Releases: juice-shop/juice-shop
v16.0.1
v16.0.0
This release brings technical breaking changes or renamings (
⚠️ ) which might require migrating to a newer Node.js version or updating existing customization files.
👟 Runtime
- Added support for Node.js 21.x
- Removed support for Node.js 16.x and no longer provide packaged distributions for this version (
⚠️ ) - Removed inofficial support for Node.js 17.x
🎨 UI
- 1946f2e: The new Score Board introduced with
v15.1.0
is now the default - Inverted banners and option to switch layouts to allow setting the legacy Score Board as default
- #2152: Enchanced scrolling behavior in Coding Challenge modal to keep buttons always visible (kudos to @bogminic)
🕵️ Cheat Detection
- #2150: Switched to median instead of average to calculate total cheat score
- Monitor and report on expected URL interactions to happen before related challenges are solved (no score impact yet)
🔙 Backward compatibility
- #2149: Links to
/#/score-board?challenge=<name>
will now be rewritten into /#/score-board?searchQuery= to keep existing OpenCRE links working
⚙️ DevOps Automation
- Update default Node.js version for non-matrix build jobs to 20.x
- Update Node.js version in base Docker images to 20.x
v15.3.0
🎨 User Interface
- #2116: Introduced full responsiveness to Digital Wallet, Crypto Wallet, Token Sale, Juicy Chatbot SBT, Web3 Code Sandbox, and Bee Haven screens (kudos to @rishabhkeshan)
👮 Startup Validations
- 98c1941: Added warning-only startup check for domains (on Internet) being reachable from the server
https://www.alchemy.com/
is needed for the "Mint the Honeypot" and "Wallet Depletion" challenges
💾 Local Backup
- Added optional
scoreBoard.scoreBoardVersion
property to persist/restorescore-board-version
property from/to browser local storage
🐛 Bugfixes
- #2120: Replaced all references
github.com/bkimminich/juice-shop
withgithub.com/juice-shop/juice-shop
⚙️ DevOps Automation
- #2115: Unstuck Angular installation in configuration for GitHub Codespaces (kudos to @MatteoGheza)
🌐 I18N
- #2105: Add translation support for Crypto Wallet screen
- Add translation support for Web3 Code Sandbox screen
- Add translation support for Bee Haven and Juicy Chatbot SBT screen (kudos to @MatteoGheza)
- Extended 🇨🇳, 🇹🇷 and 🇩🇪 translations
- Added 🇧🇩 to language dropdown
v15.2.1
🐛 Bugfixes
- Added pinned dependency on
"zustand": "4.4.1"
to avoid build error due to subdependency issue https://github.com/pmndrs/zustand/discussions/2095
v15.2.0
🎯 Challenges
- #2091: Added accompanying coding challenge for "Web3 Sandbox" challenge
- Added related OWASP Cheat Sheets as mitigation links to several challenges
- #2100: Added tag "Internet Traffic" to mark challenges which require the Juice Shop server to call hosts on the Internet
🎨 User Interface
- Added tag description as tooltip on new Score Board
🐛 Bugfixes
- #2100: Failing to connect with Smart Contracts on infura.io will no longer crash the server on startup but trigger non-blocking retry loop
- Challenges "Mint the Honeypot" and "Wallet Depletion" are unsolvable if connection to infura.io cannot be established
- Non-
.ts
codefix files are now protected via the RSN
⚙️ DevOps Automation
- Updated and pinned all GitHub Actions (except CodeQL) to latest compatible versions
v15.1.0
🚨 This release accidentally introduced a technical breaking change in a minor release! 🚨 The application server now requires Internet access (📡) and must be able to reach
https://sepolia.infura.io
where Smart Contracts for some of the Web3 challenges are deployed!
