github juice-shop/juice-shop v8.0.0
on GitHub

latest releases: v17.0.0, v16.0.1, v16.0.0...
5 years ago

This release contains major incompatible technical changes (⚠️) and makes significant incompatible changes to existing challenges (⚡️). The latter might break canned CTF setups as well as solution guides made for previous versions of OWASP Juice Shop!

User Interface

  • Rewrite of AngularJS 1.6 frontend in Angular 7.0
  • Rewrite of Bootstrap UI in Material Design
  • Added filter toggles for solved challenges and challenge categories to Score Board

image

Challenges

  • Added new Forged Review challenge (:star::star::star:)
  • Added new NoSQL Injection Tier 3 challenge (:star::star::star::star:)
  • Added new Arbitrary File Write challenge (:star::star::star::star::star::star:)
  • Added new Basket Access Tier 2 challenge (:star::star::star:)
  • Added new Admin Registration challenge (:star::star::star:)
  • Added new Login Amy challenge (:star::star::star:)
  • Added new XSS Tier 5 challenge (:star::star::star::star:)
  • Added new Email Leak challenge (:star::star::star::star::star:)
  • Added new Multiple Likes challenge (:star::star::star::star::star::star:)
  • Added new Server Side Template Injection challenge (:star::star::star::star::star::star:)
  • Added new Server Side Request Forgery challenge (:star::star::star::star::star::star:)
  • Increased difficulty of Christmas Special challenge from ⭐⭐⭐ to ⭐⭐⭐⭐ (⚡️)
  • Slightly changed solution for Login Bjoern challenge to outpace online Rainbow Tables (⚡️)
  • Removed Eye Candy challenge (⚡️)
  • Disabled XXE Tier 1 and Tier 2 challenges in Docker and Heroku environments (⚡️)
  • Replaced <script> payloads for XSS Tier 0 to Tier 5 challenges with <iframe> payloads (⚡️)
  • Several challenges have now slightly (a few even significantly) different solution paths (⚡️)

Configuration

  • Added challenges.safetyOverride option to enable potentially dangerous challenges (e.g. XXE) regardless of runtime environment (defaults to false)
  • Added application.slackUrl property to define a Slack server or invite URL (defaults to http://owaspslack.com)
  • Allowed properties for application.theme are now bluegrey-lightgreen, blue-lightblue, deeppurple-amber, indigo-pink, pink-bluegrey, purple-green and deeporange-indigo (⚠️)
  • Changed application.gitHubRibbon property into true/false flag (⚠️)
  • Generic error page now displayed application.name property instead of hardcoded Juice Shop as headline

I18N

  • Added Georgian translation (🇬🇪)

Miscellaneous

  • Improved and extended validation of configuration and precondition during appliation start

image

The majority of changes in this release were developed by @Aashish683 and @CaptainFreak under mentorship of @J12934, @wurstbrot and @bkimminich during 🌞 Google Summer of Code 2018.

Download OWASP Juice Shop

Check out latest releases or
releases around juice-shop/juice-shop v8.0.0

Don't miss a new juice-shop release

NewReleases is sending notifications on new releases.

Get notifications