CTFd/CHANGELOG.md

10 KiB

1.1.3 / 2018-03-26

General

  • [SECURITY] Fixed XSS in team name field on team deletion. (#592)
  • Fixed an issue where MariaDB defaults in Docker Compose caused difficult to debug 500 errors. (#566)
  • Improved Docker usage:
    • Redis cache
    • Configurable amount of workers
    • Easier to access logs
    • Plugin requirements are installed on image build.
    • Switched from the default gunicorn synchronous worker to gevent
  • Fixed an issue where ties would be broken incorrectly if there are challenges that are worth 0 points. (#577)
  • Fixed update checks not happening on CTFd start. (#595)
  • Removed the static_html handler to access raw HTML files. (#561)
    • Pages is now the only supported means of accessing/creating a page.
  • Removed uwsgi specific configuration files.
  • Fixed issue with Docker image having a hard coded database host name. (#587)

Themes

  • Fixed scrollbar showing on pages that are smaller than the screen size (#589)
  • Fixed displaying the team rank while in workshop mode. (#590)
  • Fixed flag modal not clearing when creating multiple new flags. (#594)

Plugins

  • Add a utility decorator to allow routes to forego CSRF protection. (#596)

1.1.2 / 2018-01-23

General

  • Fixed page links on subdirectory deployments
  • Fixed challenge updating on subdirectory deployments
  • Fixed broken icon buttons on Safari

Themes

  • Upgraded to Bootstrap 4.0.0
  • Upgraded to jQuery 3.3.1
  • Upgraded to FontAwesome 5.0.4

1.1.1 / 2018-01-08

General

  • Fixed regression where users could not be promoted to admins or verified.
  • Fixed two icons in the Media Library which were not updated to Font Awesome 5.
  • Challenge previews now include tags, hints, and files.
  • Fixed an issue where a page could not be published immediately after being saved.

Themes

  • Upgraded to Bootstrap 4 Beta v3. No major changes needed by themes.
  • Fixed issue where the frozen message was not centered in the team page.
  • The JavaScript update() function now has a callback instead of being hardcoded.
  • chalboard.js now passes script_root into the Nunjucks templates so that file downloads work properly under subdirectories.

1.1.0 / 2017-12-22

Themes

  • The original theme has been replaced by the core theme. The core theme is written in Bootstrap v4.0.0-beta.2 and significantly reduces the amount of custom styles/classes used.
  • Challenges can now be previewed from the admin panel.
  • The modals to modify files, flags, tags, and hints are no longer controlled by Challenge Type Plugins and are defined in CTFd itself.
  • The admin graphs and admin statistics pages have been combined.
  • Percentage solved for challenges has been moved to the new statistics page.
  • The scoregraph on the scoreboard has been cleaned up to better fit the page width.
  • Score graphs now use user-specific colors.
  • Hints can now be previewed from the admin panel.
  • Various confirmation modals have been replaced with ezq.js, a simple Bootstrap modal wrapper.
  • Fixed a bug where challenge buttons on the challenge board would load before being styled as solved.
  • FontAwesome has been upgraded to FontAwesome 5.
  • Themes are now rendered using the Jinja2 SandboxedEnvironment.

Database

  • Keys.key_type has been renamed to Keys.type.
  • Pages Improvements:
    • Page previews are now independent of the editor page.
    • Pages now have a title which refer to the link's name on the navbar.
    • Pages can now be drafts which cannot be seen by regular users.
    • Pages can now require authentication to view.
    • CSS editing has been moved to the config panel.

Challenge Type Plugins

  • Handlebars has been replaced with Nunjucks which means Challenge Type Plugins using Handlebars must be updated to work with 1.1.0

General

  • CTFs can now be paused to prevent solves.
  • A new authed_only decorator is available to restrict pages to logged-in users.
  • CTFd will now check for updates against versioning.ctfd.io. Admins will see in the admin panel that CTFd can be updated.
  • A ratelimit function has been implemented. Authentication and email related functions are now ratelimited.
  • Code coverage from codecov.
  • Admins can now see the reason why an email to a team failed to send.
  • SMTP email connections take priority over mailgun settings now. The opposite used to be true.
  • The JavaScript submitkey() function now takes an optional callback.
  • utils.get_config() no longer looks at app.config values. Instead use utils.get_app_config().
  • Only prompt about upgrades when running with a TTY.

