chk conflict #1
Closed
chk conflict #1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Unpin MariaDB MariaDB should not be pinned to a half-decade-old version with 78 open CVEs. Pin to the LTS version instead and enable auto-upgrading. Add CI check for MariaDB LTS. * Use 10.11 tag instead of lts to make the version unambigious --------- Co-authored-by: Kevin Chung <[email protected]>
97b626ad Fix issue where CTFd JS could not be used because an entrypoint dependency was missing (#80) 0a4c9fd5 Mark more strings as translatable in navbar, register and user search templates (#79) 3a54b260 notifications.html: use bg-body (#77) 35aa76ea Implement page selection on <select> change (#78) 79cb6e5e Swap 403 error messaging for legibility (#76) ba1b29c5 Show message on empty scoreboard (#74) 9350bf62 Update Bootstrap and Font Awesome (#75) f4b57b41 Fix <select> dropdown background color (#73) 8c5e56be Do not scroll to top when clicking challenge tabs (#71) 9ee901e1 scoreboard.html: fix account url and translation (#72) 9935b6f1 Fix navbar links alignment (#69) ba55e285 Fix social share extra div when disabled (#70) f6b731d7 Add missing href on challenge nav-tabs (#68) git-subtree-dir: CTFd/themes/core-beta git-subtree-split: 97b626ad839e5d696d1ef7425353acc6686c8855
Update core beta
2b9206f5 Remove empty scripts block from the team_enrollment.html file (#81) git-subtree-dir: CTFd/themes/core-beta git-subtree-split: 2b9206f5c3f9db08c8894a8b896cbce84820ba50
Update core beta
fix: 500 error no score Co-authored-by: Kevin Chung <[email protected]>
* Remove all teams when migrating user mode * make format * Move user_mode special case to /admin/reset * Run formatter * Customize user mode message --------- Co-authored-by: Kevin Chung <[email protected]>
Co-authored-by: Kevin Chung <[email protected]>
* Small changes to admin settings page for navigability * Propose broad reorganization * Add page functionality * Format Bracket.vue with prettier * Make sidebar items smaller and scroll to top on tab switch * Move export into a backup section --------- Co-authored-by: Claire Goeckner-Wald <[email protected]> Co-authored-by: Kevin Chung <[email protected]>
…anel (#2542) * Fix setting time config and make various language changes in config panel * Small language fixes
…ile handlers (#2543) * Return a proper Cache-Control header with an hour timeout instead of relying on the conditional browser checks
* Add none-check to time filter funcs * Add typehinting, print statements, tests * Switch to using PascalCase names for datetime --------- Co-authored-by: Claire Goeckner-Wald <[email protected]> Co-authored-by: Kevin Chung <[email protected]>
…ees (#2546) * Add the `/debug` endpoint that will show what headers CTFd sees as well as the user's IP address. * `/debug` will only be available when `SAFE_MODE` is enabled
* Add `POST /api/v1/exports/raw` to download CTFd and CSV exports via the API
…g their team password (#2548) * Allow teams with null passwords to create invite codes without setting their team password This loosens the fix implemented in #2485. Teams with NULL passwords can now generate invite codes that are signed with only the CTFd secret key. The original idea was to use both the secret key and team password to allow revocation of the invite by changing the password but this achieves the same effect as if the team sets a password, the invite generated with only the secret key will no longer work
# 3.7.1 / 2024-05-31 **Admin Panel** - The styling of the Config Panel has been updated to better organize different settings - When switching user modes via the Admin Panel, all teams will now be removed - Fix issues where importing CSVs comprised of JSON entries would fail - Add `serializeJSON` function back into the Admin Panel **API** - The `/api/v1/exports/raw` API endpoint has been added to allow for exports to be generated via the API - Update the ScoreboardDetail endpoint (`/api/v1/scoreboard/top/<count>`) to return account URL, score, and bracket - Add a query parameter to ScoreboardDetail endpoint (`/api/v1/scoreboard/top/<count>`) to filter by bracket - Return `function` field for DynamicValue challenges data read **General** - Add Italian and Vietnamese languages - Switch to Crowdin for translations **Themes** - Add `defer` parameter to `Assets.js()` to allow controlling