Add logging for successfully synced orders

(debugging orders that might get silently skipped)

doc/api/deviceauth.rst

@@ -208,20 +208,6 @@ Additionally, when creating a device through the user interface or API, a user c
 the device. These include an allow list of specific API calls that may be made by the device. pretix ships with security
 policies for official pretix apps like pretixSCAN and pretixPOS.
 
-Removing a device
------------------
-
-If you want implement a way to to deprovision a device in your software, you can call the ``revoke`` endpoint to
-invalidate your API key. There is no way to reverse this operation.
-
-.. sourcecode:: http
-
-   POST /api/v1/device/revoke HTTP/1.1
-   Host: pretix.eu
-   Authorization: Device 1kcsh572fonm3hawalrncam4l1gktr2rzx25a22l8g9hx108o9oi0rztpcvwnfnd
-
-This can also be done by the user through the web interface.
-
 Event selection
 ---------------
 

doc/api/resources/webhooks.rst

@@ -60,6 +60,9 @@ The following values for ``action_types`` are valid with pretix core:
     * ``pretix.event.added``
     * ``pretix.event.changed``
     * ``pretix.event.deleted``
+    * ``pretix.giftcards.created``
+    * ``pretix.giftcards.modified``
+    * ``pretix.giftcards.transaction.*``
     * ``pretix.voucher.added``
     * ``pretix.voucher.changed``
     * ``pretix.voucher.deleted``

doc/requirements.rtd.txt

@@ -1,6 +1,6 @@
 sphinx==9.1.*
 sphinx-rtd-theme~=3.1.0
-sphinxcontrib-httpdomain~=1.8.1
+sphinxcontrib-httpdomain~=2.0.0
 sphinxcontrib-images~=1.0.1
 sphinxcontrib-jquery~=4.1
 sphinxcontrib-spelling~=8.0.2

doc/requirements.txt

@@ -1,7 +1,7 @@
 -e ../
 sphinx==9.1.*
 sphinx-rtd-theme~=3.1.0
-sphinxcontrib-httpdomain~=1.8.1
+sphinxcontrib-httpdomain~=2.0.0
 sphinxcontrib-images~=1.0.1
 sphinxcontrib-jquery~=4.1
 sphinxcontrib-spelling~=8.0.2

pyproject.toml

@@ -33,7 +33,7 @@ dependencies = [
   "celery==5.6.*",
   "chardet==5.2.*",
   "cryptography>=44.0.0",
-  "css-inline==0.19.*",
+  "css-inline==0.20.*",
   "defusedcsv>=1.1.0",
   "dnspython==2.*",
   "Django[argon2]==4.2.*,>=4.2.26",
@@ -65,7 +65,7 @@ dependencies = [
   "kombu==5.6.*",
   "libsass==0.23.*",
   "lxml",
-  "markdown==3.10.1",  # 3.3.5 requires importlib-metadata>=4.4, but django-bootstrap3 requires importlib-metadata<3.
+  "markdown==3.10.2",  # 3.3.5 requires importlib-metadata>=4.4, but django-bootstrap3 requires importlib-metadata<3.
   # We can upgrade markdown again once django-bootstrap3 upgrades or once we drop Python 3.6 and 3.7
   "mt-940==4.30.*",
   "oauthlib==3.3.*",
@@ -73,7 +73,7 @@ dependencies = [
   "packaging",
   "paypalrestsdk==1.13.*",
   "paypal-checkout-serversdk==1.0.*",
-  "PyJWT==2.10.*",
+  "PyJWT==2.11.*",
   "phonenumberslite==9.0.*",
   "Pillow==12.1.*",
   "pretix-plugin-build",
@@ -92,7 +92,7 @@ dependencies = [
   "redis==7.1.*",
   "reportlab==4.4.*",
   "requests==2.32.*",
-  "sentry-sdk==2.50.*",
+  "sentry-sdk==2.53.*",
   "sepaxml==2.7.*",
   "stripe==7.9.*",
   "text-unidecode==1.*",
@@ -110,10 +110,10 @@ dev = [
   "aiohttp==3.13.*",
   "coverage",
   "coveralls",
-  "fakeredis==2.33.*",
+  "fakeredis==2.34.*",
   "flake8==7.3.*",
   "freezegun",
-  "isort==7.0.*",
+  "isort==8.0.*",
   "pep8-naming==0.15.*",
   "potypo",
   "pytest-asyncio>=0.24",

src/pretix/__init__.py

@@ -19,4 +19,4 @@
 # You should have received a copy of the GNU Affero General Public License along with this program.  If not, see
 # <https://www.gnu.org/licenses/>.
 #
-__version__ = "2026.1.0"
+__version__ = "2026.3.0.dev0"

src/pretix/api/serializers/order.py

@@ -1743,6 +1743,7 @@ class OrderCreateSerializer(I18nAwareModelSerializer):
             rounding_mode = self.context["event"].settings.tax_rounding
         changed = apply_rounding(
             rounding_mode,
+            ia,
             self.context["event"].currency,
             [*pos_map.values(), *fees]
         )

src/pretix/api/serializers/organizer.py

@@ -49,7 +49,7 @@ from pretix.base.plugins import (
     PLUGIN_LEVEL_EVENT, PLUGIN_LEVEL_EVENT_ORGANIZER_HYBRID,
     PLUGIN_LEVEL_ORGANIZER,
 )
-from pretix.base.services.mail import SendMailException, mail
+from pretix.base.services.mail import mail
 from pretix.base.settings import validate_organizer_settings
 from pretix.helpers.urls import build_absolute_uri as build_global_uri
 from pretix.multidomain.urlreverse import build_absolute_uri
@@ -363,24 +363,21 @@ class TeamInviteSerializer(serializers.ModelSerializer):
         )
 
     def _send_invite(self, instance):
-        try:
-            mail(
-                instance.email,
-                _('pretix account invitation'),
-                'pretixcontrol/email/invitation.txt',
-                {
-                    'user': self,
-                    'organizer': self.context['organizer'].name,
-                    'team': instance.team.name,
-                    'url': build_global_uri('control:auth.invite', kwargs={
-                        'token': instance.token
-                    })
-                },
-                event=None,
-                locale=get_language_without_region()  # TODO: expose?
-            )
-        except SendMailException:
-            pass  # Already logged
+        mail(
+            instance.email,
+            _('pretix account invitation'),
+            'pretixcontrol/email/invitation.txt',
+            {
+                'user': self,
+                'organizer': self.context['organizer'].name,
+                'team': instance.team.name,
+                'url': build_global_uri('control:auth.invite', kwargs={
+                    'token': instance.token
+                })
+            },
+            event=None,
+            locale=get_language_without_region()  # TODO: expose?
+        )
 
     def create(self, validated_data):
         if 'email' in validated_data:

src/pretix/api/views/checkin.py

@@ -188,11 +188,15 @@ class CheckinListViewSet(viewsets.ModelViewSet):
         clist = self.get_object()
         if serializer.validated_data.get('nonce'):
             if kwargs.get('position'):
-                prev = kwargs['position'].all_checkins.filter(nonce=serializer.validated_data['nonce']).first()
+                prev = kwargs['position'].all_checkins.filter(
+                    nonce=serializer.validated_data['nonce'],
+                    successful=False
+                ).first()
             else:
                 prev = clist.checkins.filter(
                     nonce=serializer.validated_data['nonce'],
                     raw_barcode=serializer.validated_data['raw_barcode'],
+                    successful=False
                 ).first()
             if prev:
                 # Ignore because nonce is already handled

src/pretix/api/views/order.py

@@ -90,7 +90,6 @@ from pretix.base.services.invoices import (
     generate_cancellation, generate_invoice, invoice_pdf, invoice_qualified,
     regenerate_invoice, transmit_invoice,
 )
-from pretix.base.services.mail import SendMailException
 from pretix.base.services.orders import (
     OrderChangeManager, OrderError, _order_placed_email,
     _order_placed_email_attendee, approve_order, cancel_order, deny_order,
@@ -439,8 +438,6 @@ class EventOrderViewSet(OrderViewSetMixin, viewsets.ModelViewSet):
                 return Response({'detail': str(e)}, status=status.HTTP_400_BAD_REQUEST)
             except PaymentException as e:
                 return Response({'detail': str(e)}, status=status.HTTP_400_BAD_REQUEST)
-            except SendMailException:
-                pass
 
             return self.retrieve(request, [], **kwargs)
         return Response(
@@ -634,10 +631,7 @@ class EventOrderViewSet(OrderViewSetMixin, viewsets.ModelViewSet):
         order = self.get_object()
         if not order.email:
             return Response({'detail': 'There is no email address associated with this order.'}, status=status.HTTP_400_BAD_REQUEST)
-        try:
-            order.resend_link(user=self.request.user, auth=self.request.auth)
-        except SendMailException:
-            return Response({'detail': _('There was an error sending the mail. Please try again later.')}, status=status.HTTP_503_SERVICE_UNAVAILABLE)
+        order.resend_link(user=self.request.user, auth=self.request.auth)
 
         return Response(
             status=status.HTTP_204_NO_CONTENT
@@ -1616,8 +1610,6 @@ class PaymentViewSet(CreateModelMixin, viewsets.ReadOnlyModelViewSet):
                     )
                 except Quota.QuotaExceededException:
                     pass
-                except SendMailException:
-                    pass
 
             serializer = OrderPaymentSerializer(r, context=serializer.context)
 
@@ -1655,8 +1647,6 @@ class PaymentViewSet(CreateModelMixin, viewsets.ReadOnlyModelViewSet):
             return Response({'detail': str(e)}, status=status.HTTP_400_BAD_REQUEST)
         except PaymentException as e:
             return Response({'detail': str(e)}, status=status.HTTP_400_BAD_REQUEST)
-        except SendMailException:
-            pass
         return self.retrieve(request, [], **kwargs)
 
     @action(detail=True, methods=['POST'])

src/pretix/api/views/organizer.py

@@ -249,12 +249,24 @@ class GiftCardViewSet(viewsets.ModelViewSet):
     def perform_create(self, serializer):
         value = serializer.validated_data.pop('value')
         inst = serializer.save(issuer=self.request.organizer)
-        inst.transactions.create(value=value, acceptor=self.request.organizer)
         inst.log_action(
-            'pretix.giftcards.transaction.manual',
+            action='pretix.giftcards.created',
             user=self.request.user,
             auth=self.request.auth,
-            data=merge_dicts(self.request.data, {'id': inst.pk})
+        )
+        inst.transactions.create(value=value, acceptor=self.request.organizer)
+        inst.log_action(
+            action='pretix.giftcards.transaction.manual',
+            user=self.request.user,
+            auth=self.request.auth,
+            data=merge_dicts(
+                self.request.data,
+                {
+                    'id': inst.pk,
+                    'acceptor_id': self.request.organizer.id,
+                    'acceptor_slug': self.request.organizer.slug
+                }
+            )
         )
 
     @transaction.atomic()
@@ -269,7 +281,7 @@ class GiftCardViewSet(viewsets.ModelViewSet):
             inst = serializer.save(secret=serializer.instance.secret, currency=serializer.instance.currency,
                                    testmode=serializer.instance.testmode)
             inst.log_action(
-                'pretix.giftcards.modified',
+                action='pretix.giftcards.modified',
                 user=self.request.user,
                 auth=self.request.auth,
                 data=self.request.data,
@@ -282,10 +294,14 @@ class GiftCardViewSet(viewsets.ModelViewSet):
             diff = value - old_value
             inst.transactions.create(value=diff, acceptor=self.request.organizer)
             inst.log_action(
-                'pretix.giftcards.transaction.manual',
+                action='pretix.giftcards.transaction.manual',
                 user=self.request.user,
                 auth=self.request.auth,
-                data={'value': diff}
+                data={
+                    'value': diff,
+                    'acceptor_id': self.request.organizer.id,
+                    'acceptor_slug': self.request.organizer.slug
+                }
             )
 
         return inst
@@ -309,10 +325,15 @@ class GiftCardViewSet(viewsets.ModelViewSet):
             }, status=status.HTTP_409_CONFLICT)
         gc.transactions.create(value=value, text=text, info=info, acceptor=self.request.organizer)
         gc.log_action(
-            'pretix.giftcards.transaction.manual',
+            action='pretix.giftcards.transaction.manual',
             user=self.request.user,
             auth=self.request.auth,
-            data={'value': value, 'text': text}
+            data={
+                'value': value,
+                'text': text,
+                'acceptor_id': self.request.organizer.id,
+                'acceptor_slug': self.request.organizer.slug
+            }
         )
         return Response(GiftCardSerializer(gc, context=self.get_serializer_context()).data, status=status.HTTP_200_OK)
 

src/pretix/api/webhooks.py

@@ -174,6 +174,38 @@ class ParametrizedEventWebhookEvent(ParametrizedWebhookEvent):
         }
 
 
+class ParametrizedGiftcardWebhookEvent(ParametrizedWebhookEvent):
+    def build_payload(self, logentry: LogEntry):
+        giftcard = logentry.content_object
+        if not giftcard:
+            return None
+
+        return {
+            'notification_id': logentry.pk,
+            'issuer_id': logentry.organizer_id,
+            'issuer_slug': logentry.organizer.slug,
+            'giftcard': giftcard.pk,
+            'action': logentry.action_type,
+        }
+
+
+class ParametrizedGiftcardTransactionWebhookEvent(ParametrizedWebhookEvent):
+    def build_payload(self, logentry: LogEntry):
+        giftcard = logentry.content_object
+        if not giftcard:
+            return None
+
+        return {
+            'notification_id': logentry.pk,
+            'issuer_id': logentry.organizer_id,
+            'issuer_slug': logentry.organizer.slug,
+            'acceptor_id': logentry.parsed_data.get('acceptor_id'),
+            'acceptor_slug': logentry.parsed_data.get('acceptor_slug'),
+            'giftcard': giftcard.pk,
+            'action': logentry.action_type,
+        }
+
+
 class ParametrizedVoucherWebhookEvent(ParametrizedWebhookEvent):
 
     def build_payload(self, logentry: LogEntry):
@@ -433,6 +465,18 @@ def register_default_webhook_events(sender, **kwargs):
             'pretix.customer.anonymized',
             _('Customer account anonymized'),
         ),
+        ParametrizedGiftcardWebhookEvent(
+            'pretix.giftcards.created',
+            _('Gift card added'),
+        ),
+        ParametrizedGiftcardWebhookEvent(
+            'pretix.giftcards.modified',
+            _('Gift card modified'),
+        ),
+        ParametrizedGiftcardTransactionWebhookEvent(
+            'pretix.giftcards.transaction.*',
+            _('Gift card used in transaction'),
+        )
     )
 
 

src/pretix/base/datasync/datasync.py

@@ -216,7 +216,10 @@ class OutboundSyncProvider:
 
             try:
                 mapped_objects = self.sync_order(sq.order)
-                if not all(all(not res or res.sync_info.get("action", "") == "nothing_to_do" for res in res_list) for res_list in mapped_objects.values()):
+                actions_taken = [res and res.sync_info.get("action", "") for res_list in mapped_objects.values() for res in res_list]
+                should_write_logentry = any(action not in (None, "nothing_to_do") for action in actions_taken)
+                logger.info('Synced order %s to %s, actions: %r, log: %r', sq.order.code, sq.sync_provider, actions_taken, should_write_logentry)
+                if should_write_logentry:
                     sq.order.log_action("pretix.event.order.data_sync.success", {
                         "provider": self.identifier,
                         "objects": {
@@ -237,7 +240,7 @@ class OutboundSyncProvider:
                     sq.set_sync_error("exceeded", e.messages, e.full_message)
                 else:
                     logger.info(
-                        f"Could not sync order {sq.order.code} to {type(self).__name__} "
+                        f"Could not sync order {sq.order.code} to {sq.sync_provider} "
                         f"(transient error, attempt #{sq.failed_attempts}, next {sq.not_before})",
                         exc_info=True,
                     )

src/pretix/base/email.py

@@ -39,7 +39,7 @@ from pretix.base.templatetags.rich_text import (
     DEFAULT_CALLBACKS, EMAIL_RE, URL_RE, abslink_callback,
     markdown_compile_email, truelink_callback,
 )
-from pretix.helpers.format import SafeFormatter, format_map
+from pretix.helpers.format import FormattedString, SafeFormatter, format_map
 
 from pretix.base.services.placeholders import (  # noqa
     get_available_placeholders, PlaceholderContext
@@ -141,6 +141,7 @@ class TemplateBasedMailRenderer(BaseHTMLMailRenderer):
         return markdown_compile_email(plaintext, context=context)
 
     def render(self, plain_body: str, plain_signature: str, subject: str, order, position, context) -> str:
+        apply_format_map = not isinstance(plain_body, FormattedString)
         body_md = self.compile_markdown(plain_body, context)
         if context:
             linker = bleach.Linker(
@@ -149,12 +150,13 @@ class TemplateBasedMailRenderer(BaseHTMLMailRenderer):
                 callbacks=DEFAULT_CALLBACKS + [truelink_callback, abslink_callback],
                 parse_email=True
             )
-            body_md = format_map(
-                body_md,
-                context=context,
-                mode=SafeFormatter.MODE_RICH_TO_HTML,
-                linkifier=linker
-            )
+            if apply_format_map:
+                body_md = format_map(
+                    body_md,
+                    context=context,
+                    mode=SafeFormatter.MODE_RICH_TO_HTML,
+                    linkifier=linker
+                )
         htmlctx = {
             'site': settings.PRETIX_INSTANCE_NAME,
             'site_url': settings.SITE_URL,

src/pretix/base/exporters/orderlist.py

@@ -651,6 +651,7 @@ class OrderListExporter(MultiSheetListExporter):
             pgettext('address', 'State'),
             _('Voucher'),
             _('Voucher budget usage'),
+            _('Voucher tag'),
             _('Pseudonymization ID'),
             _('Ticket secret'),
             _('Seat ID'),
@@ -769,6 +770,7 @@ class OrderListExporter(MultiSheetListExporter):
                     op.state_for_address or '',
                     op.voucher.code if op.voucher else '',
                     op.voucher_budget_use if op.voucher_budget_use else '',
+                    op.voucher.tag if op.voucher else '',
                     op.pseudonymization_id,
                     op.secret,
                 ]

src/pretix/base/forms/questions.py

@@ -890,18 +890,18 @@ class BaseQuestionsForm(forms.Form):
                 if not help_text:
                     if q.valid_date_min and q.valid_date_max:
                         help_text = format_lazy(
-                            'Please enter a date between {min} and {max}.',
+                            _('Please enter a date between {min} and {max}.'),
                             min=date_format(q.valid_date_min, "SHORT_DATE_FORMAT"),
                             max=date_format(q.valid_date_max, "SHORT_DATE_FORMAT"),
                         )
                     elif q.valid_date_min:
                         help_text = format_lazy(
-                            'Please enter a date no earlier than {min}.',
+                            _('Please enter a date no earlier than {min}.'),
                             min=date_format(q.valid_date_min, "SHORT_DATE_FORMAT"),
                         )
                     elif q.valid_date_max:
                         help_text = format_lazy(
-                            'Please enter a date no later than {max}.',
+                            _('Please enter a date no later than {max}.'),
                             max=date_format(q.valid_date_max, "SHORT_DATE_FORMAT"),
                         )
                 if initial and initial.answer:
@@ -939,18 +939,18 @@ class BaseQuestionsForm(forms.Form):
                 if not help_text:
                     if q.valid_datetime_min and q.valid_datetime_max:
                         help_text = format_lazy(
-                            'Please enter a date and time between {min} and {max}.',
+                            _('Please enter a date and time between {min} and {max}.'),
                             min=date_format(q.valid_datetime_min, "SHORT_DATETIME_FORMAT"),
                             max=date_format(q.valid_datetime_max, "SHORT_DATETIME_FORMAT"),
                         )
                     elif q.valid_datetime_min:
                         help_text = format_lazy(
-                            'Please enter a date and time no earlier than {min}.',
+                            _('Please enter a date and time no earlier than {min}.'),
                             min=date_format(q.valid_datetime_min, "SHORT_DATETIME_FORMAT"),
                         )
                     elif q.valid_datetime_max:
                         help_text = format_lazy(
-                            'Please enter a date and time no later than {max}.',
+                            _('Please enter a date and time no later than {max}.'),
                             max=date_format(q.valid_datetime_max, "SHORT_DATETIME_FORMAT"),
                         )
 

src/pretix/base/invoicing/email.py

@@ -33,7 +33,7 @@ from pretix.base.invoicing.transmission import (
     transmission_types,
 )
 from pretix.base.models import Invoice, InvoiceAddress
-from pretix.base.services.mail import SendMailException, mail, render_mail
+from pretix.base.services.mail import mail, render_mail
 from pretix.helpers.format import format_map
 
 
@@ -133,41 +133,37 @@ class EmailTransmissionProvider(TransmissionProvider):
             template = invoice.order.event.settings.get('mail_text_order_invoice', as_type=LazyI18nString)
             subject = invoice.order.event.settings.get('mail_subject_order_invoice', as_type=LazyI18nString)
 
