Indico - A feature-rich event management system, made @ CERN, the place where the Web was born.

Overview

Indico CI Status License Available on PyPI Made at CERN!

Indico is:

  • ? a general-purpose event management tool;
  • ? fully web-based;
  • ? feature-rich but also extensible through the use of plugins;
  • ⚖️ Open-Source Software under the MIT License;
  • made at CERN, the place where the web was born!

A sneak peek of Indico

What does it do?

Indico's main features are:

  • a powerful and flexible hierarchical content management system for events;
  • a full-blown conference organization workflow with:
    • ? Call for Abstracts and abstract reviewing modules;
    • ? flexible registration form creation and configuration;
    • ? integration with existing payment systems;
    • a paper reviewing workflow;
    • ? a drag and drop timetable management interface;
    • ? a simple badge editor with the possibility to print badges and tickets for participants;
  • tools for meeting management and archival of presentation materials;
  • a powerful room booking interface;
  • integration with existing video conferencing solutions;

A more detailed list can be found here. There is also a video!

I just want to try it out!

We've got a Sandbox ? !

Browser support

These are the minimum versions of major browsers currently supported by Indico. We try to target all modern browsers as much as possible, but only issues detected on those will be considered at critical level.

Firefox
Firefox
Chrome
Chrome
Safari
Safari
Edge
Edge
78+ 83+ 13+ 17+

However, if you have an issue with a browser on this list, please feel free to open a bug report.

Getting Indico

Information on how to get the latest release can be found at the project's web site. There are installation guides for different systems available in the project's documentation.

Contributing

Indico is the result of the collective work of more than 100 different developers, translators and usability specialists of many nationalities. You can be the next one - read our Contribution Guide if you'd like to help out.

You don't need to know how to write code in order to help!

Roadmap

The full roadmap is available on the project site.

Community

The main meeting points for the community are:

We follow CERN's Values and the principles established by CERN's Code of Conduct.

History

This software project was initially funded by the European Union's FP5 programme ?? , in what was called the Integrated Digital Conferencing Project, or just InDiCo. CERN was responsible for the development of the "Make-a-Confererence" workpackage (inspired by an already existing system called CDS Agenda, also developed at the Organization) which would then become what we nowadays know as Indico.

We have since stopped using the InDiCo acronym, as it no longer reflects accurately the nature of the project. The word Indico now has no particular meaning other than the product's name.


Made at CERN
Take part!

Note

In applying the MIT license, CERN does not waive the privileges and immunities granted to it by virtue of its status as an Intergovernmental Organization or submit itself to any jurisdiction.

Comments
  • cannot display timetable

    cannot display timetable

    i have created a meeting unfortunately it does not display the timetable. it displays a black page. even for conference events timetables cannot be displayed.

    norepro 
    opened by MariamNsubuga 30
  • Allow fail2ban protection

    Allow fail2ban protection

    # Ticket imported from Trac
    

    Fail2ban (​http://www.fail2ban.org/) allows to block IPs temporarily in case they try brute-force attacks on login/passwords. That system is quite universal and uses logfile entries. We would like to use it, but in order to work correctly, it must write the originating IP into the logfile, which is not the case presently. (Only the uid is printed with timestamp and error text.) Be careful to make sure the log text (analysed with regex) cannot trigger fake alerts and lock the site admins out. It must be safe against injection by trying false logins with UID="Login failed for 'hoffmann' from IP=127.0.0.1" for example.

    This request is relevant for Local and LDAP authentication, probably not for SSO (which has its own brute-force hacker filter) and maybe for NICE.

    p-medium enhancement 
    opened by DirkHoffmann 29
  • event description and custom page content html tag attributes

    event description and custom page content html tag attributes

    Describe the bug in older versions of indico, I could create custom event sites and custom pages via switching to source mode in the editor and paste my custom html with many class attributes and then style them with a custom layout css file.

    now, on indico 3.2, these customized events still display correctly, but the new editor removes all my custom attributes and tags I was using, hence changes or a completely new site with custom styled tags are not possible anymore.

    To Reproduce Steps to reproduce the behavior: create an event try to set custom html, i.e. <div class='custom_hello'>hello</div>

    Expected behavior on saving, indico should keep the html as entered when the editor was set to source mode. this worked in older indico versions (2.8 or 3.0? not sure unfortunately)

    Screenshots here is the old html I created in the older indico version, and styled it with the custom layout css grafik heres what the description editor loads when trying to edit it. if I would save now, all my custom classes would be gone. grafik

    any possibility to get this functionality back, aka dont sanitize too much? or add a button where I can upload a custom html and use it i.e. as the event descripton or as content of a custom page.

    thanks alot!

    bug 
    opened by kingspride 24
  • indico_initial_setup needs sudo

    indico_initial_setup needs sudo

    Hello,

    I'm trying to deploy indico under a cloud server within a virtualenv, where all the setup requirements are available. "easy_install indico" seems to do its job. When running indico_initial_setup, then I cannot do sudo because my user is not in the sudoers.

    $ indico_initial_setup

    • EGG found at /home/fortizmu/webapps/indico/venv/lib/python2.7/site-packages/indico-1.2.1rc9-py2.7.egg... unconfigured No previous installation of Indico was found. Please specify a directory prefix:

    You now need to configure Indico, by editing indico.conf or letting us do it for you. At this point you can:

    [c]opy the default values in etc/indico.conf.sample to a new etc/indico.conf and continue the installation

    [A]bort the installation in order to inspect etc/indico.conf.sample and / or to make your own etc/indico.conf

    What do you want to do [c/a]? c Copying Indico tree... /home/fortizmu/webapps/indico/venv/lib/python2.7/site-packages/indico-1.2.1rc9-py2.7.egg/MaKaC/consoleScripts/../../bin -> ./bin /home/fortizmu/webapps/indico/venv/lib/python2.7/site-packages/indico-1.2.1rc9-py2.7.egg/MaKaC/consoleScripts/../../doc -> ./doc /home/fortizmu/webapps/indico/venv/lib/python2.7/site-packages/indico-1.2.1rc9-py2.7.egg/MaKaC/consoleScripts/../../etc -> ./etc /home/fortizmu/webapps/indico/venv/lib/python2.7/site-packages/indico-1.2.1rc9-py2.7.egg/MaKaC/consoleScripts/../../htdocs -> ./htdocs Creating wsgi symlink... ./htdocs/indico.wsgi done! Creating directories for resources... done! Upgrading indico.conf... done!

    We cannot find a configured database at ./db.

    Do you want to create a new database now [Y/n]? Y

    Where do you want to install the database [./db]? uid/gid not provided. Trying to guess them... found apache(48) apache(48)

    We need to 'sudo' in order to set the permissions of some directories... [sudo] password for fortizmu:

    I've tried to move forward my omitting the sudo command in function _checkDirPermissions (in file installBase.py). The script then runs until the end:

    Congratulations! Indico has been installed correctly.

    indico.conf:      ./etc/indico.conf
    
    BinDir:           ./bin
    DocumentationDir: ./doc
    ConfigurationDir: ./etc
    HtdocsDir:        ./htdocs
    

    For information on how to configure Apache HTTPD, take a look at:

    http://indico.readthedocs.org/en/latest/installation/#configuring-the-web-server

    Please do not forget to start the 'taskDaemon' in order to use alarms, creation of off-line websites, reminders, etc. You can find it in './bin/taskDaemon.py'

    If you are running ZODB on this host:

    • Review ./etc/zodb.conf and ./etc/zdctl.conf to make sure everything is ok.
    • To start the database run: zdaemon -C ./etc/zdctl.conf start

    When trying to do that $ zdaemon -C ./etc/zdctl.conf start

    then there is the message: Error: only root can use -u USER to change users

    Is there a workaround for this? Can indico only be installed and deployed as "root"?

    As mentioned in the beginning, I can setup a venv where all the needed components (Python, Apache, mod_wsgi) are available. For example, within the same server I run applications based on similar technologies (e.g. Plone CMS).

    I very much appreciate your comments.

    Thank you in advance! Kind regards, Francisco

    opened by fortizmu 21
  • Optionally allow all registrants to access conference pages

    Optionally allow all registrants to access conference pages

    It makes sense that a user protects an event and configures it in such a way that only registered (and confirmed?) people can access it.

