Name | Modified | Size | Downloads / Week |
---|---|---|---|
Parent folder | |||
indico-3.3.7-py3-none-any.whl | 2025-07-14 | 37.0 MB | |
README.md | 2025-07-14 | 5.6 kB | |
v3.3.7 source code.tar.gz | 2025-07-14 | 11.8 MB | |
v3.3.7 source code.zip | 2025-07-14 | 13.6 MB | |
Totals: 4 Items | 62.3 MB | 6 |
:warning: Security fixes
- Prevent dumping basic user details (name, affiliation and email) in bulk using the user id (CVE-2025-53640)
[!NOTE] With Indico being a tool that is primarily used for academic events, where it is expected behavior that you can look users up by name and email and use the email address as a common way of identifying someone (as names are not unique, often not even combined with someone's affiliation), we only classify this as "medium" severity. Looking up some users is normal, but obviously being able to look up all of them at once, is not something that's intended.
In case you want to lock down user search much more strongly, please have a look at the
ALLOW_PUBLIC_USER_SEARCH
setting which has been added in this release as well.
:tada: Improvements
- Add a new
ALLOWED_LANGUAGES
setting toindico.conf
to restrict which languages can be used (#6818, thanks @openprojects) - Set reasonable maximum lengths on signup form fields (#6724)
- Preserve the selected day when switching between room booking calendar view modes (#6817)
- Notify room moderators about new pending bookings in their rooms (#6823)
- Show moderated rooms as "mine" and enable "bookings in my rooms" etc. for room moderators (#6823)
- Use the new date picker in more places (#6662, [#6832])
- Log conference menu changes (#6851, thanks @openprojects)
- Add duration and date/time placeholders when sending emails for contributions (#6860)
- Use
STATIC_SITE_STORAGE
for the temporary file from a material package (#6898) - Implement conditional fields in registration forms (#1227, [#6678], thanks @Moliholy, @omegak, @unconventionaldotdev)
- Log user-specific ACL changes to user log (#6841, thanks @tomako)
- Include language settings when cloning an event (#6871, [#6929])
- Log user merges to user log (#6882, [#6920])
- Allow re-sending emails from their log entries (#6805, [#6909], thanks @duartegalvao, @unconventionaldotdev)
- Allow adding/removing favorite users from search results (#6950)
- Make text overflow behavior in badge designer configurable (#6944, thanks @SegiNyn)
- Clone registration tags when cloning registration forms and preserve registration tags when cloning registrations (#6820, [#6964])
- Allow restricting reminder recipients by registration form and tags (#6877, thanks @tomako, @unconventionaldotdev)
- Searching existing Indico users can be restricted to managers by setting
ALLOW_PUBLIC_USER_SEARCH
toFalse
. This also limits the verbosity of email status checks while registering for events and disallows registering on behalf of another Indico user (#6960) - Allow linking existing booking to an event even if there's no exact date/time overlap, and do not show a large number of unrelated bookings (#6568, [#6811], [#6846], thanks @Moliholy, @unconventionaldotdev)
- Add a log for global admin actions, similar to that in events, categories and users (#6868, thanks @tomako)
:bug: Bugfixes
- Fix inconsistent page numbering in PDF timetable (#6824, [#6827])
- Do not log logins rejected by a plugin as errors (#6834, thanks @omegak)
- Do not trigger notifications for withdrawn service requests when deleting past events (#6700, [#6754], thanks @bhngupta)
- Fix date picker on category calendar view (#6849, [#6850])
- Fix scheduling existing contributions not working in rare cirucmstances (#6853)
- Convert author/speaker email addresses to lowercase during input and use the lowercase version for deduplication (#6855)
- Fix error when removing the title of an event person (#6859)
- Fix participant visibility being set to "nobody" when a registration was modifified (#6863)
- Fix error when editing a room while no custom attributes have been defined (#6840)
- Allow the browser to perform spellchecking in the HTML/WYSIWYG minutes editor (#6890)
- Fix downdown/combobox issues on iOS Safari devices (#6830, [#6839], thanks @foxbunny)
- Fix font rendering issue in event titles with some cyrillic characters (#6673, [#6881], thanks @Fedor204)
- Include registration tags in event export (#6896)
- Fix some messages not being translated due to a missing context (#6910)
- Fix datetime handling in excel exports (#6806, [#6887], thanks @duartegalvao, @unconventionaldotdev)
- Fix date range picker not working in some languages (e.g. Japanese) (#6921, [#6922])
- Fix error when searching in user logs (#6933, [#6936])
- Fix room booking prompt during event creation not showing up (#6941)
- Fix AM/PM indicator based on event language in PDF timetable (#6888)
:wrench: Internal Changes
- Expose cloning details such as object mappings in the
event.cloned
signal (#6858) - Expose cloning details in the
contribution.created
andsubcontribution.created
signals (#6858) - Add the id and color of registration tags on the Checkin API endpoint for registation data (#6874, thanks @duartegalvao)
- Allow disabling arbitrary dates in date picker / calendar controls (#6905, thanks @foxbunny)
- Support custom data rendering logic in custom registration form fields (#6967)
- Support custom columns and filters in mangement registrant list (#6968)