-            try:
-                # Do not set to completed because that is done by the email sending task
-                subject = format_map(subject, context)
-                email_content = render_mail(template, context)
-                mail(
-                    [recipient],
-                    subject,
-                    template,
-                    context=context,
-                    event=invoice.order.event,
-                    locale=invoice.order.locale,
-                    order=invoice.order,
-                    invoices=[invoice],
-                    attach_tickets=False,
-                    auto_email=True,
-                    attach_ical=False,
-                    plain_text_only=True,
-                    no_order_links=True,
-                )
-            except SendMailException:
-                raise
-            else:
-                invoice.order.log_action(
-                    'pretix.event.order.email.invoice',
-                    user=None,
-                    auth=None,
-                    data={
-                        'subject': subject,
-                        'message': email_content,
-                        'position': None,
-                        'recipient': recipient,
-                        'invoices': [invoice.pk],
-                        'attach_tickets': False,
-                        'attach_ical': False,
-                        'attach_other_files': [],
-                        'attach_cached_files': [],
-                    }
-                )
+            # Do not set to completed because that is done by the email sending task
+            subject = format_map(subject, context)
+            email_content = render_mail(template, context)
+            mail(
+                [recipient],
+                subject,
+                template,
+                context=context,
+                event=invoice.order.event,
+                locale=invoice.order.locale,
+                order=invoice.order,
+                invoices=[invoice],
+                attach_tickets=False,
+                auto_email=True,
+                attach_ical=False,
+                plain_text_only=True,
+                no_order_links=True,
+            )
+            invoice.order.log_action(
+                'pretix.event.order.email.invoice',
+                user=None,
+                auth=None,
+                data={
+                    'subject': subject,
+                    'message': email_content,
+                    'position': None,
+                    'recipient': recipient,
+                    'invoices': [invoice.pk],
+                    'attach_tickets': False,
+                    'attach_ical': False,
+                    'attach_other_files': [],
+                    'attach_cached_files': [],
+                }
+            )

src/pretix/base/invoicing/transmission.py

@@ -21,6 +21,7 @@
 #
 from typing import Optional
 
+from django.utils.translation import gettext_lazy as _
 from django_countries.fields import Country
 
 from pretix.base.models import Invoice, InvoiceAddress
@@ -106,6 +107,22 @@ class TransmissionType:
     def transmission_info_to_form_data(self, transmission_info: dict) -> dict:
         return transmission_info
 
+    def describe_info(self, transmission_info: dict, country: Country, is_business: bool):
+        form_data = self.transmission_info_to_form_data(transmission_info)
+        data = []
+        visible_field_keys = self.invoice_address_form_fields_visible(country, is_business)
+        for k, f in self.invoice_address_form_fields.items():
+            if k not in visible_field_keys:
+                continue
+            v = form_data.get(k)
+            if v is True:
+                v = _("Yes")
+            elif v is False:
+                v = _("No")
+            if v:
+                data.append((f.label, v))
+        return data
+
     def pdf_watermark(self) -> Optional[str]:
         """
         Return a watermark that should be rendered across the PDF file.

src/pretix/base/metrics.py

@@ -294,14 +294,28 @@ def metric_values():
         channel = app.broker_connection().channel()
         if hasattr(channel, 'client') and channel.client is not None:
             client = channel.client
+            priority_steps = settings.CELERY_BROKER_TRANSPORT_OPTIONS.get("priority_steps", [0])
+            sep = settings.CELERY_BROKER_TRANSPORT_OPTIONS.get("sep", ":")
+
             for q in settings.CELERY_TASK_QUEUES:
-                llen = client.llen(q.name)
-                lfirst = client.lindex(q.name, -1)
-                metrics['pretix_celery_tasks_queued_count']['{queue="%s"}' % q.name] = llen
-                if lfirst:
-                    ldata = json.loads(lfirst)
-                    dt = time.time() - ldata.get('created', 0)
-                    metrics['pretix_celery_tasks_queued_age_seconds']['{queue="%s"}' % q.name] = dt
+                queue_lengths = []
+                queue_delays = []
+                for prio in priority_steps:
+                    if prio:
+                        qname = f"{q.name}{sep}{prio}"
+                    else:
+                        qname = q.name
+                    queue_length = client.llen(qname)
+                    queue_lengths.append(queue_length)
+                    oldest_queue_item = client.lindex(qname, -1)
+                    if oldest_queue_item:
+                        ldata = json.loads(oldest_queue_item)
+                        oldest_item_age = time.time() - ldata.get('created', 0)
+                        queue_delays.append(oldest_item_age)
+
+                metrics['pretix_celery_tasks_queued_count']['{queue="%s"}' % q.name] = sum(queue_lengths)
+                if queue_delays:
+                    metrics['pretix_celery_tasks_queued_age_seconds']['{queue="%s"}' % q.name] = max(queue_delays)
                 else:
                     metrics['pretix_celery_tasks_queued_age_seconds']['{queue="%s"}' % q.name] = 0
 

src/pretix/base/migrations/0297_outgoingmail.py

@@ -0,0 +1,120 @@
+# Generated by Django 4.2.26 on 2026-01-22 13:44
+import uuid
+
+import django.db.models.deletion
+from django.conf import settings
+from django.db import migrations, models
+
+import pretix.base.models.mail
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("pretixbase", "0296_invoice_invoice_from_state"),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name="OutgoingMail",
+            fields=[
+                (
+                    "id",
+                    models.BigAutoField(
+                        auto_created=True, primary_key=True, serialize=False
+                    ),
+                ),
+                ("guid", models.UUIDField(db_index=True, default=uuid.uuid4)),
+                ("status", models.CharField(default="queued", max_length=200)),
+                ("created", models.DateTimeField(auto_now_add=True)),
+                ("sent", models.DateTimeField(blank=True, null=True)),
+                ("inflight_since", models.DateTimeField(blank=True, null=True)),
+                ("retry_after", models.DateTimeField(blank=True, null=True)),
+                ("error", models.TextField(null=True)),
+                ("error_detail", models.TextField(null=True)),
+                ("sensitive", models.BooleanField(default=False)),
+                ("subject", models.TextField()),
+                ("body_plain", models.TextField()),
+                ("body_html", models.TextField(null=True)),
+                ("sender", models.CharField(max_length=500)),
+                ("headers", models.JSONField(default=dict)),
+                ("to", models.JSONField(default=list)),
+                ("cc", models.JSONField(default=list)),
+                ("bcc", models.JSONField(default=list)),
+                ("recipient_count", models.IntegerField()),
+                ("should_attach_tickets", models.BooleanField(default=False)),
+                ("should_attach_ical", models.BooleanField(default=False)),
+                ("should_attach_other_files", models.JSONField(default=list)),
+                ("actual_attachments", models.JSONField(default=list)),
+                (
+                    "customer",
+                    models.ForeignKey(
+                        null=True,
+                        on_delete=pretix.base.models.mail.CASCADE_IF_QUEUED,
+                        related_name="outgoing_mails",
+                        to="pretixbase.customer",
+                    ),
+                ),
+                (
+                    "event",
+                    models.ForeignKey(
+                        null=True,
+                        on_delete=pretix.base.models.mail.CASCADE_IF_QUEUED,
+                        related_name="outgoing_mails",
+                        to="pretixbase.event",
+                    ),
+                ),
+                (
+                    "order",
+                    models.ForeignKey(
+                        null=True,
+                        on_delete=pretix.base.models.mail.CASCADE_IF_QUEUED,
+                        related_name="outgoing_mails",
+                        to="pretixbase.order",
+                    ),
+                ),
+                (
+                    "orderposition",
+                    models.ForeignKey(
+                        null=True,
+                        on_delete=pretix.base.models.mail.CASCADE_IF_QUEUED,
+                        related_name="outgoing_mails",
+                        to="pretixbase.orderposition",
+                    ),
+                ),
+                (
+                    "organizer",
+                    models.ForeignKey(
+                        null=True,
+                        on_delete=django.db.models.deletion.CASCADE,
+                        related_name="outgoing_mails",
+                        to="pretixbase.organizer",
+                    ),
+                ),
+                (
+                    "should_attach_cached_files",
+                    models.ManyToManyField(
+                        related_name="outgoing_mails", to="pretixbase.cachedfile"
+                    ),
+                ),
+                (
+                    "should_attach_invoices",
+                    models.ManyToManyField(
+                        related_name="outgoing_mails", to="pretixbase.invoice"
+                    ),
+                ),
+                (
+                    "user",
+                    models.ForeignKey(
+                        null=True,
+                        on_delete=django.db.models.deletion.CASCADE,
+                        related_name="outgoing_mails",
+                        to=settings.AUTH_USER_MODEL,
+                    ),
+                ),
+            ],
+            options={
+                "ordering": ("-created",),
+            },
+        ),
+    ]

src/pretix/base/modelimport_vouchers.py

@@ -132,7 +132,7 @@ class AllowIgnoreQuotaColumn(BooleanColumnMixin, ImportColumn):
 
 class PriceModeColumn(ImportColumn):
     identifier = 'price_mode'
-    verbose_name = gettext_lazy('Price mode')
+    verbose_name = gettext_lazy('Price effect')
     default_value = None
     initial = 'static:none'
 
@@ -147,7 +147,7 @@ class PriceModeColumn(ImportColumn):
         elif value in reverse:
             return reverse[value]
         else:
-            raise ValidationError(_("Could not parse {value} as a price mode, use one of {options}.").format(
+            raise ValidationError(_("Could not parse {value} as a price effect, use one of {options}.").format(
                 value=value, options=', '.join(d.keys())
             ))
 
@@ -162,7 +162,7 @@ class ValueColumn(DecimalColumnMixin, ImportColumn):
     def clean(self, value, previous_values):
         value = super().clean(value, previous_values)
         if value and previous_values.get("price_mode") == "none":
-            raise ValidationError(_("It is pointless to set a value without a price mode."))
+            raise ValidationError(_("It is pointless to set a value without a price effect."))
         return value
 
     def assign(self, value, obj: Voucher, **kwargs):

src/pretix/base/models/__init__.py

@@ -41,6 +41,7 @@ from .items import (
     itempicture_upload_to,
 )
 from .log import LogEntry
+from .mail import OutgoingMail
 from .media import ReusableMedium
 from .memberships import Membership, MembershipType
 from .notifications import NotificationSetting

src/pretix/base/models/auth.py

@@ -334,27 +334,24 @@ class User(AbstractBaseUser, PermissionsMixin, LoggingMixin):
             return self.email
 
     def send_security_notice(self, messages, email=None):
-        from pretix.base.services.mail import SendMailException, mail
+        from pretix.base.services.mail import mail
 
-        try:
-            with language(self.locale):
-                msg = '- ' + '\n- '.join(str(m) for m in messages)
+        with language(self.locale):
+            msg = '- ' + '\n- '.join(str(m) for m in messages)
 
-            mail(
-                email or self.email,
-                _('Account information changed'),
-                'pretixcontrol/email/security_notice.txt',
-                {
-                    'user': self,
-                    'messages': msg,
-                    'url': build_absolute_uri('control:user.settings')
-                },
-                event=None,
-                user=self,
-                locale=self.locale
-            )
-        except SendMailException:
-            pass  # Already logged
+        mail(
+            email or self.email,
+            _('Account information changed'),
+            'pretixcontrol/email/security_notice.txt',
+            {
+                'user': self,
+                'messages': msg,
+                'url': build_absolute_uri('control:user.settings')
+            },
+            event=None,
+            user=self,
+            locale=self.locale
+        )
 
     def send_confirmation_code(self, session, reason, email=None, state=None):
         """

src/pretix/base/models/base.py

@@ -130,6 +130,8 @@ class LoggingMixin:
             organizer_id = self.event.organizer_id
         elif hasattr(self, 'organizer_id'):
             organizer_id = self.organizer_id
+        elif hasattr(self, 'issuer_id'):
+            organizer_id = self.issuer_id
 
         if user and not user.is_authenticated:
             user = None

src/pretix/base/models/customers.py

@@ -40,6 +40,7 @@ from i18nfield.fields import I18nCharField
 from phonenumber_field.modelfields import PhoneNumberField
 
 from pretix.base.banlist import banned
+from pretix.base.i18n import language
 from pretix.base.models.base import LoggedModel
 from pretix.base.models.fields import MultiStringField
 from pretix.base.models.giftcards import GiftCardTransaction
@@ -164,6 +165,28 @@ class Customer(LoggedModel):
         self.attendee_profiles.all().delete()
         self.invoice_addresses.all().delete()
 
+    def send_security_notice(self, message, email=None):
+        from pretix.base.services.mail import SendMailException, mail
+        from pretix.multidomain.urlreverse import build_absolute_uri
+
+        try:
+            with language(self.locale):
+                mail(
+                    email or self.email,
+                    self.organizer.settings.mail_subject_customer_security_notice,
+                    self.organizer.settings.mail_text_customer_security_notice,
+                    {
+                        **self.get_email_context(),
+                        'message': str(message),
+                        'url': build_absolute_uri(self.organizer, 'presale:organizer.customer.index')
+                    },
+                    customer=self,
+                    organizer=self.organizer,
+                    locale=self.locale
+                )
+        except SendMailException:
+            pass  # Already logged
+
     @scopes_disabled()
     def assign_identifier(self):
         charset = list('ABCDEFGHJKLMNPQRSTUVWXYZ23456789')
@@ -293,6 +316,7 @@ class Customer(LoggedModel):
             locale=self.locale,
             customer=self,
             organizer=self.organizer,
+            sensitive=True,
         )
 
     def usable_gift_cards(self, used_cards=[]):

src/pretix/base/models/datasync.py

@@ -86,7 +86,7 @@ class OrderSyncQueue(models.Model):
 
     def set_sync_error(self, failure_mode, messages, full_message):
         logger.exception(
-            f"Could not sync order {self.order.code} to {type(self).__name__} ({failure_mode})"
+            f"Could not sync order {self.order.code} to {self.sync_provider} ({failure_mode})"
         )
         self.order.log_action(f"pretix.event.order.data_sync.failed.{failure_mode}", {
             "provider": self.sync_provider,

src/pretix/base/models/mail.py

@@ -0,0 +1,222 @@
+#
+# This file is part of pretix (Community Edition).
+#
+# Copyright (C) 2014-2020  Raphael Michel and contributors
+# Copyright (C) 2020-today pretix GmbH and contributors
+#
+# This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General
+# Public License as published by the Free Software Foundation in version 3 of the License.
+#
+# ADDITIONAL TERMS APPLY: Pursuant to Section 7 of the GNU Affero General Public License, additional terms are
+# applicable granting you additional permissions and placing additional restrictions on your usage of this software.
+# Please refer to the pretix LICENSE file to obtain the full terms applicable to this work. If you did not receive
+# this file, see <https://pretix.eu/about/en/license>.
+#
+# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more
+# details.
+#
+# You should have received a copy of the GNU Affero General Public License along with this program.  If not, see
+# <https://www.gnu.org/licenses/>.
+#
+import uuid
+
+from django.core.mail import get_connection
+from django.db import models
+from django.utils.translation import gettext_lazy as _
+from django_scopes import scope, scopes_disabled
+
+
+def CASCADE_IF_QUEUED(collector, field, sub_objs, using):
+    # If the email is still queued and the thing it is related to vanishes, the email can vanish as well
+    cascade_objs = [
+        o for o in sub_objs if o.status == OutgoingMail.STATUS_QUEUED
+    ]
+    if cascade_objs:
+        models.CASCADE(collector, field, cascade_objs, using)
+
+    # In all other cases, set to NULL to keep the email on record
+    models.SET_NULL(collector, field, [o for o in sub_objs if o not in cascade_objs], using)
+
+
+class OutgoingMail(models.Model):
+    STATUS_QUEUED = "queued"
+    STATUS_WITHHELD = "withheld"
+    STATUS_INFLIGHT = "inflight"
+    STATUS_AWAITING_RETRY = "awaiting_retry"
+    STATUS_FAILED = "failed"
+    STATUS_SENT = "sent"
+    STATUS_BOUNCED = "bounced"
+    STATUS_ABORTED = "aborted"
+    STATUS_CHOICES = (
+        (STATUS_QUEUED, _("queued")),
+        (STATUS_INFLIGHT, _("being sent")),
+        (STATUS_AWAITING_RETRY, _("awaiting retry")),
+        (STATUS_WITHHELD, _("withheld")),  # for plugin use
+        (STATUS_FAILED, _("failed")),
+        (STATUS_ABORTED, _("aborted")),
+        (STATUS_SENT, _("sent")),
+        (STATUS_BOUNCED, _("bounced")),  # for plugin use
+    )
+    STATUS_LIST_ABORTABLE = {
+        STATUS_QUEUED,
+        STATUS_WITHHELD,
+        STATUS_AWAITING_RETRY,
+    }
+    STATUS_LIST_RETRYABLE = {
+        STATUS_FAILED,
+        STATUS_WITHHELD,
+    }
+
+    # The GUID is a globally unique ID for the email added to a header of the email for later tracing
+    # in bug reports etc. We could theoretically also use this as a basis for the Message-ID header, but
+    # we currently don't since we are unsure if some intermediary SMTP servers have opinions on setting
+    # their own Message-ID headers.
+    guid = models.UUIDField(db_index=True, default=uuid.uuid4)
+
+    status = models.CharField(max_length=200, choices=STATUS_CHOICES, default=STATUS_QUEUED)
+    created = models.DateTimeField(auto_now_add=True)
+
+    # sent will be the time the email was sent or the email failed
+    sent = models.DateTimeField(null=True, blank=True)
+
+    inflight_since = models.DateTimeField(null=True, blank=True)
+    retry_after = models.DateTimeField(null=True, blank=True)
+
+    error = models.TextField(null=True, blank=True)
+    error_detail = models.TextField(null=True, blank=True)
+
+    # There is a conflict here between the different purposes of the model. As a system administrator,
+    # one wants *all* emails to be persisted as long as possible to debug issues. This means that if
+    # e.g. the event or order is deleted, we want SET_NULL behavior. However, in that case, the email
+    # would be an "orphan" forever and there's no way to remove the personal information.
+    # We try to find a middle-ground with the following behaviour:
+    # - The email is always deleted if the entire organizer or user is deleted
+    # - The email is always deleted if it has not yet been sent
+    # - The email is kept in all other cases
+    # This is only an acceptable trade-off since emails are stored for a short period only, and because
+    # orders and customers are never deleted during normal operation. If we ever make this a long-term
+    # storage / email archive, we'd need to find another way to make sure personal information is removed
+    # if personal information of orders etc is removed.
+    organizer = models.ForeignKey(
+        'pretixbase.Organizer',
+        on_delete=models.CASCADE,
+        related_name='outgoing_mails',
+        null=True, blank=True,
+    )
+    event = models.ForeignKey(
+        'pretixbase.Event',
+        on_delete=CASCADE_IF_QUEUED,
+        related_name='outgoing_mails',
+        null=True, blank=True,
+    )
+    order = models.ForeignKey(
+        'pretixbase.Order',
+        on_delete=CASCADE_IF_QUEUED,
+        related_name='outgoing_mails',
+        null=True, blank=True,
+    )
+    orderposition = models.ForeignKey(
+        'pretixbase.OrderPosition',
+        on_delete=CASCADE_IF_QUEUED,
+        related_name='outgoing_mails',
+        null=True, blank=True,
+    )
+    customer = models.ForeignKey(
+        'pretixbase.Customer',
+        on_delete=CASCADE_IF_QUEUED,
+        related_name='outgoing_mails',
+        null=True, blank=True,
+    )
+    user = models.ForeignKey(
+        'pretixbase.User',
+        on_delete=models.CASCADE,
+        related_name='outgoing_mails',
+        null=True, blank=True,
+    )
+
+    sensitive = models.BooleanField(default=False)
+    subject = models.TextField()
+    body_plain = models.TextField()
+    body_html = models.TextField(null=True)
+    sender = models.CharField(max_length=500)
+    headers = models.JSONField(default=dict)
+    to = models.JSONField(default=list)
+    cc = models.JSONField(default=list)
+    bcc = models.JSONField(default=list)
+    recipient_count = models.IntegerField()
+
+    # We don't store the actual invoices, tickets or calendar invites, so if the email is re-sent at a later time, a
+    # newer version of the files might be used. We accept that risk to save on storage and also because the new
+    # version might actually be more useful.
+    should_attach_invoices = models.ManyToManyField(
+        'pretixbase.Invoice',
+        related_name='outgoing_mails'
+    )
+    should_attach_tickets = models.BooleanField(default=False)
+    should_attach_ical = models.BooleanField(default=False)
+
+    # clean_cached_files makes sure not to delete these as long as the email is in a retryable state
+    should_attach_cached_files = models.ManyToManyField(
+        'pretixbase.CachedFile',
+        related_name='outgoing_mails',
+    )
+
+    # This is used to send files stored in settings. In most cases, these aren't short-lived and should still be there
+    # if the email is sent. Otherwise, they will be skipped. We accept that risk.
+    should_attach_other_files = models.JSONField(default=list)
+
+    # [{name, type size}] of the attachments we actually setn
+    actual_attachments = models.JSONField(default=list)
+
+    class Meta:
+        ordering = ('-created',)
+
+    def get_mail_backend(self):
+        if self.event:
+            return self.event.get_mail_backend()
+        elif self.organizer:
+            return self.organizer.get_mail_backend()
+        else:
+            return get_connection(fail_silently=False)
+
+    def scope_manager(self):
+        if self.organizer:
+            return scope(organizer=self.organizer)  # noqa
+        else:
+            return scopes_disabled()  # noqa
+
+    @property
+    def is_failed(self):
+        return self.status in (
+            OutgoingMail.STATUS_FAILED,
+            OutgoingMail.STATUS_AWAITING_RETRY,
+            OutgoingMail.STATUS_BOUNCED,
+        )
+
+    def save(self, *args, **kwargs):
+        if self.orderposition_id and not self.order_id:
+            self.order = self.orderposition.order
+        if self.order_id and not self.event_id:
+            self.event = self.order.event
+        if self.event_id and not self.organizer_id:
+            self.organizer = self.event.organizer
+        if self.customer_id and not self.organizer_id:
+            self.organizer = self.customer.organizer
+        self.recipient_count = len(self.to) + len(self.cc) + len(self.bcc)
+        super().save(*args, **kwargs)
+
+    def log_parameters(self):
+        if self.order:
+            error_log_action_type = 'pretix.event.order.email.error'
+            log_target = self.order
+        elif self.customer:
+            error_log_action_type = 'pretix.customer.email.error'
+            log_target = self.customer
+        elif self.user:
+            error_log_action_type = 'pretix.user.email.error'
+            log_target = self.user
+        else:
+            error_log_action_type = 'pretix.email.error'
+            log_target = None
+        return log_target, error_log_action_type

src/pretix/base/models/orders.py

@@ -87,7 +87,7 @@ from pretix.base.timemachine import time_machine_now
 
 from ...helpers import OF_SELF
 from ...helpers.countries import CachedCountries, FastCountryField
-from ...helpers.format import format_map
+from ...helpers.format import FormattedString, format_map
 from ...helpers.names import build_name
 from ...testutils.middleware import debugflags_var
 from ._transactions import (
@@ -1167,9 +1167,7 @@ class Order(LockModel, LoggedModel):
                          only be attached for this position and child positions, the link will only point to the
                          position and the attendee email will be used if available.
         """
-        from pretix.base.services.mail import (
-            SendMailException, mail, render_mail,
-        )
+        from pretix.base.services.mail import mail, render_mail
 
         if not self.email and not (position and position.attendee_email):
             return
@@ -1179,35 +1177,32 @@ class Order(LockModel, LoggedModel):
             if position and position.attendee_email:
                 recipient = position.attendee_email
 
