ยซ Changelog History


indico v2.3.1 Release Notes

Release Date: 2020-10-27 // over 3 years ago

  • ๐Ÿ”’ โš ๏ธ Security fixes

    • ๐Ÿ›  Fix potential data leakage between OAuth-authenticated and unauthenticated HTTP API requests for the same resource (#4663)
      Note: Due to OAuth access to the HTTP API having been broken until this version, we do not believe this was actually exploitable on any Indico instance. In addition, only Indico administrators can create OAuth applications, so regardless of the bug there is no risk for any instance which does not have OAuth applications with the read:legacy_api scope.

    ๐Ÿฑ ๐ŸŽ‰ Improvements

    • ๐Ÿ“ฆ Generate material packages in a background task to avoid timeouts or using excessive amounts of disk space in case of people submitting several times (#4630)
    • Add new EXPERIMENTAL_EDITING_SERVICE setting to enable extending an event's Editing workflow through an OpenReferee server (#4659)

    ๐Ÿ›  ๐Ÿ› Bugfixes

    • โš  Only show the warning about draft mode in a conference if it actually has any contributions or timetable entries
    • Do not show incorrect modification deadline in abstract management area if no such deadline has been set (#4650)
    • ๐Ÿ›  Fix layout problem when minutes contain overly large embedded images (#4653, #4654)
    • Prevent pending registrations from being marked as checked-in (#4646, thanks @OmeGak)
    • ๐Ÿ›  Fix OAuth access to HTTP API (#4663)
    • ๐Ÿ›  Fix ICS export of events with draft timetable and contribution detail level (#4666)
    • ๐Ÿ›  Fix paper revision submission field being displayed for judges/reviewers (#4667)
    • ๐Ÿ›  Fix managers not being able to submit paper revisions on behalf of the user (#4667)

    ๐Ÿฑ ๐Ÿ”ง Internal Changes

    • Add registration_form_wtform_created signal and send form data in registration_created and registration_updated signals (#4642, thanks @OmeGak)
    • โž• Add logged_in signal