v11.0.0
This release brings significant changes to existing challenges (:zap:) which might break canned CTF setups as well as solution guides made for previous versions of OWASP Juice Shop! It also contains technical breaking changes or renamings (
⚠️ ) which might require migrating to a newer Node.js version or updating existing customization files. This release also contains experimental or prototype features (🔬) which are not guaranteed to work. Feedback and problem reports about these are highly appreciated via GitHub issues.
👟 Runtime
- Added support for Node.js 14.x and switched recommended version from 12.x to 14.x
- Switch Docker base image and Heroku deployment version from Node.js 12.x to 14.x
- (:warning:) Removed Node.js 13.x from CI/CD and no longer provide packaged distributions for this version
🎣 Solution Webhook
- (🔬) Added the option to have Juice Shop
POST
solved challenges to a webhook including identifiers of issuer and recipient for the webhook provider
👨🏫 Hacking Instructor
- #1390: In Tutorial Mode the welcome banner can no longer be dismissed without launching the Score Board tutorial (kudos to @rotemreiss)
- #1389: With Hacking Instructor and welcome banner enabled the sidebar now shows a link to launch the Score Board tutorial until the Score Board challenges has been solved
- Tutorial buttons for solved challenges are now disabled on the Score Board
🚔 Start-up validations
- When the configuration uses Restricted Tutorial mode, the Hacking Instructor can no longer be turned off
- When CTF flags are enabled, challenge solved notifications can no longer be turned off
- When country mappings for FBCTF are enabled, CTF flags can no longer be turned off
🎭 Customization
- Added optional configuration property
products.[#].limitPerUser
to limit purchases for regular customers
🛍 Products
- Added the OWASP Juice Shop "King of the Hill" Facemask (which is of course sold out 😷)
- Added the Juice Shop Adversary Trading Card (Common)
- Added the Juice Shop Adversary Trading Card (Super Rare)
🐛 Bugfixes
- #1385: Fixed routing and ability to download quarantined malware URL files directly
- #1392: Fixed wrong encryption key being exposed by misplaced compiled Python file for Blockchain Hype challenge (kudos to @timmar2000)
🛅 Miscellaneous
- 3ae2c7f: Updated all frontend and backend dependencies to their latest minor/patch versions
🌐 I18N
- Added 🇹🇭 language support
- Extended 🇪🇪, 🇫🇷 and 🇮🇹 translation