1.0.5 / 2017-10-25

  • Challenge Type Plugins now have a static interface which should be implemented by all challenge types.
    • Challenge Type Plugins are now self-contained in the plugin system meaning you no longer need to manipulate themes in order to register Challenge Type Plugins.
    • Challenge Type plugins should implement the create, read, update, delete, attempt, solve, and fail static methods.
    • Challenge Type plugins now use strings for both their IDs and names.
    • Challenge Type plugins now contain references to their related modal template files.
  • Plugins can now register directories and files to be served by CTFd
    • CTFd.plugins.register_plugin_assets_directory registers a directory to be served
    • CTFd.plugins.register_plugin_asset registers a file to be served
  • Plugins can now add to the admin and user menu/nav bars
    • Plugins can now add to the admin menu bar with CTFd.plugins. register_admin_plugin_menu_bar
    • Plugins can now add to the user menu bar with CTFd.plugins. register_user_page_menu_bar
  • Plugins should now use config.json to define plugin attributes in lieu of config.html. Backwards compatibility has been maintained. With config.json, plugins can now control where the user is linked to instead of being directed to config.html.
  • The challenge type and key type columns are now strings.
  • Some utils functions now have CTFd.plugins wrappers.
  • There is now a /team endpoint which takes the user to their own public profile.
  • Mail server username and passwords are no longer rendered in the Admin Config panel.
  • Users can now see their own user graphs when scores are hidden.
  • prepare.sh is now marked executable.
  • Spinners are now properly removed if there is no data to display.

Always backup your database before upgrading!

1.0.4 / 2017-09-09

  • Add spinners to the original theme for loading graphs
  • Plugins can register global JS files with utils.register_plugin_script()
  • Plugins can register global CSS files with utils.register_plugin_stylesheet()
  • Challenge type plugins can now control the response to a user's input
  • Vagrantfile!
  • Containers functionality has been moved into a plugin
  • Hide solves from the JSON endpoint when hiding scores.
  • The utils.get_config() function now checks for lower case and upper case values specified in config.py
  • Pages are now cached so that we don't hit the database every time we need to load a page.
  • The /top/10 endpoint has been changed to group users by ID instead of by name.
  • Admins are allowed to see and solve challenges before a CTF starts.
  • The CTF time configuration UI has been fixed to allow for the removal of times.
  • The score graph in the original theme is now sorted by score.
  • Bug fixes
    • Use strings to store IP addresses.
    • Take into account awards when we calculate a user's place.
    • Plugin configuration clears the cache.
    • More logging inside of auth.py.
    • Username and password in the SMTP mail configuration are now optional.
    • Markdown in challenges has been fixed to it's pre-regression state and is easier to write.
    • Improvements to Python 3 compatability.
    • Variety of new tests to further test behavior.
    • Fixed an old bug where users would incorrectly see a challenge with 0 solves.

1.0.3 / 2017-07-01

  • Increased Unicode support. Smileys everywhere 👌
    • MySQL charset defaults to utf8mb4
  • Pages feature now supports Markdown and the Pages editor has a preview button
  • IPv6 support for users' IP addresses
  • Theme switching no longer requires a server restart
  • Admins can now search for teams in the admin panel
  • The config.html page for plugins are now Jinja templates giving them much more functionality
  • Hints are automatically unlocked once the CTF is finished
  • Themes now have a dedicated themes folder
  • Graphs are now transparent so that themes can style the background
  • Tags are now inserted into the classes of challenge buttons on the default theme
  • There is now an override_template() function allowing plugins to replace the content of any template loaded by CTFd
  • Changes to the email confirmation flow and making confirmation email resending user controlled.

1.0.2 / 2017-04-29

  • Challenges can now have max attempts set on a per challenge level
  • Setup now automatically logs you in as an admin. Don't leave your CTFs unconfigured!
  • Tests are now executed by TravisCI! Help out by adding tests for functionality!
  • CTFd now has it's own Github organization!
  • From a plugin you can replace most of the utils functions used by CTFd. This allows plugins to replace even more functionality within CTFd
  • CTFd now has a concept of Hints!
  • You can now customize the challenge editting modals in the admin panel
  • There are now links to social media pages where you can follow CTFd to track updates.
  • CTFd now has the ability to export and import data. This lets you save your CTFs as zip files and redeploy them again and again.

1.0.1 / 2017-03-08

  • Challenge types

    • This means CTFd now supports multiple kinds of challenges.
    • Challenges are now modifiable with a plugin.
  • Solve types

    • This means CTFd now supports multiple kinds of flags/keys.
    • The flag/key logic is now modifiable with a plugin.
  • Plugins are now allowed a configuration page

  • The formerly massive admin.py is separated out into easier to work on chunks

  • Improved Dockerfile and associated docker-compose file

  • Fixes Python 3 compatibility

  • Fixes a variety of glitches reported by users

  • Always backup database before upgrading!

1.0.0 / 2017-01-24

Implemented enhancements:

  • 1.0.0 release! Things work!
  • Manage everything from a browser
  • Run Containers
  • Themes
  • Plugins
  • Database migrations

Closed issues:

  • Closed out 94 issues before tagging 1.0.0

Merged pull requests:

  • Merged 42 pull requests before tagging 1.0.0