999999.99 (#6172)
  • Populate fields such as first and last name from the multipass login provider (e.g. LDAP) during sign-up regardless of synchronization settings (#6182)
  • Hide redundant affiliations tooltip on the Participant Roles list (#6201)
  • Correctly highlight required “yes/no” registration form field as invalid (#6109, #6242)
  • Include comments in the Paper Peer Reviewing JSON export (#6253)
  • Fail with a nicer error message when trying to upload a non-UTF8 CSV file (#6085, #6259)
  • Do not include unnecessary user data in JSON exports (#6260)

:wheelchair: Accessibility

:wrench: Internal Changes

  • Support and require Python 3.12 - older Python versions are no longer supported (#5978, #6249)
  • Use (dart-)sass instead of the deprecated node-sass/libsass for CSS compilation (#5734)
  • Add event.is_field_data_locked signal, allowing plugins to lock registration form fields on a per-registration basis (#5424)
  • Replace WYSIWYG (rich-text) editor with TinyMCE, due to the license and branding requirements of the previous editor (#5938)
  • Add a new Indico design system (#5914, thanks @foxbunny)
  • Add event.registration_form_field_deleted signal, allowing plugins to handle the removal of registration form fields (#5924)
  • Add a tool bin/managemnent/icons_generate.py to generate CSS for icomoon icons based on selection.json (#5986, thanks @foxbunny)
  • Pass form class arguments to core.add_form_fields signal handlers (#6020, thanks @vtran99)
  • Remove watchman reloader support, use watchfiles instead (#5978)
  • Improve indico i18n CLI to support plugin-related i18n operations (#5906, #5961, thanks @SegiNyn)
  • Use ruff for linting Python code (#6037)
  • Add <ind-menu> custom element for managing drop-down menus (#5896, #5897, thanks @foxbunny)
  • Allow plugins to add extra fields to the room booking form (#6126, thanks @VojtechPetru)
2 Likes

We have released v3.3.1 which contains an important bugfix.


:bug: Bugfixes

1 Like

We have released v3.3.2 which contains bugfixes and improvements.


:tada: Improvements

  • Use more verbose page titles in management/admin areas (#6300)
  • Prioritize exact matches when searching for users (#6254)
  • Show document templates from non-parent categories and other events for cloning as long as the user has management access (#6232)
  • Warn about conflicts from concurrent edits of minutes (#3410, #6193)
  • Include up to two months (up from one week) of past events in dashboard iCal export (#6304)

:bug: Bugfixes

  • Fix adding additional event keywords when some keywords have already been set (#6264, thanks @SegiNyn)
  • Fix overlapping times in some room booking timelines when using a locale with a 12-hour time format (#6263)
  • Fix error when printing badges referencing a linked regform picture field that contains no picture (#6276)
  • Fix error when creating a reminder for exactly one week before the event (#6283)
  • Fix error when unassigning the editor of an editable that has no editor (#6284)
  • Fix error when judging an editable from the list of editables (#6284)
  • Fix validation error when using a mailto: link in an email body (#6286)
  • Clear the flags indicating that registrations or a registration form field have been purged when cloning an event (#6288)
  • Use English locale when formatting dates for room booking log entries (#6295)
  • Fix date validation in room booking failing in certain timezones

:wrench: Internal Changes

  • Allow plugins to fully replace the data in a ticket QR code with a custom string instead of just modifying/extending the JSON dict (#6266)
  • Replace deprecated pkg_resources with importlib from standard library (#6272, #6273, thanks @maxnoe)

We have released v3.3.3 which contains bugfixes, improvements and a new translation.


