This release brings significant changes to existing challenges (⚡) which might break canned CTF setups as well as solution guides made for previous versions of OWASP Juice Shop! It also contains technical breaking changes or renamings (
⚠️ ) which might require migrating to a newer Node.js version or updating existing customization files.
🎯 Challenges
- #2198: Added new Security Advisory ⭐⭐⭐-challenge
🎨 UI
- Removed legacy Score Board and all related settings and services (
⚠️ ) - Removed re-routing of legacy
challenge=<name>
parameter obsoleted by OWASP/OpenCRE#467 (⚠️ )
🧹 Housekeeping
- Changed back to
libxmljs
becauselibxmljs2
is no longer maintained- Installation from source on Node.js 18-20 will download pre-built binaries for the underlying C++ library as in
libxmljs2
- Installation from source code on Node.js >20 currently requires C++ binaries to be built during installation (
⚠️ )
- Installation from source on Node.js 18-20 will download pre-built binaries for the underlying C++ library as in
💾 Local Backup
- Removed
scoreBoard
subsection from backup format along with removal of legacy Score Board (compatible with theversion: 1
backup format as the subsection from older exports would now simply be ignored during import)
🕵️ Cheat Detection
- Further pre-solve interactions after the first with the same expected URL will no longer be counted
- Cheat score is increased by half the percentage of missing expected pre-solve interactions with the server
🎭 Custom Theming
- Adjusted image URLs in
7ms
theme and extended with photo wall entries and new products
🐳 Docker
- #2447: Significantly reduce Docker image size by omitting unneeded dependencies