All Versions
49
Latest Version
Avg Release Cycle
44 days
Latest Release
-

Changelog History
Page 2

  • v3.0 Changes

    ๐Ÿš€ Unreleased

    Major Features ^

    • There is a new built-in search module which provides basic search functionality out of the box, and for more advanced needs (such as full text search in uploaded files) plugins can provide their own search functionality (e.g. using ElasticSearch). (:pr:4841)
    • The OAuth provider module has been re-implemented based on a more modern library (authlib). Support for the somewhat insecure implicit flow has been removed in favor of the code-with-PKCE flow. Tokens are now stored more securely as a hash instead of plaintext. For a given user/app/scope combination, only a certain amount of tokens are stored; once the limit has been reached older tokens will be discarded. The OAuth provider now exposes its metadata via a well-known URI (RFC 8414) and also has endpoints to introspect or revoke a token. (:issue:4685, :pr:4798)

    ๐Ÿ‘Œ Improvements ^

    • Categories may now contain both events and subcategories at the same time (:issue:4679, :pr:4725, :pr:4757)
    • ๐Ÿ‘‰ Show the user's profile picture in many more places (:issue:4625, :pr:4747)
    • ๐Ÿ‘‰ Use a more modern search dialog when searching for users (:issue:4674, :pr:4743)
    • โž• Add an option to refresh event person data from the underlying user when cloning an event (:issue:4750, :pr:4760)
    • โž• Add options for attaching iCal files to complete registration and event reminder emails (:issue:1158, :pr:4780)
    • ๐Ÿ‘‰ Use the new token-based URLs instead of API keys for persistent ical links and replace the calendar link widgets in category, event, session and contribution views with the more modern ones used in dashboard (:issue:4776, :pr:4801)
    • โž• Add an option to export editables to JSON (:issue:4767, :pr:4810)
    • โž• Add an option to export paper peer reviewing data to JSON (:issue:4767, :pr:4818)
    • Passwords are now checked against a list of breached passwords ("Have I Been Pwned") in a secure and anonymous way that does not disclose any data. If a user logs in with an insecure password, they are forced to change it before they can continue using Indico (:pr:4817)
    • Failed login attempts now trigger rate limiting to prevent brute-force attacks (:issue:1550, :pr:4817)
    • ๐Ÿ‘ Allow filtering the "Participant Roles" page by users who have not registered for the event (:issue:4763, :pr:4822)
    • iCalendar exports now include contact data, event logo URL and, when exporting sessions/contributions, the UID of the related event. Also, only non-empty fields are exported. (:issue:4785, :issue:4586, :issue:4587, :issue:4791, :pr:4820)
    • ๐Ÿ‘ Allow adding groups/roles as "authorized abstract submitters" (:pr:4834)
    • Direct links to (sub-)contributions in meetings using the URLs usually meant for conferences now redirect to the meeting view page (:pr:4847)
    • Use a more compact setup QR code for the mobile Indico check-in app; the latest version of the app is now required. (:pr:4844)
    • Contribution duration fields now use a widget similar to the time picker that makes selecting durations easier. (:issue:2462, :pr:4873)
    • โž• Add new meeting themes that show sequential numbers instead of start times for contributions (:pr:4899)
    • โœ‚ Remove the very outdated "Compact style" theme (it's still available via the themes_legacy plugin) (:issue:4900, :pr:4899)

    ๐Ÿ›  Bugfixes ^

    • Take registrations of users who are only members of a custom event role into account on the "Participant Roles" page (:pr:4822)
    • Fail gracefully during registration import when two rows have different emails that belong to the same user (:pr:4823)
    • ๐Ÿ‘€ Restore the ability to see who's inheriting access from a parent object (:pr:4833)
    • ๐Ÿ›  Fix misleading message when cancelling a booking that already started and has past occurrences that won't be cancelled (:issue:4719, :pr:4861)

