CTFs as you need them
General
API
bracket_name
and bracket_id
to /api/v1/scoreboard
sha1sum
to GET /api/v1/files
location
to POST /api/v1/files
Plugins
register_user_page_menu_bar()
uploaders.open()
to open a file from an uploaderUploaders.upload()
method to control where files get uploaded toThemes
<meta>
tag & page title via template filesunix_time_to_utc()
as a Jinja filterAdmin Panel
Deployment
python:3.11-slim-bookworm
AWS_S3_CUSTOM_PREFIX
Security
General
API
email
as a field
to query to /api/v1/users
and /api/v1/teams
to allow searching via email address for Admins/api/v1/files
Admin Panel
Themes
meta
tags can now be inserted into pages from render_template()
callsDeployment
23.9.1
General
Admin Panel
discard
type for submissionsPATCH /api/v1/submissions/[submission_id]
to mark submissions as correctHTML_SANITIZATION
HTML_SANITIZATION
to true in config.ini
cannot be disabled via the Admin PanelDeployment
SKIP_DB_PING
to instruct the CTFd Docker image to not test if the database server is availableAWS_S3_ADDRESSING_STYLE
virtual
or path
AWS_S3_CUSTOM_DOMAIN
which specifies a domain that replaces the default one in presigned download URLs
flask
cli tool is now offered as an alternative to the manage.py
script.API
ctfd_
prefix to make them easier to identifyGET /api/v1/hints/[hint_id]
will now return hint information for free hints for unauthenticated users if challenges are visibleThemes
Deployment
General
Admin Panel
robots.txt
Deployment
/opt/venv
General
Admin Panel
teams+members+fields
which is teams with Custom Field entries and their team members with Custom Field entriesfield_entries
could not be imported under MariaDBconfig
entries sometimes would be recreated for some reason causing an import to failautocomplete='off'
to Admin Panel pagesAPI
/api/v1/challenges
and /api/v1/challenges/[challenge_id]/solves
by caching the solve count data for users and challengesHEAD /api/v1/notifications
to get a count of notifications that have happened.
since_id
parameter to allow for a notification cursor.since_id
to GET /api/v1/notifications
to get Notifications that have happened since a specific IDDeployment
/healthcheck
endpoint to check if CTFd is readySAFE_MODE
config from environment variableAWS_S3_REGION
config has been added to allow specifying an S3 region. The default is us-east-1
DATABASE_URL
DATABASE_PROTOCOL
: SQLAlchemy DB protocol (+ driver, optionally)DATABASE_USER
: Username to access DB server withDATABASE_PASSWORD
: Password to access DB server withDATABASE_HOST
: Hostname of the DB server to accessDATABASE_PORT
: Port of the DB server to accessDATABASE_NAME
: Name of the database to useREDIS_URL
REDIS_PROTOCOL
: Protocol to access Redis server with (either redis or rediss)REDIS_USER
: Username to access Redis server withREDIS_PASSWORD
: Password to access Redis server withREDIS_HOST
: Hostname of the Redis server to accessREDIS_PORT
: Port of the Redis server to accessREDIS_DB
: Numeric ID of the database to accessPlugins
config.json
to have multiple paths to add to the Plugins dropdown in the Admin Panelget_all_tables
and get_columns_for_table
functionsCTFd.utils.email.providers.EmailProvider
CTFd.utils.email.providers.mailgun.MailgunEmailProvider
CTFd.utils.email.providers.smtp.SMTPEmailProvider
CTFd.utils.email.mailgun.sendmail
CTFd.utils.email.smtp.sendmail
Themes
Assets.manifest_css
has been removedevent-source-polyfill
is now pinned to 1.0.19.
core-beta
theme.General
Admin Panel
GET /admin/import
to see status of importAPI
count
meta field to the following endpoints:
/api/v1/users/me/solves
/api/v1/users/me/fails
/api/v1/users/me/awards
/api/v1/teams/me/awards
/api/v1/users/[user_id]/solves
/api/v1/users/[user_id]/fails
/api/v1/users/[user_id]/awards
/api/v1/teams/[team_id]/solves
/api/v1/teams/[team_id]/awards
/api/v1/teams/me/fails
/api/v1/teams/[team_id]/fails
/api/v1/users/me/fails
/api/v1/users/[user_id]/fails
Deployment
python3-dev
in Dockerfilenginx:stable
as the image for nginxPlugins
CTFd._internal.challenge.render
and CTFd._internal.challenge.renderer
in the view.js
Challenge type file has been deprecated. Instead Challenge plugins should refer to the challenge.html
attribute provided by the API. Essentially CTFd is moving to having markdown & HTML rendered by the server instead of rendering on the client.Themes
core-beta
theme and begin documenting the creation of themes using ViteuserName
and userEmail
to the CTFd init object in base.html
for easier integration with other JavaScript codeteamId
and teamName
to the CTFd init object in base.html
for easier integration with other JavaScript codeAssets
constant to access front end assets from Jinja templatesviews.themes_beta
route to avoid the .dev
/.min
extension being added automatically to frontend asset urlsMiscellaneous
log()
function--delete_import_on_finish
to python manage.py import_ctf
field_entries
table could not be imported when moving between MySQL and MariaDBSecurity
General
Security
General
General
API
/api/v1/challenges/[challenge_id]/solves
endpointContent-Type
header requirementUserSchema
and TeamSchema
to SubmissionSchema
for easier access to account nameAdmin Panel
Themes
theme_settings
can cause broken frontendnode-sass
with sass
and upgrade sass-loader
Deployment
REVERSE_PROXY
to allow comma seperated integersflask-restx
to 0.5.1pybluemonday
to 0.0.9Miscellaneous