* The top scoreboard endpoint `/api/v1/scoreboard/top/<count>` is now more performant (3x) due to better response generation
In local testing I went from 3.5s to 1.2s.
* Improve response times of `/api/v1/scoreboard` significantly by avoiding hitting the database to get every team member's score
* Fix issue where a hidden/banned user's score could be revealed as a member of a team
From tests I was able to cut this down from 11s to 0.5s. This endpoint also will still be heavily cached which should improve performance for a lot of users.
* Replace user facing pagination with Flask SQLAlchemy Pagination objects
* Closes#1353
I think this is a big improvement but I feel like this is harder to create a theme construct around.
2.5.0 / 2020-06-02
==================
**General**
* Use a session invalidation strategy inspired by Django. Newly generated user sessions will now include a HMAC of the user's password. When the user's password is changed by someone other than the user the previous HMACs will no longer be valid and the user will be logged out when they next attempt to perform an action.
* A user and team's place, and score are now cached and invalidated on score changes.
**API**
* Add `/api/v1/challenges?view=admin` to allow admin users to see all challenges regardless of their visibility state
* Add `/api/v1/users?view=admin` to allow admin users to see all users regardless of their hidden/banned state
* Add `/api/v1/teams?view=admin` to allow admin users to see all teams regardless of their hidden/banned state
* The scoreboard endpoints `/api/v1/scoreboard` & `/api/v1/scoreboard/top/[count]` should now be more performant because score and place for Users/Teams are now cached
**Deployment**
* `docker-compose` now provides a basic nginx configuration and deploys nginx on port 80
**Miscellaneous**
* The `get_config` and `get_page` config utilities now use SQLAlchemy Core instead of SQLAlchemy ORM for slight speedups
* Update Flask-Migrate to 2.5.3 and regenerate the migration environment. Fixes using `%` signs in database passwords.
* Remove Python 2 specific code
* Require imports to have a proper isort-supported order
* Only test/lint on Python 3
* Bump most dependencies to latest supported version
* Add `view=admin` GET param to `/api/v1/users`, `/api/v1/teams`, and `/api/v1/challenges` to bypass filtering for admins
* Closes#1423#1445
* Related to #1165
2.4.3 / 2020-05-24
==================
**Miscellaneous**
* Notifications/Events endpoint will now immediately send a ping instead of waiting a few seconds.
* Upgrade `gunicorn` dependency to `19.10.0`
* Upgrade `boto3` dependency to `1.13.9`
* Improve `import_ctf()` reliability by closing all connections before dropping & recreating database
* Close database session in IP tracking code in failure situations to avoid potential dangling database connections
* Don't allow backups to be imported if they do not have a `db` folder
* Change `import_ctf()` process slightly to import built-in tables first and then plugin tables
* Handle exception where a regex Flag is invalid
**API**
* File deletion endpoint (`DELETE /api/v1/files/[file_id]`) will now correctly delete the associated file
**Plugins**
* Add `CTFd.plugins.get_plugin_names()` to get a list of available plugins
* Add `CTFd.plugins.migrations.current()` to get the current revision of a plugin migration
* Improve `CTFd.plugins.migrations.upgrade()` to be able to upgrade to a specific plugin migration
* Run plugin migrations during import process
**Themes**
* Update jQuery to v3.5.1 to fix mobile hamburger menu
* Upgrade some dependencies in yarn lockfile
* Fix invalid team link being generated in `scoreboard.js`
**Admin Panel**
* Fix sending of user creation notification email
* Fix button to remove users from teams
