* Adds the `Assets` constant to access front end assets from Jinja templates
* Adds a `views.themes_beta` route to avoid the `.dev`/`.min` extension being added automatically to frontend asset urls
* Add `count` meta field to `/api/v1/users/me/solves`, `/api/v1/users/me/fails`, `/api/v1/users/me/awards`, `/api/v1/users/[user_id]/solves`, `/api/v1/users/[user_id]/fails`, `/api/v1/users/[user_id]/awards`
* Works on #2049
# 3.4.3 / 2022-03-07
**Security**
- Bump cmarkgfm to 0.8.0 to resolve CVE-2022-24724. Copied entry from 3.4.2 since 3.4.2 introduced a bug that prevented writing raw HTML.
**General**
- Fix issue where raw HTML would not be rendered in markdown
# 3.4.2 / 2022-03-07
**Security**
- Bump cmarkgfm to 0.8.0 to resolve CVE-2022-24724
**General**
- Fix issue where unauthed users couldn't download challenge files after CTF end but viewing after CTF was enabled
# 3.4.1 / 2022-02-19
**General**
- Make session cookies persist in the browser after close
- Fix issue where all-numeric registration codes wouldn't work
- Fix issue where a user's session isn't cleared properly after they are deleted by an admin
- Fix issue where CTF end time couldn't be set during setup
**API**
- Improved speed of the `/api/v1/challenges/[challenge_id]/solves` endpoint
- Document API authentication and `Content-Type` header requirement
- Add nested `UserSchema` and `TeamSchema` to `SubmissionSchema` for easier access to account name
**Admin Panel**
- Improve CSV import error reporting and validation
- Fix non-clickable checkbox label in user creation form in Admin Panel
- Allow submissions per minute ratelimit to be configurable in Admin Panel
- Add a link in the Pages Editor to the [Page Variables documentation page](https://docs.ctfd.io/docs/pages/variables/)
**Themes**
- Fix issue where invalid `theme_settings` can cause broken frontend
- Replace `node-sass` with `sass` and upgrade `sass-loader`
**Deployment**
- Serve all assets from CTFd regardless of internet availability (i.e. fonts and font-awesome)
- Fix regression in `REVERSE_PROXY` to allow comma seperated integers
- Bump `flask-restx` to 0.5.1
- Bump `pybluemonday` to 0.0.9
- Added support for S3 signature version 4 authentication to support alternative S3 buckets (Google Cloud Storage, DigitalOcean Spaces, etc)
**Miscellaneous**
- Add a Github Actions job to publish Docker images to Dockerhub and ghcr
* Add nested UserSchema and TeamSchema to SubmissionSchema to allow easier access to a user/team name without issuing another query/API call
* Closes#2005
* Improve validation during CSV import process by using existing Marshmallow Schemas
* Return CSV import errors from import functions to render out to the user
* Ignore invalid fields that we can't use in Challenge CSV import
# 3.4.0 / 2021-08-11
**General**
- Added the ability to have Challenge Topics
- Challenge Topics are small topic strings which are only visible to Admins
- They should denote what topics a given challenge involves
- Added `connection_info` to Challenges to allow Admins to more easily specify the connection info for a challenge
- Added ability to import CSVs of users, teams, and challenges
- Added ability to limit the total number of teams
- Pages now have access to variables `ctf_name`, `ctf_description`, `ctf_start`, `ctf_end`, `ctf_freeze`. (e.g. `{{ ctf_name }}`)
- IP Addresses in the Admin Panel will now show the city of the IP address as well as the country
- Make User Mode it's own dedicated tab in the setup flow and more clearly explain what each user mode does
- Added the ability to have a registration password
- Does not currently apply to SSO/auth provider or API based account creation
- Prevent users from participating with challenges if their profile is not complete (i.e. haven't filled out all required custom fields)
- Fixed an issue where admins couldn't see some challenges in the add requirements interface
- Fixed an issue where a challenge couldn't be accessed beacuse it had prerequisites on a deleted challenge
- Fixed an issue where User profiles could not be loaded in the Admin Panel due to missing/invalid Tracking IP addresses
- Fixed an issue where users with authentication provider accoutns would get an error when attempting to login
- Fixed an issue where MajorLeagueCyber config from config.ini was not being respected
**API**
- Added `connection_info` field to `/api/v1/challenges/[challenge_id]`
- Added `/api/v1/topics` for admins to create/delete topics
- Added `/api/v1/challenges/[challenge_id]/topics` for admins to list the topics on a challenge
- `/api/v1/challenges` will now sort by ID as value to better standardize API output with different databases
- `/api/v1/configs` will now provide an error message when provided Config values are too long
- `PATCH /api/v1/teams/[team_id]` will now only let team members be team captain
- No security issues here, it would just be invalid data.
**Themes**
- CTFd now has the `THEME_FALLBACK` option enabled by default. This allows users to provide incomplete themes. Missing theme files will be provided from the built-in core theme
- CTFd will now pass the title of a Page over to the template when rendering
- No longer show the token type in user settings
- Added `window.BETA_sortChallenges` to `/challenges` so that theme code can more easily define how to sort challenges
- Note that this functionality is beta because we expect to revamp the entire themes system
- Added `window.updateChallengeBoard` to `/challenges` so that theme code can more easily define when to update challenges
- Note that this functionality is beta because we expect to revamp the entire themes system
- Added `window.updateScoreboard` to `/scoreboard` so that theme code can more easily define when to update the scoreboard
- Note that this functionality is beta because we expect to revamp the entire themes system
**Plugins**
- Added `Challenges.plugin_class` to the Challenges model to access the challenge type plugin class from the Model
- Allows templates to access the plugin class more easily
- Allows plugins to access the plugin class without having to load the class explicitly
**Admin Panel**
- Reworked the Challenge Requirements UI
- Officially support the concept of anonymized challenges if prerequisites aren't met
- Added ability for Pages to be written in direct HTML instead of Markdown
- Pages now have access to variables `ctf_name`, `ctf_description`, `ctf_start`, `ctf_end`, `ctf_freeze`
- `ctf_start`, `ctf_end`, `ctf_freeze` are represented as ISO8601 timestamps
- Make it easier to change the user mode without having to delete all accounts. Instead we will only delete all submissions.
- When in team mode, user pages will now show their team's score instead of their own personal score
- Show a team member's individual score on their team's page
- Made the challenge creation form wider
**Deployment**
- The `THEME_FALLBACK` config is now set to true by default
- Replace installation and usage of `mysqladmin` (specifically `mysqladmin ping`) with a custom Python script
- Bump version of `pybluemonday` to 0.0.7 (fixes HTML sanitization bypasses and allows comments in HTML)
- Bump `pydantic` from 1.5.1 to 1.6.2
**Miscellaneous**
- Make `.dockerignore` ignore `node_modules` in any subdirectory
- Added `solves` and `solved_by_me` fields to the Swagger documentation for Challenges
- Dynamic challenges will now take their initial valuation from the `inital` keyword instead of the previous `value` keyword.
- This allows ctfcli to manage dynamic challenges. See https://github.com/CTFd/CTFd/issues/1875
- Added a timestamp to a CTFd export's filename
- Deleting uploads under the Filesystem upload provider will now delete the parent folder as well as the target file
* CTFd now has the `THEME_FALLBACK` option enabled by default. This allows users to provide incomplete themes. Missing theme files will be provided from the built-in core theme
* Closes#1967
* Closes#1897
* Adds Topics to Challenges where Topics are admin-only visible tags about challenges
* Adds `/api/v1/topics` and `/api/v1/challenges/[challenge_id]/topics` to API
* Challenge comments have been moved into a modal
