Incompatible Changes
- ⚠️removed support for Node.js 7.x
- Docker images
node7-*
consequently are not built any more - Snapshot Docker images named
*-develop
are not built any more. Please use*-snapshot
images instead.
Platform Support
- added support for Node.js 8.x (#332)
Features
- users can ask for pomace recycling pickup or delivery of a box to send pomace back in (#243)
- during registration users now have to pick and answer a security question (#323)
- users can now reset their password authenticating with the answer to their security question (#323)
- hacking progress is not automatically saved and restored after a server restart (#309)
- add awareness training example by @wurstbrot with huge visual and data pricacy impacts (#316, only available when running as Vagrant box. Also available on Youtube: 📺)
OWASP Summit 2017 Challenge Pack
- added 3 challenges on security questions (#323)
- @ViktorLindstrm added 1 challenge on the used JWT secret (#335)
Bugfixes
- disabled an invalid way to solve the Forged Feedback challenge
- postpone websocket event registration until after data creator is finished (#345)
I18N
- added Hebrew (:israel:) translation (by @avidouglen)
Tests
- split server-side tests into isolated unit tests (for
/routes
) andfrisby.js
-based API tests
Miscellaneous
- several smaller translation updates
- provided config
quiet.yml
(muting most notifications & hiding hints and GitHub ribbon) - provided config
juicebox.yml
(for those who have a hard time pronouncing jo͞osSHäp) - streamlined
README.md
documentation (remove duplicate content w/ official owasp.org project page) - added section on Lectures and Trainings to
RESOURCES.md
- added several blog posts and other coverage