    Internal Changes ^

    • ๐Ÿ‘ Require Python 3.9 - older Python versions (especially Python 2.7) are no longer supported
    • confId has been changed to event_id and the corresponding URL path segments now enforce numeric data (and thus pass the id as a number instead of string)
    • ๐Ÿšš CACHE_BACKEND has been removed; Indico now always uses Redis for caching
    • ๐Ÿšš The integration with flower (celery monitoring tool) has been removed as it was not widely used, did not provide much benefit, and it is no longer compatible with the latest Celery version
    • session.user now returns the user related to the current request, regardless of whether it's coming from OAuth, a signed url or the actual session (:pr:4803)
    • Add a new check_password_secure signal that can be used to implement additional password security checks (:pr:4817)
    • โž• Add an endpoint to let external applications stage the creation of an event with some data to be pre-filled when the user then opens the link returned by that endpoint (:pr:4628, thanks :user:adl1995)

  • v3.0.rc2 Changes

    ๐Ÿš€ Released on July 09, 2021

    Major Features ^

    • โž• Add support for personal tokens. These tokens act like OAuth tokens, but are associated with a specific user and generated manually without the need of doing the OAuth flow. They can be used like API keys but with better granularity using the same scopes OAuth applications have, and a single user can have multiple tokens using various scopes. By default any user can create such tokens, but admins can restrict their creation. (:issue:1934, :pr:4976)

    ๐Ÿ‘Œ Improvements ^

    • โž• Add abstract content to the abstract list customization options (:pr:4968)
    • โž• Add CLI option to create a series (:pr:4969)
    • ๐ŸŒฒ Users cannot submit multiple anonymous surveys anymore by logging out and in again (:issue:4693, :pr:4970)
    • ๐Ÿ‘Œ Improve reviewing state display for paper reviewers (:issue:4979, :pr:4984)
    • ๐Ÿ‘‰ Make it clearer if the contributions/timetable of a conference are still in draft mode (:issue:4977, :pr:4986)
    • โž• Add "send to speakers" option in event reminders (:issue:4958, :pr:4966, thanks :user:Naveenaidu)
    • ๐Ÿ‘ Allow displaying all events descending from a category (:issue:4982, :pr:4983, thanks :user:omegak and :user:openprojects).
    • โž• Add an option to allow non-judge conveners to update an abstract track (:pr:4989)

    ๐Ÿ›  Bugfixes ^

    • ๐Ÿ›  Fix errors when importing events containing abstracts or event roles from a YAML dump (:pr:4995)
    • ๐Ÿ›  Fix sorting abstract notification rules (:pr:4998)
    • No longer silently fall back to the first event contact email address when sending registration emails where no explicit sender address has been configured (:issue:4992, :pr:4996, thanks :user:vasantvohra)
    • Do not check for event access when using a registration link with a registration token (:issue:4991, :pr:4997, thanks :user:vasantvohra)
  • v3.0.rc1 Changes

    ๐Ÿš€ Released on June 25, 2021

    Major Features ^

    • There is a new built-in search module which provides basic search functionality out of the box, and for more advanced needs (such as full text search in uploaded files) plugins can provide their own search functionality (e.g. using ElasticSearch). (:pr:4841)
    • Categories may now contain both events and subcategories at the same time. During the upgrade to 3.0 event creation is automatically set to restricted in all categories containing subcategories in order to avoid any negative surprises which would suddenly allow random Indico users to create events in places where they couldn't do so previously. (:issue:4679, :pr:4725, :pr:4757)
    • The OAuth provider module has been re-implemented based on a more modern library (authlib). Support for the somewhat insecure implicit flow has been removed in favor of the code-with-PKCE flow. Tokens are now stored more securely as a hash instead of plaintext. For a given user/app/scope combination, only a certain amount of tokens are stored; once the limit has been reached older tokens will be discarded. The OAuth provider now exposes its metadata via a well-known URI (RFC 8414) and also has endpoints to introspect or revoke a token. (:issue:4685, :pr:4798)
    • ๐Ÿ‘‰ User profile pictures (avatars) are now shown in many more places throughout Indico, such as user search results, meeting participant lists and reviewing timelines. (:issue:4625, :pr:4747, :pr:4939)

