Releases: juice-shop/juice-shop
Releases · juice-shop/juice-shop
v13.2.2
🔥 Hotfix
- Pinned
fontawesome-svg-core
to version 1.2.x to avoid build errors from incompatible changes in 1.3.x
v13.2.1
v13.2.0
🐳 Docker
- Introduced separate Docker image tags for ARM processors due to compatibility issues with Node.js 16.x
latest
,snapshot
andvX.Y.Z
images are now only built forlinux/amd64
(⚠️ )latest-arm
,snapshot-arm
andvX.Y.Z-arm
images are built forlinux/arm64
andlinux/arm/v7
👨💻 Coding Challenges
- Accidental differences in code-fix files for all Coding Challenges have been amended
- #1720: Added Refactoring Safety Net for Coding Challenges to notice accidental differences in code-fix files early
- Added command
npm run rsn
to check for new differences during newcoding-challenge-rsn
CI/CD job
- Added command
v13.1.0
👟 Runtime
- Add support for Node.js 17.x including addition of pre-packaged releases for this version
🐳 Docker
- Docker image now uses Node.js 16.x instead of 14.x base images
🐛 Bugfixes
- #1733: Validation errors are now properly displayed in Change Password form (kudos to @SakshiUppoor)
🗺️ I18N
- Extended 🇩🇪, 🇨🇿, 🇵🇹 and 🇷🇴 translations
©️ Copyright
- Updated copyright notices in all source files and documentation to include 2022
v13.0.3
🔥 Hotfix
- Unpinned
@angular/compiler-cli
dependency to fix compatibility issues with other newer Angular modules
v13.0.2
🔥 Hotfix
- Pinned
@angular/compiler-cli
dependency to fix issue in newer version that crashes browser application bundling
🐳 Docker
- Base image for https://hub.docker.com/r/bkimminich/juice-shop is now
node:14-alpine
instead ofnode:12-alpine
v13.0.0
This release brings significant changes to existing challenges (:zap:) which might break canned CTF setups as well as solution guides made for previous versions of OWASP Juice Shop! It also contains technical breaking changes or renamings (
⚠️ ) which might require migrating to a newer Node.js version or updating existing customization files.
🎨 User Interface
- Migrated frontend to Angular 13 and Angular Material 13
- Explicitly dropped support for Internet Explorer 11 (
⚠️ ) - Dropped support for legacy browsers still requiring EcmaScript 5 (
⚠️ )
👍👎 Feedback
- Feedback can now be given on solved hacking & coding challenges with 👍👎 buttons
- both will open an anonymous pre-populated Google Form with an optional free text field for individual feedback
- Google login is only required to prevent duplicates and spam, i.e. user identity is not part of the submitted form
- Challenge feedback can be configured via
challenges.showFeedbackButtons: true|false
property (true
by default)
🎯 Challenges
- Challenge Login Support Team was redesigned to use the involved KeePass database more realistically (⚡)
👨🏫 Hacking Instructor
- Expected input values can now be (partially) replaced with any property from configuration
- #1715: Tutorials for "Login Jim" and "Login Bender" now expect
application.domain
instead of static"juice-sh.op"
🎭 Customization
- Property
challenges.showCodeSnippets
has been renamed intochallenges.codingChallengesEnabled
(⚠️ ) - Listing EXIF metadata in
exifForBlueprintChallenge
on product used for Retrieve Blueprint is now mandatory (⚠️ )
🐛 Bugfixes
- #1726: HTML characters in
application.name
config property will no longer break the User Profile and Promotion Video
⚙️ DevSecOps Automation
- #1731: CodeQL analysis workflow has been updated to latest recommended settings (kudos to @NickLiffen)
v12.11.0
👟 Runtime
- Added support and provisioning of pre-packaged releases for Node.js 16.x
- Pre-packaged releases are no longer provided for Node.js 15.x
👨💻 Coding Challenges
- #1679: Several hints are now displayed after second wrong "Find It" submission
- #1679: Explanations are now displayed for every wrong and also the correct "Fix It" submission
- #1721: Attached coding challenge tutorial to the Score Board challenge
- #1706: Lines without impact on verdict can now be marked with
// vuln-code-snippet neutral-line
in code snippets - Added separate score progress bar for coding challenges
📺 Monitoring
- Using specified range interval Number of Process Restarts counter metric instead of hard-coded 1min
🐛 Bugfixes
- #1707: Challenge descriptions sanitized for success notifications will no longer leak into the cache and from there into the database
- #1696: Hints now correctly point to look for clues in network tab instead of browser console for "Login Admin" tutorial
- Confetti shooter will no longer fire when challenges are restored from cookie or local backup
v12.10.2
🧯 Hotfix
- Updated
juicy-chat-bot
dependency to avoid issues from incompatible changes in sub-dependencyvm2
v12.10.1
🐛 Bugfixes
- Fixed reissuing of notifications with flag codes in CTF mode when clicking a "Solved" badge on the Score Board