2.1.3 / 2019-06-22
==================
**General**
* Fix issue with downloading files after CTF end when `view_after_ctf` is enabled
* Sort solves in admin challenge view by date
* Link to appropriate user and challenge in team, user, and challenge pages
* Redirect to `/team` instead of `/challenges` after a user registers in team mode
* Fixes bug where pages marked as `hidden` weren't loading
* Remove `data-href` from `pages.html` in the Admin Panel to fix the delete button
* Add UI to handle team member removal in Admin Panel
* Fixes account links on the scoreboard page created by `update()`. They now correctly point to the user instead of undefined when in user mode.
* `utils._get_config` will now return `KeyError` instead of `None` to avoid cache misses
**Deployment**
* Use `/dev/shm` for `--worker-tmp-dir` in gunicorn in Docker
* Cache `get_place` code for users and teams.
* Install `Flask-DebugToolbar` in development
* Cache the `/scoreboard` page to avoid having to rebuild the response so often
* Make unprivileged `ctfd` user usable for mysql connection in docker-compose by having the db image create the database instead of CTFd
* Fix bug causing apache2 + mod_wsgi deployments to break
**API**
* Change `/api/v1/teams/[team_id]/members` from taking `id` to `user_id`.
* Endpoint was unused so the API change is considered non-breaking.
* Add `account_type` and `account_url` field in `/api/v1/scoreboard`
* Separate `/api/v1/[users,teams]/[me,id]/[solves,fails,awards]` into seperate API endpoints
* Clear standings cache after award creation/deletion
**Exports**
* Temporarily disable foreign keys in MySQL, MariaDB, and Postgres during `import_ctf()`
* Add `cache_timeout` parameter to `send_file`response in `/admin/export` to prevent the browser from caching the export
**Tests**
* Fix score changing test helpers to clear standings cache when generating a score changing row
2.1.2 / 2019-05-13
==================
**General**
* Fix freeze time regressions in 2.x
* Make `/api/v1/[users,teams]/[me]/[solves,fails,awards]` endpoints load as admin so users can see their solves after freeze
* Make `/api/v1/challenges/[id]/solves` only show solves before freeze time
* Add the `?preview=true` GET parameter for admins to preview challenges solves as a user
* Team join attempts are now ratelimited
**Tests**
* More linting and autoformatting rules
* Format Javascript and CSS files with `prettier`: `prettier --write 'CTFd/themes/**/*'`
* Format Python with `black`: `black CTFd` and `black tests`
* `make lint` and thus Travis now include the above commands as lint checks
* Travis now uses xenial instead of trusty.
2.1.1 / 2019-05-04
==================
**General**
* Allow admins to hit `/api/v1/challenges` and `/api/v1/challenges/[id]` without having a team to fix challenge previews
* Fix rate-limiting of flag submission when using team mode
* Fixes some modal close buttons not working in the admin panel
* Fixes `populate.py` to assign captains to teams.
**Models**
* Added `Challenges.flags` relationship and moved the `Flags.challenge` relationship to a backref on Challenges
* Added `ondelete='CASCADE'` to most ForeignKeys in models allowing for deletions to remove associated data
* `Hints` should be deleted when their Challenge is deleted
* `Tags` should be deleted when their Challenge is deleted
* `Flags` should be deleted when their Challenge is deleted
* `ChallengeFiles` should be deleted when their Challenge is deleted
* Deletion of the file itself is not handled by the model/database
* `Awards` should be deleted when their user or team is deleted
* `Unlocks` should be deleted when their user or team is deleted
* `Tracking` should be deleted when their user or team is deleted
* `Teams.captain_id` should be set to NULL when the captain user is deleted
**Exports**
* Force `db.create_all()` to happen for imports on `sqlite` or on failure to create missing tables
* Force `ctf_theme` to be set to `core` in imports in case a theme is missing from the import or the instance
* Fix imports/exports to emit and accept JSON properly under MariaDB
* MariaDB does not properly understand JSON so it must accept strings instead of dicts
* MariaDB outputs strings instead of JSON for its JSON type so the export serializer will attempt to cast output JSON strings to JSON objects
**Deployment**
* Run as root when using docker-compose
* This is necessary to be able to write to the volumes mounted from the host
Drop the default worker count in `docker-entrypoint.sh` because the default memory usage was higher than it needed to be. If you need more workers you can still increase the values and set a `SECRET_KEY` as before.
