@bkimminich bkimminich released this Sep 6, 2017 · 1821 commits to master since this release

Assets 6

Incompatible Changes

  • Official node.js version compatibility has been reduced to 6.x and 8.x while dropping 4.x
  • #361: Docker images have been reduced to the following tags running on node.js 6.x:
    • latest for current official release (from master branch)
    • snapshot for upcoming release preview (from develop branch)


  • #328: Added Product Reviews to the product details dialog and introduced a separate MongoDB storage for those (kudos to @J12934)


  • #328: Added two new NoSQL Injection challenges (both 3-star)
  • #368, #369: Added two new Typosquatting challenges (3-star and 4-star)
  • Introduced new challenge category Known Vulnerable Components which contains the challenges
    • Typosquatting and
    • Vulnerable Library (formerly named Vulnerable Component)


  • Corrected key for Quantity label on Recycling section of admin page


  • #362: increased user immersion in customized themes by removing all leftover direct references to juice or the OWASP Juice Shop project itself


  • ES6ified server side code & tests using lebab (let, for-of, for-each and arrow transforms)
  • #164: Migrated all API tests to frisby.js 2.x and and Jest as test runner
  • #372: Migrated API suite from deprecated istanbul to nyc coverage tool

Download OWASP Juice Shop