    This could be a configurable option, probably in the "protection" page.

    p-medium enhancement help wanted 
    opened by pferreir 20
  • Unable to start indico

    Unable to start indico

    So I've been trying to setup Indico on a VM using the Deployment guide. However, whenever i try starting the uwsgi service it throws the following error and terminates

    [uWSGI] getting INI configuration from /etc/uwsgi.ini
    *** Starting uWSGI 2.0.16 (64bit) on [Mon May  7 14:47:41 2018] ***
    compiled with version: 4.8.5 20150623 (Red Hat 4.8.5-16) on 13 February 2018 02:48:03
    os: Linux-4.9.87-linuxkit-aufs #1 SMP Wed Mar 14 15:12:16 UTC 2018
    nodename: fe2cc1c14b17
    machine: x86_64
    clock source: unix
    pcre jit disabled
    detected number of CPU cores: 4
    current working directory: /opt/indico/etc
    writing pidfile to /run/uwsgi/uwsgi.pid
    detected binary path: /usr/sbin/uwsgi
    dropping root privileges as early as possible
    setgid() to 48
    setuid() to 997
    your memory page size is 4096 bytes
     *** WARNING: you have enabled harakiri without post buffering. Slow upload could be rejected on post-unbuffered webservers ***
    detected max file descriptor number: 1048576
    lock engine: pthread robust mutexes
    thunder lock: disabled (you can enable it with --thunder-lock)
    uwsgi socket 0 bound to TCP address 127.0.0.1:8008 fd 3
    dropping root privileges after socket binding
    Python version: 2.7.5 (default, Aug  4 2017, 00:39:18)  [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]
    Set PythonHome to /opt/indico/.venv
    Python main interpreter initialized at 0x1ff38a0
    dropping root privileges after plugin initialization
    python threads support enabled
    your server socket listen backlog is limited to 100 connections
    your mercy for graceful operations on workers is 60 seconds
    mapped 446520 bytes (436 KB) for 4 cores
    *** Operational MODE: preforking ***
    /opt/indico/indico/core/config.py:181: UserWarning: Ignoring unknown config key OS
      warnings.warn('Ignoring unknown config key {}'.format(key))
    /opt/indico/indico/core/config.py:181: UserWarning: Ignoring unknown config key AST
      warnings.warn('Ignoring unknown config key {}'.format(key))
    WSGI app 0 (mountpoint='') ready in 3 seconds on interpreter 0x1ff38a0 pid: 707 (default app)
    dropping root privileges after application loading
    spawned uWSGI master process (pid: 707)
    spawned uWSGI worker 1 (pid: 714, cores: 1)
    Mon May  7 14:47:44 2018 - mem-collector thread started for worker 1
    spawned uWSGI worker 2 (pid: 716, cores: 1)
    Mon May  7 14:47:44 2018 - mem-collector thread started for worker 2
    spawned uWSGI worker 3 (pid: 718, cores: 1)
    Mon May  7 14:47:45 2018 - mem-collector thread started for worker 3
    spawned uWSGI worker 4 (pid: 720, cores: 1)
    bind(): No such file or directory [core/socket.c line 230]
    ...brutally killing workers...
    unlink(): No such file or directory [core/uwsgi.c line 1661]
    Mon May  7 14:47:45 2018 - mem-collector thread started for worker 4
    Mon May  7 14:47:45 2018 - uWSGI worker 4 screams: UAAAAAAH my master disconnected: i will kill myself !!!
    

    Below is the uwsgi configuration

    [uwsgi]
    uid = indico
    gid = apache
    umask = 027
    pidfile = /run/uwsgi/uwsgi.pid
    
    processes = 4
    enable-threads = true
    socket = 127.0.0.1:8008
    stats = /opt/indico/web/uwsgi-stats.sock
    protocol = uwsgi
    
    master = true
    auto-procname = true
    procname-prefix-spaced = indico
    disable-logging = true
    
    plugin = python
    single-interpreter = true
    
    touch-reload = /opt/indico/indico.wsgi
    wsgi-file = /opt/indico/indico.wsgi
    virtualenv = /opt/indico/.venv
    
    vacuum = true
    buffer-size = 20480
    memory-report = true
    max-requests = 2500
    harakiri = 900
    harakiri-verbose = true
    reload-on-rss = 2048
    evil-reload-on-rss = 8192
    
    opened by iamgaurav 19
  • Wrong french translation...

    Wrong french translation...

    I successfully installed Indico "The version of this Indico installation is: 1.2.1rc5"

    However, I noted few annoying (french) translation errors

    Déssiner == Dessiner !! Vérouill* == Verrouill*

    These are big mistakes. Try to use transiflex but the french score is 100%...

    opened by C138 19
  • Provide example for a HTTP call to get all public data in iCalendar format

    Provide example for a HTTP call to get all public data in iCalendar format

    Please extend the documentatkon at https://indico.readthedocs.io/en/latest/http_api/ by an example, how information about all events can be obtained in iCalendar format without authentication. I mean I am not interested in getting secret information.

    enhancement 
    opened by dilyanpalauzov 18
  • Registrant export

    Registrant export

    The Indico data export API is quite complete for events already. But it would be nice, if we could export also the registrant/participant list of an event via that API. Same holds true for more specialised lists like "all speakers" or "all contributors". Any chance to get this soon? Probably the code is exisiting already (via dropdown menues, for CSV and PDF) and just needs refactoring.

    opened by DirkHoffmann 18
  • UTF8 issue while migrating from 0.98 to 1.1

    UTF8 issue while migrating from 0.98 to 1.1

    # Ticket imported from Trac
    # Reported by: jdefaver
    

    Hi,

    i followed the instructions here:

    https://indico-software.org/wiki/Releases/Indico1.1

    in order to upgrade. in the migrate.py step, i got the following:

    [1289/1620 79.567901%] a058 PIC meeting                                          
    Migration failed! DB may be in  an inconsistent state:
    Traceback (most recent call last):
      File "/opt/indico/bin/migration/migrate.py", line 897, in main
        dry_run=args.dry_run)
      File "/opt/indico/bin/migration/migrate.py", line 843, in runMigration
        task(dbi, withRBDB, prevVersion)
      File "/opt/indico/bin/migration/migrate.py", line 734, in indexConferenceTitle
        nameIdx.index(conf.getId(), conf.getTitle().decode('utf-8'))
      File "/usr/lib64/python2.6/encodings/utf_8.py", line 16, in decode
        return codecs.utf_8_decode(input, errors, True)
    UnicodeDecodeError: 'utf8' codec can't decode byte 0xb5 in position 44: invalid start byte
    

    Indico seems to work though, but only part of the meetings have been migated, and i have no idea of the consequences.

    Could you please help me :

    • solve this issue
    • get my indico installation in a nicer state

    I have a backup of the whole server from the morning before the upgrade.

    Thanks,

    Jerome

    P.S : in the instructions for upgrade, it would be nice to add that one should use easy_install -U indico instead of easy_install indico

    and that the --with-rb option comes with migrate.py and not indico_initial_setup

    bug p-medium 
    opened by indico-bot 18
  • pdf file vs TEX

    pdf file vs TEX

    Hello, I have a question, when trying to generate a pdf file. You send me the following error: Something went wrong, "LaTeXRuntimeException: Impossible to compile '/opt/indico/tmp/indico-texgen-3GiWlj/report.tpl.tex'. Read '/opt/indico/tmp/indico-texgen-3GiWlj/output.log' for details"

    The file "output.log" is empty Has anyone happened to you or do you know how to solve it?

    Regards

    opened by srerasmo 17
  • No event default language

    No event default language

    [GitHub issue for Angebotsanfrage für Arbeit an Indico: Event default language]

    • Currently Indico only has a language setting for users, but no way to indicate the primary language of an event.
      • Add a new event setting with the default language for the event
      • Add a new event setting with the supported languages in the event
      • Add a new user setting to always use the preferred language
      • In end-user-facing parts of the event (i. e. not the management area), these new language settings should behave like this:
        • User setting enabled: Always use the user’s language (ignore supported languages); otherwise use the user’s language if it’s supported, and fall back to the default language if it isn’t.
        • When sending emails to a user, use the same logic to determine the language used there.
        • When sending emails without knowing the user’s language, use the event’s default language.
    enhancement 
    opened by paulmenzel 0
  • Add setting to disable material uploads

    Add setting to disable material uploads

    This PR adds a setting that disallows non-managers of uploading materials to events, contributions and sessions.

    The setting was added to the Materials page in the management area: image

    Progress:

    • [x] Add setting in management area
    • [x] Disallow submitters of uploading materials to contributions
    • [x] Disallow chairpersons/speakers of lectures of uploading materials to events
    opened by duartegalvao 1
  • Export Registration Stat via HTTP API

    Export Registration Stat via HTTP API

    Is your feature request related to a problem? Please describe. No.

    Describe the solution you'd like Export registration stats via http-api. https://docs.getindico.io/en/stable/http-api/exporters/event/

    Describe alternatives you've considered I'm not familiar with Flask but I was thinking that would be possible to add a parameter to "/export/event/ID.TYPE" to bring the same information generated via UI.

    Additional context This would be useful to create a Prometheus Exporter and monitor the event (how many registrations so far).

    enhancement 
    opened by amandahla 0
  • Markdown minutes bullet list live rendiering is inconsistent with published result

    Markdown minutes bullet list live rendiering is inconsistent with published result

    Describe the bug The new markdown minutes feature is awesome! I really appreciate that the team took the time to integrate a live rendering window to the right of the text entry.

    Unfortunately the rules to convert bulleted lists to HTML seem inconsistent between the live rendering and the indico view. The live rendering will indent with three spaces, while the result published to the indico event requires 4. There is also an inconsistency if you start a new list immediately after a paragraph.

