Tags: kyroskoh/CTFd
Tags
Mark 2.1.5 (CTFd#1126) 2.1.5 / 2019-10-2 ================= **General** * Fixes `flask run` debug server by not monkey patching in `wsgi.py` * Fix CSV exports in Python 3 by converting StringIO to BytesIO * Avoid exception on sessions without a valid user and force logout * Fix several issues in Vagrant provisioning **API** * Prevent users from nulling out profile values and breaking certain pages
Mark 2.1.4 (CTFd#1096) 2.1.4 / 2019-08-30 ================== **General** * Make user pages show the team's score and place information instead of the user's information if in team mode * Allow admins to search users by IP address * Require password for email address changes in the user profile * The place indicator in `Teams Mode` on the team pages and user pages now correctly excludes hidden teams * Fix scoreboard place ordinalization in Python 3 * Fix for a crash where imports will fail on SQLite due to lack of ALTER command support * Fix for an issue where files downloaded via S3 would have the folder name in the filename * Make `Users.get_place()` and `Teams.get_place()` for return None instead of 0 if the account has no rank/place * Properly redirect users or 403 if the endpoint requires a team but the user isn't in one * Show affiliation in user and team pages in the admin panel and public and private user and team pages **Themes** * Remove invalid `id='submit'` on submit buttons in various theme files * Set `tabindex` to 0 since we don't really care for forcing tab order * Rename `statistics.js` to `graphs.js` in the Admin Panel as it was identified that adblockers can sometimes block the file **API** * The team profile endpoint (`/api/v1/teams/me`) will now return 403 instead of 400 if the requesting user is not the captain * The Challenge API will now properly freeze the solve count to freeze time
Mark 2.1.2 (CTFd#994) 2.1.2 / 2019-05-13 ================== **General** * Fix freeze time regressions in 2.x * Make `/api/v1/[users,teams]/[me]/[solves,fails,awards]` endpoints load as admin so users can see their solves after freeze * Make `/api/v1/challenges/[id]/solves` only show solves before freeze time * Add the `?preview=true` GET parameter for admins to preview challenges solves as a user * Team join attempts are now ratelimited **Tests** * More linting and autoformatting rules * Format Javascript and CSS files with `prettier`: `prettier --write 'CTFd/themes/**/*'` * Format Python with `black`: `black CTFd` and `black tests` * `make lint` and thus Travis now include the above commands as lint checks * Travis now uses xenial instead of trusty.
Mark 2.1.1 (CTFd#982) 2.1.1 / 2019-05-04 ================== **General** * Allow admins to hit `/api/v1/challenges` and `/api/v1/challenges/[id]` without having a team to fix challenge previews * Fix rate-limiting of flag submission when using team mode * Fixes some modal close buttons not working in the admin panel * Fixes `populate.py` to assign captains to teams. **Models** * Added `Challenges.flags` relationship and moved the `Flags.challenge` relationship to a backref on Challenges * Added `ondelete='CASCADE'` to most ForeignKeys in models allowing for deletions to remove associated data * `Hints` should be deleted when their Challenge is deleted * `Tags` should be deleted when their Challenge is deleted * `Flags` should be deleted when their Challenge is deleted * `ChallengeFiles` should be deleted when their Challenge is deleted * Deletion of the file itself is not handled by the model/database * `Awards` should be deleted when their user or team is deleted * `Unlocks` should be deleted when their user or team is deleted * `Tracking` should be deleted when their user or team is deleted * `Teams.captain_id` should be set to NULL when the captain user is deleted **Exports** * Force `db.create_all()` to happen for imports on `sqlite` or on failure to create missing tables * Force `ctf_theme` to be set to `core` in imports in case a theme is missing from the import or the instance * Fix imports/exports to emit and accept JSON properly under MariaDB * MariaDB does not properly understand JSON so it must accept strings instead of dicts * MariaDB outputs strings instead of JSON for its JSON type so the export serializer will attempt to cast output JSON strings to JSON objects **Deployment** * Run as root when using docker-compose * This is necessary to be able to write to the volumes mounted from the host
Reduce default gunicorn worker count to reduce memory usage (CTFd#968) Drop the default worker count in `docker-entrypoint.sh` because the default memory usage was higher than it needed to be. If you need more workers you can still increase the values and set a `SECRET_KEY` as before.
Mark 2.0.6 (CTFd#946) 2.0.6 / 2019-04-08 ================== **Security** * Fixes an issue where user email addresses could be disclosed to non-admins **General** * Users/Teams set to hidden or banned are no longer visible by other users * This affects the API and the main user interface. This does not affect admins. * Users without Teams can no longer view challenges when the CTF is in Team Mode
PreviousNext