Feat/versionupgrade #24
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Add a matrix scoreboard that shows challenges that have been solved and attempted by participants * Add target column to Tracking table * Store a tracking event under `challenges.open` when a challenge is opened for the first time by a user
* Add workflow to mirror core theme from main repo
* Rewrites the rating system to be an upvote downvote system instead of a 1-5 star system
# 3.8.0 / 2025-09-04 **General** - Admins can now configure whether users can see their past submissions - Admins can now store challenge solutions within CTFd to be viewed by users - Participants can now leave upvotes/downvotes on challenges as well as their review of a challenge - Ratings/Votes can be configured to be viewed by participants or only admins - Reviews are only visible by admins - Challenges now have the `logic` field which allows for challenge developers to control the flag collection behavior of a challenge: - `any`: any flag is accepted for the challenge - `all`: all flags for the challenge must be submitted - `team`: all team members must submit any flag - Max Attempts can now behave as a timeout instead of a lockout - For example a user who submits 3 attempts will then be prevented from submitting another attempt for 5 minutes instead of being unable to submit entirely - Social Shares for challenge completion are now enabled by default and admins may now control the social share template page - Additional attempts after solving on challenges will now show if the submissions is correct/incorrect - If email sending is available, email confirmation is enabled by default and users are nudged to complete email verification. - Hints can now have a title that is shown before unlocking - Hints now always require unlocking even if they require no cost - Prevents accidental viewing and improves tracking of hint usage - CTFd will now store a tracking event under `challenges.open` in the Tracking table when a challenge is opened for the first time by a user - Challenges now report whether a flag is correct or incorrect even if the challenge has already been solved - Fixes issue where admins could not download challenge files before CTF start when downloading anonymously **Admin Panel** - Added a matrix scoreboard to the Statistics page to show player progression through the CTF - Added support for brackets in the Admin Panel scoreboard - Added config option for minimum password length - Added config option to control whether players can view their previous submissions - Admins can now require users to change their password upon login - Added config option to control Max Attempts behavior - In the Admin Panel challenge preview, admins now only see free hints - Fixed issue where the hint form was not resetting properly when creating multiple hints **API** - Added `/api/v1/users/me/submissions` for users to retrieve their own submissions - Added `/api/v1/challenges/[challenge_id]/solutions` for users to retrieve challenge solutions - Added `/api/v1/challenges/[challenge_id]/ratings` for users to submit ratings and for admins to retrieve them - Added `ratings` and `rating` fields to the response of `/api/v1/challenges/[challenge_id]` - Added `solution_id` to the response of `/api/v1/challenges/[challenge_id]` - If no solution is available, the field is `null` - Added `logic` field to the response of `/api/v1/challenges/[challenge_id]` - Added `change_password` field to `/api/v1/users/[user_id]` when viewed as an admin - Added `/api/v1/solutions` and `/api/v1/solutions/[solution_id]` endpoints - `/api/v1/unlocks` is now also used to unlock solutions for user viewing **Deployment** - Added `PRESET_ADMIN_NAME`, `PRESET_ADMIN_EMAIL`, `PRESET_ADMIN_PASSWORD`, and `PRESET_ADMIN_TOKEN` to `config.ini` for pre-creating an admin user - Useful for automated deployments and ensuring a known admin token exists - Added `PRESET_CONFIGS` to `config.ini` for pre-setting server-side configs - Useful for configuring CTFd without completing setup or using the API - Added `EMAIL_CONFIRMATION_REQUIRE_INTERACTION` to `config.ini` to require additional interaction for email confirmation links - Improves compatibility with certain anti-phishing defenses - Email confirmation is now enabled whenever email sending is available - Replaced `pybluemonday` with `nh3` (due to breakage in Python modules written in Golang) - Updated Flask to 2.1.3 - Updated Werkzeug to 2.2.3 **Plugins** - Challenge Type Plugins should now return a `ChallengeResponse` object instead of a `(status, message)` tuple - Existing behavior is supported until CTFd 4.0 - Added `BaseChallenge.partial` for challenge classes to indicate partial solves (for `all` flag logic) **Themes** - The `core-beta` theme has been promoted to `core` - The `core-beta` repo has been replaced with the [core-theme repo](https://github.com/CTFd/core-theme). Future changes should be made there - The previous `core` theme has been deprecated and renamed `core-deprecated`
) * Add functionality to specify a RUN_ID environment variable that all workers will use for the cache-buster URL parameter. Fixes CTFd#2681 --------- Co-authored-by: Kevin Chung <kchung@ctfd.io>
* Integrates dynamic scoring into the standard challenge type * Closes CTFd#2036
…updated (CTFd#2844) * Fix issue where standard challenges with static function couldn't be updated
* Fix issue where a preset admin user changes their name
* New translations messages.pot (French) * New translations messages.pot (Hebrew) * New translations messages.pot (Romanian) * New translations messages.pot (Spanish) * New translations messages.pot (Arabic) * New translations messages.pot (Bulgarian) * New translations messages.pot (Catalan) * New translations messages.pot (Czech) * New translations messages.pot (German) * New translations messages.pot (Greek) * New translations messages.pot (Finnish) * New translations messages.pot (Italian) * New translations messages.pot (Japanese) * New translations messages.pot (Korean) * New translations messages.pot (Polish) * New translations messages.pot (Russian) * New translations messages.pot (Slovak) * New translations messages.pot (Slovenian) * New translations messages.pot (Swedish) * New translations messages.pot (Chinese Simplified) * New translations messages.pot (Chinese Traditional) * New translations messages.pot (Vietnamese) * New translations messages.pot (Portuguese, Brazilian) * New translations messages.pot (Uzbek)
* Add Hebrew language * Rebuild .mo files
* New translations messages.pot (Lithuanian) * New translations messages.pot (Uzbek) * New translations messages.pot (Uzbek)
* Add Uzbek language
Signed-off-by: Khiem Doan <doankhiem.crazy@gmail.com> Co-authored-by: Kevin Chung <kchung@ctfd.io>
…TFd#2867) * If UPDATE_CHECK is set we should remove any existing latest version
* Return 404 if solution state is hidden * Update solutions API not available response code
…ased dynamic (CTFd#2869) * Fix issue where new built-in dynamic columns caused conflicts with previous plugin based dynamic challenges
…d#2872) * Add `EXTRA_CONFIGS_FORCE_TYPES` config to allow server admins to force types for configs specified in the `[extra]` section
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.