ยซ Changelog History


indico v2.3.5 Release Notes

  • ๐Ÿš€ Released on May 11, 2021

    ๐Ÿ”’ Security fixes ^

    • ๐Ÿ›  Fix XSS vulnerabilities in the category picker (via category titles), location widget (via room and venue names defined by an Indico administrator) and the "Indico Weeks View" timetable theme (via contribution/break titles defined by an event organizer). As neither of these objects can be created by untrusted users (on a properly configured instance) we consider the severity of this vulnerability "minor" (:pr:4897)

    Internationalization

    • ๐Ÿ†• New translation: Polish
    • ๐Ÿ†• New translation: Mongolian

    ๐Ÿ‘Œ Improvements ^

    • โž• Add an option to not disclose the names of editors and commenters to submitters in the Paper Editing module (:issue:4829, :pr:4865)

    ๐Ÿ›  Bugfixes ^

    • Do not show soft-deleted long-lasting events in category calendar (:pr:4824)
    • Do not show management-related links in editing hybrid view unless the user has access to them (:pr:4830)
    • ๐Ÿ›  Fix error when assigning paper reviewer roles with notifications enabled and one of the reviewing types disabled (:pr:4838)
    • ๐Ÿ›  Fix viewing timetable entries if you cannot access the event but a specific session inside it (:pr:4857)
    • ๐Ÿ›  Fix viewing contributions if you cannot access the event but have explicit access to the contribution (:pr:4860)
    • Hide registration menu item if you cannot access the event and registrations are not exempt from event access checks (:pr:4860)
    • ๐Ÿ›  Fix inadvertently deleting a file uploaded during the "make changes" Editing action, resulting in the revision sometimes still referencing the file even though it has been deleted from storage (:pr:4866)
    • ๐Ÿ›  Fix sorting abstracts by date (:pr:4877)

    Internal Changes ^

    • Add before_notification_send signal (:pr:4874, thanks :user:omegak)