juice-shop/juice-shop v8.6.0

on GitHub

Challenges

• Added GDPR Compliance Tier 1 challenge (:star::star::star:) asking to log in with an erased user account
• Added GDPR Compliance Tier 2 challenge (:star::star::star::star:) where personal data must be stolen
• Changed solution paths for Redirect Tier 1 challenge to use crypto currency links over Gratipay page (:zap:)
• Removed Lost in Recycling challenge as its underlying vulnerability was fixed in the used ORM library (:zap:)

🆕 Features

• Added Data Erasure Request (Art. 17 GDPR) form to Privacy & Security section
• User profile now allows uploading different image types instead of only JPG (kudos to @natmchugh)

🐛 Bugfixes

• #803: Do not allow null for BasketItem.id any longer to prevent issues with Basket Access Tier 2 (:zap:)

🛅 Miscellaneous

• Frontend dependencies are checked before server startup if frontend/src folder is found
• Existence of essential compiled frontend files (index.html, main.js etc.) is checked before server startup
• Add http://juice-shop.wtf to supported Google OAuth URLs to make it work in OWASP SamuraiWTF
• Remove all private sponsorship service and crypto currency links