CTFd 3.8.6 has been released with a security fix for a vulnerability where a malicious admin could disclose internal SMTP credentials.
We recommend all CTFd users update their instance to v3.8.6.
v3.8.6 has already been deployed to Hosted CTFd customers. Self-hosted users can download the latest version of CTFd from Github or by downloading the latest version of the Enterprise installer from their account at https://cloud.ctfd.io/.