Skip to content

@bkimminich bkimminich released this Apr 16, 2019

:godmode: Challenges

  • Added challenge Repetitive Registration (⭐️) which enforces the DRY principle
  • Added challenge Privacy Policy Tier 1 (⭐️) which involves more reading than hacking
  • Added challenge Privacy Policy Tier 2 (⭐️⭐️⭐️) which involves actual reading and some puzzle solving
  • Added challenge Expired Coupon (⭐️⭐️⭐️⭐️) which involves brand new marketing campaigns
  • Added challenge XSS Tier 6 (⭐️⭐️⭐️⭐️⭐️⭐️) which targets some brilliant marketing collateral
  • Increased difficulty of Forgotten Sales Backup from ⭐️⭐️⭐️ to ⭐️⭐️⭐️⭐️
  • Removed an unrealistic solution path for Forgotten Sales Backup
  • Renamed misleading CSRF challenge into Change Bender's Password (kudos to @omerlh)
  • Fixed practically unsolvable XSS Tier 5 challenge

🆕 Features

  • #939: Added setup screens to enable/disable 2FA for user accounts
  • #636: Added customer loyalty program with simple bonus points calculation
  • #660: Added initial Request Data Export screen for GDPR compliance including strong CAPTCHA

🎨 User Interface

  • #842: Added dedicated Privacy & Security menu for all related user settings and information
  • #862: Improved layout of order confirmation PDFs generated upon basket checkout
  • #882: Password equality with repeated password is now checked during user registration flow
  • Added Show all/Hide all buttons for difficulty and category filters on Score Board
  • Show book icon on unsolved badge on Score Board only if a hint URL is present for the challenge

🐛 Bugfixes

  • #856: Fixed issue where the same You successfully solved a challenge notification showed up multiple times
  • #867: Save last login IP address upon user logout for display in Privacy & Security section
  • #871: Prevent submitting empty product reviews by disabling the submit button accordingly
  • #879: Fixed issue of registration error from existing account with same email not being displayed

🐌 Performance

  • Enabled compression for all incoming server requests
  • Reduce size of product and support team images

🗺 I18N

  • #854: Retrieve available languages from server and calculate translation ratio (kudos to @Whamo12)
  • Extended 🇵🇹 and some other translations

🛅 Miscellaneous

  • #683: Port availability is checked before server startup
  • #683: Server and frontend dependencies are checked before server startup
  • #933: Migrated to Sequelize 5.x and replaced epilogue with finale-rest for API auto-creation

Download OWASP Juice Shop

Assets 2
You can’t perform that action at this time.