Challenges
- #730: Added XSS Tier 1.5 challenge (:star::star:) on a legacy page (kudos to @supra08)
- #770: Added DLP Failure Tier 1 challenge (:star::star::star::star:) adding some fruity detective's work (kudos to @supra08)
- #770: Added DLP Failure Tier 2 challenge (:star::star::star::star::star:) focusing on OSINT and password spraying
- #234: Added Two Factor Authentication challenge (:star::star::star::star::star:)
- (:zap:) Increased difficulty of Admin Access challenge from ⭐ to ⭐⭐ since trivial attack stopped working
🏰 Security
- #799: Column
password
is no longer part of responses from the/api/Users
endpoints - #840: Added
AdminGuard
to protect admin section against unauthorized access (kudos to @agrawalarpit14)
🎨 UI
- Added 2FA challenge dialog after login displayed to users with Two Factor Authentication enabled
- #729: Display user profile image as avatar in navigation bar for logged in users
- Added Liberapay payment option to Your Basket page
- Added Patreon payment option to Your Basket page
- Added Leanpub merchandise button to Your Basket page
- Profile page now uses same color scheme as selected
application.theme
applies to Angular Material - Added Reddit URL to About Us page in Social Media section
🎭 Customization
- #699: Introduced
overwriteUrlForProductTamperingChallenge
property for Product Tampering challenge (kudos to @aaryan01) - Customize description of Product Tampering with associated product and above URL
- Added
application.redditUrl
property (defaults tohttps://www.reddit.com/r/owasp_juiceshop
) - Removed
sickshop.yml
demo configuration as more complete alternatives (mozilla.yml
,bodgeit.yml
and7ms.yml
) are available
🐛 Bugfixes
- Fixed visual issue with translucent overlay on Score Board when scrolling while not fully loaded (kudos to @agrawalarpit14)
- Added caching to avoid pointless repetetive loading of configuration via API (kudos to @devanshbatra04)
- #789: Fixed performance issues when rendering the Score Board
🗺️ I18N
- Completed 🇮🇱 translation
- Extended 🇷🇺 and 🇪🇪 translations
- #801: Fixed spelling of Hebrew in language menu into עברית
🛅 Miscellaneous
- (:warning:) Ended official support and stopped providing pre-packaged releases for Node.js 9.x
- Introduce
winston
for console logging and squelchinfo
/warn
logs during test suite runs on Travis-CI - Updated all non-breaking
dependencies
anddevDependencies
in backend and frontend