2.1.2 / 2019-05-13
==================
**General**
* Fix freeze time regressions in 2.x
* Make `/api/v1/[users,teams]/[me]/[solves,fails,awards]` endpoints load as admin so users can see their solves after freeze
* Make `/api/v1/challenges/[id]/solves` only show solves before freeze time
* Add the `?preview=true` GET parameter for admins to preview challenges solves as a user
* Team join attempts are now ratelimited
**Tests**
* More linting and autoformatting rules
* Format Javascript and CSS files with `prettier`: `prettier --write 'CTFd/themes/**/*'`
* Format Python with `black`: `black CTFd` and `black tests`
* `make lint` and thus Travis now include the above commands as lint checks
* Travis now uses xenial instead of trusty.
2.1.1 / 2019-05-04
==================
**General**
* Allow admins to hit `/api/v1/challenges` and `/api/v1/challenges/[id]` without having a team to fix challenge previews
* Fix rate-limiting of flag submission when using team mode
* Fixes some modal close buttons not working in the admin panel
* Fixes `populate.py` to assign captains to teams.
**Models**
* Added `Challenges.flags` relationship and moved the `Flags.challenge` relationship to a backref on Challenges
* Added `ondelete='CASCADE'` to most ForeignKeys in models allowing for deletions to remove associated data
* `Hints` should be deleted when their Challenge is deleted
* `Tags` should be deleted when their Challenge is deleted
* `Flags` should be deleted when their Challenge is deleted
* `ChallengeFiles` should be deleted when their Challenge is deleted
* Deletion of the file itself is not handled by the model/database
* `Awards` should be deleted when their user or team is deleted
* `Unlocks` should be deleted when their user or team is deleted
* `Tracking` should be deleted when their user or team is deleted
* `Teams.captain_id` should be set to NULL when the captain user is deleted
**Exports**
* Force `db.create_all()` to happen for imports on `sqlite` or on failure to create missing tables
* Force `ctf_theme` to be set to `core` in imports in case a theme is missing from the import or the instance
* Fix imports/exports to emit and accept JSON properly under MariaDB
* MariaDB does not properly understand JSON so it must accept strings instead of dicts
* MariaDB outputs strings instead of JSON for its JSON type so the export serializer will attempt to cast output JSON strings to JSON objects
**Deployment**
* Run as root when using docker-compose
* This is necessary to be able to write to the volumes mounted from the host
Drop the default worker count in `docker-entrypoint.sh` because the default memory usage was higher than it needed to be. If you need more workers you can still increase the values and set a `SECRET_KEY` as before.
2.0.6 / 2019-04-08
==================
**Security**
* Fixes an issue where user email addresses could be disclosed to non-admins
**General**
* Users/Teams set to hidden or banned are no longer visible by other users
* This affects the API and the main user interface. This does not affect admins.
* Users without Teams can no longer view challenges when the CTF is in Team Mode
* Update CHANGELOG
* Update README
* Upgrade migration script to port visibility settings
* Add message about visibility settings and port over visibility settings
* Close#758
* Add tests for dynamic value challenges
* Mark 1.2.0.
* Update CHANGELOG.
* Add `window.challenge.data` object.
* Don't raise a 500 when an endpoint can't be found but was POST'ed too. Mostly from scanners...
* Add test for not found endpoints.
* Fixing issue with clearing logo on config update.
* Truncate scoreboard team name to 50 characters.
* Bootstrap v4 (#490)
* Upgrading original theme to use Bootstrap v4 and overall improve use of utility classes
* Fixing graph issues. Colors per team & cleaner hover
* The solves tab now shows relative time instead of absolute time
* Redesign admin theme
* Updating modals and changing form name from desc to description
* Moving CSS config from Pages to Config page
* Adding IP address count to statistics
* Move control of certain modals (files, flags, tags, hints) to challenges page
* Expanding size of config page
* Combining statistics and graphs pages
* Moving percentage solved to the statistics page instead of the admin challenges page
* Rename Keys.key_type to Keys.type (#459) (#478)
* Rename keys.key_type to keys.type (#459)
* Fixing previous migration to not be worried about key_type v type
* Fixing loading of challenge type plugins
* Switching from Handlebars to Nunjucks (#491)
* Switching from Handlebars to Nunjucks
* Allow admins to unlock hints before CTF begins and test that this is not allowed for regular users
* Authed only (#492)
* Adding authed_only decorator and adding next to url_for
* Adding a basic preview to hints (#494)
* Hints have a preview now for creating and updating hints. HTML and markdown are still allowed.
* Ezq (#495)
* Adding ezq as a simple wrapper around bootstrap modals
* Use tabs not spaces and remove gray background on inputs
* Adding title & draft to Pages. Making page preview open a new tab (#497)
* Adding title & draft to Pages.
* Making page preview open a new tab instead of render in the existing tab
* Draft pages cannot be seen without a preview
* Update check (#499)
* Add update_check function
* Notify user that a CTFd update is available in the admin panel
* Adding update_check tests
* Ratelimit (#500)
* Implementing a ratelimit function
* Fix error page formatting
* Add rate limiting tests
* Rate limit authentication functions and rate limit admin send email function
* Load user solves before we load challenges to avoid unstyled buttons (#502)
* Add a challenge preview (#503)
* Adding a challenge preview to the admin panel
* Change /admin/chals/<int:chalid> to /admin/chal/<int:chalid>
* Adding codecov (#504)
* Test coverage at https://codecov.io/gh/CTFd/CTFd
* Sendmail improvements (#505)
* Add get_smtp timeout, add sendmail error messages
* Adding more error handling to sendmail
* Adding Flask-Script (#507)
* Pause ctf (#508)
* Implement CTF pausing
* Test CTF pausing
* Fix loading challenges for users (#510)
* Fix loading challenges for users
* Temporarily switch themes in test
* Pause help text (#509)
* Adding pause help text
* Pages authed (#511)
* Adding authentication options to pages
* Adding tests for accessing pages while draft & auth_required
* Merging master into 1.1 (#513)
* Name the core theme and remove the original theme
* Use <int:xxx> in routes to prevent some errors 500 (#192)
* Use first_or_404() to prevent some errors 500 (#193)
* Add a populating script for awards. (#191)
* Creating upload_file util
* Marking 1.0.0 in __init__ and starting database migrations
* Upgrading some more HTML
* Adding CHANGELOG.md
Kevin Chung
Kevin Chung