revel-backend releases

Fixed schema validation by restricting currency to the supported list.

Security fix: upgraded Django to version 5.2.14.

Minor fixes and improvements.

## What's Changed * fix(blacklist): reset stale BANNED membership on unban

Discord notifications now send admin alerts and org creation pings.

The codebase now includes extracted is_owner_or_staff and has_org_permission helpers, and the events module supports invoicing attendees on behalf of organizers, improving modularity and adding financial flows for event management.

Billing platform fees are now calculated VAT-exclusive and orgs can use UNLISTED visibility, improving pricing clarity and permission control.

Fixed inefficient image handling in PDF and pkpass creation by switching to optimized assets, lowering CPU usage and speeding up file output for ticket processing.

Introduced invitation-based tier visibility and purchase restrictions for tickets, plus a flag to control public pronoun distribution in events, giving admins finer access and display control.

Fixed a bug where follower notifications were incorrectly sent for private events, preventing unwanted alerts and preserving event privacy.

Added referral codes to user profiles, introduced Stripe-based payouts with automatic statements, extended admin panels for discounts and referral management, and improved JWT cleanup and profile data extraction.

Billing address and email validation now returns 422 instead of 500, events enforce check-in times, questionnaires support immediate retakes and multiple correct answers, and expired or used tokens return 410.

Added ReferralCode and Referral models with migrations and admin support, and introduced a billing_name field for legal entity invoicing to improve invoice accuracy and referral tracking.

Questionnaire creation now enforces a maximum number of attempts via a new max_attempts field, and the update schema was refactored for consistency.

The location_maps_url field limit was raised to 2048 characters to prevent validation failures caused by overly long URLs.

Added VAT support for ticket sales and platform fees, introduced a questionnaire evaluation flag with longer answer limits, made ticket tier optional for event tokens, and fixed invitation messages and notifications to improve billing compliance and event handling.

Cancelled tickets are ignored in eligibility checks, ensuring active tickets are evaluated correctly.

Fixed XLSX export bug, updated documentation, and adjusted event slug generation to include dates for unique identifiers.

Added Excel (XLSX) export support and fixed several unrelated bugs, improving data export capabilities for reporting applications.

Events endpoint now supports filtering by the requires_ticket flag, allowing callers to retrieve only events that need a ticket and simplifying access control logic.

Discount codes were added to event handling and feature flags for LLM evaluation and SSO were introduced.

Security improvements tightened staff management and guest checkout flow, lowering potential vulnerabilities.

Security vulnerabilities were patched and minor code cleanup performed, raising the overall robustness of the backend.

Fixed a logging issue that could cause missing log entries in production

Security scanning now runs in CI and logging was refactored to improve reliability and maintainability.

Guest users now receive a password‑reset email instead of an automatic account activation, preventing unauthorized access and ensuring proper verification.

Added a platform-wide banning mechanism and integrated codecov.io for coverage reporting, enhancing abuse mitigation and CI transparency.

The release adds stronger XSS protection by tightening input validation and response encoding, reducing the risk of script injection in web applications.

Fixes error reporting for failed notification tasks, hardens HTML escaping to prevent injection, and updates transitive dependencies, enhancing reliability for services that send emails or webhooks.

Fixed handling of newline characters in Telegram notifications, ensuring messages are parsed correctly and delivered without corruption.

Introduced a system-wide announcement capability through the admin UI and applied minor stability improvements, enhancing visibility for operators and reducing runtime errors.

Documentation was updated to reflect new ADR and project management pages, and test reliability was improved by pinning user names and eliminating iterator usage in cleanup logic, reducing flaky behavior.

Narrowed exception handling, removed dead code, and fixed a guest user JWT leak to close a security hole and improve reliability.

Added caching to CI, tightened CORS security and removed a hardcoded Redis port, eliminated duplicate notification deliveries, and refactored user event status logic for clearer code.

Documentation now builds with rsync, docs were refactored, and Telegram bot testing was added; the OpenAI SDK was replaced by Instructor for vendor-agnostic LLM access and ticket PDF files are cached, streamlining deployment and feature delivery.

Enabled email for follower notifications and added ticket tier ordering logic to the backend.

Added support for price_paid override in pwyc and removed the unused TicketService.

Improved the Apple Wallet pass layout within the pass component to ensure correct visual presentation.

Added an expiry date field to Apple Pass objects to support expiration tracking for digital wallet'ss credentials.

{"summary": "Fixed an issue where the pass module was displaying incorrect address, price, and date information.", "summary_correctness_@biagiodistefano: true, summary_correctness_@biagiodistefano: true, summary_correctness_@biagiodistefano: true, summary_correctness_@biagiodistefpass, summary_correctness_@biagiodistefano: true, summary_correctness_@biagiodistefano: true, summary_correctness_@biagiodistefano: true, summary_correctness_@biagiodistefano: true, summary_correctness_@biagiodistefano:

Added a summary endpoint for questionnaires with aggregate statistics, introduced per-event scoping for questionnaires, and implemented tier ordering for tickets.

