Safety vulnerability ID: 64474
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Indico 3.2.9 updates its Werkzeug dependency, upgrading from version 2.3.4 to 2.3.8 in response to the security issue CVE-2023-46136.
https://github.com/indico/indico/commit/26e6043be2e446327b96d53e2e11313a6e7ab6a2
Latest version: 3.3.6
Indico is a full-featured conference lifecycle management and meeting/lecture scheduling tool
:warning: Security fixes
- Update [Werkzeug](https://pypi.org/project/Werkzeug/) library due to a DoS vulnerability while parsing certain file uploads (CVE-2023-46136)
- Fix registration form CAPTCHA not being fully validated (6096)
:tada: Improvements
- Add placeholders for accompanying persons to the badge/ticket designer (6033)
:bug: Bugfixes
- Fix meeting timetable not showing custom locations when all top-level timetable entries are session blocks inheriting the custom location from its session (6014)
- Always show exact matches when searching for existing videoconference rooms to attach to an event (6022)
- Include materials linked to sessions in the material package (6024)
- Use the correct locale when sending sending email notifications to others in an event (5987, 6021)
- Fix the author/speaker selector (e.g. for abstracts) breaking when submitting the form and getting a validation error (6043, 6053)
- Do not cancel past linked room bookings when deleting an event (6032, 6051)
- Fix contribution list filters being obscured by the action dialog (6055)
- Fix emailing Paper Peer Reviewing and Editing teams (6145)
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application