v14.5.0

This release brings technical breaking changes or renamings (⚠️) which might require migrating to a newer Node.js version or updating existing customization files.

🐳 Docker

• Removed dedicated Docker image for 32bit ARM processors due to compatibility issues and Node.js 14.x approaching end-of-life (⚠️)

👨‍💻 Coding Challenges

• #1913: Added coding challenge to Weak Password challenge

🐛 Bugfixes

• #1948: Fixed alignment of checkboxes with code lines in Find It tab of Coding Challenges

🗺️ I18N

• Extendend 🇯🇵 and 🇮🇱 translations

v14.4.0

🎨 Angular

• #1925 Migrated frontend to Angular 15 (kudos to @Freedisch)

🐳 Docker

• ce7a3c5: Build Docker images for linux/amd64 and linux/arm64 on Node.js 18.x instead of 16.x

💡 Features

• #1935: Continue codes for local backup are now retrieved from server using cookie value as fallback (kudos to @nitishdewan)
• Added customizable NFT URL to "About Us" page
• Added static NFT URL to "Merchandise" section of "My Payment Options" page

🎭 Customization

• Added application.social.nftUrl configuration property to define NFT URL (by default https://opensea.io/collection/juice-shop)

🐛 Bugfixes

• #1928: Now checking presence of JWT token before attempting verification
• #1927: Fixed issues with sizing and placement of icons on Deluxe Membership screen
• Loading spinner on Score Board screen is now showing its timer animation again

⚙️ DevOps Automation

• Switched default Node.js version for non-matrix jobs of CI/CD pipeline from 16.x to 18.x

🌐 I18N

• Extended 🇷🇴, 🇫🇷 and 🇨🇳 translations

v14.3.1

🐛 Bugfixes

• #1918: Updated file upload library to fix vulnerability against CVE-2022-24434 (kudos to @JanStorm)
• #1909: Fixed occassional application server crash when working on Kill Chatbot challenge

🌐 I18N

• Extended 🇸🇪 translation

v14.3.0

🎯 Challenges

• Added Mass Dispel challenge to teach the use of closing multiple "Challenge solved"-notifications in one go
• #1891: Correctly distinguish XXE Data Access challenge success conditions for Windows, Linux and MacOS systems (kudos to @StephanPillhofer)

🐛 Bugfixes

• #1892: Fixed race condition between initializations of SQLite DB and Prometheus metrics (kudos to @matt-moses)
• #1868: Extended hint with recommendation to use older browser version for CSRF challenge
• #1885: Add safeguard against null pointer while checking Database Schema solution

🌐 I18N

• Extended 🇩🇪 and 🇨🇳 translations

v14.2.1

🔥 Hotfixes

#1876: Bypass isGitpod() check to prevent unintended disabling of dangerous challenges in any environment (workaround until dword-design/is-gitpod#94 is resolved)

v14.2.0

🏃‍♂️Runtime

• #1849: Added Gitpod installation instructions (kudos to @knut-erik)

🎯 Challenges

• Timespan for CAPTCHA Bypass challenge has been increased from 10sec to 20sec
• Reduced requirements for XXE Data Access challenge success check on Windows and Linux

🐳 Docker

• #1850: latest-arm, snapshot-arm and vX.Y.Z-arm images are no longer built for linux/arm64 (⚠️)

🌐 I18N

• Extended 🇯🇵, 🇨🇳, 🇩🇪 and 🇮🇱 translations

v14.1.1

🐳 Docker

• Docker images for linux/arm are now also built under Node 16.x as vX.Y.Z tags

v14.1.0

🎨 Frontend

• Migrated frontend to Angular 14 and Angular Material 14

🎭 Theming

• Added application.securityTxt.hiring property as hiring field in security.txt and as X-Recruiting HTTP header

🐳 Docker

• #1810: Switched from alpine to distroless runtime image
• #1810: Reduced size of compressed image from 276.02 MiB → 175.59 MiB (uncompressed: 762MB → 509MiB)

🐛 Bugfixes

• #1755: Now waiting for all entity models to be defined before attempting to create database tables
• #1755: Now safeguarding against race condition leading to missing tables inside Prometheus metrics update loop

🧪 Testing

• Introduced Cypress end-to-end test framework as future full replacement for (end-of-life) Protractor
• Partially replaced Protractor-based e2e tests with Cypress tests

v14.0.1

🔥 Hotfix

• #1815: Fixed path to a core-js subcomponent in polyfills.ts

v14.0.0

This release brings technical breaking changes or renamings (⚠️) which might require migrating to a newer Node.js version or updating existing customization files.

👟 Runtime

• Added support for Node.js 18.x
• Removed support for Node.js 12.x and 17.x and no longer provide packaged distributions for these versions (⚠️)
• Removed inofficial support for Node.js 13.x

🎭 Customization

• 89fd86b: Playback speed of tutorial hints can be adjusted by setting hackingInstructor.hintPlaybackSpeed property to faster/slower (±50%), fast/slow (±25%) or leaving it normal

👨‍🏫 Hacking Instructor

• #1785: Skippable hints will now by skipped on double-click instead of single-click to avoid accidental skipping
• Skippable hints will now show a tooltip "Double-click to skip" when hovered over

⚙️ DevOps Automation

• Split CI/CD job test into test (for unit tests), api-test (for Frisby.js) and coverage-report (for Codeclimate merge and upload)

🧹 Technical Debt Reduction

• #1757: All sequelize ORM models have been migrated to TypeScript (kudos to @ShubhamPalriwala)
• b7a2edb: Cache of Refactoring Safety Net (RSN) is now stored in pretty-printed format
• #1798: Converted insecurity.js into TypeScript (kudos to @ShubhamPalriwala)

🐛 Bugfixes

• #1793: Fixed base path to video from frontend/src/ to frontend/dist/frontend/ as the source folder should never be referenced
• #1786: Errors from tampering with Deluxe Membership payment are now more gracefully handled
• #1797: Preventing likes of non-existing product reviews which previously caused a server crash
• #1801: Vagrant box now exposes application under http://192.168.56.110 to avoid issues on MacOS and Linux with IPs not in 192.168.56.0/21 network (⚠️)

🌐 I18N

• Extended 🇫🇷 and 🇷🇺 translations