Skip to content

@bkimminich bkimminich released this Mar 7, 2019

:godmode: Challenges

  • #730: Added XSS Tier 1.5 challenge (⭐️⭐️) on a legacy page (kudos to @supra08)
  • #770: Added DLP Failure Tier 1 challenge (⭐️⭐️⭐️⭐️) adding some fruity detective's work (kudos to @supra08)
  • #770: Added DLP Failure Tier 2 challenge (⭐️⭐️⭐️⭐️⭐️) focusing on OSINT and password spraying
  • #234: Added Two Factor Authentication challenge (⭐️⭐️⭐️⭐️⭐️)
  • (⚡️) Increased difficulty of Admin Access challenge from ⭐️ to ⭐️⭐️ since trivial attack stopped working

🏰 Security

  • #799: Column password is no longer part of responses from the /api/Users endpoints
  • #840: Added AdminGuard to protect admin section against unauthorized access (kudos to @agrawalarpit14)

🎨 UI

  • Added 2FA challenge dialog after login displayed to users with Two Factor Authentication enabled
  • #729: Display user profile image as avatar in navigation bar for logged in users
  • Added Liberapay payment option to Your Basket page
  • Added Patreon payment option to Your Basket page
  • Added Leanpub merchandise button to Your Basket page
  • Profile page now uses same color scheme as selected application.theme applies to Angular Material
  • Added Reddit URL to About Us page in Social Media section

🎭 Customization

  • #699: Introduced overwriteUrlForProductTamperingChallenge property for Product Tampering challenge (kudos to @aaryan01)
  • Customize description of Product Tampering with associated product and above URL
  • Added application.redditUrl property (defaults to
  • Removed sickshop.yml demo configuration as more complete alternatives (mozilla.yml, bodgeit.yml and 7ms.yml) are available

🐛 Bugfixes

  • Fixed visual issue with translucent overlay on Score Board when scrolling while not fully loaded (kudos to @agrawalarpit14)
  • Added caching to avoid pointless repetetive loading of configuration via API (kudos to @devanshbatra04)
  • #789: Fixed performance issues when rendering the Score Board

🗺 I18N

  • Completed 🇮🇱 translation
  • Extended 🇷🇺 and 🇪🇪 translations
  • #801: Fixed spelling of Hebrew in language menu into עברית

🛅 Miscellaneous

  • (⚠️) Ended official support and stopped providing pre-packaged releases for Node.js 9.x
  • Introduce winston for console logging and squelch info/warn logs during test suite runs on Travis-CI
  • Updated all non-breaking dependencies and devDependencies in backend and frontend

Download OWASP Juice Shop

Assets 8
You can’t perform that action at this time.