github juice-shop/juice-shop v6.0.0
on GitHub

latest releases: v16.0.1, v16.0.0, v15.3.0...
6 years ago

This release contains incompatible technical changes (⚠️) and/or makes incompatible changes to existing challenges (⚡️). The latter might break canned CTF setups as well as solution guides made for previous versions of OWASP Juice Shop!

Changes

Challenges

  • #401: Added ⭐⭐⭐ challenge to access a misplaced SIEM signature file
  • #364: Added two new JWT challenges worth ⭐⭐⭐⭐ and ⭐⭐⭐⭐⭐ (kudos to @tghosth)
  • #364: Removed JWT challenge that required reporting the ill-chosen HMAC secret (⚡️)
  • Replaced sequelize-restful with a different library as possible solution for Vulnerable Component challenge (⚡️)
  • #397: Added showVersionNumber as configuration option. Defaults to true. Is overwritten with false in ctf.yml configuration (thanks to @J12934)
  • #383: Challenges solved by submitting feedback via Contact Us can now equally be solved via the File Complaint form

Product Inventory

  • Added Pwning OWASP Juice Shop eBook as a product
  • Marked OWASP Juice Shop Sweden Tour 2017 Sticker Sheet (Special Edition) product as unavailable
  • Fixed link in Apple Pomace description to now lead to the #/recycle page
  • Removed fallback default value in case fileForRetrieveBlueprintChallenge property was missing in a custom YML configuration (:warning:)
  • #414: Juice Shop server will now refuse to start if any of useForProductTamperingChallenge, useForChristmasSpecialChallenge and fileForRetrieveBlueprintChallenge are configured on more than one product (:warning:) (credits to @g-k)

Miscellaneous

  • 9357e48: Added Credit Card payment option to Your Basket screen

Bugfixes

  • 75999e9: Replace hard-coded application name on order confirmation PDFs with configured application.name values
  • #413: Fixed hard-coded reference to Juice Shop in NoSQL challenge test which failed for customizations (kudos to @g-k)

I18N

  • achieved or restored 100% translation into 🇩🇪 , 🇸🇪, 🇳🇴, 🇹🇷 and 🇷🇴
  • added Urdu (:pakistan:) language (You can help to translate here!)

Non-functional Changes

  • Default and recommended node.js version is now 8.x (since this version went into LTS on 31.10.2017) including Docker and Heroku instances
  • #167: Updated to sequelize v4.x
  • #167: Replaced sequelize-restful with epilogue-js as RESTful API generator (kudos to @J12934)
  • Express now logs requests into file access.log instead of using console.log()
  • Disabled SQL query logging completely
  • Replaced <div> tags with semantic HTML5 tags where appropriate
  • Replaced <input type="text"> form elements with HTML5 form elements where appropriate
  • #404: Download size of the Docker image was further reduced from 126.8 MB to 64.8 MB (kudos to @battletux)
  • Various function and test decomposition refactorings

Download OWASP Juice Shop

Check out latest releases or
releases around juice-shop/juice-shop v6.0.0

Don't miss a new juice-shop release

NewReleases is sending notifications on new releases.

Get notifications