Skip to content

2.0.0
Compare
Choose a tag to compare
@ColdHeat ColdHeat released this 02 Dec 16:55
· 860 commits to master since this release
2.0.0
809e4df
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

2.0.0 / 2018-12-2

2.0.0 is a significant, backwards-incompaitble release.

Many unofficial plugins will not be supported in CTFd 2.0.0. If you're having trouble updating your plugins
please join the CTFd Slack for help and discussion.

If you are upgrading from a prior version be sure to make backups and have a reversion plan before upgrading.

  • If upgrading from 1.2.0 please make use of the migrations/1_2_0_upgrade_2_0_0.py script as follows:
    1. Make all necessary backups. Backup the database, uploads folder, and source code directory.
    2. Upgrade the source code directory (i.e. git pull) but do not run any updated code yet.
    3. Set the DATABASE_URL in CTFd/config.py to point to your existing CTFd database.
    4. Run the upgrade script from the CTFd root folder i.e. python migrations/1_2_0_upgrade_2_0_0.py.
      • This migration script will attempt to migrate data inside the database to 2.0.0 but it cannot account for every situation.
      • Examples of situations where you may need to manually migrate data:
        • Tables/columns created by plugins
        • Tables/columns created by forks
        • Using databases which are not officially supported (e.g. sqlite, postgres)
    5. Setup the rest of CTFd (i.e. config.py), migrate/update any plugins, and run normally.
  • If upgrading from a version before 1.2.0, please upgrade to 1.2.0 and then continue with the steps above.

General

  • Seperation of Teams into Users and Teams.
    • Use User Mode if you want users to register as themselves and play on their own.
    • Use Team Mode if you want users to create and join teams to play together.
  • Integration with MajorLeagueCyber (MLC). (https://majorleaguecyber.org)
    • Organizers can register their event with MLC and will receive OAuth Client ID & Client Secret.
    • Organizers can set those OAuth credentials in CTFd to allow users and teams to automatically register in a CTF.
  • Data is now provided to the front-end via the REST API. (#551)
    • Javascript uses fetch() to consume the REST API.
  • Dynamic Challenges are built in.
  • S3 backed uploading/downloading built in. (#661)
  • Real time notifications/announcements. (#600)
    • Uses long-polling instead of websockets to simplify deployment.
  • Email address domain whitelisting. (#603)
  • Database exporting to CSV. (#656)
  • Imports/Exports rewritten to act as backups.
    • Importing no longer stacks values.
    • Exports are no longer partial.
  • Reset CTF from config panel (Remove all users, solves, fails. i.e. only keep Challenge data.) (#639)
  • Countries are pre-determined and selectable instead of being user-entered.
  • Sessions are no longer stored using secure cookies. (#658)
    • Sessions are now stored server side in a cache (filesystem or redis) allowing for session revocation.
    • In order to delete the cache during local development you can delete CTfd/.data/filesystem_cache.
  • Challenges can now have requirements which must be met before the challenge can be seen/solved.
  • Workshop mode, score hiding, registration hiding, challenge hiding have been changed to visibility settings.
  • Users and Teams can now be banned preventing access to the CTF.
  • Dockerfile improvements.
    • WORKERS count in docker-entrypoint.sh defaults to 1. (#716)
    • docker-entrypoint.sh exits on any error. (#717)
  • Increased test coverage.
  • Create SAFE_MODE configuration to disable loading of plugins.
  • Migrations have been reset.

Themes

  • Data is now provided to the front-end via the REST API.
    • Javascript uses fetch() to consume the REST API.
  • The admin theme is no longer considered seperated from the core theme and should always be together.
  • Themes now use url_for() to generate URLs instead of hardcoding.
  • socket.io (via long-polling) is used to connect to CTFd to receive notifications.
  • ctf_name() renamed to get_ctf_name() in themes.
  • ctf_logo() renamed to get_ctf_logo() in themes.
  • ctf_theme() renamed to get_ctf_theme() in themes.
  • Update Font-Awesome to 5.4.1.
  • Update moment.js to 2.22.2. (#704)
  • Workshop mode, score hiding, registration hiding, challenge hiding have been changed to visibility functions.
    • accounts_visible(), challenges_visible(), registration_visible(), scores_visible()

Plugins

  • Plugins are loaded in sorted() order
  • Rename challenge type plugins to use .html and have simplified names. (create, update, view)
  • Many functions have moved around because utils.py has been broken up and refactored. (#475)
  • Marshmallow (https://marshmallow.readthedocs.io) is now used by the REST API to validate and serialize/deserialize API data.
    • Marshmallow schemas and views are used to restrict SQLAlchemy columns to user roles.
  • The REST API features swagger support but this requires more utilization internally.
  • Errors can now be provided between routes and decoraters through message flashing. (CTFd.utils.helpers; get_errors, get_infos, info_for, error_for)
  • Email registration regex relaxed. (#693)
  • Many functions have moved and now have dedicated utils packages for their category.
  • Create SAFE_MODE configuration to disable loading of plugins.
Assets 2