3.6.0 / 2023-08-21
General
- Translations support for Spanish, Polish, German, Chinese
- If you wish to fix or maintain a language translation please join at CTFd's public POEditor page.
- Add a total user registration limit option
- Dynamic value challenges can now choose between linear and logarithmic decay functions
- Free hints are now visible by unauthenticated users if challenges are visible by unauthenticated users
- Fix issue where a custom field named affiliation or website prevented registration
- No longer special case "Affiliation" or "Website" as custom field titles. Previously custom fields with those titles would set the user's affiliation or website but this behavior has been removed.
Admin Panel
- Challenge Preview has been improved to support arbitrary custom themes
- Long flags in the Admin Panel are now truncated but can be expanded and copied
- Add UI to mark incorrect submissions as correct
- Add the
discard
type for submissions - Add
PATCH /api/v1/submissions/[submission_id]
to mark submissions as correct
- Add the
- Add section in the Config Panel to configure
HTML_SANITIZATION
- Setting
HTML_SANITIZATION
to true inconfig.ini
cannot be disabled via the Admin Panel
- Setting
- Add wildcard for email whitelisting
Deployment
- Add new envvar
SKIP_DB_PING
to instruct the CTFd Docker image to not test if the database server is available - Add new config
AWS_S3_ADDRESSING_STYLE
- Support selecting the S3 addressing style. It defaults to "auto" as when it's not set, but can also be set to
virtual
orpath
- Support selecting the S3 addressing style. It defaults to "auto" as when it's not set, but can also be set to
- Add new config
AWS_S3_CUSTOM_DOMAIN
which specifies a domain that replaces the default one in presigned download URLs- Required for certain S3 implementations
- Flask and Werkzeug have been upgraded to v2.0.3. Other dependencies have been updated for compatability.
- SQLAlchemy has been updated to v1.4.
- PyMySQL has been upgraded to v1.0.2.
- The
flask
cli tool is now offered as an alternative to themanage.py
script. - gzip compression is now enabled in the provided nginx configuration
API
- API tokens now have a description field
- API tokens now start with a
ctfd_
prefix to make them easier to identify GET /api/v1/hints/[hint_id]
will now return hint information for free hints for unauthenticated users if challenges are visible
Themes
- core-beta is now provided in all CTFd instances
- core-beta is the default theme during setup