diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
deleted file mode 100644
index ccc75937408fdbeb5e724bb618e223bb390182a4..0000000000000000000000000000000000000000
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ /dev/null
@@ -1,11 +0,0 @@
-<!-- AlekSIS is developed on EduGit. GitHub only serves as
-     backup mirror and to help people find the project. If
-	 possible, please submit your merge request on EduGit!
-	 
-	 EduGit accepts logins with GitHub accounts.
--->
-
-[ ] I have read the above and have no way to contribute on EduGit
-[ ] I understand that GitHub's terms of service exclude young and 
-    learning contributors, but still cannot contribute on EduGit
-    instead.
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 5403abfa8a8a34f1aebf20419a5af4d6409e8401..116019ee190b6e294059cf14c3b15135bab57864 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -15,12 +15,14 @@ Added
 * Notification drawer in top nav bar
 * GraphQL queries and mutations for core data management
 * [Dev] Provide plain PDF template without header/footer for special layouts.
+* Show also group ownerships on person detail page
 
 Changed
 ~~~~~~~
 
 * Rewrite of frontend using Vuetify
 * [Dev] Provide function to generate PDF files from fully-rendered templates.
+* OIDC scope "profile" now exposes the avatar instead of the official photo
 
 Fixed
 ~~~~~
@@ -28,6 +30,7 @@ Fixed
 * The logo in the PDF files was displayed at the wrong position.
 * Sometimes the PDF files were not generated correctly
   and images were displayed only partially.
+* Error message in permission form was misleading.
 
 Removed
 ~~~~~~~
diff --git a/aleksis/core/apps.py b/aleksis/core/apps.py
index 08c965a02a7d6d0c4c53fb1bbcc5919ad35f7b7e..4e7229d81e00d4f5d9f4ecccce86a703bee6befa 100644
--- a/aleksis/core/apps.py
+++ b/aleksis/core/apps.py
@@ -188,9 +188,9 @@ class CoreConfig(AppConfig):
                 claims["profile"] = django_request.build_absolute_uri(
                     request.user.person.get_absolute_url()
                 )
-                if request.user.person.photo:
+                if request.user.person.avatar:
                     claims["picture"] = django_request.build_absolute_uri(
-                        request.user.person.photo.url
+                        request.user.person.avatar.url
                     )
             else:
                 claims["given_name"] = request.user.first_name
diff --git a/aleksis/core/forms.py b/aleksis/core/forms.py
index b3c3493e7d5ee0ee7f9b0fe7d01258a5459f26cf..05ebef2f4f3dd17124a4449ebe06b6622c1ad1be 100644
--- a/aleksis/core/forms.py
+++ b/aleksis/core/forms.py
@@ -496,7 +496,7 @@ class AssignPermissionForm(forms.Form):
 
         if not cleaned_data.get("objects") and not cleaned_data.get("all_objects"):
             raise ValidationError(
-                _("You must grant the permission to all objects and/" "or to some objects.")
+                _("You must grant the permission to all objects or to specific objects.")
             )
         return cleaned_data
 
diff --git a/aleksis/core/templates/core/person/full.html b/aleksis/core/templates/core/person/full.html
index 9a58951118e4bdafe3278cb7e4280e455fa99943..d295cab1705919b3f70d8d5f7ce32f068ac8e886 100644
--- a/aleksis/core/templates/core/person/full.html
+++ b/aleksis/core/templates/core/person/full.html
@@ -241,18 +241,36 @@
     {% endif %}
 
     {% has_perm 'core.view_person_groups_rule' user person as can_view_groups %}
-    {% if can_view_groups and groups %}
+    {% if can_view_groups %}
       <div class="col s12 m6 l4">
-        <h2>{% blocktrans %}Groups{% endblocktrans %}</h2>
-        <div class="card-panel">
-          <div class="collection">
-            {% for group in groups %}
-              <a href="{{ group.get_absolute_url }}" class="collection-item">
-                {{ group.name }} ({{ group.school_term }})
-              </a>
-            {% endfor %}
+        {% if groups.count  %}
+          <div>
+            <h2>{% blocktrans %}Groups{% endblocktrans %}</h2>
+            <div class="card-panel">
+              <div class="collection">
+                {% for group in groups %}
+                  <a href="{{ group.get_absolute_url }}" class="collection-item">
+                    {{ group.name }} ({{ group.school_term }})
+                  </a>
+                {% endfor %}
+              </div>
+            </div>
           </div>
-        </div>
+        {% endif %}
+        {% if person.owner_of_recursive.count %}
+          <div>
+            <h2>{% blocktrans %}Group ownership{% endblocktrans %}</h2>
+            <div class="card-panel">
+              <div class="collection">
+                {% for group in person.owner_of_recursive.all %}
+                  <a href="{{ group.get_absolute_url }}" class="collection-item">
+                    {{ group.name }} ({{ group.school_term }})
+                </a>
+                {% endfor %}
+              </div>
+            </div>
+          </div>
+        {% endif %}
       </div>
     {% endif %}
   </div>
diff --git a/pyproject.toml b/pyproject.toml
index 6e9c4f71e3e7d2e151be6ad8a1dc2a5b0167c301..b5349b77fb39aa4332e18660b86a63de540ade9e 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -60,7 +60,7 @@ django-any-js = "^1.1"
 django-menu-generator-ng = "^1.2.3"
 django-tables2 = "^2.1"
 django-phonenumber-field = {version = "^6.1", extras = ["phonenumbers"]}
-django-sass-processor = "1.0"
+django-sass-processor = "1.2.1"
 libsass = "^0.21.0"
 colour = "^0.1.5"
 dynaconf = {version = "^3.1", extras = ["yaml", "toml", "ini"]}
@@ -106,7 +106,7 @@ django-cachalot = "^2.3.2"
 django-prometheus = "^2.1.0"
 django-model-utils = "^4.0.0"
 bs4 = "^0.0.1"
-django-invitations = "^1.9.3"
+django-invitations = "^2.0.0"
 django-cleavejs = "^0.1.0"
 django-allauth = "^0.51.0"
 django-uwsgi-ng = "^1.1.0"
@@ -128,7 +128,7 @@ pycountry = "^22.0.0"
 django-ical = "^1.8.3"
 django-iconify = "^0.3"
 customidenticon = "^0.1.5"
-graphene-django = "^2.15.0"
+graphene-django = "^3.0.0"
 django-webpack-loader = "^1.6.0"
 selenium = "^4.4.3"