Indico

Latest version: v3.2.9

Safety actively analyzes 613682 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 1 of 10

3.2.9

:warning: Security fixes

- Update [Werkzeug](https://pypi.org/project/Werkzeug/) library due to a DoS vulnerability while parsing certain file uploads (CVE-2023-46136)
- Fix registration form CAPTCHA not being fully validated (6096)

:tada: Improvements

- Add placeholders for accompanying persons to the badge/ticket designer (6033)

:bug: Bugfixes

- Fix meeting timetable not showing custom locations when all top-level timetable entries are session blocks inheriting the custom location from its session (6014)
- Always show exact matches when searching for existing videoconference rooms to attach to an event (6022)
- Include materials linked to sessions in the material package (6024)
- Use the correct locale when sending sending email notifications to others in an event (5987, 6021)
- Fix the author/speaker selector (e.g. for abstracts) breaking when submitting the form and getting a validation error (6043, 6053)
- Do not cancel past linked room bookings when deleting an event (6032, 6051)
- Fix contribution list filters being obscured by the action dialog (6055)
- Fix emailing Paper Peer Reviewing and Editing teams (6145)

3.2.8

Not secure
:warning: Security fixes

- Update [Pillow](https://pypi.org/project/Pillow/) library due to vulnerabilities in libwebp (CVE-2023-4863)

:flags: Internationalization

- New translation: Italian

:bug: Bugfixes

- Fix error when sending registration invitation reminders (5879, 5880, thanks bpedersen2)
- Fix accessing the conference overview page when the default conference home page is set to a custom page (5882)
- Show percentages for multi-choice survey answers based on number of answers instead of total number of choices selected (5930)

3.2.7

Not secure
:bug: Bugfixes

- Fix not being able to remove the last entry from a room ACL (5863, thanks SegiNyn)
- Fix conditional fields remaining hidden in abstract judgment form (5873)

3.2.6

Not secure
:warning: Security fixes

- Fix an XSS vulnerability in various confirmation prompts commonly used when deleting things. Exploitation requires someone with at least submission privileges (such as a speaker) and then rely on someone else to attempt to delete this content. However, considering that event organizers may indeed delete suspicious-looking content when encountering it, there is a non-negligible risk of such an attack to succeed. Because of this it is strongly recommended to upgrade as soon as possible (5862, CVE-2023-37901, GHSA-fmqq-25x9-c6hm)

:flags: Internationalization

- New translation: Czech

:tada: Improvements

- Show which files were added or modified on each editing timeline revision (5802)
- Support rendering Japanese, Chinese & Korean letters in PDFs (3120, 5842, thanks adamjenkins)
- Add button to adapt columns widths on the reviewing area's abstracts list (5837)
- Allow cloning category-level badge/poster templates into another category (5775, thanks SegiNyn)
- Allow using a custom link text in the `{event_link}` email placeholder, using the `{event_link:something-else-here}` syntax (5858, 5860)
- Add option to add "event cancelled" semantics for event labels, which will disable reminders for events having this label (5285, 5861)

:bug: Bugfixes

- Use correct name formatting in person link fields (5835)

:wrench: Internal Changes

- Support Python 3.11

3.2.5

Not secure
:warning: Security fixes

- Fix an XSS vulnerability in the LaTeX `\href` macro when rendering it client-side. Previously, it was possible to embed arbitrary JavaScript there using the `javascript:` protocol. The underlying MathJax library has now been updated to version 3 which allows blacklisting certain protocols, thus allowing only `http`, `https` and `mailto` links in `\href` macros (5818)

:tada: Improvements

- Show actual recipient data in the email preview instead of the that of the event creator (5794)
- Add an option to set a maximum number of choices in a multi-choice field (5800)