    Internationalization

    • ๐Ÿ†• New locale: English (United States)
    • ๐Ÿ†• New translation: Turkish

    ๐Ÿ‘Œ Improvements ^

    • ๐Ÿ‘‰ Use a more modern search dialog when searching for users (:issue:4674, :pr:4743)
    • โž• Add an option to refresh event person data from the underlying user when cloning an event (:issue:4750, :pr:4760)
    • โž• Add options for attaching iCal files to complete registration and event reminder emails (:issue:1158, :pr:4780)
    • ๐Ÿ‘‰ Use the new token-based URLs instead of API keys for persistent ical links and replace the calendar link widgets in category, event, session and contribution views with the more modern ones used in dashboard (:issue:4776, :pr:4801)
    • โž• Add an option to export editables to JSON (:issue:4767, :pr:4810)
    • โž• Add an option to export paper peer reviewing data to JSON (:issue:4767, :pr:4818)
    • Passwords are now checked against a list of breached passwords ("Have I Been Pwned") in a secure and anonymous way that does not disclose any data. If a user logs in with an insecure password, they are forced to change it before they can continue using Indico (:pr:4817)
    • Failed login attempts now trigger rate limiting to prevent brute-force attacks (:issue:1550, :pr:4817)
    • ๐Ÿ‘ Allow filtering the "Participant Roles" page by users who have not registered for the event (:issue:4763, :pr:4822)
    • iCalendar exports now include contact data, event logo URL and, when exporting sessions/contributions, the UID of the related event. Also, only non-empty fields are exported. (:issue:4785, :issue:4586, :issue:4587, :issue:4791, :pr:4820)
    • ๐Ÿ‘ Allow adding groups/roles as "authorized abstract submitters" (:pr:4834)
    • Direct links to (sub-)contributions in meetings using the URLs usually meant for conferences now redirect to the meeting view page (:pr:4847)
    • Use a more compact setup QR code for the mobile Indico check-in app; the latest version of the app is now required. (:pr:4844)
    • Contribution duration fields now use a widget similar to the time picker that makes selecting durations easier. (:issue:2462, :pr:4873)
    • โž• Add new meeting themes that show sequential numbers instead of start times for contributions (:pr:4899)
    • โœ‚ Remove the very outdated "Compact style" theme (it's still available via the themes_legacy plugin) (:issue:4900, :pr:4899)
    • ๐Ÿ‘Œ Support cloning surveys when cloning events (:issue:2045, :pr:4910)
    • ๐Ÿ‘‰ Show external contribution references in conferences (:issue:4928, :pr:4933)
    • ๐Ÿ‘ Allow changing the rating scale in abstract/paper reviewing even after reviewing started (:pr:4942)
    • ๐Ÿ‘ Allow blacklisting email addresses for user registrations (:issue:4644, :pr:4946)

    ๐Ÿ›  Bugfixes ^

    • Take registrations of users who are only members of a custom event role into account on the "Participant Roles" page (:pr:4822)
    • Fail gracefully during registration import when two rows have different emails that belong to the same user (:pr:4823)
    • ๐Ÿ‘€ Restore the ability to see who's inheriting access from a parent object (:pr:4833)
    • ๐Ÿ›  Fix misleading message when cancelling a booking that already started and has past occurrences that won't be cancelled (:issue:4719, :pr:4861)
    • Correctly count line breaks in length-limited abstracts (:pr:4918)
    • ๐Ÿ›  Fix error when trying to access subcontributions while event is in draft mode
    • โšก๏ธ Update the user link in registrations when merging two users (:pr:4936)
    • ๐Ÿ›  Fix error when exporting a conference timetable PDF with the option "Print abstract content of all contributions" and one of the abstracts is too big to fit in a page (:issue:4881, :pr:4955)
    • ๐ŸŒฒ Emails sent via the Editing module are now logged to the event log (:pr:4960)
    • ๐Ÿ›  Fix error when importing event notes from another event while the target event already has a deleted note (:pr:4959)

