This release contains incompatible changes to existing challenges (⚡️) which might break canned CTF setups as well as solution guides made for previous versions of OWASP Juice Shop!
Challenges
- Added new Security Policy challenge (⭐️⭐️) dedicated to "white-hat" security researchers
- Added new XSS Tier 0 challenge (⭐️) for a classic reflected attack (kudos to @CaptainFreak)
- #532: Fixed spoiler in Token Sale challenge that made it easier than intended
- Introduced
config/fbctf.yml
which shows a country name and/or flag next to CTF code in notifications (helpful to locate challenges on world map of FBCTF)
Functional Changes
- #244: Added new Track Orders screen for tracking delivery status of customer orders (kudos to @CaptainFreak)
- Difficulty stars on Score Board now act as a fill meter when challenges get solved (kudos to @Aashish683)
Customization
- Extracted separate configuration section
ctf
for all properties required only when running a CTF event (⚡️)- Property
ctf.showFlagsInNotifications
replacedapplication.showCtfFlagsInNotifications
- Properties
ctf.showCountryDetailsInNotifications
andctf.countryMap
were added for CTFs running on FBCTF
- Property
I18N
- #523: Last selected language is now persisted and applied on next visit (kudos to @Aashish683)
- Added full Hindi translation 🇮🇳 (kudos to @shivamluthra)
- Added full Portugese, Brazil translation 🇧🇷
- Added full Estonian translation 🇪🇪
- Completed translation of new texts for French 🇫🇷 and Chinese 🇨🇳
- Fixed wrong translations in various languages based on issues raised on CrowdIn
Bugfixes 🐛
- Fixed test assertion for NoSql Tier 2 challenge that would break in customized setups
- Fixed broken layout of API tests by running
jest
standalone instead of embedded - Fixed and enabled previously ignored unit tests
- Fixed order PDF files not being deleted on startup
Miscellaneous
- Migrated client to latest AngularJS 1.6 release (kudos to @shivamluthra)
- Updated
sqlite3
and other dependencies