github juice-shop/juice-shop v8.4.0
on GitHub

latest releases: v17.0.0, v16.0.1, v16.0.0...
5 years ago

Challenges

  • #730: Added XSS Tier 1.5 challenge (:star::star:) on a legacy page (kudos to @supra08)
  • #770: Added DLP Failure Tier 1 challenge (:star::star::star::star:) adding some fruity detective's work (kudos to @supra08)
  • #770: Added DLP Failure Tier 2 challenge (:star::star::star::star::star:) focusing on OSINT and password spraying
  • #234: Added Two Factor Authentication challenge (:star::star::star::star::star:)
  • (:zap:) Increased difficulty of Admin Access challenge from ⭐ to ⭐⭐ since trivial attack stopped working

🏰 Security

  • #799: Column password is no longer part of responses from the /api/Users endpoints
  • #840: Added AdminGuard to protect admin section against unauthorized access (kudos to @agrawalarpit14)

🎨 UI

  • Added 2FA challenge dialog after login displayed to users with Two Factor Authentication enabled
  • #729: Display user profile image as avatar in navigation bar for logged in users
  • Added Liberapay payment option to Your Basket page
  • Added Patreon payment option to Your Basket page
  • Added Leanpub merchandise button to Your Basket page
  • Profile page now uses same color scheme as selected application.theme applies to Angular Material
  • Added Reddit URL to About Us page in Social Media section

🎭 Customization

  • #699: Introduced overwriteUrlForProductTamperingChallenge property for Product Tampering challenge (kudos to @aaryan01)
  • Customize description of Product Tampering with associated product and above URL
  • Added application.redditUrl property (defaults to https://www.reddit.com/r/owasp_juiceshop)
  • Removed sickshop.yml demo configuration as more complete alternatives (mozilla.yml, bodgeit.yml and 7ms.yml) are available

🐛 Bugfixes

  • Fixed visual issue with translucent overlay on Score Board when scrolling while not fully loaded (kudos to @agrawalarpit14)
  • Added caching to avoid pointless repetetive loading of configuration via API (kudos to @devanshbatra04)
  • #789: Fixed performance issues when rendering the Score Board

🗺️ I18N

  • Completed 🇮🇱 translation
  • Extended 🇷🇺 and 🇪🇪 translations
  • #801: Fixed spelling of Hebrew in language menu into עברית

🛅 Miscellaneous

  • (:warning:) Ended official support and stopped providing pre-packaged releases for Node.js 9.x
  • Introduce winston for console logging and squelch info/warn logs during test suite runs on Travis-CI
  • Updated all non-breaking dependencies and devDependencies in backend and frontend

Download OWASP Juice Shop

Check out latest releases or
releases around juice-shop/juice-shop v8.4.0

Don't miss a new juice-shop release

NewReleases is sending notifications on new releases.

Get notifications