    Internal Changes ^

    • ๐Ÿ‘ Require Python 3.9 - older Python versions (especially Python 2.7) are no longer supported
    • confId has been changed to event_id and the corresponding URL path segments now enforce numeric data (and thus pass the id as a number instead of string)
    • ๐Ÿšš CACHE_BACKEND has been removed; Indico now always uses Redis for caching
    • ๐Ÿšš The integration with flower (celery monitoring tool) has been removed as it was not widely used, did not provide much benefit, and it is no longer compatible with the latest Celery version
    • session.user now returns the user related to the current request, regardless of whether it's coming from OAuth, a signed url or the actual session (:pr:4803)
    • Add a new check_password_secure signal that can be used to implement additional password security checks (:pr:4817)
    • โž• Add an endpoint to let external applications stage the creation of an event with some data to be pre-filled when the user then opens the link returned by that endpoint (:pr:4628, thanks :user:adl1995)

  • v2.3.6 Changes

    ๐Ÿš€ Unreleased

    ๐Ÿ›  Bugfixes ^

    • None so far :)
  • v2.3.5 Changes

    ๐Ÿš€ Released on May 11, 2021

    ๐Ÿ”’ Security fixes ^

    • ๐Ÿ›  Fix XSS vulnerabilities in the category picker (via category titles), location widget (via room and venue names defined by an Indico administrator) and the "Indico Weeks View" timetable theme (via contribution/break titles defined by an event organizer). As neither of these objects can be created by untrusted users (on a properly configured instance) we consider the severity of this vulnerability "minor" (:pr:4897)

    Internationalization

    • ๐Ÿ†• New translation: Polish
    • ๐Ÿ†• New translation: Mongolian

    ๐Ÿ‘Œ Improvements ^

    • โž• Add an option to not disclose the names of editors and commenters to submitters in the Paper Editing module (:issue:4829, :pr:4865)

    ๐Ÿ›  Bugfixes ^

    • Do not show soft-deleted long-lasting events in category calendar (:pr:4824)
    • Do not show management-related links in editing hybrid view unless the user has access to them (:pr:4830)
    • ๐Ÿ›  Fix error when assigning paper reviewer roles with notifications enabled and one of the reviewing types disabled (:pr:4838)
    • ๐Ÿ›  Fix viewing timetable entries if you cannot access the event but a specific session inside it (:pr:4857)
    • ๐Ÿ›  Fix viewing contributions if you cannot access the event but have explicit access to the contribution (:pr:4860)
    • Hide registration menu item if you cannot access the event and registrations are not exempt from event access checks (:pr:4860)
    • ๐Ÿ›  Fix inadvertently deleting a file uploaded during the "make changes" Editing action, resulting in the revision sometimes still referencing the file even though it has been deleted from storage (:pr:4866)
    • ๐Ÿ›  Fix sorting abstracts by date (:pr:4877)

    Internal Changes ^

    • Add before_notification_send signal (:pr:4874, thanks :user:omegak)
  • v2.3.4 Changes

    ๐Ÿš€ Released on March 11, 2021

    ๐Ÿ”’ Security fixes ^

    • ๐Ÿ›  Fix some open redirects which could help making harmful URLs look more trustworthy by linking to Indico and having it redirect the user to a malicious site (:issue:4814, :pr:4815)
    • The :data:BASE_URL is now always enforced and requests whose Host header does not match are rejected. This prevents malicious actors from tricking Indico into sending e.g. a password reset link to a user that points to a host controlled by the attacker instead of the actual Indico host (:pr:4815)

    .. note::

    If the webserver is already configured to enforce a canonical host name and redirects or
    rejects such requests, this cannot be exploited. Additionally, exploiting this problem requires
    user interaction: they would need to click on a password reset link which they never requested,
    and which points to a domain that does not match the one where Indico is running.
    