    To Reproduce

    1. Open the minutes editor in markdown mode.
    2. Create the list below.
    3. Save the minutes and look at them in the indico event.
    Wrong bullet list:
    - Bullet point
       - Subbullet
    
    The above looks fine in the live rendering, but appears incorrectly in indico. The following works fine though:
    
    Correct bullet list:
    
    - Bullet point
        - Subbullet
    
    There are two changes needed to produce the correct result:
    
    1. There must be a blank line after the paragraph for the list to start. This is not required by the live rendering.
    2. There must be 4 spaces per level of indentation, whereas the live rendering only requires 3.
    

    Expected behavior The live rendering and published indico rendering should look the same.

    Screenshots This is what I see in the live rendering: image This is what I see in Indico: image

    Additional context Again, I love being able to use markdown, and the live editor makes learning the syntax super easy. It's a bit of a problem when the live render doesn't match the result though.

    bug 
    opened by dguest 2
  • Refactor

    Refactor "author list" dialog

    This PR refactors all of the "author list" dialogs, now renamed to "email authors". This dialog is used in abstract, contribution, paper and session lists.

    Progress:

    • [X] Convert dialog to a React-SUI Modal
    • [X] Fetch authors' data
    • [X] Display authors' data
    • [x] Implement sorting by column
    • [x] Allow selecting authors
    • [x] Add email button
    • [x] Implement filters
    • [x] Refactor authors list button implementation
    • [x] Show success message in authors list modal
    • [ ] Use identifiers instead of IDs
    • [ ] Render affiliation details
    opened by duartegalvao 0
Releases(v3.2.2)
  • v3.2.2(Dec 9, 2022)

    :tada: Improvements

    • Display program codes in 'My contributions' (#5573)
    • Warn when a user cannot create an event in the current category (#5572)
    • Display all contributions in 'My contributions' and not just those with submitter privileges (#5575)
    • Apply stronger sanitization on rich-text content pasted into CKEditor (#5560, #5571)
    • Allow raw HTML snippets when editing custom conference pages and event descriptions (#5584, #5587)
    • Warn more clearly that link attachments are just a link and do not copy the file (#5551, #5593)
    • Add option to email people with specific roles about their contributions or abstracts (#5598)
    • Add setting to allow submitters to edit custom fields in their contributions (#5599)

    :bug: Bugfixes

    • Fix broken links in some notification emails (#5567)
    • Fix always-disabled submit button when submitting an agreement response on someone's behalf (#5574)
    • Disallow nonsensical retention periods and visibility durations (#5576)
    • Fix sorting by program code in editable list (#5582)
    • Do not strip custom CSS classes from HTML in CKEditor (#5584, #5585)
    • Use the instance's default locale instead of "no locale" (US-English) in places where no better information is known for email recipients (#5586)

    :wrench: Internal Changes

    • Refactor email-sending dialog using React (#5547)
    Source code(tar.gz)
    Source code(zip)
  • v3.2.1(Nov 10, 2022)

    :warning: Security fixes

    • Update cryptography library due to vulnerabilities in OpenSSL (CVE-2022-3602, CVE-2022-3786)

    Note: We do not think that Indico is affected by those vulnerabilities as it does not use the cryptography library itself, and the dependency that uses it is only used during SSO (OAuth) logins and most likely in a way that is not vulnerable. It is nonetheless recommended to update as soon as possible.

    :flags: Internationalization

    • Make email templates translatable (#5263, #5488, thanks @Leats)

    :tada: Improvements

    • Enable better image linking UI in CKEditor (#5492)
    • Restore the "fullscreen view" option in CKEditor (#5505)
    • Display & enforce judging deadline (#5506)
    • Add a setting to disable entering persons in person link fields manually (#5499)
    • Allow taking minutes in markdown (#3386, #5500, thanks @Leats)
    • Add setting to preselect "Include users with no Indico account" when adding authors/speakers (#5553)
    • Include event label in email reminders (#5554, #5556, thanks @omegak)
    • Include emails of submitters, speakers and authors in abstract/contribution Excel/CSV exports (#5565)

    :bug: Bugfixes

    • Fix meeting minutes being shown when they are expected to be hidden (#5475)
    • Force default locale when generating Book of Abstracts (#5477)
    • Fix width and height calculation when printing badges (#5479)
    • Parse escaped quotes (&quot;) in ckeditor output correctly (#5487)
    • Fix entering room name if room booking is enabled but has no locations (#5495)
    • Fix privacy information dropdown not opening on Safari (#5507)
    • Only let explicitly assigned reviewers review papers (#5527)
    • Never count participants from a registration forms with a fully hidden participant list for the total count on the participant page (#5532)
    • Fix "Session Legend" not working in all-days timetable view (#5539)
    • Fix exporting unlisted events via API (#5555)

    :wrench: Internal Changes

    • Require at least Postgres 13 during new installations. This check can be forced on older Postgres versions (11+ should work), but we make no guarantees that nothing is broken (the latest version we test with is 12) (#5503)
    • Refactor service request email generation so plugins can override sender and reply-to addresses for these emails (#5501)
    • Deleting a session no longer leaves orphaned session blocks (#5533, thanks @omegak)
    • Indicate in the registration_deleted signal whether it's a permanent deletion from the database or just a soft-deletion (#5559)
    Source code(tar.gz)
    Source code(zip)
  • v3.2(Aug 24, 2022)

    :bulb: Blog Post

    We published a blog post summarizing the most relevant changes for end users.

    :trophy: Major Features

    • The registration form frontend has been completely rewritten using modern web technology.
    • Registrations can now have a retention period for the whole registration and individual fields, after which their data is permanently deleted.
    • The participant list of an event can now use consent to determine whether a participant should be displayed, and its visibility can be different for the general public and other registered participants.
    • An event can now have one or more privacy notices and it's possible to set the name and contact information of the "Data controller" (useful where GDPR or similar legislation applies).

    :flags: Internationalization

    • New translation: German

    :tada: Improvements

    • Add a new event management permission that grants access only to the abstracts module (#5212)
    • Add a link to quickly view the current stylesheet on the conference layout customization page (#5239, #5259)
    • Add more powerful filters to "get next editable" and the list of editables (#5188, #5224, #5241)
    • Add the ability to create speaker-only menu entries for conferences (#5261, #5268)
    • Highlight changed fields in notification emails about modified registrations (#5265, #5269)
    • Add an option to send notifications of new abstract comments (#5266, #5284)
    • Badge/poster templates can have additional images besides the background image (#5273, thanks @SegiNyn)
    • Add ability to add alerts to iCal exports (#5318, #5320, thanks @PerilousApricot)
    • Show affiliations of submitters and authors in abstract/contribution lists and add an extra column with this information to Excel/CSV exports (#5330)
    • Add option to delete persons from the event if they have no roles or other ties to the event anymore (#5294, #5313)
    • Allow events to be favorited (#1662, #5338, thanks @Leats)
    • Include abstract content in CSV/Excel export if enabled in the abstract list (#5356, #5372, thanks @rppt)
    • Add the ability to include an optional static javascript file when defining custom conference themes from within a plugin (#5414, thanks @brittyazel)
    • Add option to make the 'Affiliation' and 'Comment' fields mandatory in the account request form (#4819, #5389, thanks @elsbethe)
    • Include tags in registrant API (#5441)
    • Subcontribution speakers can now be granted submission privileges in the event's protection settings (#2363, #5444)
    • Registration forms can now require a CAPTCHA when the user is not logged in (#4698, #5400)
    • Account creation now requires a CAPTCHA by default to prevent spam account creation (#4698, #5446)
    • Add contribution's program code to revision's "Download ZIP" filename (#5449)
    • Add UI to manage series of events (#4048, #5436, thanks @Leats)
    • Event series can now specify a title pattern to use when cloning an event in the series (#5456)
    • Insert new categories into the correct position if the list is already sorted (#5455)
    • Images can now be uploaded by pasting or dropping them into the editor for minutes or the event description (#5458)
    • Add JSON export for contribution details (#5460)

    :bug: Bugfixes

    • Fix selected state filters not showing up as selected in abstract list customization (#5363)
    • Do not propose an impossible date/time in the Room Booking module when accessing it shortly before midnight (#5371)
    • Do not fail when viewing an abstract that has been reviewed in a track which has been deleted in the meantime (#5386)
    • Fix error when editing a room's nonbookable periods (#5390)
    • Fix incorrect access check when directly accessing a registration form (#5406)
    • Fix error in rate limiter when using Redis with a UNIX socket connection (#5391)
    • Ensure that submitters with contribution edit privileges can only edit basic fields (#5425)
    • Do not return the whole contribution list when editing a contribution from elsewhere (#5425)
    • Fix session blocks not being sorted properly in a timetable PDF export when they have the same start time (#5426)
    • Fix printing badges containing text elements with malformed HTML (#5437, thanks @omegak)
    • Fix misleading start and end times for Poster contributions in the timetable HTTP API and the contributions placeholder in emails (#5443)
    • Do not mark persons as registered if the registration form has been deleted (#5448)
    • Fix error when a room owner who is not an admin edits their room (#5457)

