Safety vulnerability ID: 45313
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Nemo 3.15.0 updates its dependency 'Django' to v2.2.27 to include security fixes.
Latest version: 6.0.3
NEMO is a laboratory logistics web application. Use it to schedule reservations, control tool access, track maintenance issues, and more.
Upgrade notes
- For the new automatic alert creation for Closures and reminder emails on last occurrence to work, a daily cron job must be added, calling either `docker exec -it nemo django-admin create_closure_alerts` or by sending an http request to `/create_closure_alerts`
New features
- Added Staff status, a new feature on the status dashboard displaying whether staff are in/out:
- Leave type can be customized (sick leave, annual leave, parental leave etc.)
- Staff working days and typical hours can be set, as well as staff categories (second shift, user office etc.)
- Only facility managers can add/edit staff absences and see the details (sick leave, annual leave etc.)
- Regular user and staff users only see in/out status
- Facility managers can also export the calendar
- Customizations available: show/hide weekends, display staff status only to other staff members, start week on Sunday/Monday
- Week/Month view
- Renamed PhysicalAccessException to Closure and massively updated the feature:
- A closure can now have multiple dates (to set Labor day for multiple years in advance for example)
- A closure can triggered an automatic alert a certain number of days prior to the closure. (5 days before Labor day for example, informing users that buddy system will be in place etc.)
- Staff can be marked as absent in the Staff status page during a closure (optional)
- A reminder email can be sent on the last occurrence of a closure reminding facility managers to add more if needed. (In case you set Labor day 5 years in advance and then forget to add more dates)
Bug fixes
- Fixed a bug preventing XLSX export in API
- Fixed a bug requiring the identity service to be set in settings for qualifications to work. Thanks rmwhite85 for reporting this!
- Fixed reservation details on Mobile and Kiosk only displaying times which would make it very confusing when reservations span over multiple days. Thanks nsieb for bringing this up!
- Fixed reservations losing their reservation questions when moving/resizing them. Fixes 104. Thanks jat255 for reporting it!
Libraries
- Django 2.2.26 -> 2.2.27 (vulnerability)
- drf-renderer-xlsx 0.4.4 -> 0.4.5 (fixes broken XLSX with manytomany fields)
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application