CTFd

CTFd 3.8.0 has been released with new analytics and quality-of-life improvements for both admins and participants. Challenge solutions, Challenge Ratings, the new Challenge logic field and other improvements are available in CTFd 3.8.0. Read More: blog.ctfd.io/ctfd-3-8-0/

CTFd 3.8.4 has been released with fixes for two vulnerabilities. The first allows an attacker to cause malicious links to be served to other users possibly resulting in JS execution. The second is an open redirect for users via malicious crafted URLs. blog.ctfd.io/ctfd-3-8-4/

CTFd 3.8.2 has been released with a security fix for a vulnerability where a malicious admin user could import a crafted zip file to write files arbitrarily depending on the configuration of CTFd. blog.ctfd.io/ctfd-3-8-2/

CTFd 3.7.6 has been released with security configuration improvement. The TRUSTED_HOSTS config setting has been added to config.ini to restrict CTFd to trusted hostnames. bit.ly/4gSXQNd

Yesterday we announced new pricing including a change to the edu discount. After discussion with some affected customers, we will be keeping the edu discount at 80% and the non-profit discount at 50% as before. We apologize for any confusion.

Since our current pricing was established over 7 years ago there have been many changes both in the Hosted CTFd feature set and worldwide economic forces. Our underlying costs have increased across the board and we are updating our pricing. bit.ly/3WjwSaa

CTFd 3.7.5 has been released with security fixes for brackets and security improvements to the account confirmation and reset password emails. bit.ly/4gSbhgE

CTFd 3.7.4 has been released with a security fix for a vulnerability where an attacker could perform a Denial of Service against a CTFd instance. Read More at bit.ly/4eIFvSL

CTFd 3.7.3 has been released with a security fix for a vulnerability where an attacker could determine the names of accounts that had solved a challenge even though CTFd was configured to hide account information. bit.ly/3YvAgRc

CTFd 3.7.2 has been released with a security fix for a vulnerability where an attacker could extract flags from CTFd provided that an admin interacted with a malicious page. More details available on our blog bit.ly/3VwAiVv

CTFd 3.7.0 is available now with scoreboard brackets, social sharing links, improvements to the file upload API and the introduction of Vite. Read more at bit.ly/437fmIk

CTFd v3.6.0 has been released with support for Translations! Initially we are supporting German, Polish, Spanish, and Chinese. This release has been long in the making and we're very relieved to be releasing it out to you! Read more at buff.ly/3QMJzYU

Very excited to be working @osirislab to host a @BSidesNYC CTF in April!

Introducing Tourist! We're open sourcing an internal project that makes it easier to run browser-based CTF challenges. Read more on our blog at buff.ly/3wtdkT6.

@francium Hi there, you can reach us ctfd.io/contact/.

@ctfdio hello! We are looking to make contact to discuss purchasing CTFd! What's the best way to get in touch?

@FitByBurgan Sorting is supported on the core-beta theme: github.com/CTFd/core-beta

@ctfdio clicking Settings Editor the window opens but the only option shown is Challenge Box Window size. Upon selecting the size and clicking accept it posts the sizing code in the theme box. Older versions of ctfd showed multiple ordering boxes after clicking Settings Editor button

@ctfdio got a question in regard to ordering challenge category. What does that code look like? When I work from docs.ctfd.io/tutorials/chal… I'm getting an Internal Server Error when I commit the update to the theme.

@FitByBurgan Try using the Settings Editor to insert the compare function instead of manually editting the JSON

@h3ckseven The currently approved method is to use the views.themes_beta endpoint instead of views.themes: #L490" target="_blank" rel="nofollow noopener">github.com/CTFd/CTFd/blob…. But you can also simply modify the function that handles the url modification: #L31" target="_blank" rel="nofollow noopener">github.com/CTFd/CTFd/blob…

@ctfdio Hey! I'm working on a fork of the learning theme and I have a question about CTFd dev mode. I can initiate dev mode, but the stylesheet URL is cached - *.dev.css?d=**. I can't work out how to disable this. Can you point me in the right direction?

CTFd v3.5.0 has been released with Next Challenge, Hint Requirements, Importer Improvements, and a beta release of the next iteration of the default CTFd theme! 50% reduction in bundle size! Read more at buff.ly/3PbtU2b

CTFd v3.4.3 (and the shortlived 3.4.2) is available now with a security fix in a dependency to resolve CVE-2022-24724. Full changelog at Github buff.ly/3tHXh2h