    ๐Ÿ‘Œ Improvements ^

    • 0๏ธโƒฃ Fail more gracefully is a user has an invalid locale set and fall back to the default locale or English in case the default locale is invalid as well
    • ๐Ÿ”ง Log an error if the configured default locale does not exist
    • โž• Add ID-1 page size for badge printing (:pr:4774, thanks :user:omegak)
    • ๐Ÿ‘ Allow managers to specify a reason when rejecting registrants and add a new placeholder for the rejection reason when emailing registrants (:pr:4769, thanks :user:vasantvohra)

    ๐Ÿ›  Bugfixes ^

    • ๐Ÿ›  Fix the "Videoconference Rooms" page in conference events when there are any VC rooms attached but the corresponding plugin is no longer installed
    • ๐Ÿ›  Fix deleting events which have a videoconference room attached which has its VC plugin no longer installed
    • Do not auto-redirect to SSO when an MS office user agent is detected (:issue:4720, :pr:4731)
    • ๐Ÿ‘ Allow Editing team to view editables of unpublished contributions (:issue:4811, :pr:4812)

    Internal Changes ^

    • ๐Ÿ“‡ Also trigger the ical-export metadata signal when exporting events for a whole category
    • Add primary_email_changed signal (:pr:4802, thanks :user:openprojects)
  • v2.3.3 Changes

    ๐Ÿš€ Released on January 25, 2021

    ๐Ÿ”’ Security fixes ^

    • JSON locale data for invalid locales is no longer cached on disk; instead a 404 error is triggered. This avoids creating small files in the cache folder for each invalid locale that is requested. (:pr:4766)

    Internationalization

    • ๐Ÿ†• New translation: Ukrainian

    ๐Ÿ‘Œ Improvements ^

    • โž• Add a new "Until approved" option for a registration form's "Modification allowed" setting (:pr:4740, thanks :user:vasantvohra)
    • ๐Ÿ‘‰ Show last login time in dashboard (:pr:4735, thanks :user:vasantvohra)
    • ๐Ÿ‘ Allow Markdown in the "Message for complete registrations" option of a registration form (:pr:4741)
    • ๐Ÿ‘Œ Improve video conference linking dropdown for contributions/sessions (hide unscheduled, show start time) (:pr:4753)
    • ๐Ÿ‘‰ Show timetable filter button in conferences with a meeting-like timetable

    ๐Ÿ›  Bugfixes ^

    • ๐Ÿ›  Fix error when converting malformed HTML links to LaTeX
    • Hide inactive contribution/abstract fields in submit/edit forms (:pr:4755)
    • ๐Ÿ›  Fix adding registrants to a session ACL

    Internal Changes ^

    • ๐Ÿ”Œ Videoconference plugins may now display a custom message for the prompt when deleting a videoconference room (:pr:4733)
    • ๐Ÿ”Œ Videoconference plugins may now override the behavior when cloning an event with attached videoconference rooms (:pr:4732)
  • v2.3.2 Changes

    November 30, 2020

    ๐Ÿฑ ๐ŸŽ‰ Improvements

    • 0๏ธโƒฃ Disable title field by default in new registration forms (#4688, #4692)
    • โž• Add gender-neutral "Mx" title (#4688, #4692)
    • โž• Add contributions placeholder for emails (#4716, thanks @bpedersen2)
    • ๐Ÿ‘‰ Show program codes in contribution list (#4713)
    • Display the target URL of link materials if the user can access them (#2599, #4718)
    • ๐Ÿ‘‰ Show the revision number for all revisions in the Editing timeline (#4708)