-            try:
-                email_content = render_mail(template, context)
+            email_content = render_mail(template, context)
+            if not isinstance(subject, FormattedString):
                 subject = format_map(subject, context)
-                mail(
-                    recipient, subject, template, context,
-                    self.event, self.locale, self, headers=headers, sender=sender,
-                    invoices=invoices, attach_tickets=attach_tickets,
-                    position=position, auto_email=auto_email, attach_ical=attach_ical,
-                    attach_other_files=attach_other_files, attach_cached_files=attach_cached_files,
-                )
-            except SendMailException:
-                raise
-            else:
-                self.log_action(
-                    log_entry_type,
-                    user=user,
-                    auth=auth,
-                    data={
-                        'subject': subject,
-                        'message': email_content,
-                        'position': position.positionid if position else None,
-                        'recipient': recipient,
-                        'invoices': [i.pk for i in invoices] if invoices else [],
-                        'attach_tickets': attach_tickets,
-                        'attach_ical': attach_ical,
-                        'attach_other_files': attach_other_files,
-                        'attach_cached_files': [cf.filename for cf in attach_cached_files] if attach_cached_files else [],
-                    }
-                )
+            mail(
+                recipient, subject, template, context,
+                self.event, self.locale, self, headers=headers, sender=sender,
+                invoices=invoices, attach_tickets=attach_tickets,
+                position=position, auto_email=auto_email, attach_ical=attach_ical,
+                attach_other_files=attach_other_files, attach_cached_files=attach_cached_files,
+            )
+            self.log_action(
+                log_entry_type,
+                user=user,
+                auth=auth,
+                data={
+                    'subject': subject,
+                    'message': email_content,
+                    'position': position.positionid if position else None,
+                    'recipient': recipient,
+                    'invoices': [i.pk for i in invoices] if invoices else [],
+                    'attach_tickets': attach_tickets,
+                    'attach_ical': attach_ical,
+                    'attach_other_files': attach_other_files,
+                    'attach_cached_files': [cf.filename for cf in attach_cached_files] if attach_cached_files else [],
+                }
+            )
 
     def resend_link(self, user=None, auth=None):
         with language(self.locale, self.event.settings.region):
@@ -2024,40 +2019,30 @@ class OrderPayment(models.Model):
             transmit_invoice.apply_async(args=(self.order.event_id, invoice.pk, False))
 
     def _send_paid_mail_attendee(self, position, user):
-        from pretix.base.services.mail import SendMailException
-
         with language(self.order.locale, self.order.event.settings.region):
             email_template = self.order.event.settings.mail_text_order_paid_attendee
             email_subject = self.order.event.settings.mail_subject_order_paid_attendee
             email_context = get_email_context(event=self.order.event, order=self.order, position=position)
-            try:
-                position.send_mail(
-                    email_subject, email_template, email_context,
-                    'pretix.event.order.email.order_paid', user,
-                    invoices=[],
-                    attach_tickets=True,
-                    attach_ical=self.order.event.settings.mail_attach_ical
-                )
-            except SendMailException:
-                logger.exception('Order paid email could not be sent')
+            position.send_mail(
+                email_subject, email_template, email_context,
+                'pretix.event.order.email.order_paid', user,
+                invoices=[],
+                attach_tickets=True,
+                attach_ical=self.order.event.settings.mail_attach_ical
+            )
 
     def _send_paid_mail(self, invoice, user, mail_text):
-        from pretix.base.services.mail import SendMailException
-
         with language(self.order.locale, self.order.event.settings.region):
             email_template = self.order.event.settings.mail_text_order_paid
             email_subject = self.order.event.settings.mail_subject_order_paid
             email_context = get_email_context(event=self.order.event, order=self.order, payment_info=mail_text)
-            try:
-                self.order.send_mail(
-                    email_subject, email_template, email_context,
-                    'pretix.event.order.email.order_paid', user,
-                    invoices=[invoice] if invoice else [],
-                    attach_tickets=True,
-                    attach_ical=self.order.event.settings.mail_attach_ical
-                )
-            except SendMailException:
-                logger.exception('Order paid email could not be sent')
+            self.order.send_mail(
+                email_subject, email_template, email_context,
+                'pretix.event.order.email.order_paid', user,
+                invoices=[invoice] if invoice else [],
+                attach_tickets=True,
+                attach_ical=self.order.event.settings.mail_attach_ical
+            )
 
     @property
     def refunded_amount(self):
@@ -2915,45 +2900,40 @@ class OrderPosition(AbstractPosition):
         :param attach_tickets: Attach tickets of this order, if they are existing and ready to download
         :param attach_ical: Attach relevant ICS files
         """
-        from pretix.base.services.mail import (
-            SendMailException, mail, render_mail,
-        )
+        from pretix.base.services.mail import mail, render_mail
 
         if not self.attendee_email:
             return
 
         with language(self.order.locale, self.order.event.settings.region):
             recipient = self.attendee_email
-            try:
-                email_content = render_mail(template, context)
+            email_content = render_mail(template, context)
+            if not isinstance(subject, FormattedString):
                 subject = format_map(subject, context)
-                mail(
-                    recipient, subject, template, context,
-                    self.event, self.order.locale, order=self.order, headers=headers, sender=sender,
-                    position=self,
-                    invoices=invoices,
-                    attach_tickets=attach_tickets,
-                    attach_ical=attach_ical,
-                    attach_other_files=attach_other_files,
-                )
-            except SendMailException:
-                raise
-            else:
-                self.order.log_action(
-                    log_entry_type,
-                    user=user,
-                    auth=auth,
-                    data={
-                        'subject': subject,
-                        'message': email_content,
-                        'recipient': recipient,
-                        'invoices': [i.pk for i in invoices] if invoices else [],
-                        'attach_tickets': attach_tickets,
-                        'attach_ical': attach_ical,
-                        'attach_other_files': attach_other_files,
-                        'attach_cached_files': [],
-                    }
-                )
+            mail(
+                recipient, subject, template, context,
+                self.event, self.order.locale, order=self.order, headers=headers, sender=sender,
+                position=self,
+                invoices=invoices,
+                attach_tickets=attach_tickets,
+                attach_ical=attach_ical,
+                attach_other_files=attach_other_files,
+            )
+            self.order.log_action(
+                log_entry_type,
+                user=user,
+                auth=auth,
+                data={
+                    'subject': subject,
+                    'message': email_content,
+                    'recipient': recipient,
+                    'invoices': [i.pk for i in invoices] if invoices else [],
+                    'attach_tickets': attach_tickets,
+                    'attach_ical': attach_ical,
+                    'attach_other_files': attach_other_files,
+                    'attach_cached_files': [],
+                }
+            )
 
     def resend_link(self, user=None, auth=None):
 
@@ -3529,18 +3509,10 @@ class InvoiceAddress(models.Model):
     def describe_transmission(self):
         from pretix.base.invoicing.transmission import transmission_types
         data = []
-
         t, __ = transmission_types.get(identifier=self.transmission_type)
         data.append((_("Transmission type"), t.public_name))
-        form_data = t.transmission_info_to_form_data(self.transmission_info or {})
-        for k, f in t.invoice_address_form_fields.items():
-            v = form_data.get(k)
-            if v is True:
-                v = _("Yes")
-            elif v is False:
-                v = _("No")
-            if v:
-                data.append((f.label, v))
+        if self.transmission_info:
+            data += t.describe_info(self.transmission_info, self.country, self.is_business)
         return data
 
 

src/pretix/base/models/vouchers.py

@@ -239,7 +239,7 @@ class Voucher(LoggedModel):
         )
     )
     price_mode = models.CharField(
-        verbose_name=_("Price mode"),
+        verbose_name=_("Price effect"),
         max_length=100,
         choices=PRICE_MODES,
         default='none'

src/pretix/base/models/waitinglist.py

@@ -34,7 +34,7 @@ from phonenumber_field.modelfields import PhoneNumberField
 from pretix.base.email import get_email_context
 from pretix.base.i18n import language
 from pretix.base.models import User, Voucher
-from pretix.base.services.mail import SendMailException, mail, render_mail
+from pretix.base.services.mail import mail, render_mail
 from pretix.helpers import OF_SELF
 
 from ...helpers.format import format_map
@@ -272,34 +272,30 @@ class WaitingListEntry(LoggedModel):
         with language(self.locale, self.event.settings.region):
             recipient = self.email
 
-            try:
-                email_content = render_mail(template, context)
-                subject = format_map(subject, context)
-                mail(
-                    recipient, subject, template, context,
-                    self.event,
-                    self.locale,
-                    headers=headers,
-                    sender=sender,
-                    auto_email=auto_email,
-                    attach_other_files=attach_other_files,
-                    attach_cached_files=attach_cached_files,
-                )
-            except SendMailException:
-                raise
-            else:
-                self.log_action(
-                    log_entry_type,
-                    user=user,
-                    auth=auth,
-                    data={
-                        'subject': subject,
-                        'message': email_content,
-                        'recipient': recipient,
-                        'attach_other_files': attach_other_files,
-                        'attach_cached_files': [cf.filename for cf in attach_cached_files] if attach_cached_files else [],
-                    }
-                )
+            email_content = render_mail(template, context)
+            subject = format_map(subject, context)
+            mail(
+                recipient, subject, template, context,
+                self.event,
+                self.locale,
+                headers=headers,
+                sender=sender,
+                auto_email=auto_email,
+                attach_other_files=attach_other_files,
+                attach_cached_files=attach_cached_files,
+            )
+            self.log_action(
+                log_entry_type,
+                user=user,
+                auth=auth,
+                data={
+                    'subject': subject,
+                    'message': email_content,
+                    'recipient': recipient,
+                    'attach_other_files': attach_other_files,
+                    'attach_cached_files': [cf.filename for cf in attach_cached_files] if attach_cached_files else [],
+                }
+            )
 
     @staticmethod
     def clean_itemvar(event, item, variation):

src/pretix/base/payment.py

@@ -1231,8 +1231,8 @@ class ManualPayment(BasePaymentProvider):
     def is_allowed(self, request: HttpRequest, total: Decimal=None):
         return 'pretix.plugins.manualpayment' in self.event.plugins and super().is_allowed(request, total)
 
-    def order_change_allowed(self, order: Order):
-        return 'pretix.plugins.manualpayment' in self.event.plugins and super().order_change_allowed(order)
+    def order_change_allowed(self, order: Order, request=None):
+        return 'pretix.plugins.manualpayment' in self.event.plugins and super().order_change_allowed(order, request)
 
     @property
     def public_name(self):
@@ -1646,6 +1646,14 @@ class GiftCardPayment(BasePaymentProvider):
                     'transaction_id': trans.pk,
                 }
                 payment.confirm(send_mail=not is_early_special_case, generate_invoice=not is_early_special_case)
+                gc.log_action(
+                    action='pretix.giftcards.transaction.payment',
+                    data={
+                        'value': trans.value,
+                        'acceptor_id': self.event.organizer.id,
+                        'acceptor_slug': self.event.organizer.slug
+                    }
+                )
         except PaymentException as e:
             payment.fail(info={'error': str(e)})
             raise e
@@ -1670,6 +1678,15 @@ class GiftCardPayment(BasePaymentProvider):
             'transaction_id': trans.pk,
         }
         refund.done()
+        gc.log_action(
+            action='pretix.giftcards.transaction.refund',
+            data={
+                'value': refund.amount,
+                'acceptor_id': self.event.organizer.id,
+                'acceptor_slug': self.event.organizer.slug,
+                'text': refund.comment,
+            }
+        )
 
 
 @receiver(register_payment_providers, dispatch_uid="payment_free")

src/pretix/base/plugins.py

@@ -65,7 +65,7 @@ def get_all_plugins(*, event=None, organizer=None) -> List[type]:
             if app.name in settings.PRETIX_PLUGINS_EXCLUDE:
                 continue
 
-            level = getattr(app, "level", PLUGIN_LEVEL_EVENT)
+            level = getattr(meta, "level", PLUGIN_LEVEL_EVENT)
             if level == PLUGIN_LEVEL_EVENT:
                 if event and hasattr(app, 'is_available'):
                     if not app.is_available(event):

src/pretix/base/services/cancelevent.py

@@ -36,7 +36,7 @@ from pretix.base.models import (
     SubEvent, TaxRule, User, WaitingListEntry,
 )
 from pretix.base.services.locking import LockTimeoutException
-from pretix.base.services.mail import SendMailException, mail
+from pretix.base.services.mail import mail
 from pretix.base.services.orders import (
     OrderChangeManager, OrderError, _cancel_order, _try_auto_refund,
 )
@@ -53,17 +53,14 @@ logger = logging.getLogger(__name__)
 def _send_wle_mail(wle: WaitingListEntry, subject: LazyI18nString, message: LazyI18nString, subevent: SubEvent):
     with language(wle.locale, wle.event.settings.region):
         email_context = get_email_context(event_or_subevent=subevent or wle.event, event=wle.event)
-        try:
-            mail(
-                wle.email,
-                format_map(subject, email_context),
-                message,
-                email_context,
-                wle.event,
-                locale=wle.locale
-            )
-        except SendMailException:
-            logger.exception('Waiting list canceled email could not be sent')
+        mail(
+            wle.email,
+            format_map(subject, email_context),
+            message,
+            email_context,
+            wle.event,
+            locale=wle.locale
+        )
 
 
 def _send_mail(order: Order, subject: LazyI18nString, message: LazyI18nString, subevent: SubEvent,
@@ -77,14 +74,11 @@ def _send_mail(order: Order, subject: LazyI18nString, message: LazyI18nString, s
         email_context = get_email_context(event_or_subevent=subevent or order.event, refund_amount=refund_amount,
                                           order=order, position_or_address=ia, event=order.event)
         real_subject = format_map(subject, email_context)
-        try:
-            order.send_mail(
-                real_subject, message, email_context,
-                'pretix.event.order.email.event_canceled',
-                user,
-            )
-        except SendMailException:
-            logger.exception('Order canceled email could not be sent')
+        order.send_mail(
+            real_subject, message, email_context,
+            'pretix.event.order.email.event_canceled',
+            user,
+        )
 
         for p in positions:
             if subevent and p.subevent_id != subevent.id:
@@ -97,15 +91,12 @@ def _send_mail(order: Order, subject: LazyI18nString, message: LazyI18nString, s
                                                   refund_amount=refund_amount,
                                                   position_or_address=p,
                                                   order=order, position=p)
-                try:
-                    order.send_mail(
-                        real_subject, message, email_context,
-                        'pretix.event.order.email.event_canceled',
-                        position=p,
-                        user=user
-                    )
-                except SendMailException:
-                    logger.exception('Order canceled email could not be sent to attendee')
+                order.send_mail(
+                    real_subject, message, email_context,
+                    'pretix.event.order.email.event_canceled',
+                    position=p,
+                    user=user
+                )
 
 
 @app.task(base=ProfiledEventTask, bind=True, max_retries=5, default_retry_delay=1, throws=(OrderError,))

src/pretix/base/services/cart.py

@@ -1639,7 +1639,7 @@ def get_fees(event, request, _total_ignored_=None, invoice_address=None, payment
         if fee.tax_rule and not fee.tax_rule.pk:
             fee.tax_rule = None  # TODO: deprecate
 
-    apply_rounding(event.settings.tax_rounding, event.currency, [*positions, *fees])
+    apply_rounding(event.settings.tax_rounding, invoice_address, event.currency, [*positions, *fees])
     total = sum([c.price for c in positions]) + sum([f.value for f in fees])
 
     if total != 0 and payments:
@@ -1679,7 +1679,7 @@ def get_fees(event, request, _total_ignored_=None, invoice_address=None, payment
                 fees.append(pf)
 
                 # Re-apply rounding as grand total has changed
-                apply_rounding(event.settings.tax_rounding, event.currency, [*positions, *fees])
+                apply_rounding(event.settings.tax_rounding, invoice_address, event.currency, [*positions, *fees])
                 total = sum([c.price for c in positions]) + sum([f.value for f in fees])
 
                 # Re-calculate to_pay as grand total has changed

src/pretix/base/services/cleanup.py

@@ -23,11 +23,12 @@ from datetime import timedelta
 
 from django.conf import settings
 from django.core.management import call_command
+from django.db.models import Exists, OuterRef
 from django.dispatch import receiver
 from django.utils.timezone import now
 from django_scopes import scopes_disabled
 
-from pretix.base.models import CachedCombinedTicket, CachedTicket
+from pretix.base.models import CachedCombinedTicket, CachedTicket, OutgoingMail
 from pretix.base.models.customers import CustomerSSOGrant
 
 from ..models import CachedFile, CartPosition, InvoiceAddress
@@ -49,7 +50,18 @@ def clean_cart_positions(sender, **kwargs):
 @receiver(signal=periodic_task)
 @scopes_disabled()
 def clean_cached_files(sender, **kwargs):
-    for cf in CachedFile.objects.filter(expires__isnull=False, expires__lt=now()):
+    has_queued_email = Exists(
+        OutgoingMail.objects.filter(
+            should_attach_cached_files__pk=OuterRef("pk"),
+            status__in=(
+                OutgoingMail.STATUS_QUEUED,
+                OutgoingMail.STATUS_INFLIGHT,
+                OutgoingMail.STATUS_AWAITING_RETRY,
+                OutgoingMail.STATUS_FAILED,
+            ),
+        )
+    )
+    for cf in CachedFile.objects.filter(expires__isnull=False, expires__lt=now()).exclude(has_queued_email):
         cf.delete()
 
 

src/pretix/base/services/notifications.py

@@ -19,6 +19,8 @@
 # You should have received a copy of the GNU Affero General Public License along with this program.  If not, see
 # <https://www.gnu.org/licenses/>.
 #
+import uuid
+
 import css_inline
 from django.conf import settings
 from django.template.loader import get_template
@@ -26,7 +28,9 @@ from django.utils.timezone import override
 from django_scopes import scope, scopes_disabled
 
 from pretix.base.i18n import language
-from pretix.base.models import LogEntry, NotificationSetting, User
+from pretix.base.models import (
+    LogEntry, NotificationSetting, OutgoingMail, User,
+)
 from pretix.base.notifications import Notification, get_all_notification_types
 from pretix.base.services.mail import mail_send_task
 from pretix.base.services.tasks import ProfiledTask, TransactionAwareTask
@@ -153,16 +157,26 @@ def send_notification_mail(notification: Notification, user: User):
     tpl_plain = get_template('pretixbase/email/notification.txt')
     body_plain = tpl_plain.render(ctx)
 
