indico v2.1.10 Release Notes

Release Date: 2019-10-08 // over 4 years ago
  • ๐Ÿš€ Released on October 08, 2019

    ๐Ÿ”’ Security fixes ^

    • Strip @, +, - and = from the beginning of strings when exporting CSV files to avoid security issues <https://www.owasp.org/index.php/CSV_Injection>_ when opening the CSV file in Excel
    • ๐Ÿ‘‰ Use 027 instead of 000 umask when temporarily changing it to get the current umask
    • ๐Ÿ›  Fix LaTeX sanitization to prevent malicious users from running unsafe LaTeX commands through specially crafted abstracts or contribution descriptions, which could lead to the disclosure of local file contents