:flags: Internationalization

  • New translation: Hungarian

:tada: Improvements

  • Add dialog to contact event participants about a survey (#6069, #6144)
  • Allow linking existing room booking occurrences to an event (#6243, thanks @Moliholy, @unconventionaldotdev)
  • Support including a picture (from a registration’s picture field) in the conference participant list (#6228, thanks @vtran99)
  • Add FAVICON_URL config option to set a custom URL for the favicon (#6323, thanks @SegiNyn)
  • Allow filtering the contribution list in the management area by custom fields (#6213, #6214)
  • Show “Go to timeline” button on the contribution page to everyone who can see the timeline of one of its editables instead of just submitters (#6344)
  • Add a new “Timetable Sessions” registration form field type which allows selecting session blocks from the event (#6184, thanks @jbtwist)
  • Link the event title to the event in registration emails (#6358)
  • Add the option to make registration forms private so they can only be accessed using a secret link (#6321, thanks @vtran99)
  • Add experimental support for creating Apple Wallet (Passbook / pkpass) tickets (opt-in via ENABLE_APPLE_WALLET indico.conf setting) (#6248, thanks @openprojects)
  • Add a new event management permission that grants access only to the contributions module (#6348)
  • Add bulk JSON export option in management contribution list (#6370)
  • Make the default roles of the contribution person link list field more similar to the abstract person link list field when there is a linked abstract (#6342)
  • Add option to hide person titles throughout the event (#38, #6104, thanks @vasantvohra)
  • Preserve input when switching between judgment actions for an editable (#6375)
  • Allow generating documents from the registration summary page (#6212, #6306, thanks @hitenvidhani)
  • Modernize the event social share widget and add support for sharing to Mastodon (#6289)
  • Enable the calendaring + social sharing widget in events by default (#6398)
  • Ignore diacritics when searching in the registration form country field (#6403, thanks @tomako)
  • Add preview option for managers to see the participant list as shown to registered participants or unregistered guests (#6052, thanks @vtran99)

:bug: Bugfixes

  • Fix the dashboard iCal export returning old events instead of recent ones when the maximum number of events to include is reached (#6312)
  • Fix an error in the Check-in app API wben retrieving details for a registration form that includes static labels (#6326)
  • Fix action buttons being pushed outside the content area in the survey editor in case of very long survey option titles (#6325)
  • Only allow accessing avatars for published registrations (#6347)
  • Fix error when trying to import data from an unlisted event (#6350, #6351)
  • Show results from the Get Next Editable search on top of the list (#6353)
  • Attach registration pictures and display them inline when sending email notifications instead of just showing their filename (#6336, #6411, thanks @SegiNyn)
  • Fix editable list filter storage being shared between different editable types and events (#6359)
  • Fix UI breaking when performing bulk actions via the list of editables (#6369)
  • Include registration documents in user data export (#6331, #6338)
  • Fix error when viewing an abstract with reviews in deleted tracks (#6393)
  • Do not include custom messages about the current registration status when sending notifications about new documents (#6413)
  • Only normalize title slug in custom page URL after successful access check (#6416, #6417)

:wheelchair: Accessibility

  • Improve registration form date picker accessibility (#6371, thanks @foxbunny)

:wrench: Internal Changes

  • Use unguessable URLs for user avatar pictures (#6346, thanks @vtran99)
  • Add <ind-date-picker> custom element (#6371, #6406, thanks @foxbunny)
  • Use native ESM for webpack config files (#6389)
2 Likes

We have released v3.3.4 which contains a medium-severity security fix, bugfixes, improvements and a new translation.


:warning: Security fixes

  • Fix an XSS vulnerability during account creation. Exploitation requires initiating account creation with a maliciously crafted link, and then finalizing the signup process, so it can only target newly created (and thus unprivileged) Indico users. We consider this vulnerability to be of “medium” severity since the ability to abuse this is somewhat limited, but you should update as soon as possible nonetheless (GHSA-rrqf-w74j-24ff)