-    mail_send_task.apply_async(kwargs={
-        'to': [user.email],
-        'subject': '[{}] {}: {}'.format(
+    guid = uuid.uuid4()
+    m = OutgoingMail.objects.create(
+        guid=guid,
+        user=user,
+        to=[user.email],
+        subject='[{}] {}: {}'.format(
             settings.PRETIX_INSTANCE_NAME,
             notification.event.settings.mail_prefix or notification.event.slug.upper(),
             notification.title
         ),
-        'body': body_plain,
-        'html': body_html,
-        'sender': settings.MAIL_FROM_NOTIFICATIONS,
-        'headers': {},
-        'user': user.pk
+        body_plain=body_plain,
+        body_html=body_html,
+        sender=settings.MAIL_FROM_NOTIFICATIONS,
+        headers={
+            'X-Auto-Response-Suppress': 'OOF, NRN, AutoReply, RN',
+            'Auto-Submitted': 'auto-generated',
+            'X-Mailer': 'pretix',
+            'X-PX-Correlation': str(guid),
+        },
+    )
+    mail_send_task.apply_async(kwargs={
+        'outgoing_mail': m.pk,
     })

src/pretix/base/services/orders.py

@@ -90,7 +90,6 @@ from pretix.base.services.invoices import (
 from pretix.base.services.locking import (
     LOCK_TRUST_WINDOW, LockTimeoutException, lock_objects,
 )
-from pretix.base.services.mail import SendMailException
 from pretix.base.services.memberships import (
     create_membership, validate_memberships_in_order,
 )
@@ -248,6 +247,16 @@ def reactivate_order(order: Order, force: bool=False, user: User=None, auth=None
                 for gc in position.issued_gift_cards.all():
                     gc = GiftCard.objects.select_for_update(of=OF_SELF).get(pk=gc.pk)
                     gc.transactions.create(value=position.price, order=order, acceptor=order.event.organizer)
+                    gc.log_action(
+                        action='pretix.giftcards.transaction.manual',
+                        user=user,
+                        auth=auth,
+                        data={
+                            'value': position.price,
+                            'acceptor_id': order.event.organizer.id,
+                            'acceptor_slug': order.event.organizer.slug
+                        }
+                    )
                     break
 
                 for m in position.granted_memberships.all():
@@ -438,33 +447,27 @@ def approve_order(order, user=None, send_mail: bool=True, auth=None, force=False
                 email_attendee_subject = order.event.settings.mail_subject_order_approved_attendee
 
             email_context = get_email_context(event=order.event, order=order)
-            try:
-                order.send_mail(
-                    email_subject, email_template, email_context,
-                    'pretix.event.order.email.order_approved', user,
-                    attach_tickets=True,
-                    attach_ical=order.event.settings.mail_attach_ical and (
-                        not order.event.settings.mail_attach_ical_paid_only or
-                        order.total == Decimal('0.00') or
-                        order.valid_if_pending
-                    ),
-                    invoices=[invoice] if invoice and transmit_invoice_mail else []
-                )
-            except SendMailException:
-                logger.exception('Order approved email could not be sent')
+            order.send_mail(
+                email_subject, email_template, email_context,
+                'pretix.event.order.email.order_approved', user,
+                attach_tickets=True,
+                attach_ical=order.event.settings.mail_attach_ical and (
+                    not order.event.settings.mail_attach_ical_paid_only or
+                    order.total == Decimal('0.00') or
+                    order.valid_if_pending
+                ),
+                invoices=[invoice] if invoice and transmit_invoice_mail else []
+            )
 
             if email_attendees:
                 for p in order.positions.all():
                     if p.addon_to_id is None and p.attendee_email and p.attendee_email != order.email:
                         email_attendee_context = get_email_context(event=order.event, order=order, position=p)
-                        try:
-                            p.send_mail(
-                                email_attendee_subject, email_attendee_template, email_attendee_context,
-                                'pretix.event.order.email.order_approved', user,
-                                attach_tickets=True,
-                            )
-                        except SendMailException:
-                            logger.exception('Order approved email could not be sent to attendee')
+                        p.send_mail(
+                            email_attendee_subject, email_attendee_template, email_attendee_context,
+                            'pretix.event.order.email.order_approved', user,
+                            attach_tickets=True,
+                        )
 
     return order.pk
 
@@ -501,13 +504,10 @@ def deny_order(order, comment='', user=None, send_mail: bool=True, auth=None):
             email_template = order.event.settings.mail_text_order_denied
             email_subject = order.event.settings.mail_subject_order_denied
             email_context = get_email_context(event=order.event, order=order, comment=comment)
-            try:
-                order.send_mail(
-                    email_subject, email_template, email_context,
-                    'pretix.event.order.email.order_denied', user
-                )
-            except SendMailException:
-                logger.exception('Order denied email could not be sent')
+            order.send_mail(
+                email_subject, email_template, email_context,
+                'pretix.event.order.email.order_denied', user
+            )
 
     return order.pk
 
@@ -558,6 +558,15 @@ def _cancel_order(order, user=None, send_mail: bool=True, api_token=None, device
                     )
                 else:
                     gc.transactions.create(value=-position.price, order=order, acceptor=order.event.organizer)
+                    gc.log_action(
+                        action='pretix.giftcards.transaction.manual',
+                        user=user,
+                        data={
+                            'value': -position.price,
+                            'acceptor_id': order.event.organizer.id,
+                            'acceptor_slug': order.event.organizer.slug
+                        }
+                    )
 
             for m in position.granted_memberships.all():
                 m.canceled = True
@@ -660,14 +669,11 @@ def _cancel_order(order, user=None, send_mail: bool=True, api_token=None, device
                 email_template = order.event.settings.mail_text_order_canceled
                 email_subject = order.event.settings.mail_subject_order_canceled
                 email_context = get_email_context(event=order.event, order=order, comment=comment or "")
-                try:
-                    order.send_mail(
-                        email_subject, email_template, email_context,
-                        'pretix.event.order.email.order_canceled', user,
-                        invoices=transmit_invoices_mail,
-                    )
-                except SendMailException:
-                    logger.exception('Order canceled email could not be sent')
+                order.send_mail(
+                    email_subject, email_template, email_context,
+                    'pretix.event.order.email.order_canceled', user,
+                    invoices=transmit_invoices_mail,
+                )
 
     for p in order.payments.filter(state__in=(OrderPayment.PAYMENT_STATE_CREATED, OrderPayment.PAYMENT_STATE_PENDING)):
         try:
@@ -968,7 +974,7 @@ def _apply_rounding_and_fees(positions: List[CartPosition], payment_requests: Li
             fee.tax_rule = None  # TODO: deprecate
 
     # Apply rounding to get final total in case no payment fees will be added
-    apply_rounding(event.settings.tax_rounding, event.currency, [*positions, *fees])
+    apply_rounding(event.settings.tax_rounding, address, event.currency, [*positions, *fees])
     total = sum([c.price for c in positions]) + sum([f.value for f in fees])
 
     payments_assigned = Decimal("0.00")
@@ -995,7 +1001,7 @@ def _apply_rounding_and_fees(positions: List[CartPosition], payment_requests: Li
             p['fee'] = pf
 
             # Re-apply rounding as grand total has changed
-            apply_rounding(event.settings.tax_rounding, event.currency, [*positions, *fees])
+            apply_rounding(event.settings.tax_rounding, address, event.currency, [*positions, *fees])
             total = sum([c.price for c in positions]) + sum([f.value for f in fees])
 
             # Re-calculate to_pay as grand total has changed
@@ -1108,46 +1114,40 @@ def _order_placed_email(event: Event, order: Order, email_template, subject_temp
                         log_entry: str, invoice, payments: List[OrderPayment], is_free=False):
     email_context = get_email_context(event=event, order=order, payments=payments)
 
-    try:
-        order.send_mail(
-            subject_template, email_template, email_context,
-            log_entry,
-            invoices=[invoice] if invoice else [],
-            attach_tickets=True,
-            attach_ical=event.settings.mail_attach_ical and (
-                not event.settings.mail_attach_ical_paid_only or
-                is_free or
-                order.valid_if_pending
-            ),
-            attach_other_files=[a for a in [
-                event.settings.get('mail_attachment_new_order', as_type=str, default='')[len('file://'):]
-            ] if a],
-        )
-    except SendMailException:
-        logger.exception('Order received email could not be sent')
+    order.send_mail(
+        subject_template, email_template, email_context,
+        log_entry,
+        invoices=[invoice] if invoice else [],
+        attach_tickets=True,
+        attach_ical=event.settings.mail_attach_ical and (
+            not event.settings.mail_attach_ical_paid_only or
+            is_free or
+            order.valid_if_pending
+        ),
+        attach_other_files=[a for a in [
+            event.settings.get('mail_attachment_new_order', as_type=str, default='')[len('file://'):]
+        ] if a],
+    )
 
 
 def _order_placed_email_attendee(event: Event, order: Order, position: OrderPosition, email_template, subject_template,
                                  log_entry: str, is_free=False):
     email_context = get_email_context(event=event, order=order, position=position)
 
-    try:
-        position.send_mail(
-            subject_template, email_template, email_context,
-            log_entry,
-            invoices=[],
-            attach_tickets=True,
-            attach_ical=event.settings.mail_attach_ical and (
-                not event.settings.mail_attach_ical_paid_only or
-                is_free or
-                order.valid_if_pending
-            ),
-            attach_other_files=[a for a in [
-                event.settings.get('mail_attachment_new_order', as_type=str, default='')[len('file://'):]
-            ] if a],
-        )
-    except SendMailException:
-        logger.exception('Order received email could not be sent to attendee')
+    position.send_mail(
+        subject_template, email_template, email_context,
+        log_entry,
+        invoices=[],
+        attach_tickets=True,
+        attach_ical=event.settings.mail_attach_ical and (
+            not event.settings.mail_attach_ical_paid_only or
+            is_free or
+            order.valid_if_pending
+        ),
+        attach_other_files=[a for a in [
+            event.settings.get('mail_attachment_new_order', as_type=str, default='')[len('file://'):]
+        ] if a],
+    )
 
 
 def _perform_order(event: Event, payment_requests: List[dict], position_ids: List[str],
@@ -1476,13 +1476,10 @@ def send_expiry_warnings(sender, **kwargs):
                         email_template = settings.mail_text_order_pending_warning
                         email_subject = settings.mail_subject_order_pending_warning
 
-                    try:
-                        o.send_mail(
-                            email_subject, email_template, email_context,
-                            'pretix.event.order.email.expire_warning_sent'
-                        )
-                    except SendMailException:
-                        logger.exception('Reminder email could not be sent')
+                    o.send_mail(
+                        email_subject, email_template, email_context,
+                        'pretix.event.order.email.expire_warning_sent'
+                    )
 
 
 @receiver(signal=periodic_task)
@@ -1543,14 +1540,11 @@ def send_download_reminders(sender, **kwargs):
                 email_template = event.settings.mail_text_download_reminder
                 email_subject = event.settings.mail_subject_download_reminder
                 email_context = get_email_context(event=event, order=o)
-                try:
-                    o.send_mail(
-                        email_subject, email_template, email_context,
-                        'pretix.event.order.email.download_reminder_sent',
-                        attach_tickets=True
-                    )
-                except SendMailException:
-                    logger.exception('Reminder email could not be sent')
+                o.send_mail(
+                    email_subject, email_template, email_context,
+                    'pretix.event.order.email.download_reminder_sent',
+                    attach_tickets=True
+                )
 
                 if event.settings.mail_send_download_reminder_attendee:
                     for p in positions:
@@ -1564,14 +1558,11 @@ def send_download_reminders(sender, **kwargs):
                             email_template = event.settings.mail_text_download_reminder_attendee
                             email_subject = event.settings.mail_subject_download_reminder_attendee
                             email_context = get_email_context(event=event, order=o, position=p)
-                            try:
-                                o.send_mail(
-                                    email_subject, email_template, email_context,
-                                    'pretix.event.order.email.download_reminder_sent',
-                                    attach_tickets=True, position=p
-                                )
-                            except SendMailException:
-                                logger.exception('Reminder email could not be sent to attendee')
+                            o.send_mail(
+                                email_subject, email_template, email_context,
+                                'pretix.event.order.email.download_reminder_sent',
+                                attach_tickets=True, position=p
+                            )
 
 
 def notify_user_changed_order(order, user=None, auth=None, invoices=[]):
@@ -1579,13 +1570,10 @@ def notify_user_changed_order(order, user=None, auth=None, invoices=[]):
         email_template = order.event.settings.mail_text_order_changed
         email_context = get_email_context(event=order.event, order=order)
         email_subject = order.event.settings.mail_subject_order_changed
-        try:
-            order.send_mail(
-                email_subject, email_template, email_context,
-                'pretix.event.order.email.order_changed', user, auth=auth, invoices=invoices, attach_tickets=True,
-            )
-        except SendMailException:
-            logger.exception('Order changed email could not be sent')
+        order.send_mail(
+            email_subject, email_template, email_context,
+            'pretix.event.order.email.order_changed', user, auth=auth, invoices=invoices, attach_tickets=True,
+        )
 
 
 class OrderChangeManager:
@@ -1641,6 +1629,7 @@ class OrderChangeManager:
     ChangeValidUntilOperation = namedtuple('ChangeValidUntilOperation', ('position', 'valid_until'))
     AddBlockOperation = namedtuple('AddBlockOperation', ('position', 'block_name', 'ignore_from_quota_while_blocked'))
     RemoveBlockOperation = namedtuple('RemoveBlockOperation', ('position', 'block_name', 'ignore_from_quota_while_blocked'))
+    ForceRecomputeOperation = namedtuple('ForceRecomputeOperation', tuple())
 
     class AddPositionResult:
         _position: Optional[OrderPosition]
@@ -1804,6 +1793,7 @@ class OrderChangeManager:
         positions = self.order.positions.select_related('item', 'item__tax_rule')
         ia = self._invoice_address
         tax_rules = self._current_tax_rules()
+        self._operations.append(self.ForceRecomputeOperation())
 
         for pos in positions:
             tax_rule = tax_rules.get(pos.pk, pos.tax_rule)
@@ -2094,6 +2084,43 @@ class OrderChangeManager:
                     )
                     item_counts[item] += 1
 
+        # Detect removed add-ons and create RemoveOperations
+        for cp, al in list(current_addons.items()):
+            for k, v in al.items():
+                input_num = input_addons[cp.id].get(k, 0)
+                current_num = len(current_addons[cp].get(k, []))
+                if input_num < current_num:
+                    for a in current_addons[cp][k][:current_num - input_num]:
+                        if a.canceled:
+                            continue
+                        is_unavailable = (
+                            # If an item is no longer available due to time, it should usually also be no longer
+                            # user-removable, because e.g. the stock has already been ordered.
+                            # We always pass has_voucher=True because if a product now requires a voucher, it usually does
+                            # not mean it should be unremovable for others.
+                            # This also prevents accidental removal through the UI because a hidden product will no longer
+                            # be part of the input.
+                            (a.variation and a.variation.unavailability_reason(has_voucher=True, subevent=a.subevent))
+                            or (a.variation and not a.variation.all_sales_channels and not a.variation.limit_sales_channels.contains(self.order.sales_channel))
+                            or a.item.unavailability_reason(has_voucher=True, subevent=a.subevent)
+                            or (
+                                not a.item.all_sales_channels and
+                                not a.item.limit_sales_channels.contains(self.order.sales_channel)
+                            )
+                        )
+                        if is_unavailable:
+                            # "Re-select" add-on
+                            selected_addons[cp.id, a.item.category_id][a.item_id, a.variation_id] += 1
+                            continue
+                        if a.checkins.filter(list__consider_tickets_used=True).exists():
+                            raise OrderError(
+                                error_messages['addon_already_checked_in'] % {
+                                    'addon': str(a.item.name),
+                                }
+                            )
+                        self.cancel(a)
+                        item_counts[a.item] -= 1
+
         # Check constraints on the add-on combinations
         for op in toplevel_op:
             item = op.item
@@ -2126,41 +2153,6 @@ class OrderChangeManager:
                         }
                     )
 
-        # Detect removed add-ons and create RemoveOperations
-        for cp, al in list(current_addons.items()):
-            for k, v in al.items():
-                input_num = input_addons[cp.id].get(k, 0)
-                current_num = len(current_addons[cp].get(k, []))
-                if input_num < current_num:
-                    for a in current_addons[cp][k][:current_num - input_num]:
-                        if a.canceled:
-                            continue
-                        is_unavailable = (
-                            # If an item is no longer available due to time, it should usually also be no longer
-                            # user-removable, because e.g. the stock has already been ordered.
-                            # We always pass has_voucher=True because if a product now requires a voucher, it usually does
-                            # not mean it should be unremovable for others.
-                            # This also prevents accidental removal through the UI because a hidden product will no longer
-                            # be part of the input.
-                            (a.variation and a.variation.unavailability_reason(has_voucher=True, subevent=a.subevent))
-                            or (a.variation and not a.variation.all_sales_channels and not a.variation.limit_sales_channels.contains(self.order.sales_channel))
-                            or a.item.unavailability_reason(has_voucher=True, subevent=a.subevent)
-                            or (
-                                not item.all_sales_channels and
-                                not item.limit_sales_channels.contains(self.order.sales_channel)
-                            )
-                        )
-                        if is_unavailable:
-                            continue
-                        if a.checkins.filter(list__consider_tickets_used=True).exists():
-                            raise OrderError(
-                                error_messages['addon_already_checked_in'] % {
-                                    'addon': str(a.item.name),
-                                }
-                            )
-                        self.cancel(a)
-                        item_counts[a.item] -= 1
-
         for item, count in item_counts.items():
             if count == 0:
                 continue
@@ -2461,6 +2453,16 @@ class OrderChangeManager:
                         ))
                     else:
                         gc.transactions.create(value=-position.price, order=self.order, acceptor=self.order.event.organizer)
+                        gc.log_action(
+                            action='pretix.giftcards.transaction.manual',
+                            user=self.user,
+                            auth=self.auth,
+                            data={
+                                'value': -position.price,
+                                'acceptor_id': self.order.event.organizer.id,
+                                'acceptor_slug': self.order.event.organizer.slug
+                            }
+                        )
 
                 for m in position.granted_memberships.with_usages().all():
                     m.canceled = True
@@ -2478,6 +2480,16 @@ class OrderChangeManager:
                             ))
                         else:
                             gc.transactions.create(value=-opa.position.price, order=self.order, acceptor=self.order.event.organizer)
+                            gc.log_action(
+                                action='pretix.giftcards.transaction.manual',
+                                user=self.user,
+                                auth=self.auth,
+                                data={
+                                    'value': -opa.position.price,
+                                    'acceptor_id': self.order.event.organizer.id,
+                                    'acceptor_slug': self.order.event.organizer.slug
+                                }
+                            )
 
                     for m in opa.granted_memberships.with_usages().all():
                         m.canceled = True
@@ -2640,6 +2652,10 @@ class OrderChangeManager:
                         except BlockedTicketSecret.DoesNotExist:
                             pass
                 # todo: revoke list handling
+            elif isinstance(op, self.ForceRecomputeOperation):
+                self.order.log_action('pretix.event.order.changed.recomputed', user=self.user, auth=self.auth, data={})
+            else:
+                raise TypeError(f"Unknown operation {type(op)}")
 
         for p in secret_dirty:
             assign_ticket_secret(
@@ -2694,7 +2710,10 @@ class OrderChangeManager:
             fees.append(new_fee)
 
         changed_by_rounding = set(apply_rounding(
-            self.order.tax_rounding_mode, self.event.currency, [p for p in split_positions if not p.canceled] + fees
+            self.order.tax_rounding_mode,
+            self._invoice_address,
+            self.event.currency,
+            [p for p in split_positions if not p.canceled] + fees
         ))
         split_order.total = sum([p.price for p in split_positions if not p.canceled])
 
@@ -2716,7 +2735,10 @@ class OrderChangeManager:
                 fee.delete()
 
             changed_by_rounding |= set(apply_rounding(
-                self.order.tax_rounding_mode, self.event.currency, [p for p in split_positions if not p.canceled] + fees
+                self.order.tax_rounding_mode,
+                self._invoice_address,
+                self.event.currency,
+                [p for p in split_positions if not p.canceled] + fees
             ))
             split_order.total = sum([p.price for p in split_positions if not p.canceled]) + sum([f.value for f in fees])
 
@@ -2833,7 +2855,12 @@ class OrderChangeManager:
         if fee_changed:
             fees = list(self.order.fees.all())
 
-        changed = apply_rounding(self.order.tax_rounding_mode, self.order.event.currency, [*positions, *fees])
+        changed = apply_rounding(
+            self.order.tax_rounding_mode,
+            self._invoice_address,
+            self.order.event.currency,
+            [*positions, *fees]
+        )
         for l in changed:
             if isinstance(l, OrderPosition):
                 l.save(update_fields=[
@@ -3131,7 +3158,10 @@ def _try_auto_refund(order, auto_refund=True, manual_refund=False, allow_partial
                 customer=order.customer,
                 testmode=order.testmode
             )
-            giftcard.log_action('pretix.giftcards.created', data={})
+            giftcard.log_action(
+                action='pretix.giftcards.created',
+                data={}
+            )
             r = order.refunds.create(
                 order=order,
                 payment=None,
@@ -3269,8 +3299,12 @@ def change_payment_provider(order: Order, payment_provider, amount=None, new_pay
 
     positions = list(order.positions.all())
     fees = list(order.fees.all())
+    try:
+        ia = order.invoice_address
+    except InvoiceAddress.DoesNotExist:
+        ia = None
     rounding_changed = set(apply_rounding(
-        order.tax_rounding_mode, order.event.currency, [*positions, *[f for f in fees if f.pk != fee.pk]]
+        order.tax_rounding_mode, ia, order.event.currency, [*positions, *[f for f in fees if f.pk != fee.pk]]
     ))
     total_without_fee = sum(c.price for c in positions) + sum(f.value for f in fees if f.pk != fee.pk)
     pending_sum_without_fee = max(Decimal("0.00"), total_without_fee - already_paid)
@@ -3295,7 +3329,7 @@ def change_payment_provider(order: Order, payment_provider, amount=None, new_pay
         fee = None
 
     rounding_changed |= set(apply_rounding(
-        order.tax_rounding_mode, order.event.currency, [*positions, *fees]
+        order.tax_rounding_mode, ia, order.event.currency, [*positions, *fees]
     ))
     for l in rounding_changed:
         if isinstance(l, OrderPosition):
@@ -3414,7 +3448,18 @@ def signal_listener_issue_giftcards(sender: Event, order: Order, **kwargs):
                     currency=sender.currency, issued_in=p, testmode=order.testmode,
                     expires=sender.organizer.default_gift_card_expiry,
                 )
-                gc.transactions.create(value=p.price - issued, order=order, acceptor=sender.organizer)
+                gc.log_action(
+                    action='pretix.giftcards.created',
+                )
+                trans = gc.transactions.create(value=p.price - issued, order=order, acceptor=sender.organizer)
+                gc.log_action(
+                    action='pretix.giftcards.transaction.manual',
+                    data={
+                        'value': trans.value,
+                        'acceptor_id': order.event.organizer.id,
+                        'acceptor_slug': order.event.organizer.slug
+                    }
+                )
                 any_giftcards = True
                 p.secret = gc.secret
                 p.save(update_fields=['secret'])

src/pretix/base/services/pricing.py

@@ -211,7 +211,8 @@ def apply_discounts(event: Event, sales_channel: Union[str, SalesChannel],
     return [new_prices.get(idx, (p[3], None)) for idx, p in enumerate(positions)]
 
 
-def apply_rounding(rounding_mode: Literal["line", "sum_by_net", "sum_by_net_keep_gross"], currency: str,
+def apply_rounding(rounding_mode: Literal["line", "sum_by_net", "sum_by_net_only_business", "sum_by_net_keep_gross"],
+                   invoice_address: Optional[InvoiceAddress], currency: str,
                    lines: List[Union[OrderPosition, CartPosition, OrderFee]]) -> list:
     """
     Given a list of order positions / cart positions / order fees (may be mixed), applies the given rounding mode
@@ -226,11 +227,17 @@ def apply_rounding(rounding_mode: Literal["line", "sum_by_net", "sum_by_net_keep
     When rounding mode is set to ``"sum_by_net"``, the gross prices and tax values of the individual lines will be
     adjusted such that the per-taxrate/taxcode subtotal is rounded correctly. The net prices will stay constant.
 