    ๐Ÿ›  ๐Ÿ› Bugfixes

    • Only consider actual speakers in the "has registered speakers" contribution list filter (#4712, thanks @bpedersen2)
    • ๐Ÿ”€ Correctly filter events in "Sync with your calendar" links (this fix only applies to newly generated links) (#4717)
    • Correctly grant access to attachments inside public sessions/contribs even if the event is more restricted (#4721)
    • ๐Ÿ›  Fix missing filename pattern check when suggesting files from Paper Peer Reviewing to submit for Editing (#4715)
    • ๐Ÿ›  Fix filename pattern check in Editing when a filename contains dots (#4715)
    • Require explicit admin override (or being whitelisted) to override blockings (#4706)
    • ๐Ÿ‘ฏ Clone custom abstract/contribution fields when cloning abstract settings (#4724, thanks @bpedersen2)
    • ๐Ÿ›  Fix error when rescheduling a survey that already has submissions (#4730)
  • v2.3.1 Changes

    October 27, 2020

    ๐Ÿ”’ โš ๏ธ Security fixes

    • ๐Ÿ›  Fix potential data leakage between OAuth-authenticated and unauthenticated HTTP API requests for the same resource (#4663)
      Note: Due to OAuth access to the HTTP API having been broken until this version, we do not believe this was actually exploitable on any Indico instance. In addition, only Indico administrators can create OAuth applications, so regardless of the bug there is no risk for any instance which does not have OAuth applications with the read:legacy_api scope.

    ๐Ÿฑ ๐ŸŽ‰ Improvements

    • ๐Ÿ“ฆ Generate material packages in a background task to avoid timeouts or using excessive amounts of disk space in case of people submitting several times (#4630)
    • Add new EXPERIMENTAL_EDITING_SERVICE setting to enable extending an event's Editing workflow through an OpenReferee server (#4659)

    ๐Ÿ›  ๐Ÿ› Bugfixes

    • โš  Only show the warning about draft mode in a conference if it actually has any contributions or timetable entries
    • Do not show incorrect modification deadline in abstract management area if no such deadline has been set (#4650)
    • ๐Ÿ›  Fix layout problem when minutes contain overly large embedded images (#4653, #4654)
    • Prevent pending registrations from being marked as checked-in (#4646, thanks @OmeGak)
    • ๐Ÿ›  Fix OAuth access to HTTP API (#4663)
    • ๐Ÿ›  Fix ICS export of events with draft timetable and contribution detail level (#4666)
    • ๐Ÿ›  Fix paper revision submission field being displayed for judges/reviewers (#4667)
    • ๐Ÿ›  Fix managers not being able to submit paper revisions on behalf of the user (#4667)

    ๐Ÿฑ ๐Ÿ”ง Internal Changes

    • Add registration_form_wtform_created signal and send form data in registration_created and registration_updated signals (#4642, thanks @OmeGak)
    • โž• Add logged_in signal
  • v2.3 Changes

    September 14, 2020

    ๐Ÿฑ ๐Ÿ’ก Blog Post

    ๐Ÿš€ We published a blog post summarizing the most relevant changes for end users.


    ๐Ÿฑ ๐Ÿ† Major Features

    • โž• Add category roles, which are similar to local groups but within the scope of a category and its subcategories. They can be used for assigning permissions in any of these categories and events within such categories.
    • Events marked as "Invisible" are now hidden from the category's event list for everyone except managers (#4419, thanks @openprojects)
    • Introduce profile picture, which is for now only visible on the user dashboard (#4431, thanks @OmeGak)
    • Registrants can now be added to event ACLs. This can be used to easily restrict parts of an event to registered participants. If registration is open and a registration form is in the ACL, people will be able to access the registration form even if they would otherwise not have access to the event itself. It is also possible to restrict individual event materials and custom page/link menu items to registered participants. (#4477, #4528, #4505, #4507)
    • โž• Add a new Editing module for papers, slides and posters which provides a workflow for having a team review the layout/formatting of such proceedings and then publish the final version on the page of the corresponding contribution. The Editing module can also be connected to an external microservice to handle more advanced workflows beyond what is supported natively by Indico.

