Download Latest Version v3.3.9 source code.tar.gz (12.0 MB)
Email in envelope

Get an email when there's a new version of Indico

Home / v3.3.6
Name Modified Size InfoDownloads / Week
Parent folder
indico-3.3.6-py3-none-any.whl 2025-03-24 37.1 MB
0
README.md 2025-03-24 6.6 kB
0
v3.3.6 source code.tar.gz 2025-03-24 11.6 MB
0
v3.3.6 source code.zip 2025-03-24 13.4 MB
1 1 weekly downloads
Totals: 4 Items   62.1 MB 1

:warning: Security fixes

  • Update the Jinja2 library due to a sandbox escape vulnerability (2025-27516).

Note: Since document templates can only be managed by Indico admins (unless granted to specific other trusted users as well), the impact of this vulnerability is considered low to medium, as it would require a malicious admin to abuse this e.g. to to read indico.conf data, which is otherwise only accessible to people with direct server access.

:tada: Improvements

  • Add a new "Accepted by Submitter" state for editables when a submitter approved the changes proposed by the editor (#6185, [#6186])
  • Highlight editables in the editable list that have been updated since the last time they were viewed (#6500)
  • Refresh the looks of the PDF timetable (#6554, [#6558])
  • Redact session cookie value in error emails (#6666)
  • Allow creating a new local account during password reset if the user does not have one yet (#6688)
  • Set session cookies with SameSite=Lax so they are not sent when Indico is embedded in a third-party iframe (#6690)
  • Make the event export/import util much more flexible to support exporting whole category subtrees, add better support for dealing with files, and add various things that were not correctly exported before (#6446)
  • Add a setting to limit the information room booking users can see for bookings not linked to them or their rooms (#6704)
  • Add shortcuts to the past and closest events in a category (#6710)
  • Improve the appearance of the date pickers (#6719, [#6720], thanks @foxbunny)
  • Add a new setting (ALLOW_ADMIN_USER_DELETION) to let administrators permanently delete Indico users from the user management UI (#6652, thanks @SegiNyn)
  • Support ==text== to highlight text in markdown (#6731, [#6732], [#6767])
  • Add an event setting to allow enforcing search before entering a person manually to a persons list in abstracts and contributions (#6689)
  • Allow users to login using their email address (#6522, thanks @SegiNyn)
  • Do not "inline" the full participant list in conference events using a meeting-style timetable and link to the conference participant list instead (#6753)
  • Add new setting LOCAL_USERNAMES to disable usernames for logging in and only use the email address (#6751, [#6810])
  • Tell search engines to not index events marked as "invisible" (#6762, thanks @openprojects)
  • Make the minimum length of local account passwords configurable, and default to 15 instead of 8 for new installations (#6629, [#6740], thanks @amCap1712)
  • Include submitter email in abstract PDF export (#3631, [#6748], thanks @amCap1712)
  • Remove anonymized users from local groups (#6738, thanks @SegiNyn)
  • Add ACLs for room booking locations which can grant privileges on the location itself and/or all its rooms (#6566, thanks @SegiNyn)
  • Support alternative names in predefined affiliations and make its search more powerful (#6758)
  • Add setting to disallow entering custom affiliations when predefined affiliations are used (#6809)
  • Log changes to event payment methods (#6739)
  • Add button to select all rooms for exporting in the room list (#6773, thanks @Michi03)
  • Include abstract details in comment notification email subject (#6449, [#6782], thanks @amCap1712)
  • Use markdown editor field in survey questionnaire setup (#6783, thanks @amCap1712)
  • Use markdown editor field for contribution description (#6723, [#6749], thanks @amCap1712)
  • Allow resetting registrations back to pending in bulk (#5954, [#6784], thanks @amCap1712)
  • Allow to configure a restrictive set of allowed contribution keywords (#6778, thanks @tomako, @unconventionaldotdev)
  • Add a log for user actions, similar to that in events and categories (#6779, [#6813], thanks @tomako)

:bug: Bugfixes

  • Fix error when using the "Request approval" editing action on an editable that does not have publishable files (#6186)
  • Do not fail if a user has an invalid timezone stored in the database (#6647)
  • Ensure the event name is correctly encoded to prevent issues with special characters in the share event widget (#6649)
  • Fix sending emails if site name contains an @ character (#6687)
  • Do not show country field description twice in registration forms (#6708)
  • Do not show "other" document templates from deleted events/categories (#6711)
  • Fix price display of choice fields in registration form (#6728, [#6729])
  • Fix error when creating a new room and setting attributes or equipment during creation (#6730)
  • Fix the usage of select list scrollbar causing it to close immediately (#6735, [#6736], thanks @foxbunny)
  • Trigger event creation notification emails when cloning events (#6744)
  • Fix image uploading not working when editing an existing note without having permissions to manage materials on the event level (#6760)
  • Do not redirect to the ToS acceptance page when impersonating a user (#6770)
  • Fix display issues after reacting to a favorite category suggestion (#6771)
  • Include event labels in dashboard ICS export (#5886, [#6372], [#6769], thanks @amCap1712)
  • Do not show default values for purged registration fields (#5898, [#6772], [#6781], thanks @amCap1712)
  • Do not create empty survey sections during event cloning (#6774)
  • Fix inaccurate timezone in the dates of the timetable PDF (#6786)
  • Fix error with accommodation fields that have the "no accommodation" option disabled (#6812)
  • Reset token-based links for correct user when done by an admin (#6814)

:wheelchair: Accessibility

  • Make field validation error messages more accessible in the registration form (#6324, thanks @foxbunny)
  • Implement a new date range picker and use it in the Room Booking module (#6464, thanks @foxbunny)
  • Make main section title in the base layout the default bypass blocks target (#6726, thanks @foxbunny)
  • Improve places selection accessibility in SingleChoiceInput (#6763, thanks @foxbunny)
  • Improve places selection accessibility in MultiChoiceInput (#6764, thanks @foxbunny)
  • Improve BooleanInput accessibility (#6756, thanks @foxbunny)
  • Improve keyboard navigation order within the category list page (#6776, thanks @foxbunny)

:wrench: Internal Changes

  • Remove the marshmallow-enum dependency (#6701, [#6703], thanks @federez-tba)
  • Add new signals during signup email validation and login which can make the process fail with a custom message (#6759, thanks @openprojects)
Source: README.md, updated 2025-03-24