Mark 2.2.3 (#1222)

aljaz/CTFd

mirror of https://github.com/aljazceru/CTFd.git synced 2025-12-17 14:04:20 +01:00

2.2.3 / 2020-01-21
==================

### This release includes a critical security fix for CTFd versions >= 2.0.0

All CTFd administrators are recommended to take the following steps:
1. Upgrade their installations to the latest version
2. Rotate the `SECRET_KEY` value
3. Reset the passwords for all administrator users

**Security**
* This release includes a fix for a vulnerability allowing an arbitrary user to take over other accounts given their username and a CTFd instance with emails enabled

**General**
* Users will receive an email notification when their passwords are reset
* Fixed an error when users provided incorrect team join information

This commit is contained in:

Kevin Chung

2020-01-21 00:06:03 -05:00

committed by

GitHub

parent a2551db690

commit d59bfa3578

4 changed files with 21 additions and 3 deletions

									
										2

CTFd/__init__.py
									
												View File
												
				@@ -30,7 +30,7 @@ if sys.version_info[0] < 3:

				    reload(sys)  # noqa: F821

				    sys.setdefaultencoding("utf-8")

				__version__ = "2.2.2"

				__version__ = "2.2.3"

				class CTFdRequest(Request):

Mark 2.2.3 (#1222)

2 CTFd/__init__.py Unescape Escape View File

2

CTFd/init.py

View File