Mark 2.2.3 (#1222)

2.2.3 / 2020-01-21
==================

### This release includes a critical security fix for CTFd versions >= 2.0.0

All CTFd administrators are recommended to take the following steps:
1. Upgrade their installations to the latest version
2. Rotate the `SECRET_KEY` value
3. Reset the passwords for all administrator users

**Security**
* This release includes a fix for a vulnerability allowing an arbitrary user to take over other accounts given their username and a CTFd instance with emails enabled

**General**
* Users will receive an email notification when their passwords are reset
* Fixed an error when users provided incorrect team join information
bulk-clear-sessions 2.2.3
Kevin Chung 2020-01-21 00:06:03 -05:00 committed by GitHub
parent a2551db690
commit d59bfa3578
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 21 additions and 3 deletions

View File

@ -1,3 +1,21 @@
2.2.3 / 2020-01-21
==================
### This release includes a critical security fix for CTFd versions >= 2.0.0
All CTFd administrators are recommended to take the following steps:
1. Upgrade their installations to the latest version
2. Rotate the `SECRET_KEY` value
3. Reset the passwords for all administrator users
**Security**
* This release includes a fix for a vulnerability allowing an arbitrary user to take over other accounts given their username and a CTFd instance with emails enabled
**General**
* Users will receive an email notification when their passwords are reset
* Fixed an error when users provided incorrect team join information
2.2.2 / 2020-01-09 2.2.2 / 2020-01-09
================== ==================

View File

@ -30,7 +30,7 @@ if sys.version_info[0] < 3:
reload(sys) # noqa: F821 reload(sys) # noqa: F821
sys.setdefaultencoding("utf-8") sys.setdefaultencoding("utf-8")
__version__ = "2.2.2" __version__ = "2.2.3"
class CTFdRequest(Request): class CTFdRequest(Request):

View File

@ -26,7 +26,7 @@ author = u'Kevin Chung'
# The short X.Y version # The short X.Y version
version = u'' version = u''
# The full version, including alpha/beta/rc tags # The full version, including alpha/beta/rc tags
release = u'2.2.2' release = u'2.2.3'
# -- General configuration --------------------------------------------------- # -- General configuration ---------------------------------------------------

View File

@ -1,6 +1,6 @@
{ {
"name": "ctfd", "name": "ctfd",
"version": "2.2.2", "version": "2.2.3",
"description": "CTFd is a Capture The Flag framework focusing on ease of use and customizability. It comes with everything you need to run a CTF and it's easy to customize with plugins and themes.", "description": "CTFd is a Capture The Flag framework focusing on ease of use and customizability. It comes with everything you need to run a CTF and it's easy to customize with plugins and themes.",
"main": "index.js", "main": "index.js",
"directories": { "directories": {