-    :param rounding_mode: One of ``"line"``, ``"sum_by_net"``, or ``"sum_by_net_keep_gross"``.
+    :param rounding_mode: One of ``"line"``, ``"sum_by_net"``, ``"sum_by_net_only_business"``, or ``"sum_by_net_keep_gross"``.
+    :param invoice_address: The invoice address, or ``None``
     :param currency: Currency that will be used to determine rounding precision
     :param lines: List of order/cart contents
     :return: Collection of ``lines`` members that have been changed and may need to be persisted to the database.
     """
+    if rounding_mode == "sum_by_net_only_business":
+        if invoice_address and invoice_address.is_business:
+            rounding_mode = "sum_by_net"
+        else:
+            rounding_mode = "line"
 
     def _key(line):
         return (line.tax_rate, line.tax_code or "")

src/pretix/base/services/shredder.py

@@ -48,7 +48,7 @@ from django.utils.translation import gettext_lazy as _
 
 from pretix.base.i18n import language
 from pretix.base.models import CachedFile, Event, User, cachedfile_name
-from pretix.base.services.mail import SendMailException, mail
+from pretix.base.services.mail import mail
 from pretix.base.services.tasks import ProfiledEventTask
 from pretix.base.shredder import ShredError
 from pretix.celery_app import app
@@ -171,21 +171,18 @@ def shred(self, event: Event, fileid: str, confirm_code: str, user: int=None, lo
 
     if user:
         with language(user.locale):
-            try:
-                mail(
-                    user.email,
-                    _('Data shredding completed'),
-                    'pretixbase/email/shred_completed.txt',
-                    {
-                        'user': user,
-                        'organizer': event.organizer.name,
-                        'event': str(event.name),
-                        'start_time': date_format(parse(indexdata['time']).astimezone(event.timezone), 'SHORT_DATETIME_FORMAT'),
-                        'shredders': ', '.join([str(s.verbose_name) for s in shredders])
-                    },
-                    event=None,
-                    user=user,
-                    locale=user.locale,
-                )
-            except SendMailException:
-                pass  # Already logged
+            mail(
+                user.email,
+                _('Data shredding completed'),
+                'pretixbase/email/shred_completed.txt',
+                {
+                    'user': user,
+                    'organizer': event.organizer.name,
+                    'event': str(event.name),
+                    'start_time': date_format(parse(indexdata['time']).astimezone(event.timezone), 'SHORT_DATETIME_FORMAT'),
+                    'shredders': ', '.join([str(s.verbose_name) for s in shredders])
+                },
+                event=None,
+                user=user,
+                locale=user.locale,
+            )

src/pretix/base/settings.py

@@ -81,6 +81,7 @@ from pretix.helpers.countries import CachedCountries, pycountry_add
 ROUNDING_MODES = (
     ('line', _('Compute taxes for every line individually')),
     ('sum_by_net', _('Compute taxes based on net total')),
+    ('sum_by_net_only_business', _('For business customers, compute taxes based on net total. For individuals, use line-based rounding')),
     ('sum_by_net_keep_gross', _('Compute taxes based on net total with stable gross prices')),
     # We could also have sum_by_gross, but we're not aware of any use-cases for it
 )
@@ -2947,6 +2948,28 @@ If you did not request a new password, please ignore this email.
 
 Best regards,  
 
+Your {organizer} team"""))  # noqa: W291
+    },
+    'mail_subject_customer_security_notice': {
+        'type': LazyI18nString,
+        'default': LazyI18nString.from_gettext(gettext_noop("Changes to your account at {organizer}")),
+    },
+    'mail_text_customer_security_notice': {
+        'type': LazyI18nString,
+        'default': LazyI18nString.from_gettext(gettext_noop("""Hello {name},
+
+the following change has been made to your account at {organizer}:
+
+{message}
+
+You can review and change your account settings here:
+
+{url}
+
+If this change was not performed by you, please contact us immediately.
+
+Best regards,  
+
 Your {organizer} team"""))  # noqa: W291
     },
     'smtp_use_custom': {

src/pretix/base/shredder.py

@@ -51,7 +51,7 @@ from pretix.api.serializers.waitinglist import WaitingListSerializer
 from pretix.base.i18n import LazyLocaleException
 from pretix.base.models import (
     CachedCombinedTicket, CachedTicket, Event, InvoiceAddress, OrderPayment,
-    OrderPosition, OrderRefund, QuestionAnswer,
+    OrderPosition, OrderRefund, OutgoingMail, QuestionAnswer,
 )
 from pretix.base.services.invoices import invoice_pdf_task
 from pretix.base.signals import register_data_shredders
@@ -329,6 +329,10 @@ class EmailAddressShredder(BaseDataShredder):
             sleep_time=2,
         )
 
+        slow_delete(
+            OutgoingMail.objects.filter(event=self.event)
+        )
+
         for o in _progress_helper(qs_orders, progress_callback, qs_op_cnt, total):
             changed = bool(o.email) or bool(o.customer)
             o.email = None

src/pretix/base/signals.py

@@ -944,32 +944,40 @@ As with all event-plugin signals, the ``sender`` keyword argument will contain t
 
 email_filter = EventPluginSignal()
 """
-Arguments: ``message``, ``order``, ``user``
+Arguments: ``message``, ``order``, ``user``, ``outgoing_mail``
 
 This signal allows you to implement a middleware-style filter on all outgoing emails. You are expected to
 return a (possibly modified) copy of the message object passed to you.
 
 As with all event-plugin signals, the ``sender`` keyword argument will contain the event.
 The ``message`` argument will contain an ``EmailMultiAlternatives`` object.
+The ``outgoing_mail`` argument will contain the ``OutgoingMail`` model instance. Note that the ``message`` object
+might have newer information if a previous plugin already modified the email.
 If the email is associated with a specific order, the ``order`` argument will be passed as well, otherwise
 it will be ``None``.
 If the email is associated with a specific user, e.g. a notification email, the ``user`` argument will be passed as
 well, otherwise it will be ``None``.
+
+You can raise ``WithholdMailException`` to prevent the email from being sent, e.g. when implementing rate limiting.
 """
 
 global_email_filter = GlobalSignal()
 """
-Arguments: ``message``, ``order``, ``user``, ``customer``, ``organizer``
+Arguments: ``message``, ``order``, ``user``, ``customer``, ``organizer``, ``outgoing_mail``
 
 This signal allows you to implement a middleware-style filter on all outgoing emails. You are expected to
 return a (possibly modified) copy of the message object passed to you.
 
 This signal is called on all events and even if there is no known event. ``sender`` is an event or None.
 The ``message`` argument will contain an ``EmailMultiAlternatives`` object.
+The ``outgoing_mail`` argument will contain the ``OutgoingMail`` model instance. Note that the ``message`` object
+might have newer information if a previous plugin already modified the email.
 If the email is associated with a specific order, the ``order`` argument will be passed as well, otherwise
 it will be ``None``.
 If the email is associated with a specific user, e.g. a notification email, the ``user`` argument will be passed as
 well, otherwise it will be ``None``.
+
+You can raise ``WithholdMailException`` to prevent the email from being sent, e.g. when implementing rate limiting.
 """
 
 

src/pretix/base/templates/404.html

@@ -8,9 +8,6 @@
         <h1>{% trans "Not found" %}</h1>
         <p>{% trans "I'm afraid we could not find the the resource you requested." %}</p>
         <p>{{ exception }}</p>
-        <p class="links">
-            <a id='goback' href='#'>{% trans "Take a step back" %}</a>
-        </p>
         {% if request.user.is_staff and not staff_session %}
             <form action="{% url 'control:user.sudo' %}?next={{ request.path|add:"?"|add:request.GET.urlencode|urlencode }}" method="post">
                 <p>

src/pretix/base/templatetags/rich_text.py

@@ -156,7 +156,7 @@ def safelink_callback(attrs, new=False):
     Makes sure that all links to a different domain are passed through a redirection handler
     to ensure there's no passing of referers with secrets inside them.
     """
-    url = attrs.get((None, 'href'), '/')
+    url = html.unescape(attrs.get((None, 'href'), '/'))
     if not url_has_allowed_host_and_scheme(url, allowed_hosts=None) and not url.startswith('mailto:') and not url.startswith('tel:'):
         signer = signing.Signer(salt='safe-redirect')
         attrs[None, 'href'] = reverse('redirect') + '?url=' + urllib.parse.quote(signer.sign(url))

src/pretix/base/validators.py

@@ -95,6 +95,7 @@ class OrganizerSlugBanlistValidator(BanlistValidator):
         'csp_report',
         'widget',
         'lead',
+        'scheduling',
     ]
 
 

src/pretix/base/views/js_helpers.py

@@ -20,6 +20,7 @@
 # <https://www.gnu.org/licenses/>.
 #
 import pycountry
+from django.conf import settings
 from django.http import JsonResponse
 from django.shortcuts import get_object_or_404
 from django.utils.translation import gettext, pgettext, pgettext_lazy
@@ -29,6 +30,7 @@ from django_scopes import scope
 from pretix.base.addressvalidation import (
     COUNTRIES_WITH_STREET_ZIPCODE_AND_CITY_REQUIRED,
 )
+from pretix.base.i18n import language
 from pretix.base.invoicing.transmission import get_transmission_types
 from pretix.base.models import Organizer
 from pretix.base.models.tax import VAT_ID_COUNTRIES
@@ -89,7 +91,7 @@ def _info(cc):
     }
 
 
-def address_form(request):
+def _address_form(request):
     cc = request.GET.get("country", "DE")
     info = _info(cc)
 
@@ -157,4 +159,15 @@ def address_form(request):
                 # The help text explains that it is optional, so we want to hide that if it is required
                 info["vat_id"]["helptext_visible"] = False
 
+    return info
+
+
+def address_form(request):
+    locale = request.GET.get('locale')
+    if locale in dict(settings.LANGUAGES):
+        with language(locale):
+            info = _address_form(request)
+    else:
+        info = _address_form(request)
+
     return JsonResponse(info)

src/pretix/control/forms/event.py

@@ -867,6 +867,11 @@ class TaxSettingsForm(EventSettingsValidationMixin, SettingsForm):
                 "The gross price of some products may be changed to ensure correct rounding, while the net "
                 "prices will be kept as configured. This may cause the actual payment amount to differ."
             ),
+            "sum_by_net_only_business": _(
+                "Same as above, but only applied to business customers. Line-based rounding will be used for consumers. "
+                "Recommended when e-invoicing is only used for business customers and consumers do not receive "
+                "invoices. This can cause the payment amount to change when the invoice address is changed."
+            ),
             "sum_by_net_keep_gross": _(
                 "Recommended for e-invoicing when you primarily sell to consumers. "
                 "The gross or net price of some products may be changed automatically to ensure correct "

src/pretix/control/forms/filter.py

@@ -57,8 +57,9 @@ from pretix.base.forms.widgets import (
 from pretix.base.models import (
     Checkin, CheckinList, Device, Event, EventMetaProperty, EventMetaValue,
     Gate, Invoice, InvoiceAddress, Item, Order, OrderPayment, OrderPosition,
-    OrderRefund, Organizer, Question, QuestionAnswer, Quota, SalesChannel,
-    SubEvent, SubEventMetaValue, Team, TeamAPIToken, TeamInvite, Voucher,
+    OrderRefund, Organizer, OutgoingMail, Question, QuestionAnswer, Quota,
+    SalesChannel, SubEvent, SubEventMetaValue, Team, TeamAPIToken, TeamInvite,
+    Voucher,
 )
 from pretix.base.signals import register_payment_providers
 from pretix.base.timeframes import (
@@ -2815,3 +2816,61 @@ class DeviceFilterForm(FilterForm):
             qs = qs.order_by('-device_id')
 
         return qs
+
+
+class OutgoingMailFilterForm(FilterForm):
+    orders = {
+        'date': 'created',
+        '-date': '-created',
+    }
+    query = forms.CharField(
+        label=_('Search email address or subject'),
+        widget=forms.TextInput(attrs={
+            'placeholder': _('Search email address or subject'),
+        }),
+        required=False
+    )
+    event = forms.ModelChoiceField(
+        queryset=Event.objects.none(),
+        label=_('Event'),
+        empty_label=_('All events'),
+        required=False,
+    )
+    status = forms.ChoiceField(
+        label=_('Status'),
+        choices=[
+            ('', _('All')),
+            *OutgoingMail.STATUS_CHOICES,
+        ],
+        required=False
+    )
+
+    def __init__(self, *args, **kwargs):
+        request = kwargs.pop('request')
+        super().__init__(*args, **kwargs)
+        self.fields['event'].queryset = request.organizer.events.all()
+
+    def filter_qs(self, qs):
+        fdata = self.cleaned_data
+
+        if fdata.get('query'):
+            query = fdata.get('query')
+            qs = qs.filter(
+                Q(to__containsstring=query.lower())
+                | Q(cc__containsstring=query.lower())
+                | Q(bcc__containsstring=query.lower())
+                | Q(subject__icontains=query)
+            )
+
+        if fdata.get('event'):
+            qs = qs.filter(event=fdata['event'])
+
+        if fdata.get('status'):
+            qs = qs.filter(status=fdata['status'])
+
+        if fdata.get('ordering'):
+            qs = qs.order_by(self.get_order_by())
+        else:
+            qs = qs.order_by("-created", "-pk")
+
+        return qs

src/pretix/control/forms/organizer.py

@@ -585,6 +585,7 @@ class MailSettingsForm(SettingsForm):
         help_text=''.join([
             str(_("All emails will be sent to this address as a Bcc copy.")),
             str(_("You can specify multiple recipients separated by commas.")),
+            str(_("Sensitive emails like password resets will not be sent in Bcc.")),
         ]),
         validators=[multimail_validate],
         required=False,
@@ -634,6 +635,16 @@ class MailSettingsForm(SettingsForm):
         required=False,
         widget=I18nMarkdownTextarea,
     )
+    mail_subject_customer_security_notice = I18nFormField(
+        label=_("Subject"),
+        required=False,
+        widget=I18nTextInput,
+    )
+    mail_text_customer_security_notice = I18nFormField(
+        label=_("Text"),
+        required=False,
+        widget=I18nMarkdownTextarea,
+    )
 
     base_context = {
         'mail_text_customer_registration': ['customer', 'url'],
@@ -642,6 +653,8 @@ class MailSettingsForm(SettingsForm):
         'mail_subject_customer_email_change': ['customer', 'url'],
         'mail_text_customer_reset': ['customer', 'url'],
         'mail_subject_customer_reset': ['customer', 'url'],
+        'mail_text_customer_security_notice': ['customer', 'url', 'message'],
+        'mail_subject_customer_security_notice': ['customer', 'url', 'message'],
     }
 
     def _get_sample_context(self, base_parameters):
@@ -655,6 +668,9 @@ class MailSettingsForm(SettingsForm):
                 'presale:organizer.customer.activate'
             ) + '?token=' + get_random_string(30)
 
+        if 'message' in base_parameters:
+            placeholders['message'] = _('Your password has been changed.')
+
         if 'customer' in base_parameters:
             placeholders['name'] = pgettext_lazy('person_name_sample', 'John Doe')
             name_scheme = PERSON_NAME_SCHEMES[self.organizer.settings.name_scheme]

src/pretix/control/forms/waitinglist.py

@@ -19,17 +19,44 @@
 # You should have received a copy of the GNU Affero General Public License along with this program.  If not, see
 # <https://www.gnu.org/licenses/>.
 #
+from django import forms
 from django.urls import reverse
+from django.utils.translation import gettext_lazy as _
 from django_scopes.forms import SafeModelChoiceField
+from phonenumber_field.formfields import PhoneNumberField
 
 from pretix.base.forms import I18nModelForm
+from pretix.base.forms.questions import (
+    NamePartsFormField, WrappedPhoneNumberPrefixWidget,
+)
 from pretix.base.models import WaitingListEntry
 from pretix.control.forms.widgets import Select2
 
 
-class WaitingListEntryTransferForm(I18nModelForm):
+class WaitingListEntryEditForm(I18nModelForm):
+    itemvar = forms.ChoiceField(
+        error_messages={
+            'invalid_choice': _("Select a valid choice.")
+        }
+    )
 
     def __init__(self, *args, **kwargs):
+        self.instance = kwargs.get('instance', None)
+        initial = kwargs.get('initial', {})
+
+        choices = []
+        if self.instance and self.instance.pk and 'itemvar' not in initial:
+            if self.instance.variation is not None:
+                initial['itemvar'] = f'{self.instance.item.pk}-{self.instance.variation.pk}'
+                if self.instance.variation.active is False:
+                    choices.append((initial['itemvar'], str(self.instance.variation)))
+            else:
+                initial['itemvar'] = self.instance.item.pk
+                if self.instance.item.active is False:
+                    choices.append((initial['itemvar'], str(self.instance)))
+
+        kwargs['initial'] = initial
+
         super().__init__(*args, **kwargs)
 
         if self.event.has_subevents:
@@ -45,12 +72,73 @@ class WaitingListEntryTransferForm(I18nModelForm):
                 }
             )
             self.fields['subevent'].widget.choices = self.fields['subevent'].choices
+        else:
+            del self.fields['subevent']
+
+        if self.event.settings.waiting_list_names_asked:
+            self.fields['name_parts'] = NamePartsFormField(
+                max_length=255,
+                required=self.event.settings.waiting_list_names_required,
+                scheme=self.event.organizer.settings.name_scheme,
+                titles=self.event.organizer.settings.name_scheme_titles,
+                label=_('Name'),
+            )
+        else:
+            del self.fields['name_parts']
+
+        if not self.event.settings.waiting_list_phones_asked:
+            del self.fields['phone']
+
+        items = self.event.items.filter(active=True).prefetch_related(
+            'variations'
+        )
+
+        for item in items:
+            if len(item.variations.all()) > 0:
+                for variation in item.variations.all():
+                    if variation.active:
+                        choices.append(
+                            ('{}-{}'.format(item.pk, variation.pk), '{} - {}'.format(str(item), str(variation)))
+                        )
+            else:
+                choices.append(('{}'.format(item.pk), str(item)))
+
+        self.fields['itemvar'].label = _("Product")
+        self.fields['itemvar'].help_text = _("Only includes active products.")
+        self.fields['itemvar'].required = True
+        self.fields['itemvar'].choices = choices
+
+    def clean(self):
+        cleaned_data = super().clean()
+
+        if self.instance.voucher is not None:
+            raise forms.ValidationError(_('A voucher for this waiting list entry was already sent out.'))
+
+        itemvar = cleaned_data.get('itemvar')
+        if itemvar:
+            self.instance.item = self.event.items.get(pk=itemvar.split('-')[0])
+            if '-' in itemvar:
+                self.instance.variation = self.instance.item.variations.get(pk=itemvar.split('-')[1])
+
+        if ((self.instance.item and not self.instance.item.active) or
+                (self.instance.variation and not self.instance.variation.active)):
+            self.add_error('itemvar', _('The selected product is not active.'))
+
+        return cleaned_data
 
     class Meta:
         model = WaitingListEntry
         fields = [
+            'email',
+            'name_parts',
+            'phone',
             'subevent',
         ]
         field_classes = {
             'subevent': SafeModelChoiceField,
+            'email': forms.EmailField,
+            'phone': PhoneNumberField,
+        }
+        widgets = {
+            'phone': WrappedPhoneNumberPrefixWidget,
         }

src/pretix/control/logdisplay.py

@@ -170,6 +170,12 @@ class OrderFeeAdded(OrderChangeLogEntryType):
     plain = _('A fee has been added')
 
 
+@log_entry_types.new()
+class OrderRecomputed(OrderChangeLogEntryType):
+    action_type = 'pretix.event.order.changed.recomputed'
+    plain = _('Taxes and rounding have been recomputed')
+
+
 @log_entry_types.new()
 class OrderFeeChanged(OrderChangeLogEntryType):
     action_type = 'pretix.event.order.changed.feevalue'
@@ -699,6 +705,8 @@ class CoreUserImpersonatedLogEntryType(UserImpersonatedLogEntryType):
     'pretix.organizer.export.schedule.deleted': _('A scheduled export has been deleted.'),
     'pretix.organizer.export.schedule.executed': _('A scheduled export has been executed.'),
     'pretix.organizer.export.schedule.failed': _('A scheduled export has failed: {reason}.'),
+    'pretix.organizer.outgoingmails.retried': _('Failed emails have been scheduled to be retried.'),
+    'pretix.organizer.outgoingmails.aborted': _('Queued emails have been aborted.'),
     'pretix.giftcards.acceptance.added': _('Gift card acceptance for another organizer has been added.'),
     'pretix.giftcards.acceptance.removed': _('Gift card acceptance for another organizer has been removed.'),
     'pretix.giftcards.acceptance.acceptor.invited': _('A new gift card acceptor has been invited.'),
@@ -793,6 +801,8 @@ class CoreUserImpersonatedLogEntryType(UserImpersonatedLogEntryType):
     'pretix.giftcards.created': _('The gift card has been created.'),
     'pretix.giftcards.modified': _('The gift card has been changed.'),
     'pretix.giftcards.transaction.manual': _('A manual transaction has been performed.'),
+    'pretix.giftcards.transaction.payment': _('A payment has been performed.'),
+    'pretix.giftcards.transaction.refund': _('A refund has been performed. '),
     'pretix.team.token.created': _('The token "{name}" has been created.'),
     'pretix.team.token.deleted': _('The token "{name}" has been revoked.'),
     'pretix.event.checkin.reset': _('The check-in and print log state has been reset.')

src/pretix/control/navigation.py

@@ -679,6 +679,15 @@ def get_organizer_navigation(request):
             'active': (url.url_name == 'organizer.datasync.failedjobs'),
         }])
 