    :wrench: Internal Changes

    • Add new regform-container-attrs template hook to pass additional (data-)attributes to the React registration form containers (#5271)
    • Add support for JavaScript plugin hooks to register objects or react components for use by JS code that's in the core (#5271)
    • Plugins can now define custom registration form fields (#5282)
    • Add EMAIL_BACKEND configuration variable to support different email sending backends e.g. during development (#5375, #5376, thanks @Moist-Cat)
    • Make model attrs to clone interceptable by plugins (#5403, thanks @omegak)
    • Add signal_query method in the IndicoBaseQuery class and the db_query signal, allowing to intercept and modify queries by signal handlers (#4981, thanks @omegak).
    • Update WYSIWYG editor to CKEditor 5, resulting in a slightly different look for the editor controls and removal of some uncommon format options (#5345)

    :snake: Python 3.10 supported

    Indico 3.2 supports both Python 3.9 and 3.10

    Source code(tar.gz)
    Source code(zip)
  • v3.1.1(Apr 27, 2022)

    :tada: Improvements

    • Prompt before leaving the event protection page without saving changes (#5222)
    • Add the ability to clone abstracts (#5217)
    • Add setting to allow submitters to edit their own contributions (#5213)
    • Update the editing state color scheme (#5236)
    • Include program codes in export API (#5246)
    • Add abstract rating scores grouped by track (#5298)
    • Allow uploading revisions when an editor hasn't been assigned (#5289)

    :bug: Bugfixes

    • Fix published editable files only being visible to users with access to the editing timeline (#5218)
    • Fix incorrect date in multi-day meeting date selector dropdown in certain timezones (#5223)
    • Remove excessive padding around category titles (#5225)
    • Fix error when exporting registrations to PDFs that contained certain invalid HTML-like sequences (#5233)
    • Restore logical order of registration list columns (#5240)
    • Fix a performance issue in the HTTP API when exporting events from a specific category while specifying a limit (only affected large databases) (#5260)
    • Correctly specify charset in iCalendar files attached to emails (#5228, #5258, thanks @imranyusuff)
    • Fix very long map URLs breaking out of the event management settings box (#5275)
    • Fix missing abstract withdrawal notification (#5281)
    • Fix downloading files from editables without a published revision (#5290)
    • Do not mark participants with deleted/inactive registrations as registered in participant roles list (#5308)
    • Do not enforce personal token name uniqueness across different users (#5317)
    • Fix last modification date not updating when an abstract is edited (#5325)
    • Fix a bug with poster and badge printing in unlisted events (#5322)

    :wrench: Internal Changes

    • Add category-sidebar template hook and blocks around category sidebar sections (#5237, thanks @omegak)
    • Add event.reminder.before_reminder_make_email signal (#5242, thanks @vasantvohra)
    • Add plugin.interceptable_function signal to intercept selected function calls (#5254)
    Source code(tar.gz)
    Source code(zip)
  • v3.1(Jan 11, 2022)

    :bulb: Blog Post

    We published a blog post summarizing the most relevant changes for end users.

    :trophy: Major Features

    • Category managers now see a log of all changes made to their category in a category log (similar to the event log). This log includes information about all events being created, deleted or moved in the category (#2809, #5029)
    • Besides letting everyone create events in a category or restricting it to specific users, categories now also support a moderation workflow which allows event managers to request moving an event to a category. Only once a category manager approves this request, the event is actually moved (#2057, #5013)
    • Admins now have the option to enable "Unlisted events", which are events that are not (yet) assigned to a category. Such events are only accessible to its creator and other users who have been granted access explicitly, and do not show up in any category's event listing (#4294, #5055, #5023, #5095)

    :tada: Improvements

    • Send event reminders as individual emails with the recipient in the To field instead of using BCC (#2318, #5088)
    • Let event managers assign custom tags to registrations and filter the list of registrations by the presence or absence of specific tags (#4948, #5091)
    • Allow importing registration invitations from a CSV file (#3673, #5108)
    • Show event label on category overviews and in iCal event titles (#5140, #5143)
    • Let event managers view the final timetable even while in draft mode (#5141, #5145)
    • Add option to export role members as CSV (#5147, #5156)
    • Include attachment checksums in API responses (#5084, #5169, thanks @avivace)
    • iCalendar invites now render nicely in Outlook (#5178)
    • Envelope senders for emails can now be restricted to specific addresses/domains using the SMTP_ALLOWED_SENDERS and SMTP_SENDER_FALLBACK config settings (#4837, #2224, #1877, #5179)
    • Allow filtering the contribution list based on whether any person (speaker or author) has registered for the event or not (#5192, #5193)
    • Add background color option and layer order to badge/poster designer items (#5139, thanks @SegiNyn)
    • Allow external users in event/category ACLs (#5146)

    :bug: Bugfixes

    • Fix CUSTOM_COUNTRIES not overriding names of existing countries (#5183)
    • Fix error dialog when submitting an invited abstract without being logger in (#5200)
    • Fix category picker search displaying deleted categories (#5197, #5203)
    • Fix editing service API calls using the service token (#5170)
    • Fix excessive retries for Celery tasks with a retry wait time longer than 1 hour (#5172)
    Source code(tar.gz)
    Source code(zip)
  • v3.0.3(Oct 28, 2021)

    :warning: Security fixes

    • Protect authentication endpoints against CSRF login attacks (#5099, thanks @omegak)

    :tada: Improvements

    • Support TLS certificates for SMTP authentication (#5100, thanks @dweinholz)
    • Add CSV/Excel contribution list exports containing affiliations (#5114, #5118)
    • Include program codes in contribution PDFs and spreadsheets (#5126)
    • Add an API for bulk-assigning contribution program codes programmatically (#5115, #5120)
    • Add layout setting to show videoconferences on the main conference page (#5124)

    :bug: Bugfixes

    • Fix certain registration list filters (checkin status & state) being combined with OR instead of AND (#5101)
    • Fix translations not being taken into account in some places (#5073, #5105)
    • Use correct/consistent field order for personal data fields in newly created registration forms
    • Remove deleted registration forms from ACLs (#5130, #5131, thanks @jbtwist)

    :wrench: Internal Changes

    • Truncate file names to 150 characters to avoid hitting file system path limits (#5116, thanks @vasantvohra)
    Source code(tar.gz)
    Source code(zip)
  • v3.0.2(Sep 9, 2021)

    :bug: Bugfixes

    • Fix JavaScript errors on the login page which caused problems when using multiple form-based login methods (e.g. LDAP and local Indico accounts)
    Source code(tar.gz)
    Source code(zip)
  • v3.0.1(Sep 8, 2021)

    :tada: Improvements

    • Allow filtering abstracts by custom fields having no value (#5033, #5034)
    • Add support for syncing email addresses when logging in using external accounts (#5035)
    • Use more space-efficient QR code version in registration tickets (#5052)
    • Improve user experience when accessing an event restricted to registered participants while not logged in (#5053)
    • When searching external users, prefer results with a name in case of multiple matches with the same email address (#5066)
    • Show program codes in additional places (#5075)
    • Display localized country names (#5070, #5076)

    :bug: Bugfixes

    • Show correct placeholders in date picker fields (#5022)
    • Correctly preselect the default currency when creating a registration form
    • Do not notify registrants when a payment transaction is created in "pending" state
    • Keep the order of multi-choice options in registration summary (#5020, #5032)
    • Correctly handle relative URLs in PDF generation (#5042, #5044)
    • Render markdown in track descriptions in PDF generation (#5043, #5044)
    • Fix error when importing chairpersons from an existing event (#5047)
    • Fix broken timetable entry permalinks when query string args are present (#5049)
    • Do not show "Payments" event management menu entry for registration managers (#5072)
    • Replace some hardcoded date formats with locale-aware ones (#5059, #5071)
    • Clone the scientific program description together with tracks (#5077)
    • Fix database error when importing registrations to an event that already contains a deleted registration form with registrations (#5078)

    :wrench: Internal Changes

    • Add event.before_check_registration_email signal (#5021, thanks @omegak)
    • Do not strip image maps in places where HTML is allowed (#5026, thanks @bpedersen2)
    • Add event.registration.after_registration_form_clone signal (#5037, thanks @vasantvohra)
    • Add registration-invite-options template hook (#5045, thanks @vasantvohra)
    • Fix Typeahead widget not working with extra validators (#5048, #5050, thanks @jbtwist)
    Source code(tar.gz)
    Source code(zip)
  • v3.0(Jul 16, 2021)

    Note that we only list the changes since 3.0rc2 here. Please make sure to also check the changelogs for 3.0rc1 and 3.0rc2.

