Skip to content

v3.3.9

Latest
Latest

Choose a tag to compare

View all tags
@github-actions github-actions released this 11 Dec 19:05
· 7 commits to master since this release
v3.3.9
This tag was signed with the committer’s verified signature.
ThiefMaster Adrian
GPG key ID: B071CD13184D719C
Verified
Learn about vigilant mode.
5561c9f

⚠️ Security fixes

  • Fix an open redirect which could help making harmful URLs look more trustworthy by linking to Indico and having it redirect the user to a malicious site
  • Fix an XSS vulnerability with HTML materials when stored on S3 with certain configuration settings

Note: Anyone running Indico using the "standard" setup from our installation guide or without storing files on S3 (using the storage_s3 plugin) is completely unaffected by this problem.

🎏 Internationalization

  • New translation: Finnish

🎉 Improvements

  • Disallow comments/judgments on outdated editables (#7067)
  • Log original email content (with placeholders) when emailing registrants or sending invitations (#7093)
  • Disallow sending registration emails or invitations containing hardcoded (and usually incorrect) token links (#7093)
  • Add support for showing registration pictures in the check-in app (#7099)
  • Support post-event reminders relative to the event end time (#7094)
  • Log local group membership changes of users (#7122, thanks @tomako)
  • Warn when downloading files from an editable not assigned to you (#7131, #7132)
  • Add URL args to set the default view and date of the category calendar view (#7144)
  • Allow changing review tags in the editing timeline (#7133, #7134)
  • Add an option to request changes in bulk on the editable list (#7062, #7100)
  • Clone persons settings when cloning an event (#7158)
  • Clone editable-type-specific settings when cloning an event (#7158)
  • Allow admins to add a secondary email address to a user without sending a validation email (#6872, #7116, thanks @vasiliyk)
  • Add new SMTP_USE_SSL config option to use always-on TLS (SMTPS) instead of STARTTLS when sending emails (#4347, #7177, thanks @bpedersen2)
  • Add review count & score standard deviation columns to the abstract list (#7173)
  • Add min/max date settings to registration form date fields (#6842, thanks @SegiNyn)
  • Allow adding a preface when re-sending emails from the event log (#7172, thanks @duartegalvao, @unconventionaldotdev)
  • Disallow adding multiple fields with the same title in a single registration form section (#7181, thanks @tomako)
  • Add a customizable announcement text on top of the registration form list in conferences with multiple registration forms (#6916, thanks @openprojects)
  • Add a button to view related logs to the management view of a registration (#7186, thanks @vtran99)
  • Log attachment & menu entry ACL changes to user log (#7136, thanks @tomako)
  • Add placeholders to custom event reminders (#7115, thanks @tomako)
  • Add option to require international phone number format in registration form (#7199, thanks @openprojects)
  • Refactor the registration invitation dialogs using React and add email previews (#7168, thanks @duartegalvao, @unconventionaldotdev)
  • Add setting EMAIL_LOG_STORAGE to permanently store email attachments and allow re-sending emails with attachments from the event log (#7182, #7203, thanks @moliholy, @unconventionaldotdev)
  • Show confirmation dialog when sending invitations (#7204, thanks @duartegalvao, @unconventionaldotdev)
  • Show a warning when bulk registration approval/rejection skips registrations that are not pending (#7197, #7205, thanks @duartegalvao, @unconventionaldotdev)
  • Add a JSON endpoint that returns the event's program/tracks (#7207)

🐛 Bugfixes

  • Do not allow sending registration invitation reminders without the invitation link placeholder (#7093)
  • Correctly log the user sending a registration invitation reminder (#7093)
  • Fix error in weekday recurrence picker when using the Turkish locale (#7113)
  • Do not allow selecting fields in disabled sections as a condition (#7114)
  • Fix timetable PDF cover page layout to allow proper centering of content (#7148, #7149)
  • Fix the logic to force downloads not being applied for materials hosted on some storage backend setups (#7164)
  • Preserve configured registration date formats in Excel exports (#7157, thanks @duartegalvao, @unconventionaldotdev)
  • Fix inconsistent styling of nested lists in minutes and editor output (#7063, #7105, thanks @AtharvMixraw)
  • Validate the arrival/departure date in the registration form accommodation field (#7171, #7174)

♿ Accessibility

  • Fix category list link color contrast (#7070, thanks @foxbunny)
  • Fix color contrast and semantics of the protection icon and event count in category link (#7071, thanks @foxbunny)
  • Fix color contrast and screen reader support of the icons in the event list (#7073, thanks @foxbunny)
  • Fix color contrast and screen reader support of the hidden block buttons in the event list (#7079, thanks @foxbunny)
  • Fix contrast of the category info text (#7078, thanks @foxbunny)
  • Fix contrast and screen reader support in breadcrumbs (#7088, thanks @foxbunny)
  • Fix the semantics for the empty materials text (#7096, thanks @foxbunny)
  • Fix announcements accessibility (#7098, thanks @foxbuny)
  • Fix conference description color contrast (#7118, thanks @foxbunny)
  • Improve infogrid accessibility (#7119, thanks @foxbunny)
  • Improve dropdown accessibility in category list toolbar (#7069, thanks @foxbunny)
  • Fix footer color contrast (#7095, thanks @foxbunny)

🔧 Internal Changes

  • Allow plugins to store custom annotations/metadata on attachments, and indicate that it has been converted from another attachment (#7108)
  • Refactor conference page theme CSS to allow easier theming using CSS variables (#7110, thanks @foxbunny)
  • Add clear button to optional date picker fields (#7151, thanks @foxbunny)

Contributors

foxbunny, vasiliyk, and 9 other contributors
Assets 3
Loading