:flags: Internationalization

  • New translation: Swedish

:tada: Improvements

  • Allow cropping an existing picture in registration form picture fields (#6423, thanks @SegiNyn)
  • Add task to delete old registration files when they become orphaned due to a new file being uploaded (#6434, thanks @SegiNyn)
  • Allow searching for author names in editable lists (#6451)
  • Add ability to filter editable lists by the parent session of the editable’s contribution (#6453)
  • Allow alternative CSV delimiters when importing registration invitations (#6458, thanks @Moliholy, @unconventionaldotdev)
  • A room’s bookable hours can now be applied to specific weekdays, making it unbookable on any other weekdays (#6439)
  • Add global settings for min/max registration form data retention periods (#6445, thanks @SegiNyn)
  • Always open links in registration form field/section descriptions in a new tab (#6512)
  • Preserve entered text when switching between commenting and judging in the editing module (#6503, #6502)
  • Add quick setup button to configure default notifications in Call for Abstracts (#6454, thanks @jbtwist)

:bug: Bugfixes

  • Fix display of empty session selection in registration summary (#6421, thanks @jbtwist)
  • Include date when displaying session field data in registration summary (#6431, thanks @jbtwist)
  • Fix the order of a day’s session blocks in the registration form session field (#6428, thanks @jbtwist)
  • Wrap overly long descriptions and filenames in registration form fields (#6436, thanks @SegiNyn)
  • Fix validation error when clearing a date field in the registration form (#6470)
  • Fix access error when a manager registers a user in a private registration form (#6486)
  • Fix access error when a manager uploads files in a private registration form (#6487, thanks @vtran99)
  • Improve color handling in badge designer (auto-add # for hex colors) (#6492)
  • Do not count deleted rooms for equipment/attribute usage numbers (#6493, #6494)
  • Allow deleting event persons which are linked to a deleted subcontribution (#6495)
  • Fix validation error in registration form date fields when using Safari (#6474, #6501, thanks @foxbunny)
  • Fix date picker month/year navigation not working in Safari (#6505, thanks @foxbunny)
  • Enforce a minimum size on the registration form picture cropper to avoid sending an empty image after repeated cropping (#6498, thanks @jbtwist)
  • Fix future events being always displayed after current events in categories while not logged in (#6509)

:wheelchair: Accessibility

  • Improve registration form single choice input accessibility (#6310, thanks @foxbunny)

:wrench: Internal Changes

  • Indicate when a booking begins/ends in the booking calendar in day-based mode (when using a plugin to customize the room booking module) (#6414)
  • Update the list of supported browsers so people using highly outdated browsers where certain features are likely broken get a warning about having to update their browser (#6442)
  • Convert Room Booking splash image to WEBP (20x smaller file size) (#6468, #6465, thanks @bbb-user-de)
  • Add support for TypeScript (and TSX) (#6456)
  • Add <ind-combo-box> custom element (#6310, thanks @foxbunny)
  • Add <ind-select> custom element (#6310, thanks @foxbunny)
  • Indico and plugin wheels are now built using hatchling instead of setuptools, and package metadata is specified using pyproject.toml. Developers who want to build their own plugins need to switch from setup.py and/or setup.cfg to pyproject.toml as well (#6477)
  • Prevent timetable entries with zero/negative durations (#6420)
  • Warn when required indico.conf settings are missing or empty (#6504, thanks @OmeGak)
1 Like

We have released v3.3.5 which contains a low-severity security fix, bugfixes, improvements and a new translation.

We also released an updated indico-plugins bundle (v3.3.2) which contains mainly updated translations, adaptations related to the new Indico release and some other small improvements.


