Skip to content

v11.0.0
Compare
Choose a tag to compare
@bkimminich bkimminich released this 27 May 19:12
v11.0.0
This tag was signed with the committer’s verified signature.
bkimminich Björn Kimminich
GPG key ID: 062A85A8CBFBDCDA
Learn about vigilant mode.
e03629b

This release brings significant changes to existing challenges (:zap:) which might break canned CTF setups as well as solution guides made for previous versions of OWASP Juice Shop! It also contains technical breaking changes or renamings (⚠️) which might require migrating to a newer Node.js version or updating existing customization files. This release also contains experimental or prototype features (🔬) which are not guaranteed to work. Feedback and problem reports about these are highly appreciated via GitHub issues.

👟 Runtime

  • Added support for Node.js 14.x and switched recommended version from 12.x to 14.x
  • Switch Docker base image and Heroku deployment version from Node.js 12.x to 14.x
  • (:warning:) Removed Node.js 13.x from CI/CD and no longer provide packaged distributions for this version

🎣 Solution Webhook

👨‍🏫 Hacking Instructor

  • #1390: In Tutorial Mode the welcome banner can no longer be dismissed without launching the Score Board tutorial (kudos to @rotemreiss)
  • #1389: With Hacking Instructor and welcome banner enabled the sidebar now shows a link to launch the Score Board tutorial until the Score Board challenges has been solved
  • Tutorial buttons for solved challenges are now disabled on the Score Board

🚔 Start-up validations

  • When the configuration uses Restricted Tutorial mode, the Hacking Instructor can no longer be turned off
  • When CTF flags are enabled, challenge solved notifications can no longer be turned off
  • When country mappings for FBCTF are enabled, CTF flags can no longer be turned off

🎭 Customization

  • Added optional configuration property products.[#].limitPerUser to limit purchases for regular customers

🛍 Products

  • Added the OWASP Juice Shop "King of the Hill" Facemask (which is of course sold out 😷)
  • Added the Juice Shop Adversary Trading Card (Common)
  • Added the Juice Shop Adversary Trading Card (Super Rare)

🐛 Bugfixes

  • #1385: Fixed routing and ability to download quarantined malware URL files directly
  • #1392: Fixed wrong encryption key being exposed by misplaced compiled Python file for Blockchain Hype challenge (kudos to @timmar2000)

🛅 Miscellaneous

  • 3ae2c7f: Updated all frontend and backend dependencies to their latest minor/patch versions

🌐 I18N

  • Added 🇹🇭 language support
  • Extended 🇪🇪, 🇫🇷 and 🇮🇹 translation

Download OWASP Juice Shop

Assets 26