2.0.6 / 2019-04-08
==================
**Security**
* Fixes an issue where user email addresses could be disclosed to non-admins
**General**
* Users/Teams set to hidden or banned are no longer visible by other users
* This affects the API and the main user interface. This does not affect admins.
* Users without Teams can no longer view challenges when the CTF is in Team Mode
* Update CHANGELOG
* Update README
* Upgrade migration script to port visibility settings
* Add message about visibility settings and port over visibility settings
* Close#758
* Add tests for dynamic value challenges
* Mark 1.2.0.
* Update CHANGELOG.
* Add `window.challenge.data` object.
* Don't raise a 500 when an endpoint can't be found but was POST'ed too. Mostly from scanners...
* Add test for not found endpoints.
* Fixing issue with clearing logo on config update.
* Truncate scoreboard team name to 50 characters.
* Bootstrap v4 (#490)
* Upgrading original theme to use Bootstrap v4 and overall improve use of utility classes
* Fixing graph issues. Colors per team & cleaner hover
* The solves tab now shows relative time instead of absolute time
* Redesign admin theme
* Updating modals and changing form name from desc to description
* Moving CSS config from Pages to Config page
* Adding IP address count to statistics
* Move control of certain modals (files, flags, tags, hints) to challenges page
* Expanding size of config page
* Combining statistics and graphs pages
* Moving percentage solved to the statistics page instead of the admin challenges page
* Rename Keys.key_type to Keys.type (#459) (#478)
* Rename keys.key_type to keys.type (#459)
* Fixing previous migration to not be worried about key_type v type
* Fixing loading of challenge type plugins
* Switching from Handlebars to Nunjucks (#491)
* Switching from Handlebars to Nunjucks
* Allow admins to unlock hints before CTF begins and test that this is not allowed for regular users
* Authed only (#492)
* Adding authed_only decorator and adding next to url_for
* Adding a basic preview to hints (#494)
* Hints have a preview now for creating and updating hints. HTML and markdown are still allowed.
* Ezq (#495)
* Adding ezq as a simple wrapper around bootstrap modals
* Use tabs not spaces and remove gray background on inputs
* Adding title & draft to Pages. Making page preview open a new tab (#497)
* Adding title & draft to Pages.
* Making page preview open a new tab instead of render in the existing tab
* Draft pages cannot be seen without a preview
* Update check (#499)
* Add update_check function
* Notify user that a CTFd update is available in the admin panel
* Adding update_check tests
* Ratelimit (#500)
* Implementing a ratelimit function
* Fix error page formatting
* Add rate limiting tests
* Rate limit authentication functions and rate limit admin send email function
* Load user solves before we load challenges to avoid unstyled buttons (#502)
* Add a challenge preview (#503)
* Adding a challenge preview to the admin panel
* Change /admin/chals/<int:chalid> to /admin/chal/<int:chalid>
* Adding codecov (#504)
* Test coverage at https://codecov.io/gh/CTFd/CTFd
* Sendmail improvements (#505)
* Add get_smtp timeout, add sendmail error messages
* Adding more error handling to sendmail
* Adding Flask-Script (#507)
* Pause ctf (#508)
* Implement CTF pausing
* Test CTF pausing
* Fix loading challenges for users (#510)
* Fix loading challenges for users
* Temporarily switch themes in test
* Pause help text (#509)
* Adding pause help text
* Pages authed (#511)
* Adding authentication options to pages
* Adding tests for accessing pages while draft & auth_required
* Merging master into 1.1 (#513)
* Name the core theme and remove the original theme
* Use <int:xxx> in routes to prevent some errors 500 (#192)
* Use first_or_404() to prevent some errors 500 (#193)
* Add a populating script for awards. (#191)
* Creating upload_file util
* Marking 1.0.0 in __init__ and starting database migrations
* Upgrading some more HTML
* Adding CHANGELOG.md
Kevin Chung
Kevin Chung