the defer attribute of inserted `<script>` tags **Plugins** - Plugins can now define a `config` entry in `config.json` to define a template to embed into the Config Panel - Add the `make_cache_key_with_query_string` to allow for caching based on query string arguments **Deployment** - MariaDB version provided in docker-compose.yml has been updated to `10.11` - Static assets (theme files, static files) will now return a Cache-Control header with a `max-age` of 3600 - Add the `/debug` endpoint to show CTFd debugging information - Currently showing the IP address that CTFd is seeing for the request and the request headers - `/debug` will only be enabled if the `SAFE_MODE` config is enabled
…cks the challenge preview behavior (#2555)
* Remove unexpected flask-sqlalchemy paginate 404
* Add setting for CROSS_ORIGIN_OPENER_POLICY * Fix lint
Co-authored-by: Claire Goeckner-Wald <[email protected]> Co-authored-by: Kevin Chung <[email protected]>
* New translations messages.pot (Uzbek) * New translations messages.pot (Catalan) * New translations messages.pot (Vietnamese) * New translations messages.pot (Catalan)
Co-authored-by: Kairos-T <[email protected]>
…onfigure the default language (#2572) * Add the default_locale config in the Admin Panel to allow admins to configure the default language
… loaded (#2821) * Fix issue where challenge preview didn't work because ratings weren't loaded * Bump bandit version and fix security lints
* Add a matrix scoreboard that shows challenges that have been solved and attempted by participants * Add target column to Tracking table * Store a tracking event under `challenges.open` when a challenge is opened for the first time by a user
* Add workflow to mirror core theme from main repo
* Rewrites the rating system to be an upvote downvote system instead of a 1-5 star system
# 3.8.0 / 2025-09-04 **General** - Admins can now configure whether users can see their past submissions - Admins can now store challenge solutions within CTFd to be viewed by users - Participants can now leave upvotes/downvotes on challenges as well as their review of a challenge - Ratings/Votes can be configured to be viewed by participants or only admins - Reviews are only visible by admins - Challenges now have the `logic` field which allows for challenge developers to control the flag collection behavior of a challenge: - `any`: any flag is accepted for the challenge - `all`: all flags for the challenge must be submitted - `team`: all team members must submit any flag - Max Attempts can now behave as a timeout instead of a lockout - For example a user who submits 3 attempts will then be prevented from submitting another attempt for 5 minutes instead of being unable to submit entirely - Social Shares for challenge completion are now enabled by default and admins may now control the social share template page - Additional attempts after solving on challenges will now show if the submissions is correct/incorrect - If email sending is available, email confirmation is enabled by default and users are nudged to complete email verification. - Hints can now have a title that is shown before unlocking - Hints now always require unlocking even if they require no cost - Prevents accidental viewing and improves tracking of hint usage - CTFd will now store a tracking event under `challenges.open` in the Tracking table when a challenge is opened for the first time by a user - Challenges now report whether a flag is correct or incorrect even if the challenge has already been solved - Fixes issue where admins could not download challenge files before CTF start when downloading anonymously **Admin Panel** - Added a matrix scoreboard to the Statistics page to show player progression through the CTF - Added support for brackets in the Admin Panel scoreboard - Added config option for minimum password length - Added config option to control whether players can view their previous submissions - Admins can now require users to change their password upon login - Added config option to control Max Attempts behavior - In the Admin Panel challenge preview, admins now only see free hints - Fixed issue where the hint form was not resetting properly when creating multiple hints **API** - Added `/api/v1/users/me/submissions` for users to retrieve their own submissions - Added `/api/v1/challenges/[challenge_id]/solutions` for users to retrieve challenge solutions - Added `/api/v1/challenges/[challenge_id]/ratings` for users to submit ratings and for admins to retrieve them - Added `ratings` and `rating` fields to the response of `/api/v1/challenges/[challenge_id]` - Added `solution_id` to the response of `/api/v1/challenges/[challenge_id]` - If no solution is available, the field is `null` - Added `logic` field to the response of `/api/v1/challenges/[challenge_id]` - Added `change_password` field to `/api/v1/users/[user_id]` when viewed as an admin - Added `/api/v1/solutions` and `/api/v1/solutions/[solution_id]` endpoints - `/api/v1/unlocks` is now also used to unlock solutions for user viewing **Deployment** - Added `PRESET_ADMIN_NAME`, `PRESET_ADMIN_EMAIL`, `PRESET_ADMIN_PASSWORD`, and `PRESET_ADMIN_TOKEN` to `config.ini` for pre-creating an admin user - Useful for automated deployments and ensuring a known admin token exists - Added `PRESET_CONFIGS` to `config.ini` for pre-setting server-side configs - Useful for configuring CTFd without completing setup or using the API - Added `EMAIL_CONFIRMATION_REQUIRE_INTERACTION` to `config.ini` to require additional interaction for email confirmation links - Improves compatibility with certain anti-phishing defenses - Email confirmation is now enabled whenever email sending is available - Replaced `pybluemonday` with `nh3` (due to breakage in Python modules written in Golang) - Updated Flask to 2.1.3 - Updated Werkzeug to 2.2.3 **Plugins** - Challenge Type Plugins should now return a `ChallengeResponse` object instead of a `(status, message)` tuple - Existing behavior is supported until CTFd 4.0 - Added `BaseChallenge.partial` for challenge classes to indicate partial solves (for `all` flag logic) **Themes** - The `core-beta` theme has been promoted to `core` - The `core-beta` repo has been replaced with the [core-theme repo](https://github.com/CTFd/core-theme). Future changes should be made there - The previous `core` theme has been deprecated and renamed `core-deprecated`
* Add functionality to specify a RUN_ID environment variable that all workers will use for the cache-buster URL parameter. Fixes #2681 --------- Co-authored-by: Kevin Chung <[email protected]>
* Integrates dynamic scoring into the standard challenge type * Closes #2036
…updated (#2844) * Fix issue where standard challenges with static function couldn't be updated
* Fix issue where a preset admin user changes their name
* New translations messages.pot (French) * New translations messages.pot (Hebrew) * New translations messages.pot (Romanian) * New translations messages.pot (Spanish) * New translations messages.pot (Arabic) * New translations messages.pot (Bulgarian) * New translations messages.pot (Catalan) * New translations messages.pot (Czech) * New translations messages.pot (German) * New translations messages.pot (Greek) * New translations messages.pot (Finnish) * New translations messages.pot (Italian) * New translations messages.pot (Japanese) * New translations messages.pot (Korean) * New translations messages.pot (Polish) * New translations messages.pot (Russian) * New translations messages.pot (Slovak) * New translations messages.pot (Slovenian) * New translations messages.pot (Swedish) * New translations messages.pot (Chinese Simplified) * New translations messages.pot (Chinese Traditional) * New translations messages.pot (Vietnamese) * New translations messages.pot (Portuguese, Brazilian) * New translations messages.pot (Uzbek)
* Add Hebrew language * Rebuild .mo files
* New translations messages.pot (Lithuanian) * New translations messages.pot (Uzbek) * New translations messages.pot (Uzbek)
* Add Uzbek language
Signed-off-by: Khiem Doan <[email protected]> Co-authored-by: Kevin Chung <[email protected]>
…2867) * If UPDATE_CHECK is set we should remove any existing latest version
* Return 404 if solution state is hidden * Update solutions API not available response code
…ased dynamic (#2869) * Fix issue where new built-in dynamic columns caused conflicts with previous plugin based dynamic challenges
* Add `EXTRA_CONFIGS_FORCE_TYPES` config to allow server admins to force types for configs specified in the `[extra]` section
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
23 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.