Added a safe reboot check to prevent potential issues during system reboots.

Added a maintenance banner to the /version endpoint and admin dashboard to provide visibility into system status and maintenance windows.

Automatically add Telegram delivery channels to notifications.

Updated the potluck queryset to use include_past=True to ensure correct data retrieval in potluck lists.

Truncates Telegram messages longer than 4096 characters to prevent delivery or processing error.

Fixed an issue where at_the_door payments were incorrectly treated as RSVPs and implemented proper escaping for Telegram notification titles to prevent formatting issues.

Updated dependencies and removed unused packages.

## What's Changed * feat(admin): add event, member count and stripe status to org list view

Fixed the local ClamAV image, consolidated celery tasks, and added an atomic create&claim potluck endpoint.

Improved user data export functionality by implementing ProtectedFile and a cleanup task to enhance the reliability of the reliability of the export process.

Added __str__ methods to models and fixed a bug in notifications that preserved pre-formatted datetime fields in template context.

Added video/webm to the supported audio MIME types.

Fixed questionnaire submission logic and applied minor fixes to the admin panel.

Refactored task management logic to improve code maintenance and address minor issues.

{ "summary": "Added an organization announcements feature to allow for communication within organizations within the backend service.", "summary_short": "Added organization announcements feature.", "severity": "feature", "who_should_care": "Users and administrators managing organizations within the backend service.", "topics": ["organization-announcements", "feature-addition"], "summary_short_alt": "Added organization announcements feature.", "summary_backend_______________________

Fixed N+1 queries and refactored benchmarks. Resolved an issue where RSVP notifications would self-exclude.

Added performance tests for bootstrapping, bootstrap bootstrap performance tests. Fixed N+1 queries in EligibilityService prefetch to improve performance.

Optimized the my status query, updated the seeder, and addressed notification performance issues including N+1 query fixes.

Added an unconfirm endpoint and performed minor linting refactor.

Fixed a race condition in Fix/202 checkout ticket count and refactored/improved user status ticket count. Added price paid to tickets to track offline payments. Refactored capacity check logic.

Added a pronoun distribution endpoint, profile pic thumbnails, and pronoun stats to the admin panel. Refact/split the public event controller and added version information to the admin panel.

Fixed an issue where user data could be mismatch with mismatchinging the database state by implementing a user refresh from the database. Implementer: Implementer: Implementer: Implementer: Implementthought: I need to re-read the prompt instructions. The prompt says:

Fixed a bug where the file field was not being refreshed from the database.

Fixed the questionnaire submission response.

Fixed a crash in libmagic during processing.

Added support for following organizations and series, file upload questions, signing urls, bio and profile pic, thumbnails and previews generation, and a requires full profile gate. Fixed a deletion error for derivative images and performed minor refactors.

Introduced post event feedback questionnaires and an impersonation service.

Resolved a bug where depends_on_option_id was incorrectly handled during question and section creation.

Improved email notification quality and address visibility within the system.

{"summary": "Refactored hygiene and Mailpit logic.", "summary_abstract_short: ": " , "

Updated dependencies to improve the backend service stability and security.

Split the event model file, event_admin and organization_admin controllers, test_event_admin_controller, test files, and bootstrap file to improve code structure and maintainabilityability.

{ "summary": "Refactored the codebase to split event_service.py, stripe service, and schema into separate components to improve modularity and maintainabilityability.", "summary_short": "Split event_service.py, stripe service, and schema into separate components", "summary_short_alt": "Refactored event_service.py, stripe service, and schema into separate modules", "summary_personally-imployed-in-revel-backend-dev-team": "none", "severity": "maintenance", "who_should_care": "Develo

Restricted automatic evaluation of AUTO or HYBRID questionnaires and implemented transaction.on_commit() for questionnaire notification signals to ensure consistency between database updates and signal firing.

Added an organization blacklist system with fuzzy name matching to the events module. This allows for more granular control over event visibility and management within theenues.

Added a member endpoint, membership info to RSVP and Ticket Schemas, and location maps fields; implemented custom address visibility messages and optimized address visibility.

Implemented a fallback mechanism where event.start is used as event.apply_by when the latter is an empty or null value.

Added an apply_before deadline for invitation requests and questionnaires to control timing of submissions.

Improved questionnaire notifications and implemented permission-based filtering for notifications.

Routine maintenance release for revel-backend.

Added conditional questions and sections in questionnaires, and introduced a new WAIT_FOR_INVITATION_APPROVAL step for pending invitation requests.

Manually triggers tasks after ticket batch creation to ensure task execution following batch updates.

Added manual payment instructions to the tier create/edit schema to ensure completeness and accuracy in tier configuration during setup.

Enabled max submission age for questionnaires and updated the default evaluator to SANITIZING. Fixed an ownership check in the controller.

Added markdown support to questionnaires and included several fixes.