v13.2.2

🔥 Hotfix

• Pinned fontawesome-svg-core to version 1.2.x to avoid build errors from incompatible changes in 1.3.x

v13.2.1

🐛 Bugfixes

• #1754: Fixed potential null pointer while checking "Forged Review" challenge condition
• Move .browserslistrc file to expected location as it was ignored up until now and just defaults were used

🌐 Internationalization

• Extended 🇷🇺 and 🇩🇪 translations

v13.2.0

🐳 Docker

• Introduced separate Docker image tags for ARM processors due to compatibility issues with Node.js 16.x
  • latest, snapshot and vX.Y.Z images are now only built for linux/amd64 (⚠️)
  • latest-arm, snapshot-arm and vX.Y.Z-arm images are built for linux/arm64 and linux/arm/v7

👨‍💻 Coding Challenges

• Accidental differences in code-fix files for all Coding Challenges have been amended
• #1720: Added Refactoring Safety Net for Coding Challenges to notice accidental differences in code-fix files early
  • Added command npm run rsn to check for new differences during new coding-challenge-rsn CI/CD job

v13.1.0

👟 Runtime

• Add support for Node.js 17.x including addition of pre-packaged releases for this version

🐳 Docker

• Docker image now uses Node.js 16.x instead of 14.x base images

🐛 Bugfixes

• #1733: Validation errors are now properly displayed in Change Password form (kudos to @SakshiUppoor)

🗺️ I18N

• Extended 🇩🇪, 🇨🇿, 🇵🇹 and 🇷🇴 translations

©️ Copyright

• Updated copyright notices in all source files and documentation to include 2022

v13.0.3

🔥 Hotfix

• Unpinned @angular/compiler-cli dependency to fix compatibility issues with other newer Angular modules

v13.0.2

🔥 Hotfix

• Pinned @angular/compiler-cli dependency to fix issue in newer version that crashes browser application bundling

🐳 Docker

• Base image for https://hub.docker.com/r/bkimminich/juice-shop is now node:14-alpine instead of node:12-alpine

v13.0.0

This release brings significant changes to existing challenges (:zap:) which might break canned CTF setups as well as solution guides made for previous versions of OWASP Juice Shop! It also contains technical breaking changes or renamings (⚠️) which might require migrating to a newer Node.js version or updating existing customization files.

🎨 User Interface

• Migrated frontend to Angular 13 and Angular Material 13
• Explicitly dropped support for Internet Explorer 11 (⚠️)
• Dropped support for legacy browsers still requiring EcmaScript 5 (⚠️)

👍👎 Feedback

• Feedback can now be given on solved hacking & coding challenges with 👍👎 buttons
  • both will open an anonymous pre-populated Google Form with an optional free text field for individual feedback
  • Google login is only required to prevent duplicates and spam, i.e. user identity is not part of the submitted form
• Challenge feedback can be configured via challenges.showFeedbackButtons: true|false property (true by default)

🎯 Challenges

• Challenge Login Support Team was redesigned to use the involved KeePass database more realistically (⚡)

👨‍🏫 Hacking Instructor

• Expected input values can now be (partially) replaced with any property from configuration
• #1715: Tutorials for "Login Jim" and "Login Bender" now expect application.domain instead of static "juice-sh.op"

🎭 Customization

• Property challenges.showCodeSnippets has been renamed into challenges.codingChallengesEnabled (⚠️)
• Listing EXIF metadata in exifForBlueprintChallenge on product used for Retrieve Blueprint is now mandatory (⚠️)

🐛 Bugfixes

• #1726: HTML characters in application.name config property will no longer break the User Profile and Promotion Video

⚙️ DevSecOps Automation

• #1731: CodeQL analysis workflow has been updated to latest recommended settings (kudos to @NickLiffen)

v12.11.0

👟 Runtime

• Added support and provisioning of pre-packaged releases for Node.js 16.x
• Pre-packaged releases are no longer provided for Node.js 15.x

👨‍💻 Coding Challenges

• #1679: Several hints are now displayed after second wrong "Find It" submission
• #1679: Explanations are now displayed for every wrong and also the correct "Fix It" submission
• #1721: Attached coding challenge tutorial to the Score Board challenge
• #1706: Lines without impact on verdict can now be marked with // vuln-code-snippet neutral-line in code snippets
• Added separate score progress bar for coding challenges

📺 Monitoring

• Using specified range interval Number of Process Restarts counter metric instead of hard-coded 1min

🐛 Bugfixes

• #1707: Challenge descriptions sanitized for success notifications will no longer leak into the cache and from there into the database
• #1696: Hints now correctly point to look for clues in network tab instead of browser console for "Login Admin" tutorial
• Confetti shooter will no longer fire when challenges are restored from cookie or local backup

v12.10.2

🧯 Hotfix

• Updated juicy-chat-bot dependency to avoid issues from incompatible changes in sub-dependency vm2

v12.10.1

🐛 Bugfixes

• Fixed reissuing of notifications with flag codes in CTF mode when clicking a "Solved" badge on the Score Board