Tags: rhoska/CTFd
Tags
Mark 2.3.3 (CTFd#1316) 2.3.3 / 2020-04-12 ================== **General** * Re-enable the Jinja LRU Cache for **significant speedups** when returning HTML content **API** * `POST /api/v1/unlocks` will no longer allow duplicate unlocks to happen **Admin Panel** * Makes `Account Visibility` subtext clearer by explaining the `Private` setting in Config Panel **Themes** * Fixes an issue with using a theme with a purely numeric name * Fixes issue where the scoreboard graph always said Teams regardless of mode **Miscellaneous** * Bump max log file size to 10 MB and fix log rotation * Docker image dependencies (apk & pip) are no longer cached reducing the image size slightly
2.3.0 (CTFd#1248) 2.3.0 / 2020-02-17 ================== **General** * During setup, admins can register their email address with the CTFd LLC newsletter for news and updates * Fix editting hints from the admin panel * Allow admins to insert HTML code directly into the header and footer (end of body tag) of pages. This replaces and supercedes the custom CSS feature. * The `views.custom_css` route has been removed. * Admins can now customize the content of outgoing emails and inject certain variables into email content. * The `manage.py` script can now manipulate the CTFd Configs table via the `get_config` and `set_config` commands. (e.g. `python manage.py get_config ctf_theme` and `python manage.py set_config ctf_theme core`) **Themes** * Themes should now reference the `theme_header` and `theme_footer` configs instead of the `views.custom_css` endpoint to allow for user customizations. See the `base.html` file of the core theme. **Plugins** * Make `ezq` functions available to `CTFd.js` under `CTFd.ui.ezq` **Miscellaneous** * Python imports sorted with `isort` and import order enforced * Black formatter running on a majority of Python code
Mark 2.2.3 (CTFd#1222) 2.2.3 / 2020-01-21 ================== ### This release includes a critical security fix for CTFd versions >= 2.0.0 All CTFd administrators are recommended to take the following steps: 1. Upgrade their installations to the latest version 2. Rotate the `SECRET_KEY` value 3. Reset the passwords for all administrator users **Security** * This release includes a fix for a vulnerability allowing an arbitrary user to take over other accounts given their username and a CTFd instance with emails enabled **General** * Users will receive an email notification when their passwords are reset * Fixed an error when users provided incorrect team join information
Mark 2.2.2 (CTFd#1212) 2.2.2 / 2020-01-09 ================== **General** * Add jQuery, Moment, nunjucks, and Howl to window globals to make it easier for plugins to access JS modules * Fix issue with timezone loading in config page which was preventing display of CTF times
2.2.0 (CTFd#1188) 2.2.0 / 2019-12-22 ================== ## Notice 2.2.0 focuses on updating the front end of CTFd to use more modern programming practices and changes some aspects of core CTFd design. If your current installation is using a custom theme or custom plugin with ***any*** kind of JavaScript, it is likely that you will need to upgrade that theme/plugin to be useable with v2.2.0. **General** * Team size limits can now be enforced from the configuration panel * Access tokens functionality for API usage * Admins can now choose how to deliver their notifications * Toast (new default) * Alert * Background * Sound On / Sound Off * There is now a notification counter showing how many unread notifications were received * Setup has been redesigned to have multiple steps * Added Description * Added Start time and End time, * Added MajorLeagueCyber integration * Added Theme and color selection * Fixes issue where updating dynamic challenges could change the value to an incorrect value * Properly use a less restrictive regex to validate email addresses * Bump Python dependencies to latest working versions * Admins can now give awards to team members from the team's admin panel page **API** * Team member removals (`DELETE /api/v1/teams/[team_id]/members`) from the admin panel will now delete the removed members's Submissions, Awards, Unlocks **Admin Panel** * Admins can now user a color input box to specify a theme color which is injected as part of the CSS configuration. Theme developers can use this CSS value to change colors and styles accordingly. * Challenge updates will now alert you if the challenge doesn't have a flag * Challenge entry now allows you to upload files and enter simple flags from the initial challenge creation page **Themes** * Significant JavaScript and CSS rewrite to use ES6, Webpack, yarn, and babel * Theme asset specially generated URLs * Static theme assets are now loaded with either .dev.extension or .min.extension depending on production or development (i.e. debug server) * Static theme assets are also given a `d` GET parameter that changes per server start. Used to bust browser caches. * Use `defer` for script tags to not block page rendering * Only show the MajorLeagueCyber button if configured in configuration * The admin panel now links to https://help.ctfd.io/ in the top right * Create an `ezToast()` function to use [Bootstrap's toasts](https://getbootstrap.com/docs/4.3/components/toasts/) * The user-facing navbar now features icons * Awards shown on a user's profile can now have award icons * The default MarkdownIt render created by CTFd will now open links in new tabs * Country flags can now be shown on the user pages **Deployment** * Switch `Dockerfile` from `python:2.7-alpine` to `python:3.7-alpine` * Add `SERVER_SENT_EVENTS` config value to control whether Notifications are enabled * Challenge ID is now recorded in the submission log **Plugins** * Add an endpoint parameter to `register_plugin_assets_directory()` and `register_plugin_asset()` to control what endpoint Flask uses for the added route **Miscellaneous** * `CTFd.utils.email.sendmail()` now allows the caller to specify subject as an argument * The subject allows for injecting custom variable via the new `CTFd.utils.formatters.safe_format()` function * Admin user information is now error checked during setup * Added yarn to the toolchain and the yarn dev, yarn build, yarn verify, and yarn clean scripts * Prevent old CTFd imports from being imported
Mark 2.1.5 (CTFd#1126) 2.1.5 / 2019-10-2 ================= **General** * Fixes `flask run` debug server by not monkey patching in `wsgi.py` * Fix CSV exports in Python 3 by converting StringIO to BytesIO * Avoid exception on sessions without a valid user and force logout * Fix several issues in Vagrant provisioning **API** * Prevent users from nulling out profile values and breaking certain pages
Mark 2.1.4 (CTFd#1096) 2.1.4 / 2019-08-30 ================== **General** * Make user pages show the team's score and place information instead of the user's information if in team mode * Allow admins to search users by IP address * Require password for email address changes in the user profile * The place indicator in `Teams Mode` on the team pages and user pages now correctly excludes hidden teams * Fix scoreboard place ordinalization in Python 3 * Fix for a crash where imports will fail on SQLite due to lack of ALTER command support * Fix for an issue where files downloaded via S3 would have the folder name in the filename * Make `Users.get_place()` and `Teams.get_place()` for return None instead of 0 if the account has no rank/place * Properly redirect users or 403 if the endpoint requires a team but the user isn't in one * Show affiliation in user and team pages in the admin panel and public and private user and team pages **Themes** * Remove invalid `id='submit'` on submit buttons in various theme files * Set `tabindex` to 0 since we don't really care for forcing tab order * Rename `statistics.js` to `graphs.js` in the Admin Panel as it was identified that adblockers can sometimes block the file **API** * The team profile endpoint (`/api/v1/teams/me`) will now return 403 instead of 400 if the requesting user is not the captain * The Challenge API will now properly freeze the solve count to freeze time
PreviousNext