It's been about 3 months since the release of 3.3.0 and we've got a lot of features to talk about!
Let's get the obvious out of the way, Hosted CTFd instances have already been upgraded to CTFd v3.4.0 and the release with the full changelog can be found on Github. You can also try out CTFd v3.4.0 on the Demo CTFd instance!
Onto the new stuff!
CSV Import
The often requested feature of importing users, teams, and challenges from a CSV spreadsheet is now available.
The CSVs uploaded need to adhere to a strict format but over time we expect to iterate on this functionality from user feedback.
Improved CSV Export
CSV exports now have additional options to be able to export the scoreboard and to include custom fields with users and teams.
Challenge Topics
Challenges in CTFd can now specify a set of topics that the challenge is related to. These topics are only visible by admins. Admins can look at the topics to get a rough idea of what topics and techniques might be involved in the challenge.
While there isn't much functionality in CTFd making use of topics directly, the main usage of topics is actually to be paired with our ctfcli tool. ctfcli has been updated to support topics so the challenge.yml file can specify challenge topics in a flat file for easy reading and searching.
Anonymous Challenges
Secretly CTFd has supported the ability to show anonymized data if a challenge hadn't been unlocked yet. However, now with CTFd 3.4 we are officially supporting the functionality and improving the Challenge Requirements UI to configure the behavior.
The astute will notice that the Requirements UI has also been redesigned to be easier to select multiple requirements!
Pages Improvements
CTFd has always supported markdown (which includes HTML) but it's been tricky to directly write raw HTML because of having to mix markdown and HTML.
CTFd 3.4 will now allow admins to create pages entirely in HTML by allowing Pages to specify what format they are using (HTML or markdown).
Page Variables
Pages now have the ability to access a subset of CTFd's configuration directly from the Page content through variables.
Available Variables
ctf_name
- The event name
ctf_description
- The event description
ctf_start
- The event start time as an ISO8601 timestamp (e.g. 2021-12-21T01:40:00Z
)
ctf_end
- The event end time as an ISO8601 timestamp (e.g. 2021-12-21T01:40:00Z
)
ctf_freeze
- The event freeze time as an ISO8601 timestamp (e.g. 2021-12-21T01:40:00Z
)
Theme Fallback by Default
THEME_FALLBACK
was a configuration option introduced in version 3.3.0 to allow incomplete themes to load data from the built-in core theme. Enabling this config allows theme developers to only have to implement small portions of functionality to have a working theme instead of implementing all theme templates and Javascript.
CTFd 3.4 will now enable this configuration by default making it much simpler for developers to create their own themes on top of CTFd.
Other Nice Things
- There's now a dedicated field in Challenges to store the connection info for a challenge
- IP Addresses in the Admin Panel will now show the city of the IP address as well as the country
- Added the ability to limit the total number of teams to encourage joining existing teams
- Added the ability to have a registration password
- Redirect users to their profile if it's not complete (i.e. haven't filled out all required custom fields)
- ctfcli 0.0.9 - Along with CTFd v3.4 we are releasing ctfcli 0.0.9 which includes support for the new challenge features in 3.4 as well as improvements with managing challenges coming from multiple git repos
CTFd v3.4.0 has a lot of quality-of-life features informed directly by user feedback!
We are always on the lookout for features that make CTFs and security workshops easier to run. If you've got an idea for a feature, reach out and we'll see if it makes sense in our roadmap!
One area that we know is a little tricky right now is theme development. We've got a blog post on the way to talk about some of our ideas and projects in making that much more developer friendly. See you then!