+        nav.append({
+            'label': _('Outgoing emails'),
+            'url': reverse('control:organizer.outgoingmails', kwargs={
+                'organizer': request.organizer.slug,
+            }),
+            'active': 'organizer.outgoingmail' in url.url_name,
+            'icon': 'send',
+        })
+
     merge_in(nav, sorted(
         sum((list(a[1]) for a in nav_organizer.send(request.organizer, request=request, organizer=request.organizer)),
             []),

src/pretix/control/templates/pretixcontrol/auth/login.html

@@ -19,6 +19,14 @@
             </ul>
             <br>
         {% endif %}
+        {% if possible_cookie_problem %}
+            <div class="alert alert-warning">
+                {% blocktrans trimmed %}
+                    It looks like your browser is not accepting our cookie and you need to log in repeatedly. Please
+                    check if your browser is set to block cookies, or delete all existing cookies and retry.
+                {% endblocktrans %}
+            </div>
+        {% endif %}
         {% csrf_token %}
         {% bootstrap_form form %}
         <div class="form-group buttons">

src/pretix/control/templates/pretixcontrol/organizers/mail.html

@@ -65,6 +65,9 @@
 
                     {% blocktrans asvar title_reset %}Customer account password reset{% endblocktrans %}
                     {% include "pretixcontrol/event/mail_settings_fragment.html" with pid="reset" title=title_reset items="mail_subject_customer_reset,mail_text_customer_reset" %}
+
+                    {% blocktrans asvar title_security_notice %}Customer account security notification{% endblocktrans %}
+                    {% include "pretixcontrol/event/mail_settings_fragment.html" with pid="security_notice" title=title_security_notice items="mail_subject_customer_security_notice,mail_text_customer_security_notice" %}
                 </div>
             </fieldset>
         </div>

src/pretix/control/templates/pretixcontrol/organizers/outgoing_mail.html

@@ -0,0 +1,222 @@
+{% extends "pretixcontrol/organizers/base.html" %}
+{% load i18n %}
+{% load bootstrap3 %}
+{% load urlreplace %}
+{% load icon %}
+{% load compress %}
+{% load static %}
+{% block inner %}
+    <h1>
+        {% trans "Outgoing email" %}
+    </h1>
+    <div class="panel panel-default">
+        <div class="panel-heading">
+            <h3 class="panel-title">{% trans "Email details" %}</h3>
+        </div>
+        <div class="panel-body">
+            <div class="row">
+                <div class="col-lg-7 col-md-12">
+
+                    <dl class="dl-horizontal">
+                        <dt>{% trans "From" context "email" %}</dt>
+                        <dd>{{ sender }}</dd>
+                        <dt>{% trans "To" context "email" %}</dt>
+                        <dd>{{ mail.to|join:", " }}</dd>
+                        {% if mail.cc %}
+                            <dt>{% trans "Cc" context "email" %}</dt>
+                            <dd>{{ mail.cc|join:", " }}</dd>
+                        {% endif %}
+                        {% if mail.bcc %}
+                            <dt>{% trans "Bcc" context "email" %}</dt>
+                            <dd>{{ mail.bcc|join:", " }}</dd>
+                        {% endif %}
+                        <dt>{% trans "Subject" %}</dt>
+                        <dd>{{ mail.subject }}</dd>
+                        <dt>{% trans "Status" %}</dt>
+                        <dd>
+                            {% if mail.status == "queued" %}
+                                <span class="label label-info">{% icon "clock-o" %} {% trans "queued" %}</span>
+                            {% elif mail.status == "inflight" %}
+                                <span class="label label-info">{% icon "send" %} {% trans "being sent" %}</span>
+                            {% elif mail.status == "awaiting_retry" %}
+                                <span class="label label-warning">{% icon "repeat" %} {% trans "will be retried" %}</span>
+                            {% elif mail.status == "failed" %}
+                                <span class="label label-danger">{% icon "warning" %} {% trans "failed" %}</span>
+                            {% elif mail.status == "bounced" %}
+                                <span class="label label-danger">{% icon "exclamation-circle" %} {% trans "bounced" %}</span>
+                            {% elif mail.status == "withheld" %}
+                                <span class="label label-warning">{% icon "ban" %} {% trans "withheld" %}</span>
+                            {% elif mail.status == "aborted" %}
+                                <span class="label label-danger">{% icon "ban" %} {% trans "aborted" %}</span>
+                            {% elif mail.status == "sent" %}
+                                <span class="label label-success">{% icon "check" %} {% trans "sent" %}</span>
+                            {% endif %}
+                        </dd>
+                        <dt>{% trans "Creation" %}</dt>
+                        <dd>{{ mail.created|date:"SHORT_DATETIME_FORMAT" }}</dd>
+                        {% if mail.sent %}
+                            <dt>{% trans "Sent" %}</dt>
+                            <dd>{{ mail.sent|date:"SHORT_DATETIME_FORMAT" }}</dd>
+                        {% endif %}
+                        {% if mail.retry_after and mail.status == "awaiting_retry" %}
+                            <dt>{% trans "Next attempt (estimate)" %}</dt>
+                            <dd>{{ mail.retry_after|date:"SHORT_DATETIME_FORMAT" }}</dd>
+                        {% endif %}
+                        {% if mail.event %}
+                            <dt>{% trans "Event" %}</dt>
+                            <dd>
+                                <a href="{% url "control:event.index" organizer=request.organizer.slug event=mail.event.slug %}">
+                                    {{ mail.event }}
+                                </a>
+                            </dd>
+                        {% endif %}
+                        {% if mail.order %}
+                            <dt>{% trans "Order" %}</dt>
+                            <dd>
+                                <a href="{% url "control:event.order" organizer=request.organizer.slug event=mail.event.slug code=mail.order.code %}">
+                                    {{ mail.order.code }}</a>{% if mail.orderposition %}-
+                                {{ mail.orderposition.positionid }}{% endif %}
+                            </dd>
+                        {% endif %}
+                        {% if mail.customer %}
+                            <dt>{% trans "Customer" %}</dt>
+                            <dd>
+                                {% icon "user fa-fw" %}
+                                <a href="{% url "control:organizer.customer" organizer=request.organizer.slug customer=mail.customer.identifier %}">
+                                    {{ mail.customer }}
+                                </a>
+                            </dd>
+                        {% endif %}
+                    </dl>
+                </div>
+                {% if mail.actual_attachments %}
+                    <div class="col-lg-5 col-md-12">
+                        <strong>{% trans "Attachments" %}</strong><br>
+                        <ul class="list-unstyled">
+                            {% for a in mail.actual_attachments %}
+                                <li>
+                                    {% if a.type == "text/calendar" %}
+                                        {% icon "calendar-plus-o fa-fw" %}
+                                    {% elif a.type == "application/pdf" %}
+                                        {% icon "file-pdf-o fa-fw" %}
+                                    {% elif "image/" in a.type %}
+                                        {% icon "file-image-o fa-fw" %}
+                                    {% elif "msword" in a.type or "document" in a.type %}
+                                        {% icon "file-word-o fa-fw" %}
+                                    {% elif "excel" in a.type or "spreadsheet" in a.type %}
+                                        {% icon "file-excel-o fa-fw" %}
+                                    {% elif "powerpoint" in a.type or "presentation" in a.type %}
+                                        {% icon "file-powerpoint-o fa-fw" %}
+                                    {% elif "pkpass" in a.type %}
+                                        {% icon "qrcode fa-fw" %}
+                                    {% else %}
+                                        {% icon "file-o fa-fw" %}
+                                    {% endif %}
+                                    {{ a.name }}
+                                    <span class="text-muted">
+                                        ({{ a.size|filesizeformat }})
+                                    </span>
+                                </li>
+                            {% endfor %}
+                        </ul>
+                    </div>
+                {% endif %}
+            </div>
+        </div>
+    </div>
+    <div>
+        <ul class="nav nav-tabs" role="tablist">
+            {% if mail.is_failed %}
+                <li role="presentation" class="active">
+                    <a href="#tab-error" role="tab" data-toggle="tab">
+                        <span class="fa fa-warning"></span>
+                        {% trans "Error" %}
+                    </a>
+                </li>
+            {% endif %}
+            {% if mail.body_html %}
+                <li role="presentation"
+                    {% if not mail.is_failed %}class="active"{% endif %}>
+                    <a href="#tab-html" role="tab" data-toggle="tab">
+                        <span class="fa fa-eye"></span>
+                        {% trans "HTML content" %}
+                    </a>
+                </li>
+            {% endif %}
+            <li role="presentation"
+                {% if not mail.is_failed and not mail.body_html %}class="active"{% endif %}>
+                <a href="#tab-text" role="tab" data-toggle="tab">
+                    <span class="fa fa-file-text-o"></span>
+                    {% trans "Text content" %}
+                </a>
+            </li>
+            <li role="presentation">
+                <a href="#tab-headers" role="tab" data-toggle="tab">
+                    <span class="fa fa-code"></span>
+                    {% trans "Headers" %}
+                </a>
+            </li>
+        </ul>
+
+        <div class="tab-content">
+            {% if mail.is_failed %}
+                <div role="tabpanel" class="tab-pane active" id="tab-error">
+                    <strong>
+                        {{ mail.error }}
+                    </strong>
+                    <pre>{{ mail.error_detail }}</pre>
+                </div>
+            {% endif %}
+            {% if mail.body_html %}
+                <div role="tabpanel"
+                     class="tab-pane {% if not mail.is_failed %}active{% endif %}"
+                     id="tab-html">
+                    {% if mail.sensitive %}
+                        <div class="empty-collection">
+                            <p>
+                                {% icon "eye-slash fa-4x" %}
+                            </p>
+                            <p>
+                                {% blocktrans trimmed %}
+                                    Sensitive content not shown for security reasons
+                                {% endblocktrans %}
+                            </p>
+                        </div>
+                    {% else %}
+                        {{ data_url|json_script:"mail_body_html" }}
+                    {% endif %}
+                </div>
+            {% endif %}
+            <div role="tabpanel"
+                 class="tab-pane {% if not mail.is_failed and not mail.body_html %}active{% endif %}"
+                 id="tab-text">
+                {% if mail.sensitive %}
+                    <div class="empty-collection">
+                        <p>
+                            {% icon "eye-slash fa-4x" %}
+                        </p>
+                        <p>
+                            {% blocktrans trimmed %}
+                                Sensitive content not shown for security reasons
+                            {% endblocktrans %}
+                        </p>
+                    </div>
+                {% else %}
+                    <pre><code>{{ mail.body_plain }}</code></pre>
+                {% endif %}
+            </div>
+            <div role="tabpanel"
+                 class="tab-pane"
+                 id="tab-headers">
+                <pre><code>{% for k, v in mail.headers.items %}{{ k }}: {{ v }}<br>{% endfor %}</code></pre>
+                <p class="text-muted">
+                    {% trans "Additional headers will be added by the mail server and are not visible here." %}
+                </p>
+            </div>
+        </div>
+
+    </div>
+    {% compress js %}
+        <script type="text/javascript" src="{% static "pretixcontrol/js/ui/outgoingmail.js" %}"></script>
+    {% endcompress %}
+{% endblock %}

src/pretix/control/templates/pretixcontrol/organizers/outgoing_mails.html

@@ -0,0 +1,185 @@
+{% extends "pretixcontrol/organizers/base.html" %}
+{% load i18n %}
+{% load bootstrap3 %}
+{% load urlreplace %}
+{% load icon %}
+{% block inner %}
+    <h1>
+        {% trans "Outgoing emails" %}
+    </h1>
+    <p>
+        {% blocktrans trimmed with days=days %}
+            This is an overview of all emails sent by your organizer account in the last {{ days }} days.
+        {% endblocktrans %}
+    </p>
+    {% if mails|length == 0 and not filter_form.filtered %}
+        <div class="empty-collection">
+            <p>
+                {% blocktrans trimmed %}
+                    You haven't sent any emails recently.
+                {% endblocktrans %}
+            </p>
+        </div>
+    {% else %}
+        <div class="panel panel-default">
+            <div class="panel-heading">
+                <h3 class="panel-title">{% trans "Filter" %}</h3>
+            </div>
+            <form class="panel-body filter-form" action="" method="get">
+                <div class="row">
+                    <div class="col-md-4 col-sm-6 col-xs-12">
+                        {% bootstrap_field filter_form.query %}
+                    </div>
+                    <div class="col-md-3 col-sm-6 col-xs-12">
+                        {% bootstrap_field filter_form.status %}
+                    </div>
+                    <div class="col-md-5 col-sm-6 col-xs-12">
+                        {% bootstrap_field filter_form.event %}
+                    </div>
+                </div>
+                <div class="text-right">
+                    <button class="btn btn-primary btn-lg" type="submit">
+                        <span class="fa fa-filter"></span>
+                        {% trans "Filter" %}
+                    </button>
+                </div>
+            </form>
+        </div>
+        <form action="{% url "control:organizer.outgoingmails.bulk_action" organizer=request.organizer.slug %}" method="post">
+            {% csrf_token %}
+            {% for field in filter_form %}
+                {{ field.as_hidden }}
+            {% endfor %}
+            <div class="table-responsive">
+                <table class="table table-condensed table-hover table-quotas">
+                    <thead>
+                    <tr>
+                        <th>
+                            <label aria-label="{% trans "select all rows for batch-operation" %}"
+                                   class="batch-select-label"><input type="checkbox" data-toggle-table/></label>
+                        </th>
+                        <th>{% trans "Subject" %}</th>
+                        <th>{% trans "Recipients" %}</th>
+                        <th>{% trans "Context" %}</th>
+                        <th>{% trans "Status" %}</th>
+                        <th>{% trans "Date" %}
+                            <a href="?{% url_replace request 'ordering' '-date' %}"><i
+                                    class="fa fa-caret-down"></i></a>
+                            <a href="?{% url_replace request 'ordering' 'date' %}"><i class="fa fa-caret-up"></i></a>
+                        </th>
+                        <th></th>
+                    </tr>
+                    {% if page_obj.paginator.num_pages > 1 %}
+                        <tr class="table-select-all warning hidden">
+                            <td>
+                                <input type="checkbox" name="__ALL" id="__all"
+                                       data-results-total="{{ page_obj.paginator.count }}">
+                            </td>
+                            <td colspan="7">
+                                <label for="__all">
+                                    {% trans "Select all results on other pages as well" %}
+                                </label>
+                            </td>
+                        </tr>
+                    {% endif %}
+                    </thead>
+                    <tbody>
+                    {% for m in mails %}
+                        <tr>
+                            <td>
+                                <label aria-label="{% trans "select row for batch-operation" %}"
+                                       class="batch-select-label"><input type="checkbox" name="outgoingmail"
+                                                                         class="batch-select-checkbox"
+                                                                         value="{{ m.pk }}"/></label>
+                            </td>
+                            <td>
+                                <a href="{% url "control:organizer.outgoingmail" organizer=request.organizer.slug mail=m.id %}">
+                                    {{ m.subject }}
+                                </a>
+                                {% if m.sensitive %}
+                                    <span class="text-muted">{% icon "eye-slash" %}</span>
+                                {% endif %}
+                            </td>
+                            <td>
+                                {{ m.to|join:", " }}
+                                {% if m.cc %}
+                                    <br><small class="text-muted">{% trans "Cc" context "email" %}: {{ m.cc|join:", " }}</small>
+                                {% endif %}
+                                {% if m.bcc %}
+                                    <br><small class="text-muted">{% trans "Bcc" context "email" %}: {{ m.bcc|join:", " }}</small>
+                                {% endif %}
+                            </td>
+                            <td>
+                                {% if m.event %}
+                                    <div>
+                                        {% icon "calendar fa-fw" %}
+                                        <a href="{% url "control:event.index" organizer=request.organizer.slug event=m.event.slug %}">
+                                            {{ m.event }}
+                                        </a>
+                                    </div>
+                                {% endif %}
+                                {% if m.order %}
+                                    <div>
+                                        {% icon "shopping-cart fa-fw" %}
+                                        <a href="{% url "control:event.order" organizer=request.organizer.slug event=m.event.slug code=m.order.code %}">
+                                            {{ m.order.code }}</a>{% if m.orderposition %}-{{ m.orderposition.positionid }}{% endif %}
+                                    </div>
+                                {% endif %}
+                                {% if m.customer %}
+                                    <div>
+                                        {% icon "user fa-fw" %}
+                                        <a href="{% url "control:organizer.customer" organizer=request.organizer.slug customer=m.customer.identifier %}">
+                                            {{ m.customer }}
+                                        </a>
+                                    </div>
+                                {% endif %}
+                            </td>
+                            <td>
+                                {% if m.status == "queued" %}
+                                    <span class="label label-info">{% icon "clock-o" %} {% trans "queued" %}</span>
+                                {% elif m.status == "inflight" %}
+                                    <span class="label label-info">{% icon "send" %} {% trans "being sent" %}</span>
+                                {% elif m.status == "awaiting_retry" %}
+                                    <span class="label label-warning">{% icon "repeat" %} {% trans "will be retried" %}</span>
+                                {% elif m.status == "failed" %}
+                                    <span class="label label-danger">{% icon "warning" %} {% trans "failed" %}</span>
+                                {% elif m.status == "bounced" %}
+                                    <span class="label label-danger">{% icon "exclamation-circle" %} {% trans "bounced" %}</span>
+                                {% elif m.status == "withheld" %}
+                                    <span class="label label-warning">{% icon "ban" %} {% trans "withheld" %}</span>
+                                {% elif m.status == "aborted" %}
+                                    <span class="label label-danger">{% icon "ban" %} {% trans "aborted" %}</span>
+                                {% elif m.status == "sent" %}
+                                    <span class="label label-success">{% icon "check" %} {% trans "sent" %}</span>
+                                {% endif %}
+                            </td>
+                            <td>
+                                {{ m.created|date:"SHORT_DATETIME_FORMAT" }}
+                                {% if m.sent %}
+                                    <br>
+                                    <small class="text-muted">{% trans "Sent:" %} {{ m.sent|date:"SHORT_DATETIME_FORMAT" }}</small>
+                                {% endif %}
+                            </td>
+                            <td class="text-right flip">
+                                <a href="{% url "control:organizer.outgoingmail" organizer=request.organizer.slug mail=m.id %}"
+                                   class="btn btn-default btn-sm">{% icon "eye" %}</a>
+                            </td>
+                        </tr>
+                    {% endfor %}
+                    </tbody>
+                </table>
+            </div>
+            <div class="batch-select-actions">
+                <button type="submit" class="btn btn-primary btn-save" name="action" value="retry">
+                    {% icon "repeat" %}
+                    {% trans "Retry (if failed or withheld)" %}
+                </button>
+                <button type="submit" class="btn btn-danger btn-save" name="action" value="abort">
+                    {% icon "ban" %}
+                    {% trans "Abort (if queued, awaiting retry or withheld)" %}
+                </button>
+            </div>
+        </form>
+        {% include "pretixcontrol/pagination.html" %}
+    {% endif %}
+{% endblock %}

src/pretix/control/templates/pretixcontrol/user/2fa_main.html

@@ -144,14 +144,23 @@
         </div>
         <div class="panel-body">
             <p>
-                {% trans "If you lose access to your devices, you can use one of the following keys to log in. We recommend to store them in a safe place, e.g. printed out or in a password manager. Every token can be used at most once." %}
+                {% blocktrans trimmed %}
+                    If you lose access to your devices, you can use one of your emergency tokens to log in.
+                    We recommend to store them in a safe place, e.g. printed out or in a password manager.
+                    Every token can be used at most once.
+                {% endblocktrans %}
             </p>
-            <p>{% trans "Unused tokens:" %}</p>
-            <ul>
-                {% for t in static_tokens %}
-                    <li><code>{{ t.token }}</code></li>
-                {% endfor %}
-            </ul>
+            {% if static_tokens_device %}
+                <p>
+                    {% blocktrans trimmed with generation_date_time=static_tokens_device.created_at %}
+                        You generated your emergency tokens on {{ generation_date_time }}.
+                    {% endblocktrans %}
+                </p>
+            {% else %}
+                <p>
+                    {% trans "You don't have any emergency tokens yet." %}
+                </p>
+            {% endif %}
             <a href="{% url "control:user.settings.2fa.regenemergency" %}" class="btn btn-default">
                 <span class="fa fa-refresh"></span>
                 {% trans "Generate new emergency tokens" %}

src/pretix/control/templates/pretixcontrol/waitinglist/edit.html

@@ -0,0 +1,33 @@
+{% extends "pretixcontrol/event/base.html" %}
+{% load i18n %}
+{% load bootstrap3 %}
+{% block title %}{% trans "Edit entry" %}{% endblock %}
+{% block content %}
+    <h1>{% trans "Edit entry" %}</h1>
+    <form action="" method="post" class="form-horizontal">
+        {% csrf_token %}
+
+        {% if form.subevent %}
+            {% bootstrap_field form.subevent layout="control" %}
+        {% endif %}
+
+        {% bootstrap_field form.email layout="control" %}
+
+        {% if form.name_parts %}
+            {% bootstrap_field form.name_parts layout="control" %}
+        {% endif %}
+
+        {% if form.phone %}
+            {% bootstrap_field form.phone layout="control" %}
+        {% endif %}
+        {% bootstrap_field form.itemvar layout="control" %}
+        <div class="form-group submit-group">
+            <a href="{% url "control:event.orders.waitinglist" organizer=request.event.organizer.slug event=request.event.slug %}" class="btn btn-default btn-cancel">
+                {% trans "Cancel" %}
+            </a>
+            <button type="submit" class="btn btn-primary btn-save">
+                {% trans "Save" %}
+            </button>
+        </div>
+    </form>
+{% endblock %}

src/pretix/control/templates/pretixcontrol/waitinglist/index.html

@@ -124,6 +124,7 @@
                 </option>
             {% endfor %}
         </select>
+        <input name="search" type="text" placeholder="{% trans "Search" %}" class="form-control" value="{{ request.GET.search }}">
         {% if request.event.has_subevents %}
             <select name="subevent" class="form-control">
                 <option value="">{% trans "All dates" context "subevent" %}</option>
@@ -267,13 +268,13 @@
                                     data-toggle="tooltip" title="{% trans "Move to the end of the list" %}">
                                     <span class="fa fa-thumbs-down"></span>
                                 </button>
-                                {% if request.event.has_subevents %}
-                                    <a href="{% url "control:event.orders.waitinglist.transfer" organizer=request.event.organizer.slug event=request.event.slug entry=e.id %}"
-                                       class="btn btn-default btn-sm" title="{% trans "Transfer to other date" context "subevent" %}"
-                                        data-toggle="tooltip">
-                                        <i class="fa fa-calendar" aria-hidden="true"></i>
-                                    </a>
-                                {% endif %}
+
+                                <a href="{% url "control:event.orders.waitinglist.edit" organizer=request.event.organizer.slug event=request.event.slug entry=e.id %}"
+                                   class="btn btn-default btn-sm" title="{% trans "Edit entry" %}"
+                                    data-toggle="tooltip">
+                                    <i class="fa fa-edit" aria-hidden="true"></i>
+                                </a>
+
                                 <a href="{% url "control:event.orders.waitinglist.delete" organizer=request.event.organizer.slug event=request.event.slug entry=e.id %}?next={{ request.get_full_path|urlencode }}" class="btn btn-danger btn-sm"><i class="fa fa-trash"></i></a>
                             {% else %}
                                 <button class="btn btn-default btn-sm disabled">