🎨 UI
- #2043: Added fully re-designed Score Board with option pick preferred and switch between old and new version
- #2027: Reduced load time of old Score Board significantly by pre-fetching FontAwesome icons only once
🎯 Challenges
- Added Web3 challenge suite (kudos to our GSoC 2023 student @rishabhkeshan)
- Added new "Web3" tag for challenges
- Changed hint URLs for all challenges to match new site structure in companion guide
🛡️Security
- #2028: Added OWASP CycloneDX SBOMs for backend and frontend (kudos to @jkowalleck)
🧪 Testing
- #2077: Migrated end-to-end test suite from Cypress 9.x to 11.x
- Upgraded to v0.9.0 of ZAP Baseline Scan GitHub Action
🐛 Bugfixes
- #2081: Fixed issues with
libxml4js
in Docker images for ARM processors - #2015: Fixed auto-scrolling issue in chatbot window to keep submit button visible (kudos to @parthn2)
- #2049: Fixed issue with newst release of
flag-icons
module by switching from SASS to CSS inclusion (kudos to @RobertoBorges) - #2060: Fixed issue where "Local File Read" challenge was solved without actual success and success notifications could be spammed
- 1fb0f12: Treat "Mass Dispel" as a trivial challenge during cheat detection
🌐 I18N
- Extended and corrected 🇳🇱 translation (kudos to @eric-nieuwland)
- Extended 🇧🇷, 🇷🇴, 🇮🇹 and 🇹🇷 translations
v15.0.0
This release brings technical breaking changes or renamings (
⚠️ ) which might require migrating to a newer Node.js version or updating existing customization files.
👟 Runtime
- Added support for Node.js 20.x
- Removed support for Node.js 14.x (and 19.x) and no longer provide packaged distributions for these versions (
⚠️ ) - Removed inofficial support for Node.js 15.x
🎯 Challenges
- #1958: Added "Empty User Registration" challenge (⭐⭐) to Improper Input Validation category (kudos to @Freedisch)
🎮 Cheat Detection
- #1996: Coding challenges with overlapping code snippets are less likely to count as cheating when solved in quick succession (kudos to @sohamparate)
🏰 Security
- Updated
juicy-chat-bot
library to fix CVE-2023-29017 vulnerability
🐛 Bugfixes
- Confetti cannon no longer fires for solved hacking challenges when
challenges.showSolvedNotifications: false
is configured
🗺️ I18N
- Extend 🇧🇩, 🇷🇺, 🇹🇷 and 🇲🇲 translations
v14.5.1
🐛 Bugfixes
- Disabled pagination for all
finale-rest
API endpoints to make challenges >100 show up on the Score Board - Code diff component in Coding Challenge Fix it screen now remembers Side-by-Side vs. Line-by-Line UI settings (kudos to @Coder-Manan)
🗺️ I18N
- Added support for 🇮🇪 language
- Extended 🇨🇭 translation
v14.5.0
This release brings technical breaking changes or renamings (
⚠️ ) which might require migrating to a newer Node.js version or updating existing customization files.
🐳 Docker
- Removed dedicated Docker image for 32bit ARM processors due to compatibility issues and Node.js 14.x approaching end-of-life (
⚠️ )
👨💻 Coding Challenges
- #1913: Added coding challenge to Weak Password challenge
🐛 Bugfixes
- #1948: Fixed alignment of checkboxes with code lines in Find It tab of Coding Challenges
🗺️ I18N
- Extendend 🇯🇵 and 🇮🇱 translations
v14.4.0
🎨 Angular
- #1925 Migrated frontend to Angular 15 (kudos to @Freedisch)
🐳 Docker
- ce7a3c5: Build Docker images for
linux/amd64
andlinux/arm64
on Node.js 18.x instead of 16.x
💡 Features
- #1935: Continue codes for local backup are now retrieved from server using cookie value as fallback (kudos to @nitishdewan)
- Added customizable NFT URL to "About Us" page
- Added static NFT URL to "Merchandise" section of "My Payment Options" page
🎭 Customization
- Added
application.social.nftUrl
configuration property to define NFT URL (by defaulthttps://opensea.io/collection/juice-shop
)
🐛 Bugfixes
- #1928: Now checking presence of JWT token before attempting verification
- #1927: Fixed issues with sizing and placement of icons on Deluxe Membership screen
- Loading spinner on Score Board screen is now showing its
timer
animation again
⚙️ DevOps Automation
- Switched default Node.js version for non-matrix jobs of CI/CD pipeline from 16.x to 18.x
🌐 I18N
- Extended 🇷🇴, 🇫🇷 and 🇨🇳 translations