indico v2.2.3 Release Notes

Release Date: 2019-10-08 // over 4 years ago
  • ๐Ÿš€ Released on October 08, 2019

    ๐Ÿ”’ Security fixes ^

    • Strip @, +, - and = from the beginning of strings when exporting CSV files to avoid security issues <https://www.owasp.org/index.php/CSV_Injection>_ when opening the CSV file in Excel
    • ๐Ÿ‘‰ Use 027 instead of 000 umask when temporarily changing it to get the current umask
    • ๐Ÿ›  Fix LaTeX sanitization to prevent malicious users from running unsafe LaTeX commands through specially crafted abstracts or contribution descriptions, which could lead to the disclosure of local file contents

    ๐Ÿ‘Œ Improvements ^

    • ๐Ÿ‘Œ Improve room booking interface on small-screen devices (:issue:4013)
    • โž• Add user preference for room owners/manager to select if they want to receive notification emails for their rooms (:issue:4096, :issue:4098)
    • ๐Ÿ‘‰ Show family name field first in user search dialog (:issue:4099)
    • ๐Ÿ‘‰ Make date headers clickable in room booking calendar (:issue:4099)
    • ๐ŸŒฒ Show times in room booking log entries (:issue:4099)
    • ๐Ÿ‘Œ Support disabling server-side LaTeX altogether and hide anything that requires it (such as contribution PDF export or the Book of Abstracts). LaTeX is now disabled by default, unless the :data:XELATEX_PATH is explicitly set in indico.conf. explicitly set in indico.conf.

    ๐Ÿ›  Bugfixes ^

    • โœ‚ Remove 30s timeout from dropzone file uploads
    • ๐Ÿ›  Fix bug affecting room booking from an event in another timezone (:issue:4072)
    • ๐Ÿ›  Fix error when commenting on papers (:issue:4081)
    • ๐Ÿ›  Fix performance issue in conferences with public registration count and a high amount of registrations
    • ๐Ÿ›  Fix confirmation prompt when disabling conference menu customizations (:issue:4085)
    • ๐Ÿ›  Fix incorrect days shown as weekend in room booking for some locales
    • ๐Ÿ›  Fix ACL entries referencing event roles from the old event when cloning an event with event roles in the ACL. Run indico maint fix-event-role-acls after updating to fix any affected ACLs (:issue:4090)
    • ๐Ÿ›  Fix validation issues in coordinates fields when editing rooms (:issue:4103)