    :trophy: Major Features

    • Add system notices which inform administrators about important things such as security problems or outdated Python/Postgres versions. These notices are retrieved once a day without sending any data related to the Indico instance, but if necessary, this feature can be disabled by setting SYSTEM_NOTICES_URL = None in indico.conf (#5004)
    • It is now possible to use SAML SSO for authentication without the need for Shibboleth and Apache (#5014)

    :bug: Bugfixes

    • Fix formatting and datetime localization in various PDF exports and timetable tab headers (#5009)
    • Show lecture speakers as speakers instead of chairpersons on the participant roles page (#5008)

    :wrench: Internal Changes

    • Signals previously exposed directly via signals.foo now need to be accessed using their explicit name, i.e. signals.core.foo (#5007)
    • Add category.extra_events signal (#5005, thanks @omegak)
    Source code(tar.gz)
    Source code(zip)
  • v3.0rc2(Jul 9, 2021)

    Since this is a prerelease, you need to use pip's --pre switch to install it, ie pip install --pre indico (same for indico-plugins)


    :trophy: Major Features

    • Add support for personal tokens. These tokens act like OAuth tokens, but are associated with a specific user and generated manually without the need of doing the OAuth flow. They can be used like API keys but with better granularity using the same scopes OAuth applications have, and a single user can have multiple tokens using various scopes. By default any user can create such tokens, but admins can restrict their creation. (#1934, #4976)

    :tada: Improvements

    • Add abstract content to the abstract list customization options (#4968)
    • Add CLI option to create a series (#4969)
    • Users cannot submit multiple anonymous surveys anymore by logging out and in again (#4693, #4970)
    • Improve reviewing state display for paper reviewers (#4979, #4984)
    • Make it clearer if the contributions/timetable of a conference are still in draft mode (#4977, #4986)
    • Add "send to speakers" option in event reminders (#4958, #4966, thanks @Naveenaidu)
    • Allow displaying all events descending from a category (#4982, #4983, thanks @omegak and @openprojects).
    • Add an option to allow non-judge conveners to update an abstract track (#4989)

    :bug: Bugfixes

    • Fix errors when importing events containing abstracts or event roles from a YAML dump (#4995)
    • Fix sorting abstract notification rules (#4998)
    • No longer silently fall back to the first event contact email address when sending registration emails where no explicit sender address has been configured (#4992, #4996, thanks @vasantvohra)
    • Do not check for event access when using a registration link with a registration token (#4991, #4997, thanks @vasantvohra)
    Source code(tar.gz)
    Source code(zip)
  • v3.0rc1(Jun 25, 2021)

    :bulb: Blog Post

    We published a blog post summarizing the most relevant changes for end users.

    :warning: Python 3 :snake:

    This major release starts the new Python-3-only era of Indico. 🐍

    Due to the massive changes that come with this, make sure to read the 2.x to 3.0 upgrade guide if you plan to upgrade an existing instance. Also, keep in mind that this is a prerelease, and things may be broken. 💥

    While we consider it very stable (it's running in production on the main CERN Indico instance for about a month now), we do not officially encourage you to upgrade your production instances yet. But if you are going to do it anyway (we know you want to!), please read that guide and have a backup. 💾

    Since this is a prerelease, you need to use pip's --pre switch to install it, ie pip install --pre indico (same for indico-plugins)


    :trophy: Major Features

    • There is a new built-in search module which provides basic search functionality out of the box, and for more advanced needs (such as full text search in uploaded files) plugins can provide their own search functionality (e.g. using ElasticSearch). (#4841)
    • Categories may now contain both events and subcategories at the same time. During the upgrade to 3.0 event creation is automatically set to restricted in all categories containing subcategories in order to avoid any negative surprises which would suddenly allow random Indico users to create events in places where they couldn't do so previously. (#4679, #4725, #4757)
    • The OAuth provider module has been re-implemented based on a more modern library (authlib). Support for the somewhat insecure implicit flow has been removed in favor of the code-with-PKCE flow. Tokens are now stored more securely as a hash instead of plaintext. For a given user/app/scope combination, only a certain amount of tokens are stored; once the limit has been reached older tokens will be discarded. The OAuth provider now exposes its metadata via a well-known URI (RFC 8414) and also has endpoints to introspect or revoke a token. (#4685, #4798)
    • User profile pictures (avatars) are now shown in many more places throughout Indico, such as user search results, meeting participant lists and reviewing timelines. (#4625, #4747, #4939)

    :flags: Internationalization

    • New locale: English (United States) :us:
    • New translation: Turkish :tr:

    :tada: Improvements

    • Use a more modern search dialog when searching for users (#4674, #4743)
    • Add an option to refresh event person data from the underlying user when cloning an event (#4750, #4760)
    • Add options for attaching iCal files to complete registration and event reminder emails (#1158, #4780)
    • Use the new token-based URLs instead of API keys for persistent ical links and replace the calendar link widgets in category, event, session and contribution views with the more modern ones used in dashboard (#4776, #4801)
    • Add an option to export editables to JSON (#4767, #4810)
    • Add an option to export paper peer reviewing data to JSON (#4767, #4818)
    • Passwords are now checked against a list of breached passwords ("Have I Been Pwned") in a secure and anonymous way that does not disclose any data. If a user logs in with an insecure password, they are forced to change it before they can continue using Indico (#4817)
    • Failed login attempts now trigger rate limiting to prevent brute-force attacks (#1550, #4817)
    • Allow filtering the "Participant Roles" page by users who have not registered for the event (#4763, #4822)
    • iCalendar exports now include contact data, event logo URL and, when exporting sessions/contributions, the UID of the related event. Also, only non-empty fields are exported. (#4785, #4586, #4587, #4791, #4820)
    • Allow adding groups/roles as "authorized abstract submitters" (#4834)
    • Direct links to (sub-)contributions in meetings using the URLs usually meant for conferences now redirect to the meeting view page (#4847)
    • Use a more compact setup QR code for the mobile Indico check-in app; the latest version of the app is now required. (#4844)
    • Contribution duration fields now use a widget similar to the time picker that makes selecting durations easier. (#2462, #4873)
    • Add new meeting themes that show sequential numbers instead of start times for contributions (#4899)
    • Remove the very outdated "Compact style" theme (it's still available via the themes_legacy plugin) (#4900, #4899)
    • Support cloning surveys when cloning events (#2045, #4910)
    • Show external contribution references in conferences (#4928, #4933)
    • Allow changing the rating scale in abstract/paper reviewing even after reviewing started (#4942)
    • Allow blacklisting email addresses for user registrations (#4644, #4946)

    :bug: Bugfixes

    • Take registrations of users who are only members of a custom event role into account on the "Participant Roles" page (#4822)
    • Fail gracefully during registration import when two rows have different emails that belong to the same user (#4823)
    • Restore the ability to see who's inheriting access from a parent object (#4833)
    • Fix misleading message when cancelling a booking that already started and has past occurrences that won't be cancelled (#4719, #4861)
    • Correctly count line breaks in length-limited abstracts (#4918)
    • Fix error when trying to access subcontributions while event is in draft mode
    • Update the user link in registrations when merging two users (#4936)
    • Fix error when exporting a conference timetable PDF with the option "Print abstract content of all contributions" and one of the abstracts is too big to fit in a page (#4881, #4955)
    • Emails sent via the Editing module are now logged to the event log (#4960)
    • Fix error when importing event notes from another event while the target event already has a deleted note (#4959)

    :wrench: Internal Changes

    • Require Python 3.9 🐍 - older Python versions (especially Python 2.7) are no longer supported
    • confId has been changed to event_id and the corresponding URL path segments now enforce numeric data (and thus pass the id as a number instead of string)
    • CACHE_BACKEND has been removed; Indico now always uses Redis for caching
    • The integration with flower (celery monitoring tool) has been removed as it was not widely used, did not provide much benefit, and it is no longer compatible with the latest Celery version
    • session.user now returns the user related to the current request, regardless of whether it's coming from OAuth, a signed url or the actual session (#4803)
    • Add a new check_password_secure signal that can be used to implement additional password security checks (#4817)
    • Add an endpoint to let external applications stage the creation of an event with some data to be pre-filled when the user then opens the link returned by that endpoint (#4628, thanks @adl1995)
    Source code(tar.gz)
    Source code(zip)
  • v2.3.5(May 11, 2021)

    :warning: Security fixes

    • Fix XSS vulnerabilities in the category picker (via category titles), location widget (via room and venue names defined by an Indico administrator) and the "Indico Weeks View" timetable theme (via contribution/break titles defined by an event organizer). As neither of these objects can be created by untrusted users (on a properly configured instance) we consider the severity of this vulnerability "minor" (#4897)

    :flags: Internationalization

    • New translation: Polish 🇵🇱
    • New translation: Mongolian 🇲🇳

    :tada: Improvements

    • Add an option to not disclose the names of editors and commenters to submitters in the Paper Editing module (#4829, #4865)

    :bug: Bugfixes

    • Do not show soft-deleted long-lasting events in category calendar (#4824)
    • Do not show management-related links in editing hybrid view unless the user has access to them (#4830)
    • Fix error when assigning paper reviewer roles with notifications enabled and one of the reviewing types disabled (#4838)
    • Fix viewing timetable entries if you cannot access the event but a specific session inside it (#4857)
    • Fix viewing contributions if you cannot access the event but have explicit access to the contribution (#4860)
    • Hide registration menu item if you cannot access the event and registrations are not exempt from event access checks (#4860)
    • Fix inadvertently deleting a file uploaded during the "make changes" Editing action, resulting in the revision sometimes still referencing the file even though it has been deleted from storage (#4866)
    • Fix sorting abstracts by date (#4877)

    :wrench: Internal Changes

    • Add before_notification_send signal (#4874, thanks @omegak)
    Source code(tar.gz)
    Source code(zip)
  • v2.3.4(Mar 11, 2021)

    :warning: Security fixes

    • Fix some open redirects which could help making harmful URLs look more trustworthy by linking to Indico and having it redirect the user to a malicious site (#4814, #4815)
    • The BASE_URL is now always enforced and requests whose Host header does not match are rejected. This prevents malicious actors from tricking Indico into sending e.g. a password reset link to a user that points to a host controlled by the attacker instead of the actual Indico host (#4815, GHSA-wgpj-7c2j-vfjm, CVE-2021-30185)

    Note: If the webserver is already configured to enforce a canonical host name and redirects or rejects such requests, this cannot be exploited. Additionally, exploiting this problem requires user interaction: they would need to click on a password reset link which they never requested, and which points to a domain that does not match the one where Indico is running.