    ๐Ÿฑ ๐ŸŽ Internationalization

    • ๐Ÿ†• New translation: Chinese (Simplified) ๐Ÿ‡จ๐Ÿ‡ณ

    ๐Ÿฑ ๐ŸŽ‰ Improvements

    • Sort survey list by title (#3802)
    • Hide "External IDs" field if none are defined (#3857)
    • โž• Add LaTeX source export for book of abstracts (#4035, thanks @bpedersen2)
    • Tracks can now be categorized in track groups (#4052)
    • Program codes for sessions, session blocks, contributions and subcontributions can now be auto-generated (#4026)
    • โž• Add draft mode for the contribution list of conference events which hides pages like the contribution list and timetable until the event organizers publish the contribution list. (#4095)
    • โž• Add ICS export for information in the user dashboard (#4057)
    • ๐Ÿ‘ Allow data syncing with multipass providers which do not support refreshing identity information
    • ๐Ÿ‘‰ Show more verbose error when email validation fails during event registration (#4177)
    • โž• Add link to external map in room details view (#4146)
    • ๐Ÿ‘ Allow up to 9 digits (instead of 6) before the decimal point in registration fees
    • โž• Add button to booking details modal to copy direct link (#4230)
    • Do not require new room manager approval when simply shortening a booking (#4214)
    • ๐Ÿ‘‰ Make root category description/title customizable using the normal category settings form (#4231)
    • โž• Added new LOCAL_GROUPS setting that can be used to fully disable local groups (#4260)
    • ๐ŸŒฒ Log bulk event category changes in the event log (#4241)
    • โž• Add CLI commands to block and unblock users (#3845)
    • ๐Ÿ”€ Show warning when trying to merge a blocked user (#3845)
    • ๐Ÿ‘ Allow importing event role members from a CSV file (#4301)
    • ๐Ÿ‘ Allow optional comment when accepting a pre-booking (#4086)
    • โช Log event restores in event log (#4309)
    • Warn about cancelling/rejecting whole recurring bookings instead of just specific occurrences (#4092)
    • โž• Add "quick cancel" link to room booking reminder emails (#4324)
    • โž• Add visual information and filtering options for participants' registration status to the contribution list (#4318)
    • โž• Add warning when accepting a pre-booking in case there are concurrent bookings (#4129)
    • โž• Add event logging to opening/closing registration forms, approval/rejection of registrations, and updates to event layout (#4360, thanks @giusedb & @OmeGak)
    • โž• Add category navigation dialog on category display page (#4282, thanks @OmeGak)
    • โž• Add UI for admins to block/unblock users (#3243)
    • ๐Ÿ‘‰ Show labels indicating whether a user is an admin, blocked or soft-deleted (#4363)
    • โž• Add map URL to events, allowing also to override room map URL (#4402, thanks @OmeGak)
    • ๐Ÿ‘‰ Use custom time picker for time input fields taking into account the 12h/24h format of the user's locale (#4399)
    • ๐Ÿ”จ Refactor the room edit modal to a tabbed layout and improve error handling (#4408)
    • Preserve non-ascii characters in file names (#4465)
    • ๐Ÿ‘ Allow resetting moderation state from registration management view (#4498, thanks @OmeGak)
    • ๐Ÿ‘ Allow filtering event log by related entries (#4503, thanks @OmeGak)
    • ๐Ÿ–จ Do not automatically show the browser's print dialog in a meeting's print view (#4513)
    • โž• Add "Add myself" button to person list fields (e.g. for abstract authors) (#4411, thanks @jgrigera)
    • Subcontributions can now be managed from the meeting display view (#2679, #4520)
    • โž• Add CfA setting to control whether authors can edit abstracts (#3431)
    • โž• Add CfA setting to control whether only speakers or also authors should get submission rights once the abstract gets accepted (#3431)
    • ๐Ÿ‘‰ Show the Indico version in the footer again (#4558)
    • Event managers can upload a custom Book of Abstract PDF (#3039, #4577)
    • Display each news item on a separate page instead of together with all the other news items (#4587)
    • ๐Ÿ‘ Allow registrants to withdraw their application (#2715, #4585, thanks @brabemi & @OmeGak)
    • ๐Ÿ‘ Allow choosing a default badge in categories (#4574, thanks @OmeGak)
    • Display event labels on the user's dashboard as well (#4592)
    • Event modules can now be imported from another event (#4518, thanks @meluru)
    • Event modules can now be imported from another event (#4518, #4533, thanks @meluru)
    • Include the event keywords in the event API data (#4598, #4599, thanks @chernals)
    • ๐Ÿ‘ Allow registrants to check details for non-active registrations and prevent them from registering twice with the same registration form (#4594, #4595, thanks @OmeGak)
    • โž• Add a new CUSTOM_LANGUAGES setting to indico.conf to override the name/territory of a language or disable it altogether (#4620)

