Commit Graph

  • 22158bdd59 Merge pull request 'upstream/2026.6.0' (#20) from upstream/2026.6.0 into master master 2026.6.0.0 simon 2026-07-02 18:40:30 +00:00
  • 91bc46c3db Remove gendered language from de/de_Informal translations TechuserUpdatechecker 2026-07-02 20:37:43 +02:00
  • 8d94ac74f8 Merge branch 'master' into upstream/2026.6.0 TechuserUpdatechecker 2026-07-02 20:28:38 +02:00
  • 60af7e5984 Merge pull request 'upstream/2026.5.2' (#19) from upstream/2026.5.2 into master 2026.5.2.0 simon 2026-07-01 19:27:12 +00:00
  • ce2704f6fd Remove gendered language from de/de_Informal translations TechuserUpdatechecker 2026-07-01 21:26:32 +02:00
  • 04cecedffb Merge branch 'master' into upstream/2026.5.2 TechuserUpdatechecker 2026-07-01 21:21:43 +02:00
  • fd565ecdb2 Bump version to 2026.6.0 Raphael Michel 2026-07-01 16:33:07 +02:00
  • f35b13b686 Translations: Update Russian Nikita Mitasov 2026-06-30 15:41:48 +02:00
  • 550bb675f5 Translations: Update Spanish CVZ-es 2026-06-29 11:25:21 +02:00
  • adc9c9d514 Translations: Update Spanish CVZ-es 2026-06-29 11:24:32 +02:00
  • 8441c4bc7a Translations: Update French CVZ-es 2026-06-29 11:40:04 +02:00
  • 97ff252c09 Translations: Update French CVZ-es 2026-06-29 11:38:16 +02:00
  • d3ca2ac1e5 Translations: Update German CVZ-es 2026-06-29 11:13:31 +02:00
  • 6eebaaa563 [SECURITY] Hardening for user impersonation feature (CVE-2026-13602) Raphael Michel 2026-06-29 09:47:35 +02:00
  • c9781f012b [SECURITY] Centralize framebreaking logic from payment plugins to core (CVE-2026-13602) Raphael Michel 2026-06-27 09:40:40 +02:00
  • 000bf54105 [SECURITY] Allowlisting and changed salts for safelink and safelink_callback (CVE-2026-13602) Mira Weller 2026-06-27 14:05:53 +02:00
  • e42d3d632f filter out the 404 log records from django.request (#6324) Lukas Bockstaller 2026-07-01 11:33:04 +02:00
  • 3bf5a5e478 include settings attribute during type checking (#6323) Lukas Bockstaller 2026-07-01 11:32:54 +02:00
  • a6f31df0d4 Do not assign domain across organizers when copying events Raphael Michel 2026-06-30 18:51:49 +02:00
  • d40492748a Event product list: Hotfix for pathological performance in large event series (#6318) Raphael Michel 2026-06-29 19:02:06 +02:00
  • f4ca230af7 Improve voucher import unique code checks (#6311) Richard Schreiber 2026-06-29 14:37:41 +02:00
  • 4fb1748bf6 Fix handling country=None in attendee profiles (#6309) Richard Schreiber 2026-06-29 14:32:01 +02:00
  • 9d668af102 Discover translatable strings in .ts files (Z#23238475) Raphael Michel 2026-06-28 17:51:40 +02:00
  • 80fd4a3b2a Translations: Update German (informal) (de_Informal) Raphael Michel 2026-06-28 17:19:18 +02:00
  • 65bb2283d4 Translations: Update German Raphael Michel 2026-06-28 17:19:11 +02:00
  • 00751e8911 Translations: Update German (informal) (de_Informal) Raphael Michel 2026-06-28 17:13:30 +02:00
  • 957a066475 Translations: Update German Raphael Michel 2026-06-28 17:10:51 +02:00
  • 7e077bdd7e Subevent detail: Fix incorrect ticket count (Z#23238481) Raphael Michel 2026-06-28 17:43:22 +02:00
  • e80d84ec3c Update po files [CI skip] Raphael Michel 2026-06-28 16:44:09 +02:00
  • dc3b742d8c Translations: Update Catalan Kim Lozano 2026-06-25 07:26:58 +02:00
  • 1f5fe1b237 SSRF protection: Edge case handling for CGNAT and v4/v6 mapping (Z#23236468) (#6260) Raphael Michel 2026-06-26 16:45:20 +02:00
  • a8997f8971 [SECURITY] Properly escape HTML tags in PDF generation (CVE-2026-57535) Raphael Michel 2026-06-12 13:56:29 +02:00
  • eb068f524c [SECURITY] Prevent reading of any local files in reportlab (CVE-2026-57535) Raphael Michel 2026-06-09 19:46:04 +02:00
  • f615595547 [SECURITY] Disable outbound and file access for reportlab (CVE-2026-57535) Raphael Michel 2026-06-09 19:32:56 +02:00
