github juice-shop/juice-shop v7.0.0
on GitHub

latest releases: v17.1.1, v17.1.0, v17.0.0...
6 years ago

This release contains incompatible technical changes (⚠️) and/or makes incompatible changes to existing challenges (⚡️). The latter might break canned CTF setups as well as solution guides made for previous versions of OWASP Juice Shop!

Platform Support

  • aa3b0f2: Dropped support for Node.js 6.x (⚠️)

Challenges

  • Introduced new challenge categories and renamed/split/merged old ones (⚡️)
  • Added new ⭐⭐⭐⭐⭐⭐ difficulty level and adjusted all challenges accordingly (⚡️)
  • Added Blockchain Tier 1 challenge (:star::star::star::star:)
  • #446: Added Reset Morty's Password challenge (:star::star::star::star::star:) encouraging brute force (kudos to @CaptainFreak)
  • Added Login MC SafeSearch challenge (:star::star:)
  • Added Bypass CAPTCHA challenge (:star::star::star::star::star:) which will probably require some scripting (kudos to @CaptainFreak)
  • #419: Made Premium Paywall challenge slightly more demanding (⚡️)

Customization

  • #444: Original URL of product tampering challenge can now be configured via urlForProductTamperingChallenge. Replaces useForProductTamperingChallenge toggle (kudos to @CaptainFreak) (⚠️)
  • Removed backport for showGitHubRibbon. Was replaced by color selection via gitHubRibbon in v6.2.0 (⚠️)
  • Added altcoinName property to configure the currency introduced for all Blockchain challenges
  • #459: Added planetOverlayMap and planetName properties to configure the easter egg visuals and naming (kudos to @CaptainFreak)
  • Added new configuration subsection cookieConsent for the cookie consent banner

User Interface

  • #315: Replaced product images with individually designed drawings (kudos to @madhurw7)
  • Re-styled difficulty selection button bar on Score Board
  • Added a cookie consent banner (for bonus karma points on our way to GDPR compliance)
  • Added Follow us on Social Media section with Twitter and Facebook links (if defined in configuration) to About Us page
  • Hide hint about finding coupon codes on Twitter or Facebook if neither is configured

Refactorings

  • Separated data from insert routines in data creator (kudos to @J12934)
  • Extracted language list from index page into its own controller (kudos to @Aashish683)
  • Cleanup and opimization of Vagrant installation method (kudos to @kfl)

Miscellaneous

  • Cleaned up product inventory
  • Repaired stryker-mutator mutation test config for server-side tests
  • Updated all compatible runtime and test dependencies
  • Improved formatting of all YAML files used in the project

Download OWASP Juice Shop

Check out latest releases or
releases around juice-shop/juice-shop v7.0.0

Don't miss a new juice-shop release

NewReleases is sending notifications on new releases.

Get notifications