CTFd 3.8.5 has been released with a security fix for an open redirect vulnerability. A bypass that affected certain browsers was identified for the open redirect vulnerability patched in 3.8.4. For context, this open redirect occurred when registering or logging into an account via malicious crafted…
CTFd 3.8.4 has been released with security fixes for two vulnerabilities. The first vulnerability allows an attacker to cause partially controlled links to be served to other users. The second is an open redirect for users when registering or logging into an account via malicious crafted URLs.…
CTFd 3.8.2 has been released with a security fix for a vulnerability where a malicious admin user could import a crafted zip file to write files arbitrarily depending on the configuration of CTFd.…
CTFd 3.8.0 has been released with new analytics and quality-of-life improvements for both admins and participants. Challenge solutions, Challenge Ratings, the new Challenge logic field and other improvements are available in CTFd 3.8.0.…
CTFd 3.7.6 has been released with a security configuration improvement. The TRUSTED_HOSTS config setting has been added to config.ini to restrict CTFd to trusted hostnames. This can help prevent attacks against CTFd when CTFd has been deployed without a reverse proxy (e.g. nginx) or if…
Since our current pricing was established over 7 years ago there have been many changes both in the Hosted CTFd feature set and global economic forces. Our underlying costs have increased and we are updating our pricing to better reflect those new costs as well as better support our users.…
CTFd 3.7.5 has been released with a security fix for an issue where a user could change their own bracket after registration. Depending on how brackets are used this could affect external systems/processes that relied on the integrity of bracket assignments. CTFd 3.7.5 also converts…
CTFd 3.7.4 has been released with a security fix for a vulnerability where an attacker could perform a Denial of Service against a CTFd instance. CTFd v2.2.0 to v3.7.3 are affected. We recommend all CTFd users update their instance to v3.7.4. If…