  • 8bd78eefcf [SECURITY] Fix reflected XSS in redirection page (CVE-2026-57533) Mira Weller 2026-06-19 13:22:19 +02:00
  • 848f7fa0e5 [SECURITY] Fix stored XSS in ticket confirmation page (CVE-2026-13225) Mira Weller 2026-06-19 13:31:09 +02:00
  • 3442a543c8 [SECURITY] Hardening: Don't use |safe on confirm_messages Mira Weller 2026-06-19 14:13:16 +02:00
  • f88c24863d [SECURITY] Fix XSS in ticket layout JSON (CVE-2026-57532) Mira Weller 2026-06-23 21:57:05 +02:00
  • 7faf6cfd80 Bump to 2026.5.2 Raphael Michel 2026-06-25 16:40:44 +02:00
  • cdeb3609f3 [SECURITY] Properly escape HTML tags in PDF generation (CVE-2026-57535) Raphael Michel 2026-06-12 13:56:29 +02:00
  • 53d8aa5679 [SECURITY] Prevent reading of any local files in reportlab (CVE-2026-57535) Raphael Michel 2026-06-09 19:46:04 +02:00
  • 80601cc013 [SECURITY] Disable outbound and file access for reportlab (CVE-2026-57535) Raphael Michel 2026-06-09 19:32:56 +02:00
  • e2661f304d [SECURITY] Fix reflected XSS in redirection page (CVE-2026-57533) Mira Weller 2026-06-19 13:22:19 +02:00
  • 71f6ade5d6 [SECURITY] Fix stored XSS in ticket confirmation page (CVE-2026-13225) Mira Weller 2026-06-19 13:31:09 +02:00
  • e087dd39b8 [SECURITY] Hardening: Don't use |safe on confirm_messages Mira Weller 2026-06-19 14:13:16 +02:00
  • f3a8ce39f1 [SECURITY] Fix XSS in ticket layout JSON (CVE-2026-57532) Mira Weller 2026-06-23 21:57:05 +02:00
  • 79c5160b57 Revert "Update django-countries requirement from ==8.2.* to ==9.0.* (#6269)" (#6310) Lukas Bockstaller 2026-06-24 10:42:56 +02:00
  • e8492cad3c Seating: fix handling optional position attribute (#6303) Richard Schreiber 2026-06-24 09:47:08 +02:00
  • 7ea5a2b59e PDF: add placeholder invoice_custom_field (#6298) Richard Schreiber 2026-06-24 09:46:43 +02:00
  • 4c373518d0 Fix event meta property handling when cloning across organizers (Z#23231419) (#6306) luelista 2026-06-23 19:01:32 +02:00
  • 1521c0cfcd Fix URL matching in EventQRCode (Z#23237781) (#6304) luelista 2026-06-23 18:34:31 +02:00
  • 3432e62e4f Update css-inline requirement from ==0.20.* to ==0.21.* (#6302) dependabot[bot] 2026-06-23 13:32:50 +02:00
  • 736fa38ca7 Update sentry-sdk requirement from ==2.62.* to ==2.63.* (#6301) dependabot[bot] 2026-06-23 13:32:39 +02:00
  • d14dc4c5ff Test order deletion: Improve bulk performance (Z#23237160) (#6274) Raphael Michel 2026-06-22 09:49:27 +02:00
  • 5db1a5b8af Rename confusingly named helpers for URL generation (#6280) Raphael Michel 2026-06-22 09:11:55 +02:00
  • 86a51afe9e Translations: Update Russian Nikita Mitasov 2026-06-20 10:44:32 +02:00
  • ea9c85a1b4 Translations: Update Danish Nikolai 2026-06-20 12:43:27 +02:00
  • 226ff9b044 Translations: Update Russian Nikita Mitasov 2026-06-20 09:50:58 +02:00
  • d8991d8138 Translations: Update Hungarian Szurofka Márton 2026-06-18 14:11:28 +02:00
  • 83642ec9f3 Translations: Update Russian Nikita Mitasov 2026-06-14 03:05:47 +02:00
  • 9f0ce28ce4 Bump vite from 8.0.12 to 8.0.16 (#6294) dependabot[bot] 2026-06-22 08:57:41 +02:00
  • 28722fecbd Update cryptography requirement from >=48.0.1 to >=49.0.0 (#6289) dependabot[bot] 2026-06-22 08:57:33 +02:00
  • 10a5d4ac68 Update pytest requirement from ==9.0.* to ==9.1.* (#6290) dependabot[bot] 2026-06-22 08:57:10 +02:00
  • ba36f6d2ce Update webauthn requirement from ==2.7.* to ==2.8.* (#6293) dependabot[bot] 2026-06-22 08:56:57 +02:00
  • 1e301da26c Update django-countries requirement from ==8.2.* to ==9.0.* (#6269) dependabot[bot] 2026-06-22 08:56:41 +02:00
  • d0307b9936 Use OrderPosition.all instead of .objects in metrics (#6285) luelista 2026-06-21 12:46:07 +02:00
  • 54479f8f32 Update pretix domain TechuserUpdatechecker 2026-06-20 21:33:05 +02:00