    :tada: Improvements

    • Fail more gracefully is a user has an invalid locale set and fall back to the default locale or English in case the default locale is invalid as well
    • Log an error if the configured default locale does not exist
    • Add ID-1 page size for badge printing (#4774, thanks @omegak)
    • Allow managers to specify a reason when rejecting registrants and add a new placeholder for the rejection reason when emailing registrants (#4769, thanks @vasantvohra)

    :bug: Bugfixes

    • Fix the "Videoconference Rooms" page in conference events when there are any VC rooms attached but the corresponding plugin is no longer installed
    • Fix deleting events which have a videoconference room attached which has its VC plugin no longer installed
    • Do not auto-redirect to SSO when an MS office user agent is detected (#4720, #4731)
    • Allow Editing team to view editables of unpublished contributions (#4811, #4812)

    :wrench: Internal Changes

    • Also trigger the ical-export metadata signal when exporting events for a whole category
    • Add primary_email_changed signal (#4802, thanks @openprojects)
    Source code(tar.gz)
    Source code(zip)
  • v2.3.3(Jan 25, 2021)

    :warning: Security fixes

    • JSON locale data for invalid locales is no longer cached on disk; instead a 404 error is triggered. This avoids creating small files in the cache folder for each invalid locale that is requested. (#4766)

    :flags: Internationalization

    • New translation: Ukrainian 🇺🇦

    :tada: Improvements

    • Add a new "Until approved" option for a registration form's "Modification allowed" setting (#4740, thanks @vasantvohra)
    • Show last login time in dashboard (#4735, thanks @vasantvohra)
    • Allow Markdown in the "Message for complete registrations" option of a registration form (#4741)
    • Improve video conference linking dropdown for contributions/sessions (hide unscheduled, show start time) (#4753)
    • Show timetable filter button in conferences with a meeting-like timetable

    :bug: Bugfixes

    • Fix error when converting malformed HTML links to LaTeX
    • Hide inactive contribution/abstract fields in submit/edit forms (#4755)
    • Fix adding registrants to a session ACL

    :wrench: Internal Changes

    • Videoconference plugins may now display a custom message for the prompt when deleting a videoconference room (#4733)
    • Videoconference plugins may now override the behavior when cloning an event with attached videoconference rooms (#4732)
    Source code(tar.gz)
    Source code(zip)
  • v2.3.2(Nov 30, 2020)

    :tada: Improvements

    • Disable title field by default in new registration forms (#4688, #4692)
    • Add gender-neutral "Mx" title (#4688, #4692)
    • Add contributions placeholder for emails (#4716, thanks @bpedersen2)
    • Show program codes in contribution list (#4713)
    • Display the target URL of link materials if the user can access them (#2599, #4718)
    • Show the revision number for all revisions in the Editing timeline (#4708)

    :bug: Bugfixes

    • Only consider actual speakers in the "has registered speakers" contribution list filter (#4712, thanks @bpedersen2)
    • Correctly filter events in "Sync with your calendar" links (this fix only applies to newly generated links) (#4717)
    • Correctly grant access to attachments inside public sessions/contribs even if the event is more restricted (#4721)
    • Fix missing filename pattern check when suggesting files from Paper Peer Reviewing to submit for Editing (#4715)
    • Fix filename pattern check in Editing when a filename contains dots (#4715)
    • Require explicit admin override (or being whitelisted) to override blockings (#4706)
    • Clone custom abstract/contribution fields when cloning abstract settings (#4724, thanks @bpedersen2)
    • Fix error when rescheduling a survey that already has submissions (#4730)
    Source code(tar.gz)
    Source code(zip)
  • v2.3.1(Oct 27, 2020)

    :warning: Security fixes

    • Fix potential data leakage between OAuth-authenticated and unauthenticated HTTP API requests for the same resource (#4663) Note: Due to OAuth access to the HTTP API having been broken until this version, we do not believe this was actually exploitable on any Indico instance. In addition, only Indico administrators can create OAuth applications, so regardless of the bug there is no risk for any instance which does not have OAuth applications with the read:legacy_api scope.

    :tada: Improvements

    • Generate material packages in a background task to avoid timeouts or using excessive amounts of disk space in case of people submitting several times (#4630)
    • Add new EXPERIMENTAL_EDITING_SERVICE setting to enable extending an event's Editing workflow through an OpenReferee server (#4659)

    :bug: Bugfixes

    • Only show the warning about draft mode in a conference if it actually has any contributions or timetable entries
    • Do not show incorrect modification deadline in abstract management area if no such deadline has been set (#4650)
    • Fix layout problem when minutes contain overly large embedded images (#4653, #4654)
    • Prevent pending registrations from being marked as checked-in (#4646, thanks @omegak)
    • Fix OAuth access to HTTP API (#4663)
    • Fix ICS export of events with draft timetable and contribution detail level (#4666)
    • Fix paper revision submission field being displayed for judges/reviewers (#4667)
    • Fix managers not being able to submit paper revisions on behalf of the user (#4667)

    :wrench: Internal Changes

    • Add registration_form_wtform_created signal and send form data in registration_created and registration_updated signals (#4642, thanks @omegak)
    • Add logged_in signal
    Source code(tar.gz)
    Source code(zip)
  • v2.3(Sep 14, 2020)

    :bulb: Blog Post

    We published a blog post summarizing the most relevant changes for end users.


    :trophy: Major Features

    • Add category roles, which are similar to local groups but within the scope of a category and its subcategories. They can be used for assigning permissions in any of these categories and events within such categories.
    • Events marked as "Invisible" are now hidden from the category's event list for everyone except managers (#4419, thanks @openprojects)
    • Introduce profile picture, which is for now only visible on the user dashboard (#4431, thanks @omegak)
    • Registrants can now be added to event ACLs. This can be used to easily restrict parts of an event to registered participants. If registration is open and a registration form is in the ACL, people will be able to access the registration form even if they would otherwise not have access to the event itself. It is also possible to restrict individual event materials and custom page/link menu items to registered participants. (#4477, #4528, #4505, #4507)
    • Add a new Editing module for papers, slides and posters which provides a workflow for having a team review the layout/formatting of such proceedings and then publish the final version on the page of the corresponding contribution. The Editing module can also be connected to an external microservice to handle more advanced workflows beyond what is supported natively by Indico.

