Skip to content
GitHub no longer supports this web browser. Learn more about the browsers we support.

/ CTFd

Latest release
  • 2.2.3
  • d59bfa3
  • Verified
    This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
    GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
  • Compare
    Choose a tag to compare
    Search for a tag
2.2.3
Latest release
  • 2.2.3
  • d59bfa3
  • Compare
    Choose a tag to compare
    Search for a tag
  • Verified
    This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
    GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits

@ColdHeat ColdHeat released this Jan 21, 2020 · 1 commit to master since this release

2.2.3 / 2020-01-21

This release includes a critical security fix for CTFd versions >= 2.0.0

All CTFd administrators are recommended to take the following steps:

  1. Upgrade their installations to the latest version
  2. Rotate the SECRET_KEY value
  3. Reset the passwords for all administrator users

Security

  • This release includes a fix for a vulnerability allowing an arbitrary user to take over other accounts given their username and a CTFd instance with emails enabled

General

  • Users will receive an email notification when their passwords are reset
  • Fixed an error when users provided incorrect team join information
Assets 2
You can’t perform that action at this time.