Skip to content

2.2.3

Compare
Choose a tag to compare
@ColdHeat ColdHeat released this 21 Jan 19:47
· 542 commits to master since this release
d59bfa3

2.2.3 / 2020-01-21

This release includes a critical security fix for CTFd versions >= 2.0.0

All CTFd administrators are recommended to take the following steps:

  1. Upgrade their installations to the latest version
  2. Rotate the SECRET_KEY value
  3. Reset the passwords for all administrator users

Security

  • This release includes a fix for a vulnerability allowing an arbitrary user to take over other accounts given their username and a CTFd instance with emails enabled

General

  • Users will receive an email notification when their passwords are reset
  • Fixed an error when users provided incorrect team join information