pretix

Release 2023.7.0 of pretix

28. Juli 2023

Today, we are releasing pretix 2023.7.0. This release includes support for NFC gift cards with a higher security level, emails on failed payments and of course lots of smaller improvements all around. Big thanks go out to alemao8, Felipe, Freek Engelbarts, Hara Metaxa, Iria Costas, Kian Cross, Maciej Szymczak, Maurice Kaag, Moritz Lerch, Mossroy, Pascal Zimmermann, Ronan Le Meillat, Thomas Vranken, umarbgs, and Yucheng Lin who contributed to this release. ❤️

pretix 2023.7.0 is now available for installation via pip. The new Docker images will appear on Docker over the next few hours. All customers of pretix Hosted are already using the new version and do not need to take any action.

NFC gift cards with Mifare Ultralight AES

With pretix 4.19, we introduced the possibility to store gift cards on NFC chips with pretixPOS. NFC chips can come in any form, such as a plastic membership card, a single-use wristband at a festival or a multi-use wristband in a spa. Storing a gift card on them makes it easy for your participants to load money onto the gift card at a central point of sale (or even online) and then spend it at other points of sale throughout their stay.

Our first implementation used only the unique ID of the NFC chip to identify the chip. This is, sadly, the de-facto industry standard for many of these applications, but it's not really secure. An attacker can easily read the unique ID of a wristband in passing, and can then clone that unique ID onto their own chip and impersonate the owner -- and spend their money.

We don't believe this is good enough, so we have now implemented a more secure solution using a specific NFC chip that supports cryptographic operations we can use to ensure a chip cannot be easily cloned. We have decided to implement this based on the relatively recent MIFARE Ultralight AES chip by NXP, which features modern security features but is not as expensive as even more advanced chips like the MIFARE DESFire series.

For now, this is implemented in pretixPOS only, but we have also published a technical description in case someone wants to integrate this into their own software using our API.

To get started, all you need is to enable the reusable media type in your organizer settings and run pretixPOS on a device with NFC support. You can then open the new "Encode NFC chips" feature in the main menu and touch a chip to register it with the system.

We'll of course be happy to help you in finding a source for chips in various form factors with or withour your own branding and suitable to your specific use case.

Your device does not have NFC support or the antenna is in an inconvenient place? We have now also implemented support for using an external NFC reader via USB, such as the ACR1252U from ACS, which you can also purchase from us.

Email on payment failure

There are many conditions that can cause a payment to fail. For most payment methods, the payment can only be completed after the order is already placed within pretix. If the payment fails, pretix will allow the user to re-try paying the order with the same or a different payment method until the order expires. However, depending on the conditions of the failure, the user might not be aware of this option since they are no longer on our site (or do not read it).

Starting with version 2023.7, pretix will send an email notifying the user of the failed payment and asking them to try again, hopefully leading to less user confusion.

Order expiration delay

Every order in pretix has a payment deadline, sometimes also called expiration date. Once the expiration date is reached, depending on the organizer's settings, either nothing happens or the order is automatically marked as "expired". An expired order behaves similarly to a canceled order. It may still be reactivated if a payment succeeds, but the tickets are no longer blocked and go back into the available ticket pool.

We have now added an option to delay this actual expiration for a few days after the payment deadline that was communicated to the user. This is useful for example when you are importing bank payments manually and do not import data every day, or if you just want to give your customers a little extra wiggle room for late payments without making it completely unrestricted.

Smaller changes and bugfixes

Ticket shop and widget

  • Product pictures in the widget can now be clicked to view them larger, similar to the standalone shop.

  • The Stripe integration now supports SEPA direct debit as a payment method.

  • The system can now automatically check if a browser (theoretically) supports Google Pay or Apple Pay and then extend the description of payment methods (such as the Stripe credit card payment).

  • The internal name of a product is no longer exposed in the self-service interface for order changes.

Ticketing backend and configuration

  • Email automation rules can now filter their recipients by order status similar to one-off mass mailings.

  • If the list of add-ons is included on a ticket layout, multiple identical add-ons are now collapsed into one line, e.g. "2x children tickets".

  • In Markdown text, you can now use \. to prevent a domain name from being linked, e.g. if you want to write VB.NET but not want it to link to https://vb.net, you can write VB\.NET.

  • If the same user-uploaded image is used twice on the same badge layout, a rendering issue has been resolved.

  • Ticket layouts with negative coordinate positions of objects can now be imported correctly into the editor.

  • When configuring email senders, domains with an invalid SPF setup are now blocked from being configured instead of just showing a warning.

  • Exporting large number of badges now works more reliably and no longer causes a memory exhaustion on the server.

  • A bug was fixed that, under very specific conditions, caused the entire waiting list to be deleted instead of only selected entries.

  • A regression in the order import feature that was introduced in 2023.6.0 has been fixed.

  • A UI bug was fixed in the waiting list view in regard to products with unlimited quota.

  • A unicode handling issue during PDF rendering has been fixed.

Updates to official plugins and tools

  • The Mollie plugin has been released in version 1.6.1 to fix multiple bugs regarding error handling.

  • The Newsletter plugin has been released in version 1.4.0 to support metadata-based tags for mailchimp, transferring names to Sendinblue and fix minor issues.

  • The pretixPOS backend plugin has been released in version 3.13.0 to prepare for upcoming app features and fix an export issue.

  • The Seating plugin has been released in version 2.1.6 to fix two minor bugs.

  • The Tracking codes plugin has been released in version 2.8.1 to fix an issue in our Matomo support.

Runtime and server environment

  • The connection to PostgreSQL and redis can now be configured to use TLS, including support for client certificates.

  • This will be one of our last releases to support PostgreSQL 11. Soon, we will require PostgreSQL 12+.

Plugin API changes

  • We will upgrade to Django 4.2 with one of the next pretix releases. We don't expect this to be as disruptive as the last Django upgrade, but we ask you to carefully review the release notes already and prepare for backwards-incompatible changes.

  • Forms returned by receivers of the item_forms signal can now have a title and template attribute, similar to the existing attributes for formsets.

  • New signals customer_created and customer_signed_in have been added.

  • Payment providers can opt-in to the new Google Pay / Apple Pay detection.

REST API changes

  • A validation issue has been fixed that prevented creation of email automation rules with specific values.

  • The search query parameter for order positions now also searches the company name of the invoice address to improve consistency with other search fields.

  • Device authentication has been extended with additional fields such as os_name, os_version, and rsa_pubkey. If rsa_pubkey is set, the response will include media_key_sets (read more).

Raphael Michel

Raphael ist der Gründer und Haupt-Entwickler von pretix. Er begeistert sich für benutzerfreundliche, elegante Software und wenn er nicht zu beschäftigt mit pretix ist, organisiert er gerne selbst Konferenzen mit.

Mehr Blog-Posts lesen

Noch Fragen?
+49 6221 32177-50 Mo-Fr 09:00-17:00 Uhr