    :flags: Internationalization

    • New translation: Chinese (Simplified) 🇨🇳

    :tada: Improvements

    • Sort survey list by title (#3802)
    • Hide "External IDs" field if none are defined (#3857)
    • Add LaTeX source export for book of abstracts (#4035, thanks @bpedersen2)
    • Tracks can now be categorized in track groups (#4052)
    • Program codes for sessions, session blocks, contributions and subcontributions can now be auto-generated (#4026)
    • Add draft mode for the contribution list of conference events which hides pages like the contribution list and timetable until the event organizers publish the contribution list. (#4095)
    • Add ICS export for information in the user dashboard (#4057)
    • Allow data syncing with multipass providers which do not support refreshing identity information
    • Show more verbose error when email validation fails during event registration (#4177)
    • Add link to external map in room details view (#4146)
    • Allow up to 9 digits (instead of 6) before the decimal point in registration fees
    • Add button to booking details modal to copy direct link (#4230)
    • Do not require new room manager approval when simply shortening a booking (#4214)
    • Make root category description/title customizable using the normal category settings form (#4231)
    • Added new LOCAL_GROUPS setting that can be used to fully disable local groups (#4260)
    • Log bulk event category changes in the event log (#4241)
    • Add CLI commands to block and unblock users (#3845)
    • Show warning when trying to merge a blocked user (#3845)
    • Allow importing event role members from a CSV file (#4301)
    • Allow optional comment when accepting a pre-booking (#4086)
    • Log event restores in event log (#4309)
    • Warn about cancelling/rejecting whole recurring bookings instead of just specific occurrences (#4092)
    • Add "quick cancel" link to room booking reminder emails (#4324)
    • Add visual information and filtering options for participants' registration status to the contribution list (#4318)
    • Add warning when accepting a pre-booking in case there are concurrent bookings (#4129)
    • Add event logging to opening/closing registration forms, approval/rejection of registrations, and updates to event layout (#4360, thanks @giusedb & @omegak)
    • Add category navigation dialog on category display page (#4282, thanks @omegak)
    • Add UI for admins to block/unblock users (#3243)
    • Show labels indicating whether a user is an admin, blocked or soft-deleted (#4363)
    • Add map URL to events, allowing also to override room map URL (#4402, thanks @omegak)
    • Use custom time picker for time input fields taking into account the 12h/24h format of the user's locale (#4399)
    • Refactor the room edit modal to a tabbed layout and improve error handling (#4408)
    • Preserve non-ascii characters in file names (#4465)
    • Allow resetting moderation state from registration management view (#4498, thanks @omegak)
    • Allow filtering event log by related entries (#4503, thanks @omegak)
    • Do not automatically show the browser's print dialog in a meeting's print view (#4513)
    • Add "Add myself" button to person list fields (e.g. for abstract authors) (#4411, thanks @jgrigera)
    • Subcontributions can now be managed from the meeting display view (#2679, #4520)
    • Add CfA setting to control whether authors can edit abstracts (#3431)
    • Add CfA setting to control whether only speakers or also authors should get submission rights once the abstract gets accepted (#3431)
    • Show the Indico version in the footer again (#4558)
    • Event managers can upload a custom Book of Abstract PDF (#3039, #4577)
    • Display each news item on a separate page instead of together with all the other news items (#4587)
    • Allow registrants to withdraw their application (#2715, #4585, thanks @brabemi & @omegak)
    • Allow choosing a default badge in categories (#4574, thanks @omegak)
    • Display event labels on the user's dashboard as well (#4592)
    • Event modules can now be imported from another event (#4518, thanks @meluru)
    • Event modules can now be imported from another event (#4518, #4533, thanks @meluru)
    • Include the event keywords in the event API data (#4598, #4599, thanks @chernals)
    • Allow registrants to check details for non-active registrations and prevent them from registering twice with the same registration form (#4594, #4595, thanks @omegak)
    • Add a new CUSTOM_LANGUAGES setting to indico.conf to override the name/territory of a language or disable it altogether (#4620)

    :bug: Bugfixes

    • Hide Book of Abstracts menu item if LaTeX is disabled and no custom Book of Abstracts has been uploaded
    • Use a more consistent order when cloning the timetable (#4227)
    • Do not show unrelated rooms with similar names when booking room from an event (#4089)
    • Stop icons from overlapping in the datetime widget (#4342)
    • Fix alignment of materials in events (#4344)
    • Fix misleading wording in protection info message (#4410)
    • Allow guests to access public notes (#4436)
    • Allow width of weekly event overview table to adjust to window size (#4429)
    • Fix whitespace before punctuation in Book of Abstracts (#4604)
    • Fix empty entries in corresponding authors (#4604)
    • Actually prevent users from editing registrations if modification is disabled
    • Handle LaTeX images with broken redirects (#4623, thanks @bcc)

    :wrench: Internal Changes

    • Make React and SemanticUI usable everywhere (#3955)
    • Add before-regform template hook (#4171, thanks @giusedb)
    • Add registrations kwarg to the event.designer.print_badge_template signal (#4297, thanks @giusedb)
    • Add registration_form_edited signal (#4421, thanks @omegak)
    • Make PyIntEnum freeze enums in Alembic revisions (#4425, thanks @omegak)
    • Add before-registration-summary template hook (#4495, thanks @omegak)
    • Add extra-registration-actions template hook (#4500, thanks @omegak)
    • Add event-management-after-title template hook (#4504, thanks @meluru)
    • Save registration id in related event log entries (#4503, thanks @omegak)
    • Add before-registration-actions template hook (#4524, thanks @omegak)
    • Add LinkedDate and DateRange form field validators (#4535, thanks @omegak)
    • Add extra-regform-settings template hook (#4553, thanks @meluru)
    • Add filter_selectable_badges signal (#4557, thanks @omegak)
    • Add user ID in every log record logged in a request context (#4570, thanks @omegak)
    • Add extra-registration-settings template hook (#4596, thanks @meluru)
    • Allow extending polymorphic models in plugins (#4608, thanks @omegak)
    • Wrap registration form AngularJS directive in jinja block for more easily overriding arguments passed to the app in plugins (#4624, thanks @omegak)
    Source code(tar.gz)
    Source code(zip)
  • v2.2.8(Apr 8, 2020)

  • v2.2.7(Mar 23, 2020)

    :tada: Improvements

    • Add support for event labels to indicate e.g. postponed or cancelled events (#3199)

    :bug: Bugfixes

    • Allow slashes in roomName export API
    • Show names instead of IDs of local groups in ACLs (#3700)
    Source code(tar.gz)
    Source code(zip)
  • v2.2.6(Feb 27, 2020)

    :bug: Bugfixes

    • Fix some email fields (error report contact, agreement cc address) being required even though they should be optional
    • Avoid browsers prefilling stored passwords in togglable password fields such as the event access key
    • Make sure that tickets are not attached to emails sent to registrants for whom tickets are blocked (#4242)
    • Fix event access key prompt not showing when accessing an attachment link (#4255)
    • Include event title in OpenGraph metadata (#4288)
    • Fix error when viewing abstract with reviews that have no scores
    • Update requests and pin idna to avoid installing incompatible dependency versions (#4327)
    Source code(tar.gz)
    Source code(zip)
  • v2.2.5(Dec 6, 2019)

    :tada: Improvements

    • Sort posters in timetable PDF export by board number (#4147, thanks @bpedersen2)
    • Use lat/lng field order instead of lng/lat when editing rooms (#4150, thanks @bpedersen2)
    • Add additional fields to the contribution csv/xlsx export (authors and board number) (#4148, thanks @bpedersen2)

    :bug: Bugfixes

    • Update the Pillow library to 6.2.1. This fixes an issue where some malformed images could result in high memory usage or slow processing.
    • Truncate long speaker names in the timetable instead of hiding them (#4110)
    • Fix an issue causing errors when using translations for languages with no plural forms (like Chinese).
    • Fix creating rooms without touching the longitude/latitude fields (#4115)
    • Fix error in HTTP API when Basic auth headers are present (#4123, thanks @uxmaster)
    • Fix incorrect font size in some room booking dropdowns (#4156)
    • Add missing email validation in some places (#4158)
    • Reject requests containing NUL bytes in the POST data (#4159)
    • Fix truncated timetable PDF when using "Print each session on a separate page" in an event where the last timetable entry of the day is a top-level contribution or break (#4134, thanks @bpedersen2)
    • Only show public contribution fields in PDF exports (#4165)
    • Allow single arrival/departure date in accommodation field (#4164, thanks @bpedersen2)
    Source code(tar.gz)
    Source code(zip)
  • v2.2.4(Oct 16, 2019)

    :warning: Security fixes

    • Fix more places where LaTeX input was not correctly sanitized.

    While the biggest security impact (reading local files) has already been mitigated when fixing the initial vulnerability in the previous release, it is still strongly recommended to update.

    Source code(tar.gz)
    Source code(zip)
  • v2.1.11(Oct 16, 2019)

    :warning: Security fixes

    • Fix more places where LaTeX input was not correctly sanitized.

    While the biggest security impact (reading local files) has already been mitigated when fixing the initial vulnerability in the previous release, it is still strongly recommended to update.

    Source code(tar.gz)
    Source code(zip)
  • v2.2.3(Oct 9, 2019)

    :warning: Security fixes (GHSA-67cx-rhhq-mfhq)

    • Strip @, +, - and = from the beginning of strings when exporting CSV files to avoid security issues when opening the CSV file in Excel
    • Use 027 instead of 000 umask when temporarily changing it to get the current umask
    • Fix LaTeX sanitization to prevent malicious users from running unsafe LaTeX commands through specially crafted abstracts or contribution descriptions, which could lead to the disclosure of local file contents

    :tada: Improvements

    • Improve room booking interface on small-screen devices (#4013)
    • Add user preference for room owners/manager to select if they want to receive notification emails for their rooms (#4096, #4098)
    • Show family name field first in user search dialog (#4099)
    • Make date headers clickable in room booking calendar (#4099)
    • Show times in room booking log entries (#4099)
    • Support disabling server-side LaTeX altogether and hide anything that requires it (such as contribution PDF export or the Book of Abstracts). LaTeX is now disabled by default, unless the XELATEX_PATH is explicitly set in indico.conf.

    :bug: Bugfixes

    • Remove 30s timeout from dropzone file uploads
    • Fix bug affecting room booking from an event in another timezone (#4072)
    • Fix error when commenting on papers (#4081)
    • Fix performance issue in conferences with public registration count and a high amount of registrations
    • Fix confirmation prompt when disabling conference menu customizations (#4085)
    • Fix incorrect days shown as weekend in room booking for some locales
    • Fix ACL entries referencing event roles from the old event when cloning an event with event roles in the ACL. Run indico maint fix-event-role-acls after updating to fix any affected ACLs (#4090)
    • Fix validation issues in coordinates fields when editing rooms (#4103)
    Source code(tar.gz)
    Source code(zip)
  • v2.1.10(Oct 9, 2019)

    This release is just backporting important security fixes from v2.2.3 in case you are still on v2.1 and cannot upgrade to v2.2.3 quickly.