:warning: Security fixes

  • Fix an open redirect during account creation. Exploitation requires initiating account creation with a maliciously crafted link, and then finalizing the signup process, after which the user would be redirected to an external page instead of staying on Indico (thanks @GauthierGitHub)

:flags: Internationalization

  • New translation: Japanese

:tada: Improvements

  • Allow specifying “prev” and “next” as the date param on the category overview page to show the previous or next period relative to the current date (#6537)
  • Add caching and rate-limiting (configurable via LATEX_RATE_LIMIT, and only applied to unauthenticated users) for endpoints that trigger LaTeX PDF generation (#6526)
  • Log changes to registration form settings in the event log (#6544, thanks @vtran99)
  • Improve conference participant list, especially when participants from multiple registration forms are shown separately (#6440, #6489)
  • Include information about attached files in JSON export of abstracts (#6556)
  • Take session program codes into account when sorting parallel sessions with the same start time in meeting timetable (#6575)
  • Enforce browser-side caching of event logos and custom stylesheets (#6555, #6559)
  • Default to banner-style (full width) logos in newly created conference events (#6572, thanks @OmeGak)
  • Add email placeholder for the picture associated with a registration (#6580, thanks @vtran99)
  • Allow setting placeholders for text fields in receipt templates (#6587)
  • Add a new receipt template for Certificates of Attendance (#6587)
  • Show correct repetition details for bookings repeating every n weeks (#6592)
  • Show context (event/contribution title etc.) in the title of the minutes editor (#6584, #6591)
  • Streamline “get next editable” UI and only show editables that still unassigned (#6583)
  • Add preview link for custom text snippets in registration notification emails (#6539, #6560, thanks @Moliholy, @unconventionaldotdev)
  • Stop spoofing email sender addresses when using the SMTP_ALLOWED_SENDERS and SMTP_SENDER_FALLBACK config settings. Instead, the From address will be rewritten to the fallback whenever the requested address is not an allowed sender (#6231, thanks @SegiNyn)
  • Allow alternative CSV delimiters everywhere when importing content from CSV files (#6607, thanks @Moliholy, @unconventionaldotdev)
  • Improve readability of room booking room statistics card (#6616)
  • Add option to use flat zip file structure when downloading registration attachments (#6536, #6608, thanks @Moliholy, @unconventionaldotdev)

:bug: Bugfixes

  • Make picture field more resilient when uploading and resizing pictures close to the max upload file size (#6530, thanks @SegiNyn)
  • Fix the order of the event classifications in edit mode (#6531, #6534)
  • Fix an issue where scheduling a contribution on a day with an empty timetable would schedule it on the first day of the event instead (#6540, #6541)
  • Fix error in unmerged participant list when the picture field is enabled and participant list columns have not been customized for that registration form (#6535)
  • Fix breakage of the registration form dropdown field (and anything else using a custom element that uses ElementInternals) in older versions of Safari (#6549, thanks @foxbunny)
  • Fix linebreak display in markdown code blocks in survey section descriptions (#6553)
  • Include attached pictures when downloading registration attachments (#6564)
  • Only allow marking unpaid registrations as paid (#6330, #6578)
  • Do not allow mixing notification rules for invited abstracts with other rules (#6563, #6567)
  • Use locale-aware price formatting in registration form fields (#6586)
  • Handle badge designer items exceeding the canvas boundaries more gracefully (#6603, thanks @SegiNyn)

:wheelchair: Accessibility

  • Improve country input accessibility (#6551, thanks @foxbunny)
  • Reimplement Checkbox to make it programmatically focusable (#6528, thanks @foxbunny)
  • Implement a RadioButton component to replace the SUI radio button in order to improve keyboard support (#6621, thanks @foxbunny)
  • Improve keyboard accessibility of the timetable sessions field in registration form (#6639, thanks @foxbunny)

:wrench: Internal Changes

  • Make positioning logic from TipBase generic and reusable (#6577, #6588, thanks @foxbunny)
  • Add additional signals related to videoconferences and their event links (#6475)
  • Videoconference plugins now need to implement a delete_room method (#6475)
  • Support translator comments when extracting translatable strings (#6620)
  • renderAsFieldset option in the registration field registry can now be a function that returns a boolean (#6621, thanks @foxbunny)
  • Allow overriding global theme settings for custom meeting themes (#6622)
1 Like