src/pretix/control/templates/pretixcontrol/waitinglist/transfer.html

@@ -1,23 +0,0 @@
-{% extends "pretixcontrol/event/base.html" %}
-{% load i18n %}
-{% load bootstrap3 %}
-{% block title %}{% trans "Transfer entry" %}{% endblock %}
-{% block content %}
-    <h1>{% trans "Transfer entry" %}</h1>
-    <form action="" method="post" class="form-horizontal">
-        {% csrf_token %}
-        <p>{% blocktrans trimmed context "subevent" %}
-            Please select the date to which the following waiting list entry should be
-            transferred: <strong>{{ entry }}</strong>?
-        {% endblocktrans %}</p>
-        {% bootstrap_field form.subevent layout="control" %}
-        <div class="form-group submit-group">
-            <a href="{% url "control:event.orders.waitinglist" organizer=request.event.organizer.slug event=request.event.slug %}" class="btn btn-default btn-cancel">
-                {% trans "Cancel" %}
-            </a>
-            <button type="submit" class="btn btn-primary btn-save">
-                {% trans "Transfer" %}
-            </button>
-        </div>
-    </form>
-{% endblock %}

src/pretix/control/urls.py

@@ -38,8 +38,9 @@ from django.views.generic.base import RedirectView
 
 from pretix.control.views import (
     auth, checkin, dashboards, datasync, discounts, event, geo,
-    global_settings, item, main, modelimport, oauth, orders, organizer, pdf,
-    search, shredder, subevents, typeahead, user, users, vouchers, waitinglist,
+    global_settings, item, mail, main, modelimport, oauth, orders, organizer,
+    pdf, search, shredder, subevents, typeahead, user, users, vouchers,
+    waitinglist,
 )
 
 urlpatterns = [
@@ -240,6 +241,9 @@ urlpatterns = [
             name='organizer.gate.edit'),
     re_path(r'^organizer/(?P<organizer>[^/]+)/gate/(?P<gate>[^/]+)/delete$', organizer.GateDeleteView.as_view(),
             name='organizer.gate.delete'),
+    re_path(r'^organizer/(?P<organizer>[^/]+)/outgoingmails$', mail.OutgoingMailListView.as_view(), name='organizer.outgoingmails'),
+    re_path(r'^organizer/(?P<organizer>[^/]+)/outgoingmail/bulk_action$', mail.OutgoingMailBulkAction.as_view(), name='organizer.outgoingmails.bulk_action'),
+    re_path(r'^organizer/(?P<organizer>[^/]+)/outgoingmail/(?P<mail>[0-9]+)/$', mail.OutgoingMailDetailView.as_view(), name='organizer.outgoingmail'),
     re_path(r'^organizer/(?P<organizer>[^/]+)/teams$', organizer.TeamListView.as_view(), name='organizer.teams'),
     re_path(r'^organizer/(?P<organizer>[^/]+)/team/add$', organizer.TeamCreateView.as_view(), name='organizer.team.add'),
     re_path(r'^organizer/(?P<organizer>[^/]+)/team/(?P<team>[^/]+)/$', organizer.TeamMemberView.as_view(),
@@ -476,8 +480,8 @@ urlpatterns = [
         re_path(r'^waitinglist/auto_assign$', waitinglist.AutoAssign.as_view(), name='event.orders.waitinglist.auto'),
         re_path(r'^waitinglist/(?P<entry>\d+)/delete$', waitinglist.EntryDelete.as_view(),
                 name='event.orders.waitinglist.delete'),
-        re_path(r'^waitinglist/(?P<entry>\d+)/transfer$', waitinglist.EntryTransfer.as_view(),
-                name='event.orders.waitinglist.transfer'),
+        re_path(r'^waitinglist/(?P<entry>\d+)/edit$', waitinglist.EntryEdit.as_view(),
+                name='event.orders.waitinglist.edit'),
         re_path(r'^checkins/$', checkin.CheckinListView.as_view(), name='event.orders.checkins'),
         re_path(r'^checkinlists/$', checkin.CheckinListList.as_view(), name='event.orders.checkinlists'),
         re_path(r'^checkinlists/add$', checkin.CheckinListCreate.as_view(), name='event.orders.checkinlists.add'),

src/pretix/control/views/auth.py

@@ -66,7 +66,6 @@ from pretix.base.forms.auth import (
 )
 from pretix.base.metrics import pretix_failed_logins, pretix_successful_logins
 from pretix.base.models import TeamInvite, U2FDevice, User, WebAuthnDevice
-from pretix.base.services.mail import SendMailException
 from pretix.helpers.http import get_client_ip, redirect_to_url
 from pretix.helpers.security import handle_login_source
 
@@ -150,6 +149,8 @@ def login(request):
             return process_login(request, form.user_cache, form.cleaned_data.get('keep_logged_in', False))
     else:
         form = LoginForm(backend=backend, request=request)
+        # Detect redirection loop (usually means cookie not accepted)
+        ctx['possible_cookie_problem'] = request.path in request.headers.get("Referer", "")
     ctx['form'] = form
     ctx['can_register'] = settings.PRETIX_REGISTRATION
     ctx['can_reset'] = settings.PRETIX_PASSWORD_RESET
@@ -347,9 +348,6 @@ class Forgot(TemplateView):
             except User.DoesNotExist:
                 logger.warning('Backend password reset for unregistered e-mail \"' + email + '\" requested.')
 
-            except SendMailException:
-                logger.exception('Sending password reset email to \"' + email + '\" failed.')
-
             except RepeatedResetDenied:
                 pass
 

src/pretix/control/views/event.py

@@ -870,11 +870,15 @@ class MailSettingsPreview(EventPermissionRequiredMixin, View):
                                 )
 
                         except ValueError:
-                            msgs[self.supported_locale[idx]] = '<div class="alert alert-danger">{}</div>'.format(
-                                PlaceholderValidator.error_message)
+                            msgs[self.supported_locale[idx]] = format_html(
+                                '<div class="alert alert-danger">{}</div>',
+                                PlaceholderValidator.error_message
+                            )
                         except KeyError as e:
-                            msgs[self.supported_locale[idx]] = '<div class="alert alert-danger">{}</div>'.format(
-                                _('Invalid placeholder: {%(value)s}') % {'value': e.args[0]})
+                            msgs[self.supported_locale[idx]] = format_html(
+                                '<div class="alert alert-danger">{}</div>',
+                                _('Invalid placeholder: {%(value)s}') % {'value': e.args[0]}
+                            )
 
         return JsonResponse({
             'item': preview_item,

src/pretix/control/views/mail.py

@@ -0,0 +1,194 @@
+#
+# This file is part of pretix (Community Edition).
+#
+# Copyright (C) 2014-2020  Raphael Michel and contributors
+# Copyright (C) 2020-today pretix GmbH and contributors
+#
+# This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General
+# Public License as published by the Free Software Foundation in version 3 of the License.
+#
+# ADDITIONAL TERMS APPLY: Pursuant to Section 7 of the GNU Affero General Public License, additional terms are
+# applicable granting you additional permissions and placing additional restrictions on your usage of this software.
+# Please refer to the pretix LICENSE file to obtain the full terms applicable to this work. If you did not receive
+# this file, see <https://pretix.eu/about/en/license>.
+#
+# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more
+# details.
+#
+# You should have received a copy of the GNU Affero General Public License along with this program.  If not, see
+# <https://www.gnu.org/licenses/>.
+#
+import base64
+import logging
+from email.header import decode_header, make_header
+from email.utils import parseaddr
+
+from django.conf import settings
+from django.contrib import messages
+from django.core.exceptions import BadRequest
+from django.db import transaction
+from django.shortcuts import get_object_or_404, redirect
+from django.urls import reverse
+from django.utils.functional import cached_property
+from django.utils.translation import ngettext
+from django.views import View
+from django.views.generic import DetailView, ListView
+
+from pretix.base.middleware import _merge_csp, _parse_csp, _render_csp
+from pretix.base.models import OutgoingMail
+from pretix.base.services.mail import mail_send_task
+from pretix.control.forms.filter import OutgoingMailFilterForm
+from pretix.control.permissions import OrganizerPermissionRequiredMixin
+from pretix.control.views.organizer import OrganizerDetailViewMixin
+
+logger = logging.getLogger(__name__)
+
+
+class OutgoingMailQueryMixin:
+
+    @cached_property
+    def request_data(self):
+        if self.request.method == "POST":
+            d = self.request.POST
+        else:
+            d = self.request.GET
+        d = d.copy()
+        return d
+
+    @cached_property
+    def filter_form(self):
+        return OutgoingMailFilterForm(
+            data=self.request_data,
+            request=self.request,
+        )
+
+    def get_queryset(self):
+        qs = self.request.organizer.outgoing_mails.select_related(
+            'event', 'order', 'orderposition', 'customer'
+        )
+
+        if 'outgoingmail' in self.request_data and '__ALL' not in self.request_data:
+            qs = qs.filter(
+                id__in=self.request_data.getlist('outgoingmail')
+            )
+        elif self.request.method == 'GET' or '__ALL' in self.request_data:
+            if self.filter_form.is_valid():
+                qs = self.filter_form.filter_qs(qs)
+        else:
+            raise BadRequest("No mails selected")
+
+        return qs
+
+
+class OutgoingMailListView(OutgoingMailQueryMixin, OrganizerDetailViewMixin, OrganizerPermissionRequiredMixin, ListView):
+    model = OutgoingMail
+    template_name = 'pretixcontrol/organizers/outgoing_mails.html'
+    # Assume "the highest" permission level for now because emails could belog to any event, order, or customer.
+    # We plan to add a special permissoin in the future
+    permission = 'can_change_organizer_settings'
+    context_object_name = 'mails'
+    paginate_by = 100
+
+    def get_context_data(self, **kwargs):
+        ctx = super().get_context_data(**kwargs)
+        ctx['filter_form'] = self.filter_form
+        ctx['days'] = int(settings.OUTGOING_MAIL_RETENTION / (24 * 3600))
+        return ctx
+
+
+class OutgoingMailDetailView(OrganizerDetailViewMixin, OrganizerPermissionRequiredMixin, DetailView):
+    model = OutgoingMail
+    template_name = 'pretixcontrol/organizers/outgoing_mail.html'
+    permission = 'can_change_organizer_settings'
+    context_object_name = 'mail'
+
+    def get_object(self, queryset=None):
+        return get_object_or_404(OutgoingMail, organizer=self.request.organizer, pk=self.kwargs.get('mail'))
+
+    def dispatch(self, request, *args, **kwargs):
+        response = super().dispatch(request, *args, **kwargs)
+        if 'Content-Security-Policy' in response:
+            h = _parse_csp(response['Content-Security-Policy'])
+        else:
+            h = {}
+        csps = {
+            'frame-src': ['data:'],
+            # Unfortuantely, we can't avoid unsafe-inline for style here.
+            # See outgoingmail.js for the protection measures we take.
+            'style-src': ["'unsafe-inline'"],
+        }
+        _merge_csp(h, csps)
+        response['Content-Security-Policy'] = _render_csp(h)
+        return response
+
+    def get_context_data(self, **kwargs):
+        ctx = super().get_context_data(**kwargs)
+        if self.object.body_html:
+            ctx['data_url'] = "data:text/html;charset=utf-8;base64," + base64.b64encode(self.object.body_html.encode()).decode()
+
+        from_name, from_email = parseaddr(self.object.sender)
+        if from_name:
+            from_name = make_header(decode_header(from_name))
+        ctx['sender'] = "{} <{}>".format(from_name, from_email) if from_name else from_email
+
+        return ctx
+
+
+class OutgoingMailBulkAction(OutgoingMailQueryMixin, OrganizerPermissionRequiredMixin, OrganizerDetailViewMixin, View):
+    permission = 'can_change_organizer_settings'
+
+    @transaction.atomic
+    def post(self, request, *args, **kwargs):
+        if request.POST.get('action') == 'retry':
+            ids = set(
+                self.get_queryset().filter(status__in=OutgoingMail.STATUS_LIST_RETRYABLE).values_list("pk", flat=True)
+            )
+            with transaction.atomic():
+                OutgoingMail.objects.filter(pk__in=ids).update(
+                    status=OutgoingMail.STATUS_QUEUED,
+                    sent=None,
+                )
+                self.request.organizer.log_action(
+                    'pretix.organizer.outgoingmails.retried', user=self.request.user, data={
+                        'mails': list(ids)
+                    }, save=False
+                )
+            for i in ids:
+                mail_send_task.apply_async(kwargs={"outgoing_mail": i})
+
+            messages.success(request, ngettext(
+                "A retry of one email was scheduled.",
+                "A retry of {num} emails was scheduled.",
+                len(ids),
+            ).format(num=len(ids)))
+        elif request.POST.get('action') == 'abort':
+            ids = set(
+                self.get_queryset().filter(
+                    status__in=(OutgoingMail.STATUS_QUEUED, OutgoingMail.STATUS_AWAITING_RETRY)
+                ).values_list("pk", flat=True)
+            )
+            with transaction.atomic():
+                OutgoingMail.objects.filter(pk__in=ids).update(
+                    status=OutgoingMail.STATUS_ABORTED,
+                    sent=None,
+                )
+                self.request.organizer.log_action(
+                    'pretix.organizer.outgoingmails.aborted', user=self.request.user, data={
+                        'mails': list(ids)
+                    }, save=False
+                )
+            for i in ids:
+                mail_send_task.apply_async(kwargs={"outgoing_mail": i})
+
+            messages.success(request, ngettext(
+                "One email was aborted and will not be sent.",
+                "{num} emails were aborted and will not be sent.",
+                len(ids),
+            ).format(num=len(ids)))
+        return redirect(self.get_success_url())
+
+    def get_success_url(self) -> str:
+        return reverse('control:organizer.outgoingmails', kwargs={
+            'organizer': self.request.organizer.slug,
+        })

src/pretix/control/views/orders.py

@@ -98,9 +98,7 @@ from pretix.base.services.invoices import (
     invoice_qualified, regenerate_invoice, transmit_invoice,
 )
 from pretix.base.services.locking import LockTimeoutException
-from pretix.base.services.mail import (
-    SendMailException, prefix_subject, render_mail,
-)
+from pretix.base.services.mail import prefix_subject, render_mail
 from pretix.base.services.orders import (
     OrderChangeManager, OrderError, approve_order, cancel_order, deny_order,
     extend_order, mark_order_expired, mark_order_refunded,
@@ -1066,10 +1064,6 @@ class OrderPaymentConfirm(OrderView):
                 messages.error(self.request, str(e))
             except PaymentException as e:
                 messages.error(self.request, str(e))
-            except SendMailException:
-                messages.warning(self.request,
-                                 _('The payment has been marked as complete, but we were unable to send a '
-                                   'confirmation mail.'))
             else:
                 messages.success(self.request, _('The payment has been marked as complete.'))
         else:
@@ -1232,7 +1226,11 @@ class OrderRefundView(OrderView):
                     customer=order.customer,
                     testmode=order.testmode
                 )
-                giftcard.log_action('pretix.giftcards.created', user=self.request.user, data={})
+                giftcard.log_action(
+                    action='pretix.giftcards.created',
+                    user=self.request.user,
+                    data={}
+                )
                 refunds.append(OrderRefund(
                     order=order,
                     payment=None,
@@ -1540,9 +1538,6 @@ class OrderTransition(OrderView):
                     'message': str(e)
                 })
                 messages.error(self.request, str(e))
-            except SendMailException:
-                messages.warning(self.request, _('The order has been marked as paid, but we were unable to send a '
-                                                 'confirmation mail.'))
             else:
                 messages.success(self.request, _('The payment has been created successfully.'))
         elif self.order.cancel_allowed() and to == 'c':
@@ -1781,15 +1776,11 @@ class OrderResendLink(OrderView):
     permission = 'can_change_orders'
 
     def post(self, *args, **kwargs):
-        try:
-            if 'position' in kwargs:
-                p = get_object_or_404(self.order.positions, pk=kwargs['position'])
-                p.resend_link(user=self.request.user)
-            else:
-                self.order.resend_link(user=self.request.user)
-        except SendMailException:
-            messages.error(self.request, _('There was an error sending the mail. Please try again later.'))
-            return redirect(self.get_order_url())
+        if 'position' in kwargs:
+            p = get_object_or_404(self.order.positions, pk=kwargs['position'])
+            p.resend_link(user=self.request.user)
+        else:
+            self.order.resend_link(user=self.request.user)
 
         messages.success(self.request, _('The email has been queued to be sent.'))
         return redirect(self.get_order_url())
@@ -2433,24 +2424,18 @@ class OrderSendMail(EventPermissionRequiredMixin, OrderViewMixin, FormView):
             }
             return self.get(self.request, *self.args, **self.kwargs)
         else:
-            try:
-                order.send_mail(
-                    form.cleaned_data['subject'], email_template,
-                    email_context, 'pretix.event.order.email.custom_sent',
-                    self.request.user, auto_email=False,
-                    attach_tickets=form.cleaned_data.get('attach_tickets', False),
-                    invoices=form.cleaned_data.get('attach_invoices', []),
-                    attach_other_files=[a for a in [
-                        self.request.event.settings.get('mail_attachment_new_order', as_type=str, default='')[len('file://'):]
-                    ] if a] if form.cleaned_data.get('attach_new_order', False) else [],
-                )
-                messages.success(self.request,
-                                 _('Your message has been queued and will be sent to {}.'.format(order.email)))
-            except SendMailException:
-                messages.error(
-                    self.request,
-                    _('Failed to send mail to the following user: {}'.format(order.email))
-                )
+            order.send_mail(
+                form.cleaned_data['subject'], email_template,
+                email_context, 'pretix.event.order.email.custom_sent',
+                self.request.user, auto_email=False,
+                attach_tickets=form.cleaned_data.get('attach_tickets', False),
+                invoices=form.cleaned_data.get('attach_invoices', []),
+                attach_other_files=[a for a in [
+                    self.request.event.settings.get('mail_attachment_new_order', as_type=str, default='')[len('file://'):]
+                ] if a] if form.cleaned_data.get('attach_new_order', False) else [],
+            )
+            messages.success(self.request,
+                             _('Your message has been queued and will be sent to {}.'.format(order.email)))
             return super(OrderSendMail, self).form_valid(form)
 
     def get_success_url(self):
@@ -2503,23 +2488,19 @@ class OrderPositionSendMail(OrderSendMail):
             }
             return self.get(self.request, *self.args, **self.kwargs)
         else:
-            try:
-                position.send_mail(
-                    form.cleaned_data['subject'],
-                    email_template,
-                    email_context,
-                    'pretix.event.order.position.email.custom_sent',
-                    self.request.user,
-                    attach_tickets=form.cleaned_data.get('attach_tickets', False),
-                    attach_other_files=[a for a in [
-                        self.request.event.settings.get('mail_attachment_new_order', as_type=str, default='')[len('file://'):]
-                    ] if a] if form.cleaned_data.get('attach_new_order', False) else [],
-                )
-                messages.success(self.request,
-                                 _('Your message has been queued and will be sent to {}.'.format(position.attendee_email)))
-            except SendMailException:
-                messages.error(self.request,
-                               _('Failed to send mail to the following user: {}'.format(position.attendee_email)))
+            position.send_mail(
+                form.cleaned_data['subject'],
+                email_template,
+                email_context,
+                'pretix.event.order.position.email.custom_sent',
+                self.request.user,
+                attach_tickets=form.cleaned_data.get('attach_tickets', False),
+                attach_other_files=[a for a in [
+                    self.request.event.settings.get('mail_attachment_new_order', as_type=str, default='')[len('file://'):]
+                ] if a] if form.cleaned_data.get('attach_new_order', False) else [],
+            )
+            messages.success(self.request,
+                             _('Your message has been queued and will be sent to {}.'.format(position.attendee_email)))
             return super(OrderSendMail, self).form_valid(form)
 
 

src/pretix/control/views/organizer.py

@@ -103,7 +103,7 @@ from pretix.base.plugins import (
     PLUGIN_LEVEL_ORGANIZER,
 )
 from pretix.base.services.export import multiexport, scheduled_organizer_export
-from pretix.base.services.mail import SendMailException, mail, prefix_subject
+from pretix.base.services.mail import mail, prefix_subject
 from pretix.base.signals import register_multievent_data_exporters
 from pretix.base.templatetags.rich_text import markdown_compile_email
 from pretix.base.views.tasks import AsyncAction
@@ -1037,24 +1037,21 @@ class TeamMemberView(OrganizerDetailViewMixin, OrganizerPermissionRequiredMixin,
         return ctx
 
     def _send_invite(self, instance):
-        try:
-            mail(
-                instance.email,
-                _('pretix account invitation'),
-                'pretixcontrol/email/invitation.txt',
-                {
-                    'user': self,
-                    'organizer': self.request.organizer.name,
-                    'team': instance.team.name,
-                    'url': build_global_uri('control:auth.invite', kwargs={
-                        'token': instance.token
-                    })
-                },
-                event=None,
-                locale=self.request.LANGUAGE_CODE
-            )
-        except SendMailException:
-            pass  # Already logged
+        mail(
+            instance.email,
+            _('pretix account invitation'),
+            'pretixcontrol/email/invitation.txt',
+            {
+                'user': self,
+                'organizer': self.request.organizer.name,
+                'team': instance.team.name,
+                'url': build_global_uri('control:auth.invite', kwargs={
+                    'token': instance.token
+                })
+            },
+            event=None,
+            locale=self.request.LANGUAGE_CODE
+        )
 