:bug: Bugfixes

- Fix width of time column in PDF timetable when using 12-hour time format (5788)
- Fix wrong date in email subject for room booking occurrence cancellations (5790)
- Fix excessive queries being sent in meetings that have registration form with limited places and many registrants (5799)
- Fix extremely slow query when retrieving list of registration forms in conferences with many registrants while not logged in (5799)
- Fix title of session conveners being always empty in HTTP API with XML serialization (5813)
- Fix editable filters not working simultaneously with editable search (5796)
- Fix missing icons in Abstract Markdown editor (5815)
- Fix text overflow in event manage button (5816)
- Fix undone revisions being used instead of the latest valid one when downloading revision files as a ZIP archive (5820)
- Fix custom actions not showing on revisions if the latest revision has been undone (5820)

3.2.4

Not secure
:warning: Security fixes

- Set `Vary: Cookie` header when session data is present and used. This ensures that data linked to a (logged-in) session cannot leak between requests even in case of a poorly-configured caching proxy in front of Indico (5753)

:tada: Improvements

- Use the revision's timestamp when downloading its files as a ZIP archive (5686)
- Use more consistent colors on the editing judgment button (5687, 5697)
- Keep history when undoing judgments on editables (5630)
- Add search field to the abstracts list for reviewers (5698, 5703)
- Align status box colors with judgment dropdown (5699, 5706)
- Use a gender-neutral chairperson icon (5710)
- Add option to set the abstracts' primary authors as the default submitters for the corresponding contributions (5711)
- Allow commenting on accepted/rejected editables (5712, 5722)
- Hide deleted sections and fields from registration summary (5716)
- Add support for authorized submitters in Call for Papers (5728)
- Display abstract submission comment in the list of abstracts (5733)
- Allow searching for contributions by author in the management area (5742)
- Include start/end dates of the whole booking in the timeline tooltip of recurring room bookings (5730, 5740)
- Add day of the week to room booking details modal and timeline (5718, 5743)
- Allow acceptance and rejection of editables in the editable list (5721)
- Email verification attempts during signup now trigger rate limiting to prevent spamming large amounts of confirmation emails (5727)
- Allow bulk-commenting editables in the editable list (5747)
- Allow emailing contribution persons that have not yet made any submissions to a given editable type (5755)
- Show only "ready to review" editables on the "get next editable" list (5765)
- Disallow uploading empty files (5767)
- Include non-speaker authors in the timetable export API (5412, 5738)
- Add setting to force track selection when accepting abstracts (5771)
- Log detailed changes when editing contributions (5777)
- Allow managers to ignore required field restrictions in registration forms (5644, 5682, thanks kewisch)
- Allow selecting the global noreply address as the sender for event reminders (5784)

:bug: Bugfixes

- Fix creating invited abstracts (5696)
- Fix error on contribution page when there is no paper but the peer reviewing module is enabled and configured to hide accepted papers
- Clone all protection settings (in particular submitter privileges) when cloning events (5702)
- Fix searching in single-choice dropdown fields in registration forms (5709)
- Fix uploading files in registration forms where the user only has access through the registration's token (5719)
- Fix being unable to set the "speakers and authors" as the default contribution submitter type (5711)
- Check server-side if Call for Papers is open when submitting a paper (5725)
- Fix room notification email list showing up empty when editing it (5729, 5731)
- Fix performance issues in paper assignment list (5736)
- Fix performance issues in event export API with large events when including contributions (5736)
- Fix error when a search query matches content from unlisted events (5759, 5761)
- Fix ToS and Privacy Policy links in room booking module not working when using an external URL (5774)
- Do not apply default values to new registration form fields when editing an existing registration (5781)
- Allow `0` for a required registration form numbe field (unless a higher minimum value is set) (5781)

:wrench: Internal Changes

- Update Python & JavaScript dependencies (5726, 5752)
- Add support for the watchfiles live reloader (5732)
- Add an endpoint to allow resetting the state of an accepted editable to "ready to review" (5758)
- Add RESTful endpoints for custom contribution fields (5768)

Page 1 of 10

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.