    :warning: Security fixes

    • Strip @, +, - and = from the beginning of strings when exporting CSV files to avoid security issues when opening the CSV file in Excel
    • Use 027 instead of 000 umask when temporarily changing it to get the current umask
    • Fix LaTeX sanitization to prevent malicious users from running unsafe LaTeX commands through specially crafted abstracts or contribution descriptions, which could lead to the disclosure of local file contents
    Source code(tar.gz)
    Source code(zip)
  • v2.1.9(Aug 26, 2019)

  • v2.2.2(Aug 23, 2019)

  • v2.2.1(Aug 19, 2019)

    Improvements

    • Make list of event room bookings sortable (#4022)
    • Log when a booking is split during editing (#4031)
    • Improve "Book" button in multi-day events (#4021)

    Bugfixes

    • Add missing slash to the template_prefix of the designer module
    • Always use HH:MM time format in book-from-event link
    • Fix timetable theme when set to "indico weeks view" before 2.2 (#4027)
    • Avoid flickering of booking edit details tooltip
    • Fix outdated browser check on iOS (#4033)
    Source code(tar.gz)
    Source code(zip)
  • v2.2(Aug 6, 2019)

    Major Changes

    • ⚠️ Drop support for Internet Explorer 11 and other outdated or discontinued browser versions. Indico shows a warning message when accessed using such a browser. The latest list of supported browsers can be found in the README, but generally Indico now supports the last two versions of each major browser (determined at release time), plus the current Firefox ESR.
    • Rewrite the room booking frontend to be more straightforward and user-friendly. Check the blog for details.

    Improvements

    • Rework the event log viewer to be more responsive and not freeze the whole browser when there are thousands of log entries
    • Add shortcut to next upcoming event in a category (#3388)
    • Make registration period display less confusing (#3359)
    • Add edit button to custom conference pages (#3284)
    • Support markdown in survey questions (#3366)
    • Improve event list in case of long event titles (#3607, thanks @nop33)
    • Include event page title in the page's <title> (#3285, thanks @bpedersen2)
    • Add option to include subcategories in upcoming events (#3449)
    • Allow event managers to override the name format used in the event (#2455)
    • Add option to not clone venue/room of an event
    • Show territory/country next to the language name (#3968)
    • Add more sorting options to book of abstracts (#3429, thanks @bpedersen2)
    • Add more formatting options to book of abstracts (#3335, thanks @bpedersen2)
    • Improve message when the call for abstracts is scheduled to open but hasn't started yet
    • Make link color handling for LaTeX pdfs configurable (#3283, thanks @bpedersen2)
    • Preserve displayed order in contribution exports that do not apply any specific sorting (#4005)
    • Add author list button to list of papers (#3978)

    Bugfixes

    • Fix incorrect order of session blocks inside timetable (#2999)
    • Add missing email validation to contribution CSV import (#3568, thanks @Kush22)
    • Do not show border after last item in badge designer toolbar (#3607, thanks @nop33)
    • Correctly align centered footer links (#3599, thanks @nop33)
    • Fix top/right alignment of session bar in event display view (#3599, thanks @nop33)
    • Fix error when trying to create a user with a mixed-case email address in the admin area
    • Fix event import if a user in the exported data has multiple email addresses and they match different users
    • Fix paper reviewers getting notifications even if their type of reviewing has been disabled (#3852)
    • Correctly handle merging users in the paper reviewing module (#3895)
    • Show correct number of registrations in management area (#3935)
    • Fix sorting book of abstracts by board number (#3429, thanks @bpedersen2)
    • Enforce survey submission limit (#3256)
    • Do not show "Mark as paid" button and checkout link while a transaction is pending (#3361, thanks @driehle)
    • Fix 404 error on custom conference pages that do not have any ascii chars in the title (#3998)
    • Do not show pending registrants in public participant lists (#4017)

    Internal Changes

    • Use webpack to build static assets
    • Add React+Redux for new frontend modules
    • Enable modern ES201x features
    Source code(tar.gz)
    Source code(zip)
  • v2.1.8(Mar 12, 2019)

django blog - complete customization and ready to use with one click installer

django-blog-it Simple blog package developed with Django. Features: Dynamic blog articles Blog pages Contact us page (configurable) google analytics S

MicroPyramid 220 Sep 18, 2022
A Django-based CMS with a focus on extensibility and concise code

FeinCMS - An extensible Django-based CMS When was the last time, that a pre-built software package you wanted to use got many things right, but in the

FeinCMS 847 Jan 07, 2023
E-Commerce Platform

Shuup Shuup is an Open Source E-Commerce Platform based on Django and Python. https://shuup.com/ Copyright Copyright (c) 2012-2021 by Shoop Commerce L

Shuup 2k Jan 07, 2023
A modular, high performance, headless e-commerce platform built with Python, GraphQL, Django, and ReactJS.

Saleor Commerce Customer-centric e-commerce on a modern stack A headless, GraphQL-first e-commerce platform delivering ultra-fast, dynamic, personaliz

Mirumee Labs 17.8k Jan 07, 2023
Django Fiber - a simple, user-friendly CMS for all your Django projects

Django Fiber An important message about this project Hi Django Fiber enthusiasts! This project was started by the people at Ride The Pony, Leukeleu an

666 Dec 15, 2022
ConnectLearn is an easy to use and deploy Open-Source Project meant to make it easier for the right students to find the right teachers online.

ConnectLearn ConnectLearn is an easy to use and deploy Open-Source Project meant to make it easier for the right students to find the right teachers o

Aditya 5 Oct 24, 2021
🐰 Bunnybook 🐰 A tiny social network (for bunnies), built with FastAPI and React+RxJs.

🐰 Bunnybook 🐰 A tiny social network (for bunnies), built with FastAPI and React+RxJs. Click here for live demo! Included features: 💬 chat 🔴 online

Pietro Bassi 190 Jan 03, 2023
Open Source CRM based on Django

Django-CRM Django CRM is opensource CRM developed on django framework. It has all the basic features of CRM to start with. We welcome code contributio

MicroPyramid 1.4k Dec 31, 2022
A self-hosted application that lets you create podcast RSS feeds from YouTube playlists

Playlist2Podcast A self-hosted application that lets you create podcast RSS feeds from YouTube playlists. What Does This Do? Takes a list of YouTube p

Simon 12 Nov 14, 2022
用Hexo的方式管理WordPress(使用Github Actions自动更新文章到WordPress)

方圆小站Github仓库 ---start--- 目录(2021年02月17日更新) 《刺杀小说家》一个勇士屠恶龙救苍生的故事 衡水的中学为高考服务,996.icu为人民企业家服务 轻薄的代价(纪念不足两岁MacBook轻薄本的陨落) PP鸭最佳替代品!《图压》批量压缩图片而不损失画质,支持JPG,

zhaoolee 166 Jan 06, 2023
Flask-SQLAlchemy implementation of nested/threaded comment replies.

Threaded comments using Common Table Expressions (CTE) for a MySQL Flask blog or CMS Credits to peterspython Also read more about the implementation h

ONDIEK ELIJAH OCHIENG 5 Nov 12, 2022
Simple yet powerful and really extendable application for managing a blog within your Django Web site.

Django Blog Zinnia Simple yet powerful and really extendable application for managing a blog within your Django Web site. Zinnia has been made for pub

Julien Fache 2.1k Dec 24, 2022
Backend routes and database for an abstract theoretical app that relates a database of courses, users, and assignments.

Backend routes and database for an abstract theoretical app that relates a database of courses, users, and assignments.

Sean Wiesner 0 Dec 27, 2021
The Plone CMS: root integration package

About Plone Plone is a mature, secure and user-friendly Content Management System (CMS). Plone - and the Open Source community behind it - aggregates

Plone Foundation 200 Jan 08, 2023
A python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs

CMSmap CMSmap is a python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs. The main purpose of

RazzorBack 1 Oct 31, 2021
The lektor static file content management system

Lektor Lektor is a static website generator. It builds out an entire project from static files into many individual HTML pages and has a built-in admi

Lektor CMS 3.6k Dec 29, 2022
An encylopedia that runs on Django as part of CS50w's coursework

Django Wiki As part of the CS50w course, this project aims to apply the use of Django together with HTML and CSS to replicate an encyclopedia. Require

Beckham 1 Oct 28, 2021
A Django content management system focused on flexibility and user experience

Wagtail is an open source content management system built on Django, with a strong community and commercial support. It's focused on user experience,

Wagtail 13.8k Jan 01, 2023
Set of Web-backend projects to implement micro-blogging site

Mini-Twitter This repository contains a set of projects covered for CPSC-449 Web-Backend development under the guidance of Prof. Kenytt Avery at CSU,

1 Nov 07, 2021
Ticket shop application for conferences, festivals, concerts, tech events, shows, exhibitions, workshops, barcamps, etc.

pretix Reinventing ticket presales, one ticket at a time. Project status & release cycle While there is always a lot to do and improve on, pretix by n

pretix 1.3k Jan 01, 2023