     @transaction.atomic
     def post(self, request, *args, **kwargs):
@@ -1670,9 +1667,12 @@ class GiftCardAcceptanceInviteView(OrganizerDetailViewMixin, OrganizerPermission
             active=False,
         )
         self.request.organizer.log_action(
-            'pretix.giftcards.acceptance.acceptor.invited',
-            data={'acceptor': form.cleaned_data['acceptor'].slug,
-                  'reusable_media': form.cleaned_data['reusable_media']},
+            action='pretix.giftcards.acceptance.acceptor.invited',
+            data={
+                'acceptor': form.cleaned_data['acceptor'].slug,
+                'issuer': self.request.organizer.slug,
+                'reusable_media': form.cleaned_data['reusable_media']
+            },
             user=self.request.user
         )
         messages.success(self.request, _('The selected organizer has been invited.'))
@@ -1708,8 +1708,11 @@ class GiftCardAcceptanceListView(OrganizerDetailViewMixin, OrganizerPermissionRe
             ).delete()
             if done:
                 self.request.organizer.log_action(
-                    'pretix.giftcards.acceptance.acceptor.removed',
-                    data={'acceptor': request.POST.get("delete_acceptor")},
+                    action='pretix.giftcards.acceptance.acceptor.removed',
+                    data={
+                        'acceptor': request.POST.get("delete_acceptor"),
+                        'issuer': self.request.organizer.slug
+                    },
                     user=request.user
                 )
             messages.success(self.request, _('The selected connection has been removed.'))
@@ -1719,8 +1722,11 @@ class GiftCardAcceptanceListView(OrganizerDetailViewMixin, OrganizerPermissionRe
             ).delete()
             if done:
                 self.request.organizer.log_action(
-                    'pretix.giftcards.acceptance.issuer.removed',
-                    data={'issuer': request.POST.get("delete_acceptor")},
+                    action='pretix.giftcards.acceptance.issuer.removed',
+                    data={
+                        'issuer': request.POST.get("delete_acceptor"),
+                        'acceptor': self.request.organizer.slug
+                    },
                     user=request.user
                 )
             messages.success(self.request, _('The selected connection has been removed.'))
@@ -1730,8 +1736,11 @@ class GiftCardAcceptanceListView(OrganizerDetailViewMixin, OrganizerPermissionRe
             ).update(active=True)
             if done:
                 self.request.organizer.log_action(
-                    'pretix.giftcards.acceptance.issuer.accepted',
-                    data={'issuer': request.POST.get("accept_issuer")},
+                    action='pretix.giftcards.acceptance.issuer.accepted',
+                    data={
+                        'issuer': request.POST.get("accept_issuer"),
+                        'acceptor': self.request.organizer.slug
+                    },
                     user=request.user
                 )
             messages.success(self.request, _('The selected connection has been accepted.'))
@@ -1837,10 +1846,12 @@ class GiftCardDetailView(OrganizerDetailViewMixin, OrganizerPermissionRequiredMi
                         acceptor=request.organizer,
                     )
                     self.object.log_action(
-                        'pretix.giftcards.transaction.manual',
+                        action='pretix.giftcards.transaction.manual',
                         data={
                             'value': value,
-                            'text': request.POST.get('text')
+                            'text': request.POST.get('text'),
+                            'acceptor_id': self.request.organizer.id,
+                            'acceptor_slug': self.request.organizer.slug
                         },
                         user=self.request.user,
                     )
@@ -1889,15 +1900,24 @@ class GiftCardCreateView(OrganizerDetailViewMixin, OrganizerPermissionRequiredMi
         messages.success(self.request, _('The gift card has been created and can now be used.'))
         form.instance.issuer = self.request.organizer
         super().form_valid(form)
-        form.instance.transactions.create(
-            acceptor=self.request.organizer,
-            value=form.cleaned_data['value']
+        form.instance.log_action(
+            action='pretix.giftcards.created',
+            user=self.request.user,
         )
-        form.instance.log_action('pretix.giftcards.created', user=self.request.user, data={})
         if form.cleaned_data['value']:
-            form.instance.log_action('pretix.giftcards.transaction.manual', user=self.request.user, data={
-                'value': form.cleaned_data['value']
-            })
+            form.instance.transactions.create(
+                acceptor=self.request.organizer,
+                value=form.cleaned_data['value']
+            )
+            form.instance.log_action(
+                action='pretix.giftcards.transaction.manual',
+                user=self.request.user,
+                data={
+                    'value': form.cleaned_data['value'],
+                    'acceptor_id': self.request.organizer.id,
+                    'acceptor_slug': self.request.organizer.slug
+                }
+            )
         return redirect(reverse(
             'control:organizer.giftcard',
             kwargs={
@@ -1925,7 +1945,11 @@ class GiftCardUpdateView(OrganizerDetailViewMixin, OrganizerPermissionRequiredMi
     def form_valid(self, form):
         messages.success(self.request, _('The gift card has been changed.'))
         super().form_valid(form)
-        form.instance.log_action('pretix.giftcards.modified', user=self.request.user, data=dict(form.cleaned_data))
+        form.instance.log_action(
+            action='pretix.giftcards.modified',
+            user=self.request.user,
+            data=dict(form.cleaned_data)
+        )
         return redirect(reverse(
             'control:organizer.giftcard',
             kwargs={
@@ -3027,6 +3051,7 @@ class CustomerDetailView(OrganizerDetailViewMixin, OrganizerPermissionRequiredMi
                 locale=self.customer.locale,
                 customer=self.customer,
                 organizer=self.request.organizer,
+                sensitive=True,
             )
             messages.success(
                 self.request,

src/pretix/control/views/user.py

@@ -49,12 +49,14 @@ from django.db import transaction
 from django.shortcuts import get_object_or_404, redirect
 from django.urls import reverse
 from django.utils.crypto import get_random_string
+from django.utils.decorators import method_decorator
 from django.utils.functional import cached_property
 from django.utils.html import format_html
 from django.utils.http import url_has_allowed_host_and_scheme
 from django.utils.timezone import now
 from django.utils.translation import gettext_lazy as _
 from django.views import View
+from django.views.decorators.cache import never_cache
 from django.views.generic import FormView, ListView, TemplateView, UpdateView
 from django_otp.plugins.otp_static.models import StaticDevice
 from django_otp.plugins.otp_totp.models import TOTPDevice
@@ -85,8 +87,9 @@ logger = logging.getLogger(__name__)
 
 
 class RecentAuthenticationRequiredMixin:
-    max_time = 3600
+    max_time = 900
 
+    @method_decorator(never_cache)
     def dispatch(self, request, *args, **kwargs):
         tdelta = time.time() - request.session.get('pretix_auth_login_time', 0)
         if tdelta > self.max_time:
@@ -289,16 +292,13 @@ class User2FAMainView(RecentAuthenticationRequiredMixin, TemplateView):
         ctx = super().get_context_data()
 
         try:
-            ctx['static_tokens'] = StaticDevice.objects.get(user=self.request.user, name='emergency').token_set.all()
+            ctx['static_tokens_device'] = StaticDevice.objects.get(user=self.request.user, name='emergency')
         except StaticDevice.MultipleObjectsReturned:
-            ctx['static_tokens'] = StaticDevice.objects.filter(
+            ctx['static_tokens_device'] = StaticDevice.objects.filter(
                 user=self.request.user, name='emergency'
-            ).first().token_set.all()
+            ).first()
         except StaticDevice.DoesNotExist:
-            d = StaticDevice.objects.create(user=self.request.user, name='emergency')
-            for i in range(10):
-                d.token_set.create(token=get_random_string(length=12, allowed_chars='1234567890'))
-            ctx['static_tokens'] = d.token_set.all()
+            ctx['static_tokens_device'] = None
 
         ctx['devices'] = []
         for dt in REAL_DEVICE_TYPES:
@@ -630,8 +630,14 @@ class User2FARegenerateEmergencyView(RecentAuthenticationRequiredMixin, Template
         ])
         self.request.user.update_session_token()
         update_session_auth_hash(self.request, self.request.user)
-        messages.success(request, _('Your emergency codes have been newly generated. Remember to store them in a safe '
-                                    'place in case you lose access to your devices.'))
+        messages.success(
+            request,
+            _('Your emergency codes have been newly generated. Remember to store them in a safe '
+              'place in case you lose access to your devices. You will not be able to view them '
+              'again here.\n\nYour emergency codes:\n{tokens}').format(
+                tokens='- ' + '\n- '.join(t.token for t in d.token_set.all())
+            )
+        )
         return redirect(reverse('control:user.settings.2fa'))
 
 

src/pretix/control/views/users.py

@@ -41,7 +41,6 @@ from hijack import signals
 
 from pretix.base.auth import get_auth_backends
 from pretix.base.models import User
-from pretix.base.services.mail import SendMailException
 from pretix.control.forms.filter import UserFilterForm
 from pretix.control.forms.users import UserEditForm
 from pretix.control.permissions import AdministratorPermissionRequiredMixin
@@ -139,11 +138,7 @@ class UserResetView(AdministratorPermissionRequiredMixin, RecentAuthenticationRe
 
     def post(self, request, *args, **kwargs):
         self.object = get_object_or_404(User, pk=self.kwargs.get("id"))
-        try:
-            self.object.send_password_reset()
-        except SendMailException:
-            messages.error(request, _('There was an error sending the mail. Please try again later.'))
-            return redirect(self.get_success_url())
+        self.object.send_password_reset()
 
         self.object.log_action('pretix.control.auth.user.forgot_password.mail_sent',
                                user=request.user)

src/pretix/control/views/waitinglist.py

@@ -53,7 +53,7 @@ from pretix.base.models import Item, LogEntry, Quota, WaitingListEntry
 from pretix.base.models.waitinglist import WaitingListException
 from pretix.base.services.waitinglist import assign_automatically
 from pretix.base.views.tasks import AsyncAction
-from pretix.control.forms.waitinglist import WaitingListEntryTransferForm
+from pretix.control.forms.waitinglist import WaitingListEntryEditForm
 from pretix.control.permissions import EventPermissionRequiredMixin
 from pretix.control.views import PaginationMixin
 
@@ -138,6 +138,17 @@ class WaitingListQuerySetMixin:
         elif force_filtered and '__ALL' not in self.request_data:
             qs = qs.none()
 
+        if self.request_data.get("search", "") != "":
+            s = self.request_data.get("search", "")
+            search_q = Q(email__icontains=s)
+
+            if self.request.event.settings.waiting_list_names_asked:
+                search_q = search_q | Q(name_cached__icontains=s)
+            if self.request.event.settings.waiting_list_phones_asked:
+                search_q = search_q | Q(phone__icontains=s)
+
+            qs = qs.filter(search_q)
+
         return qs
 
 
@@ -238,7 +249,7 @@ class WaitingListView(EventPermissionRequiredMixin, WaitingListQuerySetMixin, Pa
     def get_context_data(self, **kwargs):
         ctx = super().get_context_data(**kwargs)
         ctx['items'] = Item.objects.filter(event=self.request.event)
-        ctx['filtered'] = ("status" in self.request.GET or "item" in self.request.GET)
+        ctx['filtered'] = any(param in self.request.GET for param in ("status", "item", "search"))
 
         itemvar_cache = {}
         quota_cache = {}
@@ -390,25 +401,20 @@ class EntryDelete(EventPermissionRequiredMixin, CompatDeleteView):
         })
 
 
-class EntryTransfer(EventPermissionRequiredMixin, UpdateView):
+class EntryEdit(EventPermissionRequiredMixin, UpdateView):
     model = WaitingListEntry
-    template_name = 'pretixcontrol/waitinglist/transfer.html'
+    template_name = 'pretixcontrol/waitinglist/edit.html'
     permission = 'can_change_orders'
-    form_class = WaitingListEntryTransferForm
+    form_class = WaitingListEntryEditForm
     context_object_name = 'entry'
 
-    def dispatch(self, request, *args, **kwargs):
-        if not self.request.event.has_subevents:
-            raise Http404(_("This is not an event series."))
-        return super().dispatch(request, *args, **kwargs)
-
     def get_object(self, queryset=None) -> WaitingListEntry:
         return get_object_or_404(WaitingListEntry, pk=self.kwargs['entry'], event=self.request.event, voucher__isnull=True)
 
     @transaction.atomic
     def form_valid(self, form):
-        messages.success(self.request, _('The waitinglist entry has been transferred.'))
         if form.has_changed():
+            messages.success(self.request, _('The waitinglist entry has been changed.'))
             self.object.log_action(
                 'pretix.event.orders.waitinglist.changed', user=self.request.user, data={
                     k: form.cleaned_data.get(k) for k in form.changed_data

src/pretix/helpers/countries.py

@@ -148,4 +148,7 @@ def pycountry_add(db, **kw):
             continue
         value = value.lower()
         index = db.indices.setdefault(key, {})
-        index.setdefault(value, set()).add(obj)
+        if key in ["country_code"]:
+            index.setdefault(value, set()).add(obj)
+        else:
+            index[value] = obj

src/pretix/helpers/database.py

@@ -25,7 +25,7 @@ from django.conf import settings
 from django.core.exceptions import FieldDoesNotExist, ImproperlyConfigured
 from django.db import connection, transaction
 from django.db.models import (
-    Aggregate, Expression, F, Field, Lookup, OrderBy, Value,
+    Aggregate, Expression, F, Field, JSONField, Lookup, OrderBy, Value,
 )
 from django.utils.functional import lazy
 
@@ -154,6 +154,19 @@ class NotEqual(Lookup):
         return '%s <> %s' % (lhs, rhs), params
 
 
+@JSONField.register_lookup
+class ContainsString(Lookup):
+    lookup_name = 'containsstring'
+
+    def as_sql(self, compiler, connection):
+        if connection.vendor != "postgresql":
+            raise NotImplementedError("Lookup in JSON Array not supported on this database")
+        lhs, lhs_params = self.process_lhs(compiler, connection)
+        rhs, rhs_params = self.process_rhs(compiler, connection)
+        params = lhs_params + rhs_params
+        return '%s ? %s' % (lhs, rhs), params
+
+
 class PostgresWindowFrame(Expression):
     template = "%(frame_type)s BETWEEN %(start)s AND %(end)s"
 

src/pretix/helpers/format.py

@@ -22,6 +22,7 @@
 import logging
 from string import Formatter
 
+from django.core.exceptions import SuspiciousOperation
 from django.utils.html import conditional_escape
 
 logger = logging.getLogger(__name__)
@@ -37,6 +38,17 @@ class PlainHtmlAlternativeString:
         return f"PlainHtmlAlternativeString('{self.plain}', '{self.html}')"
 
 
+class FormattedString(str):
+    """
+    A str subclass that has been specifically marked as "already formatted" for email rendering
+    purposes to avoid duplicate formatting.
+    """
+    __slots__ = ()
+
+    def __str__(self):
+        return self
+
+
 class SafeFormatter(Formatter):
     """
     Customized version of ``str.format`` that (a) behaves just like ``str.format_map`` and
@@ -77,8 +89,19 @@ class SafeFormatter(Formatter):
         # Ignore format_spec
         return super().format_field(self._prepare_value(value), '')
 
+    def convert_field(self, value, conversion):
+        # Ignore any conversions
+        if conversion is None:
+            return value
+        else:
+            return str(value)
 
-def format_map(template, context, raise_on_missing=False, mode=SafeFormatter.MODE_RICH_TO_PLAIN, linkifier=None):
+
+def format_map(template, context, raise_on_missing=False, mode=SafeFormatter.MODE_RICH_TO_PLAIN, linkifier=None) -> FormattedString:
+    if isinstance(template, FormattedString):
+        raise SuspiciousOperation("Calling format_map() on an already formatted string is likely unsafe.")
     if not isinstance(template, str):
         template = str(template)
-    return SafeFormatter(context, raise_on_missing, mode=mode, linkifier=linkifier).format(template)
+    return FormattedString(
+        SafeFormatter(context, raise_on_missing, mode=mode, linkifier=linkifier).format(template)
+    )

src/pretix/helpers/security.py

@@ -32,7 +32,7 @@ from django_countries.fields import Country
 from geoip2.errors import AddressNotFoundError
 
 from pretix.base.i18n import language
-from pretix.base.services.mail import SendMailException, mail
+from pretix.base.services.mail import mail
 from pretix.helpers.http import get_client_ip
 from pretix.helpers.urls import build_absolute_uri
 
@@ -159,21 +159,18 @@ def handle_login_source(user, request):
         })
         if user.known_login_sources.count() > 1:
             # Do not send on first login or first login after introduction of this feature:
-            try:
-                with language(user.locale):
-                    mail(
-                        user.email,
-                        _('Login from new source detected'),
-                        'pretixcontrol/email/login_notice.txt',
-                        {
-                            'source': src,
-                            'country': Country(str(country)).name if country else _('Unknown country'),
-                            'instance': settings.PRETIX_INSTANCE_NAME,
-                            'url': build_absolute_uri('control:user.settings')
-                        },
-                        event=None,
-                        user=user,
-                        locale=user.locale
-                    )
-            except SendMailException:
-                pass  # Not much we can do
+            with language(user.locale):
+                mail(
+                    user.email,
+                    _('Login from new source detected'),
+                    'pretixcontrol/email/login_notice.txt',
+                    {
+                        'source': src,
+                        'country': Country(str(country)).name if country else _('Unknown country'),
+                        'instance': settings.PRETIX_INSTANCE_NAME,
+                        'url': build_absolute_uri('control:user.settings')
+                    },
+                    event=None,
+                    user=user,
+                    locale=user.locale
+                )

src/pretix/locale/de/wordlist.txt

@@ -265,6 +265,7 @@ Objekt-IDs
 Offline-Scan
 OK
 Online-Banking
+Online-Banking-Nutzer
 Onlinebanking
 Onlinebanking-Zugangsdaten
 Open
@@ -539,6 +540,8 @@ WeChat-Zahlung
 Weiterleitungs-URIs
 Weiterleitungs-URL
 Weiterleitungs-URLs
+WERO
+WERO-App
 WhatsApp
 Widget
 Widget-Code

src/pretix/locale/de_Informal/wordlist.txt

@@ -265,6 +265,7 @@ Objekt-IDs
 Offline-Scan
 OK
 Online-Banking
+Online-Banking-Nutzer
 Onlinebanking
 Onlinebanking-Zugangsdaten
 Open
@@ -539,6 +540,8 @@ WeChat-Zahlung
 Weiterleitungs-URIs
 Weiterleitungs-URL
 Weiterleitungs-URLs
+WERO
+WERO-App
 WhatsApp
 Widget
 Widget-Code

src/pretix/locale/djangojs.pot

@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-01-26 13:20+0000\n"
+"POT-Creation-Date: 2026-02-24 11:50+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"

src/pretix/locale/es/LC_MESSAGES/djangojs.po

@@ -8,7 +8,7 @@ msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2026-01-26 09:10+0000\n"
-"PO-Revision-Date: 2026-01-14 00:00+0000\n"
+"PO-Revision-Date: 2026-01-27 14:51+0000\n"
 "Last-Translator: CVZ-es <damien.bremont@casadevelazquez.org>\n"
 "Language-Team: Spanish <https://translate.pretix.eu/projects/pretix/pretix-"
 "js/es/>\n"
@@ -17,7 +17,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=n != 1;\n"
-"X-Generator: Weblate 5.15.1\n"
+"X-Generator: Weblate 5.15.2\n"
 
 #: pretix/plugins/banktransfer/static/pretixplugins/banktransfer/ui.js:56
 #: pretix/plugins/banktransfer/static/pretixplugins/banktransfer/ui.js:62
@@ -162,12 +162,12 @@ msgstr "Órdenes pagadas"
 #: pretix/plugins/statistics/static/pretixplugins/statistics/statistics.js:27
 #: pretix/plugins/statistics/static/pretixplugins/statistics/statistics.js:39
 msgid "Attendees (ordered)"
-msgstr ""
+msgstr "Asistentes (por orden alfabético)"
 
 #: pretix/plugins/statistics/static/pretixplugins/statistics/statistics.js:27
 #: pretix/plugins/statistics/static/pretixplugins/statistics/statistics.js:39
 msgid "Attendees (paid)"
-msgstr ""
+msgstr "Asistentes (de pago)"
 
 #: pretix/plugins/statistics/static/pretixplugins/statistics/statistics.js:51
 msgid "Total revenue"

src/pretix/locale/fr/LC_MESSAGES/djangojs.po

@@ -7,7 +7,7 @@ msgstr ""
 "Project-Id-Version: French\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2026-01-26 09:10+0000\n"
-"PO-Revision-Date: 2025-10-22 16:00+0000\n"
+"PO-Revision-Date: 2026-01-27 14:51+0000\n"
 "Last-Translator: CVZ-es <damien.bremont@casadevelazquez.org>\n"
 "Language-Team: French <https://translate.pretix.eu/projects/pretix/pretix-js/"
 "fr/>\n"
@@ -16,7 +16,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=n > 1;\n"
-"X-Generator: Weblate 5.13.3\n"
+"X-Generator: Weblate 5.15.2\n"
 
 #: pretix/plugins/banktransfer/static/pretixplugins/banktransfer/ui.js:56
 #: pretix/plugins/banktransfer/static/pretixplugins/banktransfer/ui.js:62
@@ -161,12 +161,12 @@ msgstr "Commandes payées"
 #: pretix/plugins/statistics/static/pretixplugins/statistics/statistics.js:27
 #: pretix/plugins/statistics/static/pretixplugins/statistics/statistics.js:39
 msgid "Attendees (ordered)"
-msgstr ""
+msgstr "Participants (par ordre alphabétique)"
 
 #: pretix/plugins/statistics/static/pretixplugins/statistics/statistics.js:27
 #: pretix/plugins/statistics/static/pretixplugins/statistics/statistics.js:39
 msgid "Attendees (paid)"
-msgstr ""
+msgstr "Participants (payants)"
 
 #: pretix/plugins/statistics/static/pretixplugins/statistics/statistics.js:51
 msgid "Total revenue"