github juice-shop/juice-shop v12.0.0
on GitHub

latest releases: v16.0.1, v16.0.0, v15.3.0...
3 years ago

This release brings significant changes to existing challenges (:zap:) which might break canned CTF setups as well as solution guides made for previous versions of OWASP Juice Shop! It also contains technical breaking changes or renamings (⚠️) which might require migrating to a newer Node.js version or updating existing customization files. This release also contains experimental or prototype features (🔬) which are not guaranteed to work and are subject to breaking changes (or removal) within a subsequent minor release.

🎨 User Interface

  • Performed upgrade to Angular 10 and Angular Material 10 (⚠️)
  • Added Support Chat page where a smart bot will answer all important customer questions (kudos to our GSoC student @Scar26)
  • #1413: Replace BarRating component with MatSlider for feedback rating on Customer Feedback screen
  • #1413: Replace all read-only instances of BarRating component with MatIcons on Score Board and admin dashboard

🏪 Convenience

  • #1423: Added local backup save/restore support to the Score Board for challenge progress and client-side application settings (🔬)

🎯 Challenges

  • Added Bully Chatbot (:star:) challenge
  • Added Kill Chatbot (:star::star::star::star::star:) challenge (kudos to our GSoC student @Scar26)
  • #1347: Added Meta Geo Stalking (:star::star:) challenge
  • #1347: Added Visual Geo Stalking (:star::star:) challenge
  • Added Poison Null Byte (:star::star::star::star:) challenge
  • #1413: Swapped ng2-bar-rating with another typosquatted frontend component due to removal of BarRating from all screens (⚡)
  • Where applicable a Vulnerability Mitigation link is now shown on the Score Board after solving the corresponding hacking challenge
    • Links currently point to the best matching OWASP Cheat Sheet for each challenge (🔬)
  • For solved challenges the Hacking Instructor button on the Score Board will now be removed instead of disabled
  • Added a Tags column to the Score Board to mark special challenges (🔬)
    • "Shenanigans" marks challenges which are not considered serious and/or realistic but exist more for entertainment
    • "Contraption" indicates that a challenge is not exactly part of a realistic scenario but might be a bit forced or crafted
    • "OSINT" marks challenges which require some Internet research or "social stalking" actvitiy outside the application
    • "Good Practice" highlights challenges which are less about vulnerabilities but promoting good (security) practices
    • "Danger Zone" marks potentially dangerous challenges which are disabled on Docker/Heroku by default due to RCE or other risks
    • "Good for Demos" highlights challenges which are suitable for live demos or awareness trainings
    • "Prerequisite" marks challenges which need to be solved before one or more other challenges can be (realistically) solved
    • "Brute Force" marks challenges where automation of some security tool or custom script is an option or even prerequisite
    • "Tutorial" marks challenges for which a Hacking Instructor script exists to assist newcomers
    • "Code Analysis" marks challenges where it can be helpful to rummage through some source code of the application or a third party
  • Added a tooltip describing each challenge category to their corresponding filter button on the Score Board
  • #1452: Accept an additional possible solution for Manipulate Basket challenge

🎭 Customization

  • Added geoStalkingMetaSecurityQuestion and geoStalkingMetaSecurityAnswer as mandatory properties of one memories entry (⚠️)
  • Added geoStalkingVisualSecurityQuestion and geoStalkingVisualSecurityAnswer as mandatory properties of one memories entry (⚠️)
  • Enforce minimum number of two memories entries (⚠️)
  • Added challenges.showMitigations property (defaults to true) to show or hide Vulnerability Mitigation links from the Score Board
  • Added new application.chatbot subsection to configure name, greeting, trainingData, defaultResponse and avatar (kudos to our GSoC student @Scar26)

🎣 Solution Webhook

  • Added ctfFlag property to webhook payload containing the flag code of the solved challenge (based on the CTF_KEY of the server instance)

🛍️ Products

  • Added Juice Shop "Permafrost" 2020 Edition product

🗺️ I18N

  • Challenge categories can now be translated and are shown in the selected language on the Score Board
  • Added support for 🇹🇼 language

Download OWASP Juice Shop

Check out latest releases or
releases around juice-shop/juice-shop v12.0.0

Don't miss a new juice-shop release

NewReleases is sending notifications on new releases.

Get notifications