  • 8142cc8b18 Merge pull request 'upstream/2026.5.1' (#18) from upstream/2026.5.1 into master 2026.5.1.0 simon 2026-06-20 19:21:33 +00:00
  • 87c1232a38 Merge branch 'master' into upstream/2026.5.1 upstream/2026.5.1 TechuserUpdatechecker 2026-06-20 21:00:06 +02:00
  • f838e29400 Add claude skill TechuserUpdatechecker 2026-06-20 20:59:23 +02:00
  • bd1e583266 Merge branch 'feature/pretix-oidc-plugin' into master simon 2026-06-20 20:35:55 +02:00
  • 7a9640ddca Add pretix-oidc plugin for Keycloak SSO integration 2026.5.0.1 feature/pretix-oidc-plugin simon 2026-06-19 22:10:45 +02:00
  • c083ce904a Checkin API: Provide 'reason' for RequiredMediaExchangeError (PRETIXEU-DHW) Martin Gross 2026-06-19 12:41:32 +02:00
  • 694b915d89 include errors.js by default and make it coop with async_task_replace_page (Z#23236752) (#6284) Lukas Bockstaller 2026-06-16 15:18:19 +02:00
  • ea928ea7d4 Widget: Fix handling of HTTP-429 errors Raphael Michel 2026-06-16 09:11:33 +02:00
  • 36d49fbd77 Question detail: Fix crash in filter Richard Schreiber 2026-06-15 08:00:55 +02:00
  • f0cb451c34 LocaleMiddleware: Correctly reset region for backend views Raphael Michel 2026-06-12 10:54:39 +02:00
  • 2c7fcd0599 Accounting report: Correctly split subevents with same label (Z#23237301) (#6275) Raphael Michel 2026-06-12 14:36:10 +02:00
  • 034722fa39 Skip e2e tests on gitlab for now Raphael Michel 2026-06-12 14:07:29 +02:00
  • 5a6870fce1 Update cryptography requirement from >=48.0.0 to >=48.0.1 dependabot[bot] 2026-06-11 18:13:23 +00:00
  • de28425993 Translations: Update German (informal) (de_Informal) Mira 2026-06-09 13:40:09 +02:00
  • f3eb0d2dba Translations: Update German Mira 2026-06-09 13:39:33 +02:00
  • 0630e05d50 Translations: Update French Sébastien BRUNEAU 2026-06-08 10:06:34 +02:00
  • f868507670 Update beautifulsoup4 requirement from ==4.14.* to ==4.15.* (#6257) dependabot[bot] 2026-06-11 16:29:49 +02:00
  • 04032078c1 Update sentry-sdk requirement from ==2.61.* to ==2.62.* (#6256) dependabot[bot] 2026-06-11 16:29:40 +02:00
  • 8af2714a04 Prune wheel and setuptools-rust from build-system (#6268) Martin Weinelt 2026-06-11 16:29:32 +02:00
  • c4b9cc4143 Allow search by partial giftcard secret with organizer.giftcards:read (#6263) luelista 2026-06-11 16:26:05 +02:00
  • 8c132d8342 Teams: Add a note to the degree of isolation between permissions (#6258) Raphael Michel 2026-06-11 16:25:58 +02:00
  • 8e63fafc62 Devex: Fix vite devserver capturing stdin (#6267) pajowu 2026-06-11 16:25:48 +02:00
  • 63ebe16fd3 Fix count in order bulk delete success message (#6270) luelista 2026-06-11 16:25:38 +02:00
  • 775fdd1ccb Check-in API: Add reusable media exchange (#6115) Martin Gross 2026-06-11 16:25:13 +02:00
  • 784577d86f Fix markup of error template (#6265) luelista 2026-06-10 14:16:46 +02:00
  • 07d27e66d1 Use HTTP-REFERER as fallback for vite_origins (#6246) Richard Schreiber 2026-06-09 13:24:46 +02:00
  • a6c417eb2f Bump version to 2026.5.1 Raphael Michel 2026-06-09 13:22:17 +02:00
  • 5d449ea313 [SECURITY] Reusable media export: Respect giftcard permissions (CVE-2026-11764) (#6261) Richard Schreiber 2026-06-09 13:20:48 +02:00
  • b404316dfd [SECURITY] Reusable media export: Respect giftcard permissions (CVE-2026-11764) (#6261) Richard Schreiber 2026-06-09 13:20:48 +02:00
  • edf97a13cd Don't show warning if inactive products are used in checkin-rules (Z#23236197) (#6242) luelista 2026-06-09 12:48:03 +02:00
  • c384bc2e7a Update bleach requirement from ==6.3.* to ==6.4.* (#6249) dependabot[bot] 2026-06-08 17:33:50 +02:00
  • f16034d0cc Check-in: Fix handling of optional file questions (Z#23236493) (#6251) Raphael Michel 2026-06-08 14:25:50 +02:00
  • 93469d33e5 SubEvent details: Fix incorrect signal usage Raphael Michel 2026-06-05 11:42:45 +02:00