    ๐Ÿ›  ๐Ÿ› Bugfixes

    • Hide Book of Abstracts menu item if LaTeX is disabled and no custom Book of Abstracts has been uploaded
    • ๐Ÿ‘‰ Use a more consistent order when cloning the timetable (#4227)
    • Do not show unrelated rooms with similar names when booking room from an event (#4089)
    • Stop icons from overlapping in the datetime widget (#4342)
    • ๐Ÿ›  Fix alignment of materials in events (#4344)
    • ๐Ÿ›  Fix misleading wording in protection info message (#4410)
    • ๐Ÿ‘ Allow guests to access public notes (#4436)
    • ๐Ÿ‘ Allow width of weekly event overview table to adjust to window size (#4429)
    • ๐Ÿ›  Fix whitespace before punctuation in Book of Abstracts (#4604)
    • ๐Ÿ›  Fix empty entries in corresponding authors (#4604)
    • Actually prevent users from editing registrations if modification is disabled
    • ๐Ÿ– Handle LaTeX images with broken redirects (#4623, thanks @bcc)

    ๐Ÿฑ ๐Ÿ”ง Internal Changes

    • ๐Ÿ‘‰ Make React and SemanticUI usable everywhere (#3955)
    • โž• Add before-regform template hook (#4171, thanks @giusedb)
    • Add registrations kwarg to the event.designer.print_badge_template signal (#4297, thanks @giusedb)
    • Add registration_form_edited signal (#4421, thanks @OmeGak)
    • ๐Ÿ‘‰ Make PyIntEnum freeze enums in Alembic revisions (#4425, thanks @OmeGak)
    • โž• Add before-registration-summary template hook (#4495, thanks @OmeGak)
    • โž• Add extra-registration-actions template hook (#4500, thanks @OmeGak)
    • โž• Add event-management-after-title template hook (#4504, thanks @meluru)
    • ๐Ÿ’พ Save registration id in related event log entries (#4503, thanks @OmeGak)
    • โž• Add before-registration-actions template hook (#4524, thanks @OmeGak)
    • โž• Add LinkedDate and DateRange form field validators (#4535, thanks @OmeGak)
    • โž• Add extra-regform-settings template hook (#4553, thanks @meluru)
    • Add filter_selectable_badges signal (#4557, thanks @OmeGak)
    • โž• Add user ID in every log record logged in a request context (#4570, thanks @OmeGak)
    • โž• Add extra-registration-settings template hook (#4596, thanks @meluru)
    • ๐Ÿ‘ Allow extending polymorphic models in plugins (#4608, thanks @OmeGak)
    • ๐Ÿ”Œ Wrap registration form AngularJS directive in jinja block for more easily overriding arguments passed to